Gå til innhold

[LØST] Windows Explorer restarter konstant (+ HJT-logg)

MrEro

Av MrEro
i IKT-drift og sikkerhet

Anbefalte innlegg

MrEro

MrEro

Skrevet
Skrevet (endret)

Hei.

 

Dette er en desperat håndstrekning til gode sjeler der ute.

Etter litt surfing på nettet begynte Windows Exploreren min å restarte seg konstant. Inntil den bare stopper å prøve, og prosessen stanser.

 

Jeg har alt prøvd å starte maskina i sikker(hets?)modus men også da forekommer det samme fenomenet.

 

Jeg håper det er noen som har sett noe til fenomenet, eller vet om en mulig løsning (bortsett fra en "clean install"

). I tillegg har jeg særemne i morgen, og denne tingen (virus/something) gjør det nærmest umulig å bruke maskina..

 

 

Venter i (desperat) håp på svar.

 

Mvh

Olli_B_Newbie

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:02, on 09.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Globe Software\StatBar\StatBar.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Documents and Settings\MrEro\Desktop\HiJackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.startsiden.no/"]http://www.startsiden.no/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url="https://login.live.com/ppsecure/sha1auth.srf?lc=1044"]https://login.live.com/ppsecure/sha1auth.srf?lc=1044[/url]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1841F12A-8989-48B9-935C-1AD2D8FE705B} - C:\WINDOWS\system32\yayyYOfd.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5B0AFF7A-4B19-45D7-8D36-E4B2D6214998} - C:\WINDOWS\system32\wvUlllIc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {E126A9FF-9AEF-486A-A4AA-BEAAD3A8DE7B} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [statBar] C:\Program Files\Globe Software\StatBar\StatBar.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - [url="http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab"]http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab[/url]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url="http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab"]http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab[/url]
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - [url="http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab"]http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab[/url]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [url="http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab"]http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab[/url]
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - [url="http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab"]http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{724AED14-5A8A-4FF6-8B8F-7074DFFEA2A1}: NameServer = 81.167.36.3,192.168.0.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: yayyYOfd - C:\WINDOWS\SYSTEM32\yayyYOfd.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: MLServ - formessengers.com - C:\Program Files\MessengerLog Pro\mlserv.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10057 bytes

Endret av olli_b_newbie
Lenke til kommentar

Videoannonse

Videoannonse
Annonse
MrEro

MrEro

Skrevet
  • Forfatter
Skrevet

Tusen takk for hjelpen, problemet er nå løst! :new_woot: Jeg er utrolig takknemlig =)

Var faktisk innom den tråden før jeg postet, men tenkte en HJT-logg var eneste som trengtes.

 

Men ettersom det er løst nå, er det slik at jeg likevel skal legge ut de andre loggene?

Usikker på om det vil kunne hjelpe andre, men hvem vet..? Hehe.

 

Atter en gang, tusen takk.

 

Ærbødigst,

Olli_B_Newbie

Lenke til kommentar
MrEro

MrEro

Skrevet
  • Forfatter
Skrevet
Det er lurt å legge ut loggene da det fortsatt kan ligge filer knyttet til malware igjen.

 

Da gjør jeg det.

Først ComboFix-Loggen:

ComboFix 08-10-08.05 - MrEro 2008-10-09 18:09:45.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1527 [GMT 2:00]
Running from: C:\Documents and Settings\MrEro\Desktop\ComboFix.exe
* Created a new restore point

[color="RED"][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\MrEro\Application Data\Adobe\Player.exe
C:\Documents and Settings\MrEro\Application Data\inst.exe
C:\WINDOWS\system32\cIlllUvw.ini
C:\WINDOWS\system32\cIlllUvw.ini2
C:\WINDOWS\system32\ddcDwtUl.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\Updater.exe
C:\WINDOWS\system32\wvUlllIc.dll
C:\WINDOWS\system32\yayyYOfd.dll

----- BITS: Possible infected sites -----

hxxp://78.157.142.26
.
(((((((((((((((((((((((((   Files Created from 2008-09-09 to 2008-10-09  )))))))))))))))))))))))))))))))
.

2008-10-09 18:09 . 2008-10-09 18:09	<DIR>	d--------	C:\Program Files\Malwarebytes' Anti-Malware
2008-10-09 18:09 . 2008-10-09 18:09	<DIR>	d--------	C:\Documents and Settings\MrEro\Application Data\Malwarebytes
2008-10-09 18:09 . 2008-10-09 18:09	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-09 18:09 . 2008-09-10 00:04	38,528	--a------	C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-09 18:09 . 2008-09-10 00:03	17,200	--a------	C:\WINDOWS\system32\drivers\mbam.sys
2008-10-09 17:29 . 2008-10-09 17:29	<DIR>	d--------	C:\Program Files\Trend Micro
2008-10-09 16:35 . 2008-10-09 16:35	108,336	--a------	C:\WINDOWS\system32\mswinsck.ocx
2008-10-09 16:24 . 2008-10-09 16:25	<DIR>	d--------	C:\WINDOWS\NV31283032.TMP
2008-10-09 16:24 . 2008-09-17 23:55	453,152	--a------	C:\WINDOWS\system32\nvuninst.exe
2008-10-09 16:24 . 2008-09-17 23:55	453,152	--a------	C:\WINDOWS\system32\nvudisp.exe
2008-10-09 16:24 . 2008-10-09 18:17	200,712	--a------	C:\WINDOWS\system32\nvapps.xml
2008-10-09 16:24 . 2008-09-17 23:55	18,394	--a------	C:\WINDOWS\system32\nvdisp.nvu
2008-10-09 16:13 . 2001-08-23 13:00	10,129,408	--a------	C:\WINDOWS\system32\dllcache\hwxkor.dll
2008-10-09 01:32 . 2008-10-09 01:32	<DIR>	d--------	C:\Program Files\Easy Duplicate Finder
2008-10-09 01:26 . 2008-10-09 01:28	<DIR>	d--------	C:\Program Files\Driver Sweeper
2008-09-27 02:06 . 2008-09-27 02:06	54,156	--ah-----	C:\WINDOWS\QTFont.qfn
2008-09-27 02:06 . 2008-09-27 02:06	1,409	--a------	C:\WINDOWS\QTFont.for
2008-09-21 15:17 . 2008-09-21 15:17	<DIR>	d--------	C:\Program Files\Microsoft SQL Server
2008-09-21 15:14 . 2008-09-21 15:14	<DIR>	d--------	C:\Program Files\Microsoft.NET
2008-09-21 15:14 . 2008-09-21 15:15	<DIR>	d--------	C:\Program Files\Microsoft Visual Studio 9.0
2008-09-21 15:13 . 2008-09-21 15:14	<DIR>	d--------	C:\Program Files\Microsoft Web Designer Tools
2008-09-21 15:13 . 2008-09-21 15:13	<DIR>	d--------	C:\Program Files\Microsoft SDKs
2008-09-21 15:13 . 2008-09-21 15:13	<DIR>	dr-h-----	C:\MSOCache
2008-09-21 15:13 . 2008-09-23 03:00	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-21 15:12 . 2008-09-21 15:12	<DIR>	d--------	C:\WINDOWS\system32\XPSViewer
2008-09-21 15:12 . 2008-09-21 15:12	<DIR>	d--------	C:\Program Files\Reference Assemblies
2008-09-21 15:12 . 2008-09-21 15:12	<DIR>	d--------	C:\Program Files\MSBuild
2008-09-21 15:11 . 2008-07-06 14:06	1,676,288	--a------	C:\WINDOWS\system32\xpssvcs.dll
2008-09-21 15:11 . 2008-07-06 14:06	1,676,288	---------	C:\WINDOWS\system32\dllcache\xpssvcs.dll
2008-09-21 15:11 . 2008-07-06 12:50	597,504	---------	C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2008-09-21 15:11 . 2008-07-06 14:06	575,488	--a------	C:\WINDOWS\system32\xpsshhdr.dll
2008-09-21 15:11 . 2008-07-06 14:06	575,488	---------	C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2008-09-21 15:11 . 2008-07-06 14:06	117,760	--a------	C:\WINDOWS\system32\prntvpt.dll
2008-09-21 15:11 . 2008-07-06 14:06	89,088	---------	C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2008-09-18 21:32 . 2008-09-21 16:20	<DIR>	d--------	C:\Program Files\WMV9_VCM
2008-09-18 21:32 . 2008-09-18 21:32	<DIR>	d--------	C:\Documents and Settings\MrEro\Application Data\MAGIX
2008-09-18 21:32 . 2008-09-18 21:32	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\MAGIX
2008-09-18 21:31 . 2008-09-21 16:20	<DIR>	d--------	C:\WINDOWS\system32\MAGIX
2008-09-18 21:31 . 2008-09-21 16:20	<DIR>	d--------	C:\Program Files\Common Files\xara
2008-09-18 21:31 . 2008-09-18 21:31	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Xara
2008-09-18 21:31 . 2007-12-04 15:20	700,416	--a------	C:\WINDOWS\system32\mgxoschk.dll
2008-09-18 21:31 . 2007-04-27 10:43	120,200	--a------	C:\WINDOWS\system32\DLLDEV32i.dll
2008-09-18 21:31 . 2003-04-18 16:29	44,544	--a------	C:\WINDOWS\system32\msxml4a.dll
2008-09-18 21:31 . 2008-09-21 16:19	5,937	--a------	C:\WINDOWS\mgxoschk.ini
2008-09-13 14:26 . 2008-09-13 14:26	<DIR>	d--------	C:\Program Files\Common Files\PCSuite
2008-09-13 14:25 . 2008-09-13 14:25	<DIR>	d--------	C:\Program Files\PC Connectivity Solution
2008-09-12 23:17 . 2008-09-12 23:17	<DIR>	d--------	C:\Program Files\Symantec
2008-09-12 23:04 . 2008-09-12 23:04	<DIR>	d--------	C:\Program Files\Paragon Software
2008-09-12 23:04 . 2008-01-21 17:43	4,244,744	--a------	C:\WINDOWS\system32\qtp-mt334.dll
2008-09-12 23:04 . 2008-01-21 17:43	247,560	--a------	C:\WINDOWS\system32\prgiso.dll
2008-09-12 23:04 . 2008-01-21 17:43	39,472	--a------	C:\WINDOWS\system32\drivers\hotcore3.sys
2008-09-12 23:04 . 2008-01-21 17:43	13,576	--a------	C:\WINDOWS\system32\wnaspi32.dll
2008-09-11 00:30 . 2008-04-14 02:12	116,224	--a------	C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-09-11 00:30 . 2001-08-17 22:37	99,865	--a------	C:\WINDOWS\system32\dllcache\xlog.exe
2008-09-11 00:30 . 2001-08-17 22:37	27,648	--a------	C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-09-11 00:30 . 2001-08-17 22:36	23,040	--a------	C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-09-11 00:30 . 2004-08-03 22:29	19,455	--a------	C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-09-11 00:30 . 2008-04-14 02:12	18,944	--a------	C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-09-11 00:30 . 2001-08-17 12:11	16,970	--a------	C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-09-11 00:30 . 2004-08-03 22:29	12,063	--a------	C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-09-11 00:30 . 2001-08-17 22:37	4,608	--a------	C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-09-11 00:28 . 2001-08-17 22:36	495,616	--a------	C:\WINDOWS\system32\dllcache\sblfx.dll
2008-09-11 00:27 . 2008-04-13 20:31	2,065,792	--a------	C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-09-11 00:26 . 2001-08-17 13:28	802,683	--a------	C:\WINDOWS\system32\dllcache\ltsm.sys
2008-09-11 00:25 . 2001-08-17 14:56	1,733,120	--a------	C:\WINDOWS\system32\dllcache\g400d.dll
2008-09-11 00:24 . 2001-08-17 12:13	980,034	--a------	C:\WINDOWS\system32\dllcache\cicap.sys
2008-09-11 00:23 . 2001-08-17 13:28	871,388	--a------	C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-09-11 00:22 . 2008-04-13 21:27	2,188,928	--a------	C:\WINDOWS\system32\dllcache\ntoskrnl.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 16:16	---------	d-----w	C:\Program Files\PeerGuardian2
2008-10-09 16:03	---------	d-----w	C:\Documents and Settings\MrEro\Application Data\uTorrent
2008-10-09 14:59	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-09 00:32	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-10-08 14:50	---------	d-----w	C:\Program Files\Mozilla Sunbird
2008-10-04 16:47	---------	d-----w	C:\Program Files\Flickr Uploadr
2008-10-04 14:55	---------	d-----w	C:\Documents and Settings\MrEro\Application Data\dvdcss
2008-09-18 20:06	---------	d-----w	C:\Program Files\Cheat Engine
2008-09-13 12:26	---------	d-----w	C:\Program Files\Nokia
2008-09-13 12:26	---------	d-----w	C:\Program Files\Common Files\Nokia
2008-09-13 12:25	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Installations
2008-09-11 22:00	---------	d-----w	C:\Documents and Settings\MrEro\Application Data\Vso
2008-09-10 22:45	---------	d-----w	C:\Program Files\NSS
2008-09-10 21:59	---------	d-----w	C:\Program Files\IObit
2008-09-10 21:59	---------	d-----w	C:\Documents and Settings\MrEro\Application Data\IObit
2008-09-05 21:30	241,704	------w	C:\WINDOWS\system32\dllcache\wgaLogon.dll
2008-09-05 21:29	917,032	------w	C:\WINDOWS\system32\dllcache\WgaTray.exe
2008-09-03 18:52	---------	d-----w	C:\Program Files\NVIDIA Corporation
2008-09-03 18:51	---------	d-----w	C:\Program Files\NVIDIA nTune Performance Application
2008-09-01 18:43	---------	d-----w	C:\Program Files\vixy.net
2008-08-31 21:53	---------	d-----w	C:\Program Files\Audacity
2008-08-22 14:14	---------	d-----w	C:\Program Files\Winamp
2008-08-22 14:14	---------	d-----w	C:\Documents and Settings\MrEro\Application Data\Winamp
2008-08-16 11:21	---------	d-----w	C:\Program Files\Lavasoft
2008-08-16 11:21	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2008-08-16 11:20	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-15 02:00	---------	d-----w	C:\Documents and Settings\MrEro\Application Data\Folding@home-x86
2008-08-15 01:49	---------	d-----w	C:\Program Files\Folding@home
2008-08-12 10:19	---------	d-----w	C:\Program Files\Blaze Media Pro
2008-08-12 10:17	---------	d-----w	C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-12 09:55	---------	d-----w	C:\Program Files\CamStudio
2008-08-10 02:15	---------	d-----w	C:\Documents and Settings\MrEro\Application Data\Flickr
2008-08-09 22:31	---------	d-----w	C:\Documents and Settings\All Users\Application Data\TrackMania
2008-07-29 19:10	73,720	----a-w	C:\WINDOWS\system32\dxva2.dll
2008-07-29 19:10	493,048	----a-w	C:\WINDOWS\system32\evr.dll
2008-07-29 19:10	26,112	----a-w	C:\WINDOWS\system32\TsWpfWrp.exe
2008-07-29 18:35	326,160	----a-w	C:\WINDOWS\system32\PresentationHost.exe
2008-07-29 17:59	781,344	----a-w	C:\WINDOWS\system32\PresentationNative_v0300.dll
2008-07-29 17:59	43,544	----a-w	C:\WINDOWS\system32\PresentationHostProxy.dll
2008-07-29 17:59	161,296	----a-w	C:\WINDOWS\system32\UIAutomationCore.dll
2008-07-29 17:59	105,016	----a-w	C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-29 17:24	97,800	----a-w	C:\WINDOWS\system32\infocardapi.dll
2008-07-29 17:24	622,080	----a-w	C:\WINDOWS\system32\icardagt.exe
2008-07-29 17:24	11,264	----a-w	C:\WINDOWS\system32\icardres.dll
2008-07-25 09:16	96,760	----a-w	C:\WINDOWS\system32\dfshim.dll
2008-07-25 09:16	83,968	----a-w	C:\WINDOWS\system32\mscories.dll
2008-07-25 09:16	282,112	----a-w	C:\WINDOWS\system32\mscoree.dll
2008-07-25 09:16	158,720	----a-w	C:\WINDOWS\system32\mscorier.dll
2008-07-18 20:10	94,920	----a-w	C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10	94,920	----a-w	C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10	53,448	----a-w	C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10	53,448	----a-w	C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10	45,768	----a-w	C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10	36,552	----a-w	C:\WINDOWS\system32\wups.dll
2008-07-18 20:10	36,552	----a-w	C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09	563,912	----a-w	C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09	563,912	----a-w	C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09	325,832	----a-w	C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09	325,832	----a-w	C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09	205,000	----a-w	C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09	205,000	----a-w	C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09	1,811,656	----a-w	C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09	1,811,656	----a-w	C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07	270,880	----a-w	C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07	210,976	----a-w	C:\WINDOWS\system32\muweb.dll
2008-07-11 23:15	20	---h--w	C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
2008-07-10 22:05	106,496	----a-w	C:\WINDOWS\system32\ATL71.DLL
2008-07-10 00:49	215,576	----a-w	C:\WINDOWS\system32\SqlServerSpatial.dll
2008-04-22 20:52	47,360	----a-w	C:\Documents and Settings\MrEro\Application Data\pcouffin.sys
2008-01-16 19:56	32	----a-w	C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-06-23 22:48	32,768	----a-r	C:\WINDOWS\inf\UpdateUSB.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-18 68856]
"StatBar"="C:\Program Files\Globe Software\StatBar\StatBar.exe" [2003-07-25 335872]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-09-17 13574144]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-08-04 266497]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" [2008-03-28 413696]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-09-17 86016]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-09-17 C:\WINDOWS\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe [2007-11-24 274432]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-08-04 805392]
Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.CSCD"= camcodec.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^MrEro^Start Menu^Programs^Startup^Calendar 2000.lnk]
backup=C:\WINDOWS\pss\Calendar 2000.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 02:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-06-17 16:00 1249280 C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a--c--- 2007-11-15 21:59 1271032 E:\Program Files\Games\Valve\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-04-01 18:35 3587120 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-08-04 01:02 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"HotspotShieldService"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Last.fm\\LastFM.exe"=
"E:\\Program Files\\Games\\Valve\\Steam\\SteamApps\\ollib111\\counter-strike\\hl.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"E:\\Program Files\\Games\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Zattoo\\zattood.exe"=
"C:\\Program Files\\Zattoo\\Zattoo2.exe"=
"C:\\Program Files\\TmNationsForever\\TmForever.exe"=
"C:\\Program Files\\Zattoo\\Zattoo.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:LW
"6346:UDP"= 6346:UDP:LW
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2008-01-21 39472]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x);C:\WINDOWS\system32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x);C:\WINDOWS\system32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x);C:\WINDOWS\system32\drivers\sfvfs02.sys [2005-11-03 63488]
R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 140800]
R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-20 5504]
R1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-08-04 75072]
R1 PQNTDrv;PQNTDrv;C:\WINDOWS\system32\drivers\PQNTDrv.sys [2004-05-05 4228]
R1 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 BthServ;Bluetooth Support Service;C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 MLServ;MLServ;C:\Program Files\MessengerLog Pro\mlserv.exe [2008-04-30 262144]
R2 nTuneService;nTune Service;C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]
R2 NVSvc;NVIDIA Display Driver Service;C:\WINDOWS\system32\nvsvc32.exe [2008-09-17 163908]
R2 rspndr;Link-Layer Topology Discovery Responder;C:\WINDOWS\system32\DRIVERS\rspndr.sys [2006-11-08 62336]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2008-02-24 37376]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver;C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver;C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\WINDOWS\system32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
R3 MTsensor;ATK0110 ACPI UTILITY;C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NVR0Dev;NVR0Dev;C:\WINDOWS\nvoclock.sys [2007-09-04 29696]
R3 pcouffin;VSO Software pcouffin;C:\WINDOWS\system32\Drivers\pcouffin.sys [2008-04-22 47360]
R3 pgfilter;pgfilter;C:\Program Files\PeerGuardian2\pgfilter.sys [2005-09-18 5632]
R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2007-06-08 27136]
R3 Wdf01000;Wdf01000;C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 BthEnum;Bluetooth Request Block Driver;C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network);C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver;C:\WINDOWS\system32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver;C:\WINDOWS\system32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-12 654848]
S3 LBTServ;Logitech Bluetooth Service;C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-09-10 38528]
S3 NdisIP;Microsoft TV/Video Connection;C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic;C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 PD0620VID;Creative WebCam Instant;C:\WINDOWS\system32\DRIVERS\P0620Vid.sys [2004-07-29 91577]
S3 PRODIGY;PRODIGY;C:\WINDOWS\system32\Drivers\PRODIGY.SYS [2006-08-29 32377]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI);C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 se45bus;Sony Ericsson Device 069 driver (WDM);C:\WINDOWS\system32\DRIVERS\se45bus.sys [2006-11-30 61536]
S3 ServiceLayer;ServiceLayer;C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S3 SLIP;BDA Slip De-Framer;C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 usbser;USB Modem Driver;C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt;C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S3 WpdUsb;WpdUsb;C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S4 HotspotShieldService;Hotspot Shield Service;C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2007-06-08 50176]

*Newly Created Service* - PGFILTER
.
- - - - ORPHANS REMOVED - - - -

BHO-{1841F12A-8989-48B9-935C-1AD2D8FE705B} - C:\WINDOWS\system32\yayyYOfd.dll
BHO-{C924E2FD-8623-4F06-AA2B-EE5D52A9040D} - C:\WINDOWS\system32\wvUlllIc.dll
BHO-{E126A9FF-9AEF-486A-A4AA-BEAAD3A8DE7B} - (no file)
HKU-Default-Run-PcSync - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
ShellExecuteHooks-{1841F12A-8989-48B9-935C-1AD2D8FE705B} - C:\WINDOWS\system32\yayyYOfd.dll
Notify-yayyYOfd - yayyYOfd.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\MrEro\Application Data\Mozilla\Firefox\Profiles\p82dqe2y.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2008-10-09 18:17:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2008-10-09 18:19:56 - machine was rebooted
ComboFix-quarantined-files.txt  2008-10-09 16:19:54

Pre-Run: 8 908 177 408 bytes free
Post-Run: 8,840,126,464 bytes free

354	--- E O F ---	2008-09-23 01:00:49

 

Så MBAM-loggen

Malwarebytes' Anti-Malware 1.28
Database version: 1248
Windows 5.1.2600 Service Pack 3

09.10.2008 19:06:17
mbam-log-2008-10-09 (19-06-17).txt

Scan type: Quick Scan
Objects scanned: 54815
Time elapsed: 4 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Tingen med MBAM-loggen er at den første gangen jeg kjørte den, og den fant mange trusler, ble datamaskina restartet - og dermed fikk jeg ingen logg over hva det var.. Men tror den klarte å fjerne filene, for de blir ikke funnet nå ihvertfall. Dermed kjørte jeg en QuickScan så fort CF sin jobb var ferdig.

Lenke til kommentar
MrEro

MrEro

Skrevet
  • Forfatter
Skrevet
Ser greit ut. Post ny HJT-logg

(Loggene som MBAM lager, vil ligge under fanearket Loggfiler. Kunne vært interessant og sett tidligere logg)

 

Tja her er i hvertfall HJT-loggen:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:52:46, on 09.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MessengerLog Pro\mlserv.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Globe Software\StatBar\StatBar.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
c:\program files\winamp\winamp.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.startsiden.no/"]http://www.startsiden.no/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url="https://login.live.com/ppsecure/sha1auth.srf?lc=1044"]https://login.live.com/ppsecure/sha1auth.srf?lc=1044[/url]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [statBar] C:\Program Files\Globe Software\StatBar\StatBar.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - [url="http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab"]http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab[/url]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url="http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab"]http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab[/url]
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - [url="http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab"]http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab[/url]
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - [url="http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab"]http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab[/url]
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - [url="http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab"]http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{724AED14-5A8A-4FF6-8B8F-7074DFFEA2A1}: NameServer = 81.167.36.3,192.168.0.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: MLServ - formessengers.com - C:\Program Files\MessengerLog Pro\mlserv.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10159 bytes

 

Som sagt så finnes det ingen logg fra MBAM fra den første skannen, dessverre. Har sett der også.. Men til tross for at loggen ikke ble lagret, tror jeg den fjernet det den fant, siden senere søk ikke fikk resultat..

Lenke til kommentar
MrEro

MrEro

Skrevet
  • Forfatter
Skrevet (endret)

Ja, det er et MSN-loggeprogram jeg bruker i steden for standardfunksjonen til Messenger. ;)

 

Takk for all tilbakemelding. Takknemlig for all hjelp og respons.

 

MrEro

 

Edit: Kjørte MBAM en gang til, "full scan" for sikkerhets skyld og fant infeksjoner denne gangen.

Malwarebytes' Anti-Malware 1.28
Database version: 1248
Windows 5.1.2600 Service Pack 3

10.10.2008 04:33:15
mbam-log-2008-10-10 (04-33-15).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 197282
Time elapsed: 39 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcDwtUl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\yayyYOfd.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AF269673-F536-4C45-A7E0-A35E1A1DCFFC}\RP379\A0064862.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AF269673-F536-4C45-A7E0-A35E1A1DCFFC}\RP379\A0064864.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

 

Håper alt er i orden nå i hvertfall.

God natt.

Endret av MrEro
Lenke til kommentar
norbat

norbat

Skrevet
Skrevet

Malwarefilene lå i karantenemappa til Combofix.

 

Hvis pc'n kjører ok, så kan du fjerne combofix ved å skrive combofix /u i kjør-feltet (start->kjør).

Dette vil i tillegg til å fjerne karantenefiler etc., også nullstille systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere.

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...