NorwegianAssassin Skrevet 12. januar 2008 Skrevet 12. januar 2008 ComboFix 08-01-11.3 - Fredrik 2008-01-12 13:53:29.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.578 [GMT 1:00] Running from: C:\Documents and Settings\Fredrik\Lokale innstillinger\Temporary Internet Files\Content.IE5\58MRFZQ6\ComboFix[1].exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\images.zip . ((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 ))))))))))))))))))))))))))))))) . 2008-01-12 13:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-12 13:16 . 2008-01-12 13:16 36,864 -r-hs---- C:\WINDOWS\ntmngr.exe 2008-01-11 20:14 . 2008-01-11 20:14 274,432 --------- C:\WINDOWS\Setup1.exe 2008-01-11 20:14 . 2008-01-11 20:14 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2008-01-11 14:50 . 2008-01-11 14:50 0 --ah----- C:\WINDOWS\SwSys2.bmp 2008-01-11 14:50 . 2008-01-11 14:50 0 --ah----- C:\WINDOWS\SwSys1.bmp 2008-01-04 19:24 . 2008-01-11 21:08 23 --a------ C:\WINDOWS\popcinfot.dat 2008-01-01 15:15 . 2008-01-01 15:15 <DIR> d-------- C:\Documents and Settings\Fredrik\Programdata\PC Suite 2007-12-30 18:51 . 2007-12-30 18:51 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\PC Suite 2007-12-30 18:50 . 2007-12-30 18:50 <DIR> d-------- C:\Programfiler\Fellesfiler\PCSuite 2007-12-30 18:50 . 2007-12-30 18:50 <DIR> d-------- C:\Programfiler\Fellesfiler\Nokia 2007-12-30 18:50 . 2007-12-30 18:50 <DIR> d-------- C:\Programfiler\DIFX 2007-12-30 18:50 . 2007-12-30 18:50 <DIR> d-------- C:\Documents and Settings\Rikke\Programdata\Nokia 2007-12-30 18:49 . 2007-12-30 18:49 <DIR> d-------- C:\Programfiler\PC Connectivity Solution 2007-12-30 18:49 . 2007-12-30 18:50 <DIR> d-------- C:\Programfiler\Nokia 2007-12-30 18:49 . 2007-12-30 18:49 <DIR> d-------- C:\Documents and Settings\Rikke\Programdata\PC Suite 2007-12-30 18:49 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2007-12-30 18:47 . 2007-12-30 18:49 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Installations 2007-12-30 16:50 . 2008-01-11 15:06 <DIR> d-------- C:\Documents and Settings\Fredrik\.gimp-2.4 2007-12-27 12:12 . 2007-12-27 12:12 <DIR> d-------- C:\Programfiler\GIMP-2.0 2007-12-26 15:46 . 2007-12-26 15:46 <DIR> d-------- C:\Programfiler\Fellesfiler\Macrovision Shared 2007-12-26 14:04 . 2007-12-26 14:04 <DIR> d-------- C:\Documents and Settings\Fredrik\Programdata\Leadertech 2007-12-22 15:30 . 2007-12-22 15:30 <DIR> d-------- C:\Documents and Settings\Fredrik\Programdata\Sony 2007-12-22 15:30 . 2007-12-22 15:30 <DIR> d-------- C:\Documents and Settings\Fredrik\Programdata\Publish Providers 2007-12-22 15:27 . 2007-12-22 15:27 <DIR> d-------- C:\Programfiler\Vstplugins 2007-12-22 15:27 . 2007-12-22 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Sony 2007-12-22 15:26 . 2007-12-22 15:26 <DIR> d-------- C:\Programfiler\Sony Setup 2007-12-20 12:03 . 2007-12-20 12:03 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll 2007-12-20 12:03 . 2007-12-20 12:03 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-12 12:18 --------- d-----w C:\Programfiler\LOS tilkobling 2008-01-12 09:37 --------- d-----w C:\Programfiler\LogMeIn 2008-01-11 14:05 --------- d-----w C:\Documents and Settings\Fredrik\Programdata\gtk-2.0 2008-01-10 18:23 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP 2008-01-08 15:30 --------- d-----w C:\Documents and Settings\Øyvind\Programdata\Xfire 2007-12-27 11:29 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-12-26 15:09 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2007-12-26 13:01 --------- d-----w C:\Documents and Settings\Fredrik\Programdata\AdobeUM 2007-12-21 19:33 --------- d-s---w C:\Programfiler\Xfire 2007-12-20 08:52 --------- d-----w C:\Programfiler\THQ 2007-12-15 12:54 --------- d-----w C:\Programfiler\World of Warcraft 2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-12-08 20:43 --------- d-----w C:\Documents and Settings\Anita.FIGO\Programdata\Talkback 2007-12-05 19:20 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-11-28 18:07 --------- d-----w C:\Documents and Settings\All Users\Programdata\Media Center Programs 2007-11-28 17:43 --------- d-----w C:\Documents and Settings\Fredrik\Programdata\InstallShield 2007-11-24 17:58 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-11-24 17:58 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2007-11-22 19:51 --------- d-----w C:\Programfiler\Fellesfiler\Real 2007-11-22 19:38 --------- d-----w C:\Programfiler\Real 2007-11-22 17:16 --------- d-----w C:\Programfiler\Java 2007-11-22 15:52 87,352 ----a-w C:\WINDOWS\system32\LMIinit.dll 2007-11-22 15:52 83,288 ----a-w C:\WINDOWS\system32\LMIRfsClientNP.dll 2007-11-22 15:52 23,736 ----a-w C:\WINDOWS\system32\LMImirr.dll 2007-11-22 15:52 21,496 ----a-w C:\WINDOWS\system32\LMIport.dll 2007-11-22 15:52 10,040 ----a-w C:\WINDOWS\system32\LMImirr2.dll 2007-11-18 18:42 --------- d-----w C:\Documents and Settings\Øyvind\Programdata\Ventrilo 2007-11-18 13:13 --------- d-----w C:\Documents and Settings\Fredrik\Programdata\Earthsim 2007-11-16 09:05 --------- d-----w C:\Programfiler\Ventrilo 2007-11-15 09:15 22,328 ----a-w C:\Documents and Settings\Fredrik\Programdata\PnkBstrK.sys 2007-11-15 09:14 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe 2007-11-15 09:14 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2007-11-13 16:56 --------- d-----w C:\Programfiler\Electronic Arts 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-13 09:54 70,944 ----a-w C:\WINDOWS\system32\PhysXLoader.dll 2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-04-11 17:58 6,108 ----a-w C:\Programfiler\gp.info 2007-04-03 19:35 15,314 ----a-w C:\Programfiler\bf2142Patch.log 2006-12-27 10:01 2,328,144 ----a-w C:\Programfiler\xfire_installer_23928.exe 2004-07-22 08:51 3,432,656 ----a-w C:\Programfiler\ManagedDX.CAB 2004-07-19 20:58 1,156,363 ----a-w C:\Programfiler\BDANT.cab 2004-07-19 20:53 976,020 ----a-w C:\Programfiler\BDAXP.cab 2004-07-09 12:17 13,265,040 ----a-w C:\Programfiler\dxnt.cab 2004-07-09 07:13 703,080 ----a-w C:\Programfiler\BDA.cab 2004-07-09 07:13 15,493,481 ----a-w C:\Programfiler\DirectX.cab 2004-07-09 02:08 472,576 ----a-w C:\Programfiler\dxsetup.exe 2004-07-09 02:08 2,242,560 ----a-w C:\Programfiler\dsetup32.dll 2004-07-09 01:03 62,976 ----a-w C:\Programfiler\DSETUP.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360] "Steam"="D:\Spill\\Steam.exe" [2007-12-15 13:58 1266936] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" [2005-09-08 10:06 94208] "msnmsgr"="~C:\Programfiler\MSN Messenger\msnmsgr.exe" [ ] "Veoh"="C:\Programfiler\Veoh Networks\Veoh\VeohClient.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NWEReboot"="" [] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-10-06 21:26 282624] "LogMeIn GUI"="C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 13:03 63048] "DU Meter"="C:\Programfiler\DU Meter\DUMeter.exe" [2005-02-01 18:28 1469952] "a-winpoet-service"="C:\Programfiler\LOS tilkobling\winpppoverethernet.exe" [2004-08-12 18:44 405504] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-08 05:42 176128] "HP Software Update"="C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152] "snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 13:48 286720] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "SweetIM"="C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe" [2007-08-14 15:50 73840] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17 159744] "Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46 57344] "SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2004-10-14 13:42 1404928] "StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [ ] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360] "Nokia.PCSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336] C:\Documents and Settings\yvind\Start-meny\Programmer\Oppstart\ Xfire.lnk - C:\Programfiler\Xfire\xfire.exe [2007-12-05 03:25:52] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] LMIinit.dll 2007-11-22 16:52 87352 C:\WINDOWS\system32\LMIinit.dll R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Programfiler\LogMeIn\x86\RaInfo.sys [2007-04-17 13:00] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 10:55] R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;C:\WINDOWS\system32\DRIVERS\WrKPoET2000.sys [2003-05-22 16:00] R3 FPD;Fine Point Packet Service;C:\WINDOWS\system32\drivers\fpd.sys [2003-04-04 15:07] R3 WrKPoET2000;WrKPoET2000;C:\Programfiler\LOS tilkobling\WrKPoET2000.sys [2003-05-22 16:00] R3 WRSWanDD;WinPoET PPPoE Adapter;C:\WINDOWS\system32\DRIVERS\WrKPoETNic2000.sys [2002-10-28 17:42] S3 8n00ba6f;8n00ba6f;C:\DOCUME~1\Fredrik\LOKALE~1\Temp\n4WMu29 [] S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\YVIND~1\LOKALE~1\Temp\DMSKSSRh.sys [] S3 XDva025;XDva025;C:\WINDOWS\system32\XDva025.sys [] S3 XDva026;XDva026;C:\WINDOWS\system32\XDva026.sys [] S3 XDva028;XDva028;C:\WINDOWS\system32\XDva028.sys [] S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\z530bus.sys [2007-08-02 12:46] S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z530mdfl.sys [2007-08-02 12:46] S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z530mdm.sys [2007-08-02 12:46] S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z530mgmt.sys [2007-08-02 12:46] S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z530obex.sys [2007-08-02 12:46] *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder "2007-10-09 08:11:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-12 13:56:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-12 13:57:28 ComboFix-quarantined-files.txt 2008-01-12 12:57:26 . 2008-01-09 11:02:36 --- E O F ---
NorwegianAssassin Skrevet 12. januar 2008 Forfatter Skrevet 12. januar 2008 ComboFix 08-01-11.3 - Fredrik 2008-01-12 13:53:29.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.578 [GMT 1:00] Running from: C:\Documents and Settings\Fredrik\Lokale innstillinger\Temporary Internet Files\Content.IE5\58MRFZQ6\ComboFix[1].exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\images.zip . ((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 ))))))))))))))))))))))))))))))) . 2008-01-12 13:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-12 13:16 . 2008-01-12 13:16 36,864 -r-hs---- C:\WINDOWS\ntmngr.exe 2008-01-11 20:14 . 2008-01-11 20:14 274,432 --------- C:\WINDOWS\Setup1.exe 2008-01-11 20:14 . 2008-01-11 20:14 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2008-01-11 14:50 . 2008-01-11 14:50 0 --ah----- C:\WINDOWS\SwSys2.bmp 2008-01-11 14:50 . 2008-01-11 14:50 0 --ah----- C:\WINDOWS\SwSys1.bmp 2008-01-04 19:24 . 2008-01-11 21:08 23 --a------ C:\WINDOWS\popcinfot.dat 2008-01-01 15:15 . 2008-01-01 15:15 <DIR> d-------- C:\Documents and Settings\Fredrik\Programdata\PC Suite 2007-12-30 18:51 . 2007-12-30 18:51 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\PC Suite 2007-12-30 18:50 . 2007-12-30 18:50 <DIR> d-------- C:\Programfiler\Fellesfiler\PCSuite 2007-12-30 18:50 . 2007-12-30 18:50 <DIR> d-------- C:\Programfiler\Fellesfiler\Nokia 2007-12-30 18:50 . 2007-12-30 18:50 <DIR> d-------- C:\Programfiler\DIFX 2007-12-30 18:50 . 2007-12-30 18:50 <DIR> d-------- C:\Documents and Settings\Rikke\Programdata\Nokia 2007-12-30 18:49 . 2007-12-30 18:49 <DIR> d-------- C:\Programfiler\PC Connectivity Solution 2007-12-30 18:49 . 2007-12-30 18:50 <DIR> d-------- C:\Programfiler\Nokia 2007-12-30 18:49 . 2007-12-30 18:49 <DIR> d-------- C:\Documents and Settings\Rikke\Programdata\PC Suite 2007-12-30 18:49 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2007-12-30 18:47 . 2007-12-30 18:49 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Installations 2007-12-30 16:50 . 2008-01-11 15:06 <DIR> d-------- C:\Documents and Settings\Fredrik\.gimp-2.4 2007-12-27 12:12 . 2007-12-27 12:12 <DIR> d-------- C:\Programfiler\GIMP-2.0 2007-12-26 15:46 . 2007-12-26 15:46 <DIR> d-------- C:\Programfiler\Fellesfiler\Macrovision Shared 2007-12-26 14:04 . 2007-12-26 14:04 <DIR> d-------- C:\Documents and Settings\Fredrik\Programdata\Leadertech 2007-12-22 15:30 . 2007-12-22 15:30 <DIR> d-------- C:\Documents and Settings\Fredrik\Programdata\Sony 2007-12-22 15:30 . 2007-12-22 15:30 <DIR> d-------- C:\Documents and Settings\Fredrik\Programdata\Publish Providers 2007-12-22 15:27 . 2007-12-22 15:27 <DIR> d-------- C:\Programfiler\Vstplugins 2007-12-22 15:27 . 2007-12-22 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Sony 2007-12-22 15:26 . 2007-12-22 15:26 <DIR> d-------- C:\Programfiler\Sony Setup 2007-12-20 12:03 . 2007-12-20 12:03 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll 2007-12-20 12:03 . 2007-12-20 12:03 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-12 12:18 --------- d-----w C:\Programfiler\LOS tilkobling 2008-01-12 09:37 --------- d-----w C:\Programfiler\LogMeIn 2008-01-11 14:05 --------- d-----w C:\Documents and Settings\Fredrik\Programdata\gtk-2.0 2008-01-10 18:23 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP 2008-01-08 15:30 --------- d-----w C:\Documents and Settings\Øyvind\Programdata\Xfire 2007-12-27 11:29 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-12-26 15:09 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2007-12-26 13:01 --------- d-----w C:\Documents and Settings\Fredrik\Programdata\AdobeUM 2007-12-21 19:33 --------- d-s---w C:\Programfiler\Xfire 2007-12-20 08:52 --------- d-----w C:\Programfiler\THQ 2007-12-15 12:54 --------- d-----w C:\Programfiler\World of Warcraft 2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-12-08 20:43 --------- d-----w C:\Documents and Settings\Anita.FIGO\Programdata\Talkback 2007-12-05 19:20 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2007-11-28 18:07 --------- d-----w C:\Documents and Settings\All Users\Programdata\Media Center Programs 2007-11-28 17:43 --------- d-----w C:\Documents and Settings\Fredrik\Programdata\InstallShield 2007-11-24 17:58 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2007-11-24 17:58 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2007-11-22 19:51 --------- d-----w C:\Programfiler\Fellesfiler\Real 2007-11-22 19:38 --------- d-----w C:\Programfiler\Real 2007-11-22 17:16 --------- d-----w C:\Programfiler\Java 2007-11-22 15:52 87,352 ----a-w C:\WINDOWS\system32\LMIinit.dll 2007-11-22 15:52 83,288 ----a-w C:\WINDOWS\system32\LMIRfsClientNP.dll 2007-11-22 15:52 23,736 ----a-w C:\WINDOWS\system32\LMImirr.dll 2007-11-22 15:52 21,496 ----a-w C:\WINDOWS\system32\LMIport.dll 2007-11-22 15:52 10,040 ----a-w C:\WINDOWS\system32\LMImirr2.dll 2007-11-18 18:42 --------- d-----w C:\Documents and Settings\Øyvind\Programdata\Ventrilo 2007-11-18 13:13 --------- d-----w C:\Documents and Settings\Fredrik\Programdata\Earthsim 2007-11-16 09:05 --------- d-----w C:\Programfiler\Ventrilo 2007-11-15 09:15 22,328 ----a-w C:\Documents and Settings\Fredrik\Programdata\PnkBstrK.sys 2007-11-15 09:14 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe 2007-11-15 09:14 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2007-11-13 16:56 --------- d-----w C:\Programfiler\Electronic Arts 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-13 09:54 70,944 ----a-w C:\WINDOWS\system32\PhysXLoader.dll 2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-04-11 17:58 6,108 ----a-w C:\Programfiler\gp.info 2007-04-03 19:35 15,314 ----a-w C:\Programfiler\bf2142Patch.log 2006-12-27 10:01 2,328,144 ----a-w C:\Programfiler\xfire_installer_23928.exe 2004-07-22 08:51 3,432,656 ----a-w C:\Programfiler\ManagedDX.CAB 2004-07-19 20:58 1,156,363 ----a-w C:\Programfiler\BDANT.cab 2004-07-19 20:53 976,020 ----a-w C:\Programfiler\BDAXP.cab 2004-07-09 12:17 13,265,040 ----a-w C:\Programfiler\dxnt.cab 2004-07-09 07:13 703,080 ----a-w C:\Programfiler\BDA.cab 2004-07-09 07:13 15,493,481 ----a-w C:\Programfiler\DirectX.cab 2004-07-09 02:08 472,576 ----a-w C:\Programfiler\dxsetup.exe 2004-07-09 02:08 2,242,560 ----a-w C:\Programfiler\dsetup32.dll 2004-07-09 01:03 62,976 ----a-w C:\Programfiler\DSETUP.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360] "Steam"="D:\Spill\\Steam.exe" [2007-12-15 13:58 1266936] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" [2005-09-08 10:06 94208] "msnmsgr"="~C:\Programfiler\MSN Messenger\msnmsgr.exe" [ ] "Veoh"="C:\Programfiler\Veoh Networks\Veoh\VeohClient.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NWEReboot"="" [] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-10-06 21:26 282624] "LogMeIn GUI"="C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 13:03 63048] "DU Meter"="C:\Programfiler\DU Meter\DUMeter.exe" [2005-02-01 18:28 1469952] "a-winpoet-service"="C:\Programfiler\LOS tilkobling\winpppoverethernet.exe" [2004-08-12 18:44 405504] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-08 05:42 176128] "HP Software Update"="C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152] "snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 13:48 286720] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "SweetIM"="C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe" [2007-08-14 15:50 73840] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224] "Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17 159744] "Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46 57344] "SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2004-10-14 13:42 1404928] "StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [ ] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:03 15360] "Nokia.PCSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336] C:\Documents and Settings\yvind\Start-meny\Programmer\Oppstart\ Xfire.lnk - C:\Programfiler\Xfire\xfire.exe [2007-12-05 03:25:52] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ HP Digital Imaging Monitor.lnk - C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] LMIinit.dll 2007-11-22 16:52 87352 C:\WINDOWS\system32\LMIinit.dll R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Programfiler\LogMeIn\x86\RaInfo.sys [2007-04-17 13:00] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 10:55] R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;C:\WINDOWS\system32\DRIVERS\WrKPoET2000.sys [2003-05-22 16:00] R3 FPD;Fine Point Packet Service;C:\WINDOWS\system32\drivers\fpd.sys [2003-04-04 15:07] R3 WrKPoET2000;WrKPoET2000;C:\Programfiler\LOS tilkobling\WrKPoET2000.sys [2003-05-22 16:00] R3 WRSWanDD;WinPoET PPPoE Adapter;C:\WINDOWS\system32\DRIVERS\WrKPoETNic2000.sys [2002-10-28 17:42] S3 8n00ba6f;8n00ba6f;C:\DOCUME~1\Fredrik\LOKALE~1\Temp\n4WMu29 [] S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\YVIND~1\LOKALE~1\Temp\DMSKSSRh.sys [] S3 XDva025;XDva025;C:\WINDOWS\system32\XDva025.sys [] S3 XDva026;XDva026;C:\WINDOWS\system32\XDva026.sys [] S3 XDva028;XDva028;C:\WINDOWS\system32\XDva028.sys [] S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\z530bus.sys [2007-08-02 12:46] S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z530mdfl.sys [2007-08-02 12:46] S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z530mdm.sys [2007-08-02 12:46] S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z530mgmt.sys [2007-08-02 12:46] S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z530obex.sys [2007-08-02 12:46] *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder "2007-10-09 08:11:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-12 13:56:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-12 13:57:28 ComboFix-quarantined-files.txt 2008-01-12 12:57:26 . 2008-01-09 11:02:36 --- E O F --- Fant også en liten Quarantine log: 2008-01-12 13:16 36986 --a------ C:\Qoobox\Quarantine\C\WINDOWS\images.zip.vir
norbat Skrevet 12. januar 2008 Skrevet 12. januar 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. File:: C:\WINDOWS\ntmngr.exe
NorwegianAssassin Skrevet 12. januar 2008 Forfatter Skrevet 12. januar 2008 (endret) Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. File:: C:\WINDOWS\ntmngr.exe Den der skjønte jeg ikke helt jeg slettet den fila ....... Endret 12. januar 2008 av NorwegianAssassin
NorwegianAssassin Skrevet 12. januar 2008 Forfatter Skrevet 12. januar 2008 Ja, det gjør samme nytten hva nå da?
norbat Skrevet 12. januar 2008 Skrevet 12. januar 2008 Hvis fila er slettet, vil jeg mene at problemet ditt er borte. Du kunne ha postet en hjt-logg til slutt: Last ned Hijackthis. Legg det i en egen mappe på skrivebordet. Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster.
NorwegianAssassin Skrevet 12. januar 2008 Forfatter Skrevet 12. januar 2008 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:57:48, on 12.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\LOS tilkobling\WrOS.EXE C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\vsnpstd.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programfiler\Analog Devices\Core\smax4pnp.exe C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Programfiler\LogMeIn\x86\LogMeIn.exe C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe C:\Programfiler\LogMeIn\x86\RaMaint.exe C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\explorer.exe C:\Programfiler\firefox.exe C:\Documents and Settings\Fredrik\Skrivebord\Systemscan\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://by132w.bay132.mail.live.com/mail/ma...=d2609&mf=0 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://auto.search.msn.com/response.asp?MT...;prov=&utf8 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programfiler\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Spill\BitComet\tools\BitCometBHO_1.1.7.4.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programfiler\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [DU Meter] C:\Programfiler\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [a-winpoet-service] "C:\Programfiler\LOS tilkobling\winpppoverethernet.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programfiler\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [sweetIM] C:\Programfiler\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [startCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [steam] D:\Spill\\Steam.exe -silent O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] ~"C:\Programfiler\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Veoh] "C:\Programfiler\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programfiler\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Spill\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Spill\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Spill\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Spill\BitComet\tools\BitCometBHO_1.1.7.4.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe (file missing) O16 - DPF: {11FAB11B-4792-4B59-85DF-23C6688B07B3} (XTSAC Control) - https://luniboy69.dyndns.org/XTSAC.cab O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1160082057546 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183136944156 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab O16 - DPF: {DD5E6739-FDD6-4542-8940-4A4B8AB5276E} (NGVPLaunch Class) - https://luniboy69.dyndns.org/NGVPNTunnel.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Programfiler\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Programfiler\LogMeIn\x86\LogMeIn.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: WinPPPoverEthernet - Fine Point Technologies, Inc. - C:\Programfiler\LOS tilkobling\WrOS.EXE -- End of file - 10602 bytes
NorwegianAssassin Skrevet 12. januar 2008 Forfatter Skrevet 12. januar 2008 Skal jeg slette "images.zip.vir" som jeg fant i combofix quarantine?
norbat Skrevet 12. januar 2008 Skrevet 12. januar 2008 hjt-loggen ser grei ut. Du kan avinstallere Combofix (mener at da fjernes karantenemappa også): Klikk: Start->Kjør Skriv: ComboFix /u Combofix vil starte og deretter avisntallere seg. Du kan sjekke om C:\Qoobox-mappa fortsatt ligger der. Hvis, sletter du den. Du bør deretter nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting. Kontrollpanel->system->systemgjenoppretting . Sett merke framfor "Slå av Systemgjenopprettingen .....", restart pc, fjern merket igjen for å aktivere funksjonen.
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå