Gå til innhold

Info: MSN-virus - photobucket m.fl LES denne før dere lager en post om MSN- viruset.


Anbefalte innlegg

NB! Denne veiledningen (se sort tekst lenger ned) omhandler egentlig det MSN-viruset som var aktivt for litt over en uke siden. Det som har vært i aktivitet nylig, er en annen variant med andre filer (se rød tekst). Kjør allikevel gjennom veiledningen som er gitt, med de programmene som er listet opp da det 'nye' MSN-viruset er en variant som har kjente infeksjoner.

 

De fleste antivirusprogram vil nå ha oppdatert sine definisjoner, som gjør at du sannsynligvis vil bli kvitt infeksjonen vha. det. Er du allikevel i tvil, så ikke nøl med å søke hjelp.

 

---------------------------------------------------------

 

Det 'nye' MSN-viruset aktiverer bla. nedlasting av filer knyttet til Vundo-infeksjon, noe som kan sees i en hijackthis-logg som:

O2-linje: C:\WINDOWS\system32\qomnnkh.dll, (dll-fila qomnnkh.dll opptrer i mange navn-varianter).

020-linje: O20 - Winlogon Notify: qomnnkh - C:\WINDOWS\SYSTEM32\qomnnkh.dll

 

Man kan også finne følgende linje i hjt-loggen:

O4 - HKLM\..\Run: [Windows Taskmanager] svchost.exe

 

Fila svchost.exe vil ligge på følgende plass: C:\windows\svchost.exe

 

Kjør altså gjennom veiledningen under og evt. post nødvendige logger om du ønsker hjelp.

 

----------------------------------------------------------

 

INFO:

Linken du får på MSN, kan inneholde ord som ..photobucket.., ..youtube.. etc.

 

I de fleste tilfellene har det vært filene ntmngr.exe, lssas.exe og images.zip som har skapt problemer.

 

ntmngr.exe: Backdoor.Win32.IRCBot.bag (Kaspersky)

lssas.exe: Backdoor.Win32.IRCBot.bau (F-secure)

images.zip: Backdoor.Win32.IRCBot.bau (F-secure)

 

Filer som kan være virksomme er:

C:\WINDOWS\ntmngr.exe

C:\WINDOWS\lssas.exe

C:\445930.exe

C:\WINDOWS\images.zip

 

En HJT-logg kan vise følgende linje (registeroppføring):

O4 - HKLM\..\Run: [MSN] lssas.exe

O4 - HKLM\..\Run: [MSN] ntmngr.exe

 

Er usikker på hvilke antivirusprogram som har oppdatert sine definisjoner for dette, så kan derfor ikke anbefale noen som garantert tar disse filene.

 

Hvordan løse dette

 

Fordi det nå har gått noen dager siden denne infeksjonen ble oppdaget, så vil sannsynligvis ditt antivirusprogram ordne problemet. Jeg gir deg allikevel en løsning som jeg vet fungerer.

 

Programmer som inngår i fixen:

MSNFix: Vil oppdage og fjerne alle filene som er nevnt over

Combofix: Vil fjerne de fleste, samt avsløre om det fortsatt ligger infiserte filer igjen i form av en logg den lager.

Hijackthis (hjt): Lager en logg som evt. kan fortelle hvordan det ligger an.

 

Veiledning MSNFix

Last ned MSNFix, og pakk det ut på skrivebordet.

Kjør filen 'MSNFix.bat'. Følg veiledningen

 

 

Veiledning Combofix:

Hent Combofix, og legg det på skrivebordet

 

Kjør combofix.exe, og følg veiledningen.

Du må ikke klikke på vinduet mens programmet kjører.

 

Post loggfilen fra combofix (c:\combofix.txt) i en egen tråd, om du ønsker veiledning (klikk Nytt emne)

 

Veiledning Hijackthis:

Hijackthis kan på en enkel måte fjerne registeroppføringene knyttet til denne infeksjonen.

 

Last ned Hijackthis. Legg det i en egen mappe på skrivebordet.

Start programmet, velg "Do a system scan only".

Sett er merke framfor følgende linjer, om de er tilstede, og klikk Fix checked:

 

O4 - HKLM\..\Run: [MSN] lssas.exe

O4 - HKLM\..\Run: [MSN] ntmngr.exe

 

Det er lite sannsynlig at begge er tilstede samtidig.

 

Oppdater ditt antivirusprogram og kjør en full scan.

Endret av norbat
Lenke til kommentar
Videoannonse
Annonse

Ei venninde av meg ser ut til og ha pådratt seg dette viruset..

Sender ut mystiske yourtube linker..

Også av en ellerannen grunn er msn bagrunnsbildet blitt gult med paint smileys? :ermm:

 

msnjl8.th.jpg

 

Combofix:

ComboFix 08-01-17.5 - Anja 2008-01-17 11:39:07.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.404 [GMT 1:00]
Running from: C:\Documents and Settings\Anja\Skrivebord\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\_000003_.tmp.dll
C:\WINDOWS\system32\_000004_.tmp.dll
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000011_.tmp.dll
C:\WINDOWS\system32\_000012_.tmp.dll
D:\Autorun.inf

.
(((((((((((((((((((((((((   Files Created from 2007-12-17 to 2008-01-17  )))))))))))))))))))))))))))))))
.

2008-01-17 11:38 . 2000-08-31 08:00	51,200	--a------	C:\WINDOWS\NirCmd.exe
2008-01-17 10:25 . 2008-01-17 11:27	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-17 03:40 . 2008-01-17 11:30	<DIR>	d--------	C:\Program Files\PC Tools AntiVirus
2008-01-17 03:40 . 2008-01-17 03:40	<DIR>	d--------	C:\Program Files\Common Files\PC Tools
2008-01-17 03:40 . 2008-01-17 03:40	<DIR>	d--------	C:\Documents and Settings\Anja\Programdata\PC Tools
2008-01-17 03:40 . 2008-01-17 11:32	<DIR>	d-a------	C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-17 03:40 . 2008-01-17 03:40	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\PC Tools
2008-01-17 03:40 . 2007-12-06 16:51	28,568	--a------	C:\WINDOWS\system32\drivers\AVHook.sys
2008-01-17 03:40 . 2007-12-06 16:51	21,912	--a------	C:\WINDOWS\system32\drivers\AVRec.sys
2008-01-17 03:40 . 2007-12-10 10:59	21,912	--a------	C:\WINDOWS\system32\drivers\AVFilter.sys
2008-01-17 02:38 . 2008-01-17 02:38	<DIR>	d--------	C:\Program Files\AusLogics Disk Defrag
2008-01-17 02:38 . 2008-01-17 02:38	<DIR>	d--------	C:\Documents and Settings\Anja\Programdata\Auslogics
2008-01-17 02:28 . 2008-01-17 02:29	<DIR>	d--------	C:\Program Files\TuneUp Utilities 2008
2008-01-17 02:28 . 2008-01-17 02:28	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-01-17 02:28 . 2008-01-17 02:28	306,432	--a------	C:\WINDOWS\system32\TuneUpDefragService.exe
2008-01-17 02:28 . 2007-12-20 10:41	29,440	--a------	C:\WINDOWS\system32\uxtuneup.dll
2008-01-17 02:19 . 2008-01-17 02:19	<DIR>	d--------	C:\Documents and Settings\Anja\Programdata\TuneUp Software
2008-01-17 02:10 . 2007-09-24 23:31	69,632	--a------	C:\WINDOWS\system32\javacpl.cpl
2008-01-17 00:50 . 2008-01-17 00:50	<DIR>	d--------	C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-17 00:50 . 2008-01-17 00:50	5,760,054	--a------	C:\WINDOWS\AW_1600x1200.bmp
2008-01-17 00:39 . 2008-01-17 00:39	<DIR>	d--------	C:\Program Files\Common Files\Stardock
2008-01-17 00:39 . 2008-01-17 00:50	<DIR>	d--------	C:\Program Files\AlienGUIseny
2008-01-17 00:39 . 2008-01-17 00:39	58	--a------	C:\WINDOWS\wb.ini
2008-01-17 00:32 . 2008-01-17 00:38	<DIR>	d--hsc---	C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-17 00:32 . 2008-01-17 00:32	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-17 00:13 . 2006-10-04 15:06	1,197,294	---------	C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-01-17 00:13 . 2006-10-04 15:06	764,868	---------	C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-01-17 00:13 . 2006-10-04 15:06	217,118	---------	C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-01-17 00:11 . 2008-01-17 00:12	<DIR>	d--------	C:\WINDOWS\system32\drivers\UMDF
2008-01-14 23:13 . 2008-01-14 23:13	<DIR>	d--------	C:\Program Files\Lavasoft
2008-01-14 23:13 . 2008-01-17 02:27	<DIR>	d--------	C:\Program Files\Common Files\Wise Installation Wizard
2008-01-14 23:13 . 2008-01-14 23:23	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-14 21:43 . 2008-01-14 21:44	<DIR>	d--------	C:\Program Files\Paint.NET
2008-01-14 21:43 . 2007-12-04 13:54	95,608	--a------	C:\WINDOWS\system32\AvastSS.scr
2008-01-14 21:43 . 2007-12-04 15:55	94,544	--a------	C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-14 21:43 . 2007-12-04 15:56	93,264	--a------	C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-14 21:43 . 2007-12-04 15:51	42,912	--a------	C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-14 21:43 . 2007-12-04 15:49	26,624	--a------	C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-14 21:43 . 2007-12-04 15:53	23,152	--a------	C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-14 21:42 . 2008-01-14 21:42	<DIR>	d--------	C:\Program Files\Alwil Software
2008-01-14 21:42 . 2007-12-04 14:04	837,496	--a------	C:\WINDOWS\system32\aswBoot.exe
2008-01-14 21:42 . 2004-01-09 10:13	380,928	--a------	C:\WINDOWS\system32\actskin4.ocx
2008-01-14 20:14 . 2008-01-14 20:14	<DIR>	d--------	C:\Program Files\MSXML 6.0
2008-01-14 19:47 . 2008-01-14 19:47	<DIR>	d--------	C:\Program Files\CCleaner
2008-01-14 19:44 . 2006-11-13 07:02	288,768	---------	C:\WINDOWS\system32\rhttpaa.dll
2008-01-14 19:44 . 2006-11-13 07:02	116,736	---------	C:\WINDOWS\system32\aaclient.dll
2008-01-14 19:44 . 2006-11-13 07:02	36,352	---------	C:\WINDOWS\system32\tsgqec.dll
2008-01-14 19:28 . 2008-01-14 19:28	<DIR>	d--------	C:\Program Files\MSBuild
2008-01-14 19:24 . 2008-01-14 20:18	<DIR>	d--------	C:\WINDOWS\system32\XPSViewer
2008-01-14 19:23 . 2008-01-14 19:23	<DIR>	d--------	C:\Program Files\Reference Assemblies
2008-01-14 19:22 . 2008-01-14 19:22	<DIR>	d--------	C:\c21f916eea1d68d6288cb9
2008-01-14 19:22 . 2006-06-29 13:07	14,048	---------	C:\WINDOWS\system32\spmsg2.dll
2008-01-12 23:14 . 2008-01-12 23:14	<DIR>	d--------	C:\Program Files\Windows Defender
2008-01-08 21:02 . 2005-02-01 14:20	5,760,056	--a------	C:\WINDOWS\Darkstar.bmp
2008-01-08 20:47 . 2008-01-17 00:43	<DIR>	d--------	C:\Program Files\AlienGUIse
2008-01-08 20:47 . 2003-02-26 22:27	36,864	--a------	C:\WINDOWS\system32\wbsys.dll
2008-01-05 19:01 . 2008-01-05 19:01	<DIR>	d--------	C:\Program Files\Serif
2008-01-05 19:01 . 1998-12-08 20:53	212,480	---------	C:\WINDOWS\pcdlib32.dll
2008-01-05 17:20 . 2008-01-05 17:21	<DIR>	d--------	C:\temp
2008-01-05 04:32 . 2008-01-05 04:32	<DIR>	d--------	C:\Program Files\Bonjour
2008-01-05 04:20 . 2008-01-05 04:20	<DIR>	d--------	C:\Program Files\Common Files\Macrovision Shared
2008-01-03 23:44 . 2008-01-17 00:32	<DIR>	d--------	C:\Program Files\Windows Live
2008-01-03 23:44 . 2008-01-03 23:44	<DIR>	d--------	C:\Program Files\Messenger Plus! Live
2008-01-03 23:44 . 2008-01-04 00:14	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-01 18:57 . 2008-01-01 18:57	376	--a------	C:\WINDOWS\ODBC.INI
2008-01-01 18:54 . 2008-01-01 18:55	<DIR>	d--------	C:\WINDOWS\ShellNew
2007-12-28 13:18 . 2007-10-11 00:55	6,065,664	---------	C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-28 13:18 . 2007-07-01 04:31	2,455,488	---------	C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-28 13:18 . 2007-07-01 04:36	991,232	---------	C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-28 13:18 . 2007-10-11 00:55	459,264	---------	C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-28 13:18 . 2007-10-11 00:55	383,488	---------	C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-28 13:18 . 2007-10-11 00:55	267,776	---------	C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-28 13:18 . 2007-10-11 00:55	63,488	---------	C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-28 13:18 . 2007-10-11 00:55	52,224	---------	C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-28 13:18 . 2007-10-10 11:59	13,824	---------	C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-23 21:20 . 2007-12-23 23:21	1,407	--a------	C:\WINDOWS\mozver.dat
2007-12-23 21:17 . 2007-12-23 21:17	0	--a------	C:\WINDOWS\nsreg.dat

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 01:10	---------	d-----w	C:\Program Files\Java
2008-01-16 23:39	---------	d-----w	C:\Program Files\MSN Messenger
2008-01-16 23:13	---------	d-----w	C:\Program Files\Windows Media Connect 2
2008-01-14 22:16	12,632	----a-w	C:\WINDOWS\system32\lsdelete.exe
2008-01-14 20:41	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-01-14 20:41	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-14 18:31	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-01-11 22:08	---------	d-----w	C:\Documents and Settings\Anja\Programdata\LimeWire
2008-01-05 18:01	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-01-01 18:08	---------	d-----w	C:\Documents and Settings\Anja\Programdata\Skype
2007-12-09 20:48	---------	d-----w	C:\Documents and Settings\Anja\Programdata\AdobeUM
2007-12-05 00:10	---------	d-----w	C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-03 19:52	---------	d-----w	C:\Program Files\iTunes
2007-12-03 19:51	---------	d-----w	C:\Program Files\iPod
2007-12-03 19:50	---------	d-----w	C:\Program Files\QuickTime
2007-12-03 19:47	---------	d-----w	C:\Program Files\Common Files\Apple
2007-12-03 19:47	---------	d-----w	C:\Program Files\Apple Software Update
2007-12-03 19:47	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Apple
2007-11-07 09:26	721,920	----a-w	C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26	721,920	------w	C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-31 04:12	3,590,656	------w	C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20	360,064	------w	C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43	1,287,680	----a-w	C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43	1,287,680	------w	C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-29 06:07	221,184	----a-w	C:\WINDOWS\system32\UCI32M23.dll
2007-10-27 16:40	222,720	----a-w	C:\WINDOWS\system32\wmasf.dll
2007-10-27 16:40	222,720	------w	C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34	8,460,288	----a-w	C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-24 00:47	96,760	----a-w	C:\WINDOWS\system32\dfshim.dll
2007-10-24 00:47	84,480	----a-w	C:\WINDOWS\system32\mscories.dll
2007-10-24 00:47	282,112	----a-w	C:\WINDOWS\system32\mscoree.dll
2007-10-24 00:47	158,720	----a-w	C:\WINDOWS\system32\mscorier.dll
2007-10-18 10:31	51,224	----a-w	C:\WINDOWS\system32\sirenacm.dll
2006-10-02 23:43	2,402,550	----a-w	C:\WINDOWS\inf\SET63.tmp
2006-03-16 04:00	1,431,144	----a-w	C:\WINDOWS\inf\SETE2.tmp
2005-09-24 06:49	12,288	----a-w	C:\WINDOWS\Fonts\RandFont.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-12 21:00 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-16 05:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:46 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:56 64512]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 21:58 458752]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-24 19:40 7569408]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 12:29 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:27 1015808]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-11 21:55 102400]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 11:33 163840]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-01-26 16:18 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-09-01 23:14 70816]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-09-10 18:09 95960]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"PCTAVApp"="C:\Program Files\PC Tools AntiVirus\PCTAV.exe" [2008-01-10 11:09 1238928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-16 05:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2007-05-21 21:51:49]
HP Photosmart Premier Hurtigstart.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 08:39:30]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIseny\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIseny\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"MsmqIntCert"=regsvr32 /s mqrt.dll

R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys [2005-11-09 16:07]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2006-03-16 05:00]
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-06 15:49]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2006-07-06 09:28]
S3 49ed0b40-ea80-44e0-8a71-970dea668e25;49ed0b40-ea80-44e0-8a71-970dea668e25;E:\Player\cds300.dll []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-01-17 02:28]
S4 viaagp;VIA AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 06:07]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ac66d2c-866a-11dc-ad1c-0016d316b35a}]
\Shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9275dc7-095a-11dc-ac95-0016d316b35a}]
\Shell\AutoRun\command - G:\setupSNK.exe

*Newly Created Service* - PROCEXP90 
.
Contents of the 'Scheduled Tasks' folder
"2008-01-17 01:28:40 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-01-02 16:20:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-12 19:26:58 C:\WINDOWS\Tasks\Internett-tjenester.job"
- C:\Program Files\Hewlett-Packard\SDP\HPSdpApp.exeb/remind /LaunchPoint reminder /App C:\Program Files\Hewlett-Packard\Internet Services\StartIS.aml
"2008-01-17 10:33:06 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-17 10:31:53 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 11:42:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
 Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???8Z????????@???????@ 

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2008-01-17 11:42:44
ComboFix-quarantined-files.txt  2008-01-17 10:42:39
.
2008-01-16 23:09:21	--- E O F ---

 

Avenger:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\xuuyctlb

*******************

Script file located at: \??\C:\Program Files\edituuik.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\lssas.exe deleted successfully.


File C:\WINDOWS\ntmngr.exe not found!
Deletion of file C:\WINDOWS\ntmngr.exe failed!

Could not process line:
C:\WINDOWS\ntmngr.exe
Status: 0xc0000034



File C:\445930.exe not found!
Deletion of file C:\445930.exe failed!

Could not process line:
C:\445930.exe
Status: 0xc0000034

File C:\WINDOWS\images.zip deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

Endret av Heineoen
Lenke til kommentar

det siste, som er på nosrk og omhandler facebook og nettby og linker til en moo.no adresse lager filen c:\windows\scvhost.exe sjekk loggen min i den andre posten norbat.

 

Har du noe i mot at dette blit lagt ut på siden der hvor det norske viruset linker til?

Lenke til kommentar

dama klarte og få dette på lapptoppen , etter en scan og clean med AVG FREE så mangler nå de fleste exe filene på datan , kjiperne reinstall her ja .

 

exe filene var infiserte etter loggen på avg og bedømme og de kunne ikke cleanes og måtte slettet :/

Lenke til kommentar

Har klikka på en sånn link som alle andre. Men når jeg starter maskinen, så kommer det opp fra windows brannmuren :

Navn: Issas.exe

Utgiver: Ukjent

Type: Program

Fra: C:/windows

 

Og spørsmål om jeg vil kjøre programmet. Har ikke gjort dette, men regner med at det kanskje er det berømte MSN viruset da?

 

Har hvertfal kjørt de programmene som du har post`a.

 

Og siden jeg er (i følge mine små brødre) en n00b, så har jeg ikke peiling på hva loggen sier når jeg har kjørt Comofix.

Så hvis du kunne sett over om det er noe urovekkende info der hadde det vært supert...

 

ComboFix 08-01-20.1 - Kenth Brelin 2008-01-21 9:59:05.1 - NTFSx86

Running from: C:\Documents and Settings\Kenth Brelin\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 )))))))))))))))))))))))))))))))

.

 

2008-01-21 09:56 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-21 09:08 . 2008-01-21 09:08 <DIR> d-------- C:\WINDOWS\LastGood

2008-01-14 23:20 . 2007-10-11 00:53 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-01-14 23:20 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-01-14 23:20 . 2007-07-01 04:36 1,007,616 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-01-14 23:20 . 2007-10-11 00:53 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-01-14 23:20 . 2007-10-11 00:53 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-01-14 23:20 . 2007-10-11 00:53 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-01-14 23:20 . 2007-10-11 00:53 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll

2008-01-14 23:20 . 2007-10-11 00:53 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-01-14 23:20 . 2007-10-10 11:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-01-14 23:19 . 2008-01-14 23:21 <DIR> d-------- C:\WINDOWS\system32\nb-no

2008-01-12 18:59 . 2008-01-12 18:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-01-12 18:59 . 2008-01-12 18:59 1,409 --a------ C:\WINDOWS\QTFont.for

2008-01-03 02:14 . 2008-01-03 02:14 <DIR> dr------- C:\Documents and Settings\LocalService\Favoritter

2008-01-03 02:13 . 2008-01-03 02:13 <DIR> d--h----- C:\Programfiler\Zenographics

2008-01-03 02:13 . 2006-07-30 18:00 442,368 -ra------ C:\WINDOWS\system32\ZSHP1018.EXE

2008-01-03 02:13 . 2006-07-30 18:00 143,360 -ra------ C:\WINDOWS\apptune1018.exe

2008-01-03 02:13 . 2006-07-30 18:00 129,092 -ra------ C:\WINDOWS\system32\hp1018.img

2008-01-03 02:13 . 2006-07-30 18:00 106,496 -ra------ C:\WINDOWS\system32\VSHP1018.DLL

2008-01-03 02:13 . 2006-07-30 18:00 102,400 --a------ C:\WINDOWS\system32\zlhp1018.dll

2008-01-03 02:13 . 2006-07-30 18:00 86,016 --a------ C:\WINDOWS\system32\ZSPOOL.DLL

2008-01-03 02:13 . 2006-07-30 18:00 28,672 --a------ C:\WINDOWS\system32\zlm.dll

2008-01-03 02:13 . 2006-07-30 18:00 28,672 --a------ C:\WINDOWS\system32\IMF32.DLL

2008-01-03 02:13 . 2006-07-30 18:00 24,576 --a------ C:\WINDOWS\system32\ZTAG32.DLL

2008-01-03 02:13 . 2006-07-30 18:00 7,273 -ra------ C:\WINDOWS\system32\ZSHP1018.HLP

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-21 07:35 71,690 ----a-w C:\Documents and Settings\Kenth Brelin\Programdata\wklnhst.dat

2008-01-17 18:02 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared

2008-01-16 21:12 --------- d-----w C:\Documents and Settings\Kenth Brelin\Programdata\dvdcss

2008-01-15 10:30 --------- d-----w C:\Programfiler\PKR

2008-01-03 01:13 --------- d-----w C:\Programfiler\Hewlett-Packard

2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-11-07 09:30 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll

2007-10-31 04:00 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys

2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-29 22:45 1,290,752 ------w C:\WINDOWS\system32\dllcache\quartz.dll

2007-10-25 16:44 8,466,432 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll

2006-05-08 09:20 1,670 ----a-w C:\Documents and Settings\Maria\Programdata\wklnhst.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00 15360]

"Steam"="c:\spill\steam\steam.exe" [2008-01-14 23:45 1266936]

"LogitechSoftwareUpdate"="C:\Programfiler\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44 196608]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 09:00 339968]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263]

"hpWirelessAssistant"="C:\Programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 14:11 794624]

"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 13:12 102492]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 13:11 692316]

"HP Software Update"="C:\Programfiler\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]

"QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-02-16 09:54 282624]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2005-04-14 13:02 58992]

"eabconfg.cpl"="C:\Programfiler\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 12:24 290816]

"Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2005-02-17 13:01 233534]

"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 12:54 253952]

"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-09-01 20:17 100056]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32 221184]

"LogitechVideoRepair"="C:\Programfiler\Logitech\Video\ISStart.exe" [2005-06-08 14:24 458752]

"LogitechVideoTray"="C:\Programfiler\Logitech\Video\LogiTray.exe" [2005-06-08 14:14 217088]

"DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2005-11-08 23:00 128920]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-03-14 18:05 257088]

"TkBellExe"="C:\Programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2007-07-09 18:34 185896]

"PKR Pal"="C:\Programfiler\PKR\pkrpal.exe" [2008-01-15 11:30 2269800]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 09:00 15360]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

HP Digital Imaging Monitor.lnk - C:\Programfiler\Hp\Digital Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24 258048]

Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSecurityTab"= 1 (0x1)

 

R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 18:08]

R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 16:18]

S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\KENTHB~1\LOKALE~1\Temp\DMSKSSRh.sys []

S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2004-04-29 06:45]

 

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

"2007-11-21 14:35:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

"2007-11-24 13:27:07 C:\WINDOWS\Tasks\Norton AntiVirus - Søk på min datamaskin - Kenth Brelin.job"

Lenke til kommentar

Driver å hjelper en jente i klassen som har fått dette nå. Hun sliter forferdelig med at PC-en går tregt sier hun, så det tar litt tid. I tillegg er hun ganske grønn innen data. Jeg kommer med en hjt- og combofix-logg etter at jeg har kjørt msn-fix.

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:26:09, on 21.01.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\CameraAssistant.exe

C:\WINDOWS\system32\ElkCtrl.exe

C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe

C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\NetWaiting\netWaiting.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hs.facebook.com/home.php?

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe

O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect

O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation

O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe

O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - D:\Documents and Settings\Pia\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1163514418031

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{889B7362-8B78-4686-9427-2F87D579826A}: NameServer = 10.0.0.254

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

 

--

End of file - 12689 bytes

 

 

 

 

ComboFix 08-01-20.1 - Pia 2008-01-21 15:50:29.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1350 [GMT 1:00]

Running from: D:\Documents and Settings\Pia\Desktop\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

C:\Program Files\FunWebProducts

C:\WINDOWS\svchost.exe

C:\WINDOWS\system32\ddcbyvw.dll

C:\WINDOWS\system32\UpMedia

C:\WINDOWS\system32\urqopnl.dll

 

.

((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 )))))))))))))))))))))))))))))))

.

 

2008-01-21 15:21 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-14 20:22 . 2008-01-14 20:22 <DIR> d--h----- C:\WINDOWS\PIF

2008-01-05 01:07 . 2008-01-21 15:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-01-05 01:07 . 2008-01-05 01:07 1,409 --a------ C:\WINDOWS\QTFont.for

2007-12-27 22:36 . 2007-12-27 22:36 <DIR> d-------- D:\Documents and Settings\Pia\Application Data\Sony

2007-12-27 22:36 . 2007-12-27 22:36 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Sony

2007-12-27 22:06 . 2007-12-27 22:06 <DIR> d-------- D:\Documents and Settings\Pia\Application Data\InstallShield

2007-12-27 22:06 . 2007-12-27 22:06 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\BVRP Software

2007-12-27 22:06 . 2007-12-29 15:04 <DIR> d-------- C:\Program Files\Avanquest update

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-21 14:14 --------- d-----w C:\Program Files\Trend Micro

2008-01-06 22:49 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-01-04 16:56 --------- d-----w C:\Program Files\Norton Security Scan

2007-12-27 21:31 --------- d-----w C:\Program Files\Sony Ericsson

2007-12-27 21:06 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-12-27 21:06 --------- d-----w D:\Documents and Settings\All Users\Application Data\Sony Ericsson

2007-12-04 15:01 --------- d-----w C:\Program Files\Java

2007-12-02 16:20 --------- d-----w C:\Program Files\Windows Live Toolbar

2007-11-22 21:02 --------- d-----w C:\Program Files\iTunes

2007-11-22 21:02 --------- d-----w C:\Program Files\iPod

2007-11-22 21:00 --------- d-----w C:\Program Files\QuickTime

2007-11-22 14:00 --------- d-----w C:\Program Files\LimeWire

2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll

2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys

2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll

2007-10-27 16:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-27 16:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll

2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll

2006-12-15 20:28 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012006121520061216\index.dat

.

 

((((((((((((((((((((((((((((( snapshot@2008-01-21_15.38.23.43 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-01-21 14:36:45 64,262 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-01-21 14:37:13 64,262 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-01-21 14:36:46 405,878 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-01-21 14:37:13 405,878 ----a-w C:\WINDOWS\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 03:24 20480]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 11:25 68856]

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2007-10-18 15:42 356352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-21 13:03 7557120]

"nwiz"="nwiz.exe" [2006-03-21 13:03 1519616 C:\WINDOWS\system32\nwiz.exe]

"NVHotkey"="nvHotkey.dll" [2006-03-21 13:03 73728 C:\WINDOWS\system32\nvhotkey.dll]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 19:48 761947]

"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-08-03 19:51 1032192]

"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 10:28 667718]

"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 21:29 49152]

"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 02:02 86016]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]

"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2006-04-03 23:43 897089]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 16:32 225280]

"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 11:26 489472]

"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 11:33 73728]

"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144]

"MaxtorOneTouch"="C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe" [2006-03-27 16:04 712704]

"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2005-10-17 17:24 81920]

"ISUSPM Startup"="c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 17:50 221184]

"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2006-08-22 15:32 184320]

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 00:30 282624 C:\WINDOWS\stsystra.exe]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:00 15360]

 

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

--a--c--- 2004-12-06 02:05 127035 C:\WINDOWS\system32\dla\tfswctrl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InputSet]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]

--a--c--- 2006-05-01 10:28 602182 C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

--a------ 2004-07-27 17:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]

--------- 2003-09-10 03:24 20480 C:\Program Files\NetWaiting\netWaiting.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

--a------ 2006-03-25 00:30 282624 C:\WINDOWS\stsystra.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBTA]

-ra--c--- 2002-03-22 19:43 126976 C:\WINDOWS\system32\usbtapnp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WLANKEEPER"=2 (0x2)

"S24EventMonitor"=2 (0x2)

"RegSrvc"=2 (0x2)

"ose"=3 (0x3)

"gusvc"=3 (0x3)

"EvtEng"=2 (0x2)

 

R3 DUSBTAWAN;D-Link DU-128TA+ NDISWAN Driver;C:\WINDOWS\system32\DRIVERS\musbwn2k.sys [2001-01-31 19:43]

R3 FakeWDMmdm;DWDMCOMM;C:\WINDOWS\system32\DRIVERS\dusbcomm.sys [2001-11-08 01:23]

R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 16:37]

S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 11:50]

S3 GTwinUSB;GTwinUSB;C:\WINDOWS\system32\Drivers\GTwinUSB.sys [2004-06-28 12:06]

S3 mDTA128;D-Link DU-128TA+;C:\WINDOWS\system32\DRIVERS\musbta2kc.sys [2003-12-31 19:15]

S3 s117bus;Sony Ericsson Device 117 driver (WDM);C:\WINDOWS\system32\DRIVERS\s117bus.sys [2007-06-25 10:43]

S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s117mdfl.sys [2007-06-25 10:43]

S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s117mdm.sys [2007-06-25 10:43]

S3 s117mgmt;Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s117mgmt.sys [2007-06-25 10:43]

S3 s117nd5;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS);C:\WINDOWS\system32\DRIVERS\s117nd5.sys [2007-06-25 10:43]

S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s117obex.sys [2007-06-25 10:43]

S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM);C:\WINDOWS\system32\DRIVERS\s117unic.sys [2007-06-25 10:43]

S4 viaagp;VIA AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 00:07]

 

.

Contents of the 'Scheduled Tasks' folder

"2008-01-15 17:31:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-01-05 00:07:05 C:\WINDOWS\Tasks\Norton Security Scan.job"

- C:\Program Files\Norton Security Scan\Nss.exe

"2008-01-21 14:21:01 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-21 15:51:56

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

"LogitechCameraAssistant"="C:\\Program Files\\Logitech\\Video\\CameraAssistant.exe"

.

Completion time: 2008-01-21 15:54:04

ComboFix-quarantined-files.txt 2008-01-21 14:53:58

.

2008-01-21 14:10:24 --- E O F ---

 

 

Endret av Vintermåne
Lenke til kommentar

Her er hverfall alle infiserte filer Jeg har funnet på PC-en min hittil etter at jeg er ferdig med en grundig skanning med Avast,men det er tydeligvis ikke alle.

Fikk nettopp enda en gave til kisten.

 

post-95815-1200933401_thumb.jpg

 

Ser ut at det er en del,foruten det med daemon tools,så er alt komt med MSN-viruset som min samboer greidde å laste ned.

Lenke til kommentar

Ser min logg ok ut? maskina er vertfall mongo... henger av og til når eg surfer.

 

Klikk for å se/fjerne innholdet nedenfor

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:41:38, on 26.01.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Fellesfiler\Autodata Limited Shared\Service\ADCDLicSvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\DAEMON Tools\daemon.exe

C:\Programfiler\MSI\Core Center\CoreCenter.exe

C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe

C:\Programfiler\Winamp\winamp.exe

C:\WINDOWS\explorer.exe

C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\cmd.exe

C:\Programfiler\Opera\Opera.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.7\NppBho.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programfiler\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: CoreCenter.lnk = C:\Programfiler\MSI\Core Center\CoreCenter.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O15 - Trusted Zone: http://asia.msi.com.tw

O15 - Trusted Zone: http://global.msi.com.tw

O15 - Trusted Zone: http://www.msi.com.tw

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1197223078968

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1197223190561

O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab

O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Programfiler\Fellesfiler\Autodata Limited Shared\Service\ADCDLicSvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programfiler\Fellesfiler\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 8998 bytes[/code]

 

ComboFix 08-01-23.1C - olga 2008-01-26 17:35:25.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1044.18.1346 [GMT 1:00]
Running from: C:\Documents and Settings\olga\Programdata\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2007-12-26 to 2008-01-26  )))))))))))))))))))))))))))))))
.

2008-01-26 17:34 . 2000-08-31 08:00	51,200	--a------	C:\WINDOWS\Nircmd.exe
2008-01-21 17:41 . 2007-06-05 10:56	44,928	--a------	C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-21 17:28 . 2008-01-21 18:01	<DIR>	d--------	C:\WINDOWS\system32\ActiveScan
2008-01-21 17:28 . 2008-01-21 17:40	30,590	--a------	C:\WINDOWS\system32\pavas.ico
2008-01-21 17:28 . 2008-01-21 17:40	2,550	--a------	C:\WINDOWS\system32\Uninstall.ico
2008-01-21 17:28 . 2008-01-21 17:40	1,406	--a------	C:\WINDOWS\system32\Help.ico
2008-01-21 15:33 . 2008-01-21 15:33	<DIR>	d--------	C:\Programfiler\QuickTime
2008-01-20 21:07 . 2008-01-20 21:06	102,664	--a------	C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-19 22:19 . 2008-01-19 22:19	<DIR>	d--------	C:\Programfiler\Opera
2008-01-17 16:56 . 2008-01-17 23:03	123,952	--a------	C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-17 16:56 . 2008-01-17 23:03	60,800	--a------	C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-17 16:56 . 2008-01-17 23:03	10,740	--a------	C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-17 16:56 . 2008-01-17 23:03	805	--a------	C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-17 16:39 . 2007-01-18 13:00	3,968	--a------	C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-01-16 22:12 . 2008-01-17 16:29	<DIR>	d--------	C:\Programfiler\SUPERAntiSpyware
2008-01-16 17:27 . 2008-01-21 17:52	<DIR>	d--------	C:\Programfiler\Norton 360
2008-01-16 17:26 . 2008-01-17 23:03	<DIR>	d--------	C:\Programfiler\Symantec
2008-01-16 17:26 . 2008-01-23 15:53	<DIR>	d--------	C:\Programfiler\Fellesfiler\Symantec Shared
2008-01-10 15:27 . 2008-01-10 15:27	90,112	--a------	C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27	57,344	--a------	C:\WINDOWS\system32\QuickTime.qts
2008-01-10 06:37 . 2004-08-04 01:03	221,184	--a------	C:\WINDOWS\system32\wmpns.dll
2008-01-09 18:26 . 2008-01-09 18:26	<DIR>	d--------	C:\WINDOWS\Sun
2008-01-09 18:26 . 2007-09-24 23:31	69,632	--a------	C:\WINDOWS\system32\javacpl.cpl
2008-01-09 18:25 . 2008-01-09 18:26	<DIR>	d--------	C:\Programfiler\Java
2008-01-09 18:25 . 2008-01-09 18:25	<DIR>	d--------	C:\Programfiler\Fellesfiler\Java
2008-01-08 18:21 . 2008-01-08 18:21	<DIR>	d--------	C:\Programfiler\Windows Media Connect 2
2008-01-08 18:21 . 2006-10-04 15:06	1,197,294	-----c---	C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-01-08 18:21 . 2006-10-04 15:06	764,868	-----c---	C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-01-08 18:21 . 2006-10-04 15:06	217,118	-----c---	C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-01-08 18:19 . 2008-01-08 18:20	<DIR>	d--------	C:\WINDOWS\system32\drivers\UMDF
2008-01-07 15:35 . 2008-01-07 15:35	5,376	--a------	C:\WINDOWS\system32\drivers\MS1000.sys
2008-01-07 15:34 . 2008-01-23 15:53	<DIR>	d--------	C:\Programfiler\The Cleaner Free
2008-01-02 19:22 . 2008-01-17 16:26	<DIR>	d--------	C:\Programfiler\Yahoo!
2008-01-02 19:22 . 2008-01-02 19:22	<DIR>	d--------	C:\Programfiler\CCleaner
2007-12-29 02:21 . 2004-08-03 23:08	26,496	--a--c---	C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-29 01:52 . 2006-11-08 09:51	62,336	---------	C:\WINDOWS\system32\drivers\rspndr.sys
2007-12-29 01:52 . 2006-11-08 09:51	10,752	---------	C:\WINDOWS\system32\rspndr.exe
2007-12-27 22:34 . 2007-12-27 22:34	20	--a------	C:\WINDOWS\mafosav.INI
2007-12-27 22:30 . 2007-12-27 22:30	<DIR>	d--------	C:\Programfiler\Mario Forever
2007-12-27 21:42 . 2007-12-28 18:02	<DIR>	d--------	C:\Programfiler\DOSBox-0.72
2007-12-27 21:42 . 2007-12-28 17:55	<DIR>	d--------	C:\lostvikings

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-26 16:37	22,343,712	--sha-w	C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-26 00:09	255,476	--sha-w	C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-21 20:48	4,649,472	----a-w	C:\WINDOWS\Internet Logs\xDB5.tmp
2008-01-21 20:48	1,584,640	----a-w	C:\WINDOWS\Internet Logs\xDB6.tmp
2008-01-21 16:53	---------	d-----w	C:\Programfiler\Winamp
2008-01-21 16:53	---------	d-----w	C:\Programfiler\uTorrent
2008-01-21 16:52	---------	d-----w	C:\Programfiler\MSN Messenger
2008-01-21 16:50	---------	d-----w	C:\Programfiler\Fellesfiler\LightScribe
2008-01-21 16:50	---------	d-----w	C:\Programfiler\DAEMON Tools
2008-01-19 21:23	---------	d-----w	C:\Programfiler\SpywareBlaster
2008-01-16 21:12	---------	d-----w	C:\Programfiler\Fellesfiler\Wise Installation Wizard
2008-01-16 20:50	1,537,024	----a-w	C:\WINDOWS\Internet Logs\xDB4.tmp
2007-12-30 13:26	22,328	----a-w	C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-30 13:24	107,832	----a-w	C:\WINDOWS\system32\PnkBstrB.exe
2007-12-24 23:15	---------	d--h--w	C:\Programfiler\InstallShield Installation Information
2007-12-24 23:15	---------	d-----w	C:\Programfiler\Realtek AC97
2007-12-24 23:13	---------	d-----w	C:\Programfiler\Setup Files
2007-12-24 23:03	2,947,072	----a-w	C:\WINDOWS\Internet Logs\xDB2.tmp
2007-12-24 23:03	1,396,224	----a-w	C:\WINDOWS\Internet Logs\xDB3.tmp
2007-12-24 18:58	---------	d-----w	C:\Programfiler\The All-Seeing Eye
2007-12-24 18:51	---------	d-----w	C:\Programfiler\Fellesfiler\Adobe
2007-12-24 16:07	66,872	----a-w	C:\WINDOWS\system32\PnkBstrA.exe
2007-12-20 15:24	---------	d-----w	C:\Programfiler\Fellesfiler\Autodata Limited Shared
2007-12-18 17:58	---------	d-----w	C:\Programfiler\WinAce
2007-12-18 16:21	---------	d-----w	C:\Programfiler\Apple Software Update
2007-12-17 05:40	2,668,032	----a-w	C:\WINDOWS\Internet Logs\xDB1.tmp
2007-12-16 21:18	---------	d-----w	C:\Programfiler\MSXML 4.0
2007-12-16 16:07	---------	d-----w	C:\Programfiler\Fellesfiler\Ahead
2007-12-14 08:21	9,216	----a-w	C:\WINDOWS\system32\drivers\FlashSys.sys
2007-12-12 21:02	---------	d-----w	C:\Programfiler\MSI
2007-12-11 21:06	94,636	----a-w	C:\WINDOWS\dropcpyr.dll
2007-12-11 21:06	73,728	----a-w	C:\WINDOWS\copyfstq.exe
2007-12-11 21:06	---------	d-----w	C:\Programfiler\AMP WinOFF
2007-12-10 16:38	---------	d-----w	C:\Programfiler\Runtime Software
2007-12-10 16:29	---------	d-----w	C:\Programfiler\AGEIA Technologies
2007-12-09 17:31	28,672	----a-w	C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-12-09 17:01	---------	d-----w	C:\Programfiler\VideoLAN
2007-12-09 16:59	23,600	----a-w	C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-12-09 16:41	---------	d-----w	C:\Programfiler\Byggforsk
2007-12-09 14:51	685,816	----a-w	C:\WINDOWS\system32\drivers\sptd.sys
2007-12-09 12:23	---------	d-----w	C:\Programfiler\SystemRequirementsLab
2007-12-08 16:41	---------	d-----w	C:\Programfiler\Nero
2007-12-08 16:02	---------	d-----w	C:\Programfiler\Fellesfiler\InstallShield
2007-12-08 15:54	---------	d--h--w	C:\Programfiler\Uninstall Information
2007-12-08 15:51	---------	d-----w	C:\Programfiler\microsoft frontpage
2007-12-08 15:49	---------	d-----w	C:\Programfiler\Fellesfiler\Tjenester
2007-12-08 15:49	---------	d-----w	C:\Programfiler\Fellesfiler\MSSoap
2007-12-08 15:49	---------	d-----w	C:\Programfiler\Elektroniske tjenester
2007-12-08 15:45	---------	d-----w	C:\Programfiler\Fellesfiler\SpeechEngines
2007-12-08 15:45	---------	d-----w	C:\Programfiler\Fellesfiler\ODBC
2007-11-30 22:57	43,696	----a-w	C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 22:57	317,616	----a-w	C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 22:57	279,088	----a-w	C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 22:57	10,549	----a-w	C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 22:57	10,549	----a-w	C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 22:57	10,545	----a-w	C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 22:57	1,430	----a-w	C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 22:57	1,421	----a-w	C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 22:57	1,415	----a-w	C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-14 15:05	75,248	----a-w	C:\WINDOWS\zllsputility.exe
2007-11-14 15:05	1,086,952	----a-w	C:\WINDOWS\system32\zpeng24.dll
2007-11-07 09:30	721,920	----a-w	C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:45	1,290,752	----a-w	C:\WINDOWS\system32\quartz.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:03 15360]
"MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2007-12-06 13:06 167368]
"SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 15:32 579072]
"Resume copy"="copyfstq.exe" [2007-12-11 22:06 73728 C:\WINDOWS\copyfstq.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"ZoneAlarm Client"="C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 577536 C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-07-18 02:54 116072]
"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:03 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-11 19:39 219136]

R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\system32\Drivers\ousbehci.sys [2004-06-15 06:56]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2004-06-15 06:56]
R3 PCAlertDriver;PCAlertDriver;C:\Programfiler\MSI\Core Center\NTGLM7X.sys [2004-11-16 09:27]
R3 RushTopDevice;RushTopDevice;C:\Programfiler\MSI\Core Center\RushTop.sys [2004-11-16 11:54]
S3 MS1000;MS1000;C:\WINDOWS\system32\DRIVERS\MS1000.sys [2008-01-07 15:35]

*Newly Created Service* - COMHOST 
*Newly Created Service* - PROCEXP90 
.
Contents of the 'Scheduled Tasks' folder
"2008-01-21 14:30:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 17:37:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2008-01-26 17:37:41
.
2008-01-17 15:34:08	--- E O F ---

 

/skjul]

 

Kordan ser dette ut?

Endret av londoy
Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
×
×
  • Opprett ny...