Maggi94 Skrevet 31. oktober 2008 Del Skrevet 31. oktober 2008 (endret) Eg trykka på ein link på msn, så fekk eg virus.. Kan nokon hjelpa meg? Endret 10. november 2008 av Maggi94 Lenke til kommentar
norbat Skrevet 31. oktober 2008 Del Skrevet 31. oktober 2008 Hei, Kjør gjennom veiledningen. Start med punkt 3 (lag hjt-logg) og deretter punkt 2. Loggene det spørres etter, poster du her i din egen tråd. Kunne du også fortelle hva som sto på linken du trykte? Lenke til kommentar
fre4k Skrevet 31. oktober 2008 Del Skrevet 31. oktober 2008 Jeg fikk linken, jeg så det sto noe om record og msnen adressen min Lenke til kommentar
Maggi94 Skrevet 31. oktober 2008 Forfatter Del Skrevet 31. oktober 2008 ComboFix 08-10-30.13 - Administrator 2008-11-01 0:24:46.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.223 [GMT 1:00] Running from: D:\Documents and Settings\Administrator.EXPERIEN-68686C\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-31 ))))))))))))))))))))))))))))))) . 2008-11-01 00:07 . 2008-11-01 00:07 <DIR> d-------- D:\Program Files\Malwarebytes' Anti-Malware 2008-11-01 00:07 . 2008-11-01 00:07 <DIR> d-------- D:\Documents and Settings\All Users.WINTINY\Application Data\Malwarebytes 2008-11-01 00:07 . 2008-11-01 00:07 <DIR> d-------- D:\Documents and Settings\Administrator.EXPERIEN-68686C\Application Data\Malwarebytes 2008-11-01 00:07 . 2008-10-22 16:10 38,496 --a------ D:\WINTINY\system32\drivers\mbamswissarmy.sys 2008-11-01 00:07 . 2008-10-22 16:10 15,504 --a------ D:\WINTINY\system32\drivers\mbam.sys 2008-10-31 23:58 . 2008-10-31 23:58 <DIR> d-------- D:\Program Files\CCleaner 2008-10-30 22:41 . 2008-11-01 00:05 <DIR> d-------- D:\Documents and Settings\Administrator.EXPERIEN-68686C\Application Data\skypePM 2008-10-30 22:41 . 2008-10-30 22:41 56 --ah----- D:\WINTINY\system32\ezsidmv.dat 2008-10-30 22:40 . 2008-11-01 00:20 <DIR> d-------- D:\Documents and Settings\Administrator.EXPERIEN-68686C\Application Data\Skype 2008-10-30 22:39 . 2008-10-30 22:40 <DIR> d-------- D:\Documents and Settings\All Users.WINTINY\Application Data\Skype 2008-10-30 16:36 . 2008-10-30 16:36 49,676 --a------ D:\Documents and Settings\Administrator.EXPERIEN-68686C\java_plugin.exe 2008-10-29 08:56 . 2008-10-29 08:56 <DIR> d-------- D:\Program Files\Mess Way Tons 2008-10-29 08:00 . 2008-10-29 08:00 120 --a------ D:\sqmnoopt05.sqm 2008-10-29 08:00 . 2008-10-29 08:00 120 --a------ D:\sqmdata06.sqm 2008-10-29 07:58 . 2008-10-29 07:58 236 --a------ D:\sqmdata05.sqm 2008-10-29 07:58 . 2008-10-29 07:58 200 --a------ D:\sqmnoopt04.sqm 2008-10-27 21:24 . 2008-10-27 21:24 <DIR> d-------- D:\WINTINY\Sun 2008-10-27 18:05 . 2008-10-27 18:05 236 --a------ D:\sqmdata03.sqm 2008-10-27 18:05 . 2008-10-27 18:05 120 --a------ D:\sqmnoopt03.sqm 2008-10-27 18:05 . 2008-10-27 18:05 120 --a------ D:\sqmdata04.sqm 2008-10-27 14:35 . 2008-10-27 14:35 236 --a------ D:\sqmdata02.sqm 2008-10-27 14:35 . 2008-10-27 14:35 200 --a------ D:\sqmnoopt02.sqm 2008-10-24 15:13 . 2008-10-24 15:13 236 --a------ D:\sqmdata01.sqm 2008-10-24 15:13 . 2008-10-24 15:13 200 --a------ D:\sqmnoopt01.sqm 2008-10-24 15:04 . 2008-10-15 17:34 337,408 --------- D:\WINTINY\system32\dllcache\netapi32.dll 2008-10-24 14:36 . 2008-10-29 07:57 <DIR> d-------- D:\Documents and Settings\Administrator.EXPERIEN-68686C\Tracing 2008-10-24 14:36 . 2008-10-29 08:40 16,504 --a------ D:\WINTINY\system32\GDIPFONTCACHEV1.DAT 2008-10-24 14:30 . 2008-10-24 14:30 <DIR> d-------- D:\Program Files\Microsoft 2008-10-24 14:25 . 2008-10-24 14:25 <DIR> d-------- D:\Program Files\Common Files\Windows Live 2008-10-19 14:42 . 2008-10-19 14:42 <DIR> d-------- D:\Program Files\Lavasoft 2008-10-19 14:42 . 2008-10-19 14:43 <DIR> d-------- D:\Documents and Settings\All Users.WINTINY\Application Data\Lavasoft 2008-10-19 14:41 . 2008-10-19 14:41 <DIR> d-------- D:\Program Files\Common Files\Wise Installation Wizard 2008-10-18 18:00 . 2008-05-06 13:00 221,184 --a------ D:\WINTINY\system32\wmpns.dll 2008-10-16 21:36 . 2008-10-16 21:36 <DIR> d-------- D:\Documents and Settings\Administrator.EXPERIEN-68686C\Application Data\OpenOffice.org 2008-10-16 21:33 . 2008-10-16 21:33 <DIR> d-------- D:\Program Files\OpenOffice.org 3 2008-10-16 21:33 . 2008-10-16 21:33 <DIR> d-------- D:\Program Files\JRE 2008-10-16 21:32 . 2008-06-10 01:32 73,728 --a------ D:\WINTINY\system32\javacpl.cpl 2008-10-16 21:28 . 2008-10-16 21:28 <DIR> d-------- D:\Program Files\readmes 2008-10-16 21:28 . 2008-10-16 21:28 <DIR> d-------- D:\Program Files\licenses 2008-10-15 11:17 . 2008-08-14 11:11 2,189,184 --------- D:\WINTINY\system32\dllcache\ntoskrnl.exe 2008-10-15 11:17 . 2008-08-14 11:09 2,145,280 --------- D:\WINTINY\system32\dllcache\ntkrnlmp.exe 2008-10-15 11:17 . 2008-08-14 10:33 2,066,048 --------- D:\WINTINY\system32\dllcache\ntkrnlpa.exe 2008-10-15 11:17 . 2008-08-14 10:33 2,023,936 --------- D:\WINTINY\system32\dllcache\ntkrpamp.exe 2008-10-15 10:52 . 2008-09-08 11:41 333,824 --------- D:\WINTINY\system32\dllcache\srv.sys 2008-10-15 10:50 . 2008-09-15 13:12 1,846,400 --------- D:\WINTINY\system32\dllcache\win32k.sys 2008-10-11 16:42 . 2008-10-27 14:37 <DIR> d-------- D:\Documents and Settings\Administrator.EXPERIEN-68686C\Application Data\Creative 2008-10-11 16:36 . 2003-06-12 22:25 7,062 --a------ D:\WINTINY\system32\audiopid.vxd 2008-10-11 16:35 . 2008-10-11 16:35 <DIR> d-------- D:\Program Files\Audible 2008-10-11 16:35 . 2000-05-22 01:58 647,872 --------- D:\WINTINY\system32\Mscomct2.ocx 2008-10-11 16:35 . 2008-10-11 16:35 417,792 --a------ D:\WINTINY\system32\awrdscdc.ax 2008-10-11 16:35 . 2006-10-05 23:17 53,248 --------- D:\WINTINY\Ctregrun.exe 2008-10-11 16:35 . 2001-08-17 21:43 24,576 --------- D:\WINTINY\system32\msxml3a.dll 2008-10-11 16:34 . 2008-10-11 16:42 <DIR> d-------- D:\Documents and Settings\All Users.WINTINY\Application Data\Creative 2008-10-11 16:33 . 2008-10-11 16:33 <DIR> d-------- D:\Program Files\Common Files\Creative 2008-10-11 16:33 . 1999-12-12 18:01 44,032 --------- D:\WINTINY\system32\CTSVCCDA.EXE 2008-10-11 16:33 . 1999-11-17 18:00 25,088 --------- D:\WINTINY\system32\CTSVCCTL.EXE 2008-10-11 16:32 . 2008-10-11 16:32 <DIR> d-------- D:\WINTINY\system32\LogFiles 2008-10-11 16:32 . 2008-10-11 16:41 <DIR> d-------- D:\WINTINY\system32\drivers\UMDF 2008-10-11 16:32 . 2008-10-11 16:33 <DIR> d--h----- D:\Program Files\Creative Installation Information 2008-10-11 16:32 . 2008-10-11 16:35 <DIR> d-------- D:\Program Files\Creative 2008-10-11 13:49 . 2008-10-11 13:49 0 --a------ D:\WINTINY\nsreg.dat 2008-10-11 13:43 . 2008-10-13 13:31 <DIR> d-------- D:\Documents and Settings\All Users.WINTINY\Application Data\Software Licensors 2008-10-11 13:43 . 2008-10-27 14:35 78,625 --a------ D:\WINTINY\system32\dnpllduqemebumh.exe 2008-10-11 13:21 . 2008-10-11 13:21 <DIR> d--h----- D:\WINTINY\PIF 2008-10-11 12:58 . 2008-11-01 00:16 <DIR> d-------- D:\Program Files\Applications 2008-10-10 02:35 . 2008-04-13 22:15 32,128 --a------ D:\WINTINY\system32\drivers\usbccgp.sys 2008-10-08 01:08 . 2008-10-03 18:41 6,066,176 --------- D:\WINTINY\system32\dllcache\ieframe.dll 2008-10-08 01:08 . 2007-04-17 10:32 2,455,488 --------- D:\WINTINY\system32\dllcache\ieapfltr.dat 2008-10-08 01:08 . 2007-03-08 06:10 991,232 --------- D:\WINTINY\system32\dllcache\ieframe.dll.mui 2008-10-08 01:08 . 2008-08-26 08:24 459,264 --------- D:\WINTINY\system32\dllcache\msfeeds.dll 2008-10-08 01:08 . 2008-08-26 08:24 383,488 --------- D:\WINTINY\system32\dllcache\ieapfltr.dll 2008-10-08 01:08 . 2008-08-26 08:24 267,776 --------- D:\WINTINY\system32\dllcache\iertutil.dll 2008-10-08 01:08 . 2008-08-26 08:24 63,488 --------- D:\WINTINY\system32\dllcache\icardie.dll 2008-10-08 01:08 . 2008-08-26 08:24 52,224 --------- D:\WINTINY\system32\dllcache\msfeedsbs.dll 2008-10-08 01:08 . 2008-08-25 09:38 13,824 --------- D:\WINTINY\system32\dllcache\ieudinit.exe 2008-10-06 12:21 . 2006-10-18 20:47 2,450,944 --------- D:\WINTINY\system32\dllcache\wmvcore.dll 2008-10-06 11:06 . 2008-10-06 11:49 <DIR> d-------- D:\Documents and Settings\Administrator.EXPERIEN-68686C\Application Data\vlc 2008-10-06 10:19 . 2008-10-06 10:19 <DIR> d-------- D:\Documents and Settings\All Users.WINTINY\Application Data\Messenger Plus! 2008-10-06 10:17 . 2008-04-13 22:16 85,248 --a------ D:\WINTINY\system32\drivers\NABTSFEC.sys 2008-10-06 10:17 . 2008-04-13 22:16 19,200 --a------ D:\WINTINY\system32\drivers\WSTCODEC.SYS 2008-10-06 10:17 . 2008-04-13 22:16 17,024 --a------ D:\WINTINY\system32\drivers\CCDECODE.sys 2008-10-06 10:17 . 2008-04-14 03:42 16,384 --a------ D:\WINTINY\system32\ipsink.ax 2008-10-06 10:17 . 2008-04-13 22:16 15,232 --a------ D:\WINTINY\system32\drivers\StreamIP.sys 2008-10-06 10:17 . 2008-04-13 22:16 11,136 --a------ D:\WINTINY\system32\drivers\SLIP.sys 2008-10-06 10:17 . 2008-04-13 22:16 10,880 --a------ D:\WINTINY\system32\drivers\NdisIP.sys 2008-10-06 10:17 . 2008-04-13 22:09 5,504 --a------ D:\WINTINY\system32\drivers\MSTEE.sys 2008-10-06 10:16 . 2008-04-14 03:42 91,136 --a------ D:\WINTINY\system32\kswdmcap.ax 2008-10-06 10:16 . 2008-04-14 03:42 61,952 --a------ D:\WINTINY\system32\kstvtune.ax 2008-10-06 10:16 . 2008-04-14 03:42 53,760 --a------ D:\WINTINY\system32\vfwwdm32.dll 2008-10-06 10:16 . 2008-04-14 03:42 43,008 --a------ D:\WINTINY\system32\ksxbar.ax 2008-10-06 10:16 . 2008-04-14 03:42 28,672 --a------ D:\WINTINY\system32\vidcap.ax 2008-10-06 10:13 . 2008-10-29 08:59 <DIR> d-------- D:\Documents and Settings\Administrator.EXPERIEN-68686C\Application Data\Mess Way Tons 2008-10-06 10:12 . 2008-10-06 10:12 <DIR> d-------- D:\Program Files\Circle Developement 2008-10-06 10:06 . 2008-10-06 10:06 <DIR> d-------- D:\WINTINY\CatRoot 2008-10-06 10:06 . 2000-10-31 11:00 307,200 --------- D:\WINTINY\vidcap32.Exe 2008-10-06 10:06 . 2003-07-11 10:12 159,799 --a------ D:\WINTINY\system32\VM31bPrp.Ax 2008-10-06 10:06 . 2002-08-22 15:34 147,456 --a------ D:\WINTINY\VMCap.exe 2008-10-06 10:06 . 2004-01-07 13:22 90,527 --a------ D:\WINTINY\system32\drivers\usbVM31b.sys 2008-10-06 10:06 . 2003-05-15 16:17 61,440 --a------ D:\WINTINY\system32\VM31bSTI.dll 2008-10-06 10:06 . 2002-08-22 16:02 53,248 --a------ D:\WINTINY\StillCap.exe 2008-10-06 10:06 . 2002-10-16 08:29 49,152 --a------ D:\WINTINY\amcap.exe 2008-10-06 10:06 . 2003-01-21 14:19 40,960 --a------ D:\WINTINY\VM_STI.EXE 2008-10-05 18:28 . 2008-10-29 15:19 <DIR> d-------- D:\Documents and Settings\Administrator.EXPERIEN-68686C\Application Data\uTorrent 2008-10-05 18:24 . 2008-10-05 18:24 <DIR> d--hs---- D:\Documents and Settings\Administrator.EXPERIEN-68686C\UserData 2008-10-05 18:07 . 2008-06-13 12:05 272,128 --------- D:\WINTINY\system32\drivers\bthport.sys 2008-10-05 18:07 . 2008-06-13 12:05 272,128 --------- D:\WINTINY\system32\dllcache\bthport.sys 2008-10-05 18:06 . 2008-04-11 20:04 691,712 --------- D:\WINTINY\system32\dllcache\inetcomm.dll 2008-10-05 18:06 . 2008-05-01 15:33 331,776 --------- D:\WINTINY\system32\dllcache\msadce.dll 2008-10-05 18:06 . 2008-05-08 15:02 203,136 --------- D:\WINTINY\system32\dllcache\rmcast.sys 2008-10-05 18:00 . 2008-10-25 02:00 <DIR> d--h----- D:\WINTINY\$hf_mig$ 2008-10-05 18:00 . 2006-09-16 00:05 23,856 --a------ D:\WINTINY\system32\spupdsvc.exe 2008-10-05 17:58 . 2006-11-29 13:06 3,426,072 --a------ D:\WINTINY\system32\d3dx9_32.dll 2008-10-05 17:53 . 2008-10-23 15:13 <DIR> d-------- D:\Documents and Settings\Administrator.EXPERIEN-68686C\Contacts 2008-10-05 17:51 . 2008-10-29 08:55 <DIR> d----c--- D:\WINTINY\system32\DRVSTORE 2008-10-05 17:49 . 2008-07-18 21:07 270,880 --a------ D:\WINTINY\system32\mucltui.dll 2008-10-05 17:49 . 2008-07-18 21:07 210,976 --a------ D:\WINTINY\system32\muweb.dll 2008-10-05 17:49 . 2008-07-18 21:07 29,728 --a------ D:\WINTINY\system32\mucltui.dll.mui 2008-10-05 17:48 . 2008-10-05 17:48 <DIR> d-------- D:\Documents and Settings\All Users.WINTINY\Application Data\WLInstaller 2008-10-05 17:24 . 2008-10-05 17:24 0 --a------ D:\WINTINY\vpc32.INI 2008-10-05 17:02 . 2008-10-05 17:02 <DIR> d-------- D:\Documents and Settings\ADMINI~1~EXP\LOCALS~1 2008-10-05 17:02 . 2008-10-05 17:02 <DIR> d-------- D:\Documents and Settings\ADMINI~1~EXP 2008-10-05 17:02 . 2005-10-03 09:49 204,800 --a------ D:\WINTINY\system32\UploadDLL.dll 2008-10-05 17:02 . 2005-11-20 04:31 192,512 --a------ D:\WINTINY\system32\blkwcd.dll 2008-10-05 17:02 . 2005-10-03 09:50 167,936 --a------ D:\WINTINY\system32\BelkinwcuiDLL.dll 2008-10-05 17:02 . 2005-10-03 09:50 101,888 --a------ D:\WINTINY\system32\CrashRpt.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-05 15:05 --------- d-----w D:\Documents and Settings\All Users.WINTINY\Application Data\Symantec 2008-09-30 17:06 128,535,711 ----a-w D:\Program Files\openofficeorg1.cab 2008-09-30 16:29 9,772,544 ----a-w D:\Program Files\openofficeorg30.msi 2008-09-30 16:29 217 ----a-w D:\Program Files\setup.ini 2008-09-15 12:12 1,846,400 ----a-w D:\WINTINY\system32\win32k.sys 2008-09-08 10:41 333,824 ----a-w D:\WINTINY\system32\drivers\srv.sys 2008-09-05 14:04 288,256 ----a-w D:\WINTINY\WLXPGSS.SCR 2008-08-27 08:24 3,593,216 ------w D:\WINTINY\system32\dllcache\mshtml.dll 2008-08-25 08:37 70,656 ------w D:\WINTINY\system32\dllcache\ie4uinit.exe 2008-08-23 05:56 635,848 ------w D:\WINTINY\system32\dllcache\iexplore.exe 2008-08-23 05:54 161,792 ------w D:\WINTINY\system32\dllcache\ieakui.dll 2008-08-14 10:09 2,145,280 ----a-w D:\WINTINY\system32\ntoskrnl.exe 2008-08-14 10:04 138,496 ------w D:\WINTINY\system32\dllcache\afd.sys 2008-08-14 09:33 2,023,936 ----a-w D:\WINTINY\system32\ntkrnlpa.exe 2008-07-18 21:10 94,920 ----a-w D:\WINTINY\system32\cdm.dll 2008-07-18 21:10 53,448 ----a-w D:\WINTINY\system32\wuauclt.exe 2008-07-18 21:10 45,768 ----a-w D:\WINTINY\system32\wups2.dll 2008-07-18 21:10 36,552 ----a-w D:\WINTINY\system32\wups.dll 2008-07-18 21:09 563,912 ----a-w D:\WINTINY\system32\wuapi.dll 2008-07-18 21:09 325,832 ----a-w D:\WINTINY\system32\wucltui.dll 2008-07-18 21:09 205,000 ----a-w D:\WINTINY\system32\wuweb.dll 2008-07-18 21:09 1,811,656 ----a-w D:\WINTINY\system32\wuaueng.dll 2008-07-11 08:55 712,704 ----a-w D:\WINTINY\system32\windowscodecs.dll 2008-07-11 08:55 347,648 ----a-w D:\WINTINY\system32\windowscodecsext.dll 2008-07-07 20:26 253,952 ----a-w D:\WINTINY\system32\es.dll 2008-07-07 20:26 253,952 ------w D:\WINTINY\system32\dllcache\es.dll 2002-03-11 09:06 1,822,520 ----a-w D:\Program Files\instmsiw.exe 2002-03-11 08:45 1,708,856 ----a-w D:\Program Files\instmsia.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="D:\WINTINY\system32\ctfmon.exe" [2008-05-06 15360] "32 wait"="D:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\MESSWA~1\DEFAULT BURN POKE.exe" [2008-10-29 582656] "MsnMsgr"="D:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "Skype"="D:\Program Files\Skype\Phone\Skype.exe" [2008-09-29 21755688] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="D:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752] "vptray"="D:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-11-15 85744] "NvCplDaemon"="D:\WINTINY\system32\NvCpl.dll" [2006-10-22 7700480] "NvMediaCenter"="D:\WINTINY\system32\NvMcTray.dll" [2006-10-22 86016] "BigDogPath"="D:\WINTINY\VM_STI.EXE" [2003-01-21 40960] "MP10_EnsureFileVer"="D:\WINTINY\inf\unregmp2.exe" [2008-05-06 208896] "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 D:\WINTINY\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2006-10-22 D:\WINTINY\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2008-08-26 D:\WINTINY\system32\advpack.dll] D:\Documents and Settings\All Users.WINTINY\Start Menu\Programs\Startup\ Belkin Wireless Utility.lnk - D:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\Belkinwcui.exe [2008-09-03 1523712] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"= 1 (0x1) "DisableStatusMessages"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "StartMenuFavorites"= 0 (0x0) "Start_ShowMyComputer"= 1 (0x1) "Start_ShowMyDocs"= 1 (0x1) "Start_ShowMyMusic"= 0 (0x0) "Start_ShowRun"= 1 (0x1) "Start_ShowSearch"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoResolveSearch"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoResolveSearch"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "D:\\Program Files\\uTorrent\\uTorrent.exe"= "D:\\Program Files\\Opera\\opera.exe"= "D:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "D:\\Program Files\\MSN Messenger\\livecall.exe"= "D:\\Program Files\\Skype\\Phone\\Skype.exe"= R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;D:\PROGRA~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [2003-07-24 17149] S0 VIBUS;VIBUS;D:\WINTINY\system32\drivers\VIBUS.sys [2008-05-06 16896] S0 VIDEX32;VIDEX32;D:\WINTINY\system32\drivers\VIDEX32.sys [2008-05-06 9216] S3 s125bus;Sony Ericsson Device 125 driver (WDM);D:\WINTINY\system32\DRIVERS\s125bus.sys [2007-04-24 83336] S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;D:\WINTINY\system32\DRIVERS\s125mdfl.sys [2007-04-24 15112] S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;D:\WINTINY\system32\DRIVERS\s125mdm.sys [2007-04-24 108680] S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;D:\WINTINY\system32\DRIVERS\s125obex.sys [2007-04-24 98696] *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-10-31 D:\WINTINY\Tasks\AD0E516791B9C71F.job - d:\docume~1\admini~1.exp\applic~1\messwa~1\NURB SUPPORT GPL.exe [2008-10-29 08:59] . - - - - ORPHANS REMOVED - - - - BHO-{A242BD08-0B8F-07A6-AA29-9C4FF2ECE10F} - D:\WINTINY\system32\knslesoznizmvmket.dll HKCU-Run-CTSyncU.exe - D:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe.dis . ------- Supplementary Scan ------- . FireFox -: Profile - D:\Documents and Settings\Administrator.EXPERIEN-68686C\Application Data\Mozilla\Firefox\Profiles\nopkooqd.default\ FF -: plugin - D:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-01 00:26:38 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-11-01 0:28:14 ComboFix-quarantined-files.txt 2008-10-31 23:27:37 Pre-Run: 1 863 454 720 bytes free Post-Run: 1,966,153,728 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINTINY [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINTINY="Microsoft Windows XP Professional" /noexecute=optin /fastdetect multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 273 --- E O F --- 2008-10-25 01:00:39 Malwarebytes' Anti-Malware 1.30 Database versjon: 1348 Windows 5.1.2600 Service Pack 3 01.11.2008 00:14:25 mbam-log-2008-11-01 (00-14-25).txt Skanntype: Rask Skann Objekter skannet: 54605 Tid tilbakelagt: 4 minute(s), 52 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 1 Registernøkler infisert: 8 Registerverdier infisert: 12 Registerfiler infisert: 3 Mapper infisert: 2 Filer infisert: 19 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: D:\Program Files\Applications\iebr.dll (Trojan.Zlob) -> Delete on reboot. Registernøkler infisert: HKEY_CLASSES_ROOT\CLSID\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{be1a344f-9ff5-4024-949b-52205e6db2d0} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\virusrl2009 (Rogue.AVLab) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\VirusRL2009 (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Bar (Trojan.Zlob) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{fb357e54-83f1-4a3c-80a2-319201ed6c17} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bat wave base dale (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\virusrl2009 (Rogue.AVLab) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdubyqjvrtybip (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Service (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully. Registerfiler infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mapper infisert: D:\Documents and Settings\Administrator.EXPERIEN-68686C\Start Menu\Programs\virusresponse lab 2009 2.1 (Rogue.AntiVirusLab) -> Quarantined and deleted successfully. D:\Documents and Settings\All Users.WINTINY\Application Data\Link Axis Bat Wave (Trojan.Downloader) -> Delete on reboot. Filer infisert: D:\Program Files\Applications\iebr.dll (Trojan.Zlob) -> Delete on reboot. D:\Documents and Settings\Administrator.EXPERIEN-68686C\Start Menu\Programs\virusresponse lab 2009 2.1\virusresponse lab 2009 2.1.lnk (Rogue.AntiVirusLab) -> Quarantined and deleted successfully. D:\Documents and Settings\All Users.WINTINY\Application Data\Link Axis Bat Wave\hope skip.exe (Trojan.Downloader) -> Delete on reboot. D:\WINTINY\system32\knslesoznizmvmket.dll (Trojan.Agent) -> Delete on reboot. D:\WINTINY\service.exe (Backdoor.Bot) -> Quarantined and deleted successfully. D:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully. D:\Program Files\Applications\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully. D:\Program Files\Applications\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully. D:\Program Files\Applications\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully. D:\Program Files\Applications\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully. D:\Program Files\Applications\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully. D:\Program Files\Applications\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully. D:\Documents and Settings\Administrator.EXPERIEN-68686C\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully. D:\Documents and Settings\Administrator.EXPERIEN-68686C\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully. D:\Documents and Settings\Administrator.EXPERIEN-68686C\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully. D:\Documents and Settings\Administrator.EXPERIEN-68686C\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully. D:\Documents and Settings\Administrator.EXPERIEN-68686C\Favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully. D:\Documents and Settings\Administrator.EXPERIEN-68686C\Start Menu\virusresponse lab 2009 2.1.lnk (Rogue.AntiVirusLab) -> Quarantined and deleted successfully. D:\Documents and Settings\Administrator.EXPERIEN-68686C\Application Data\Microsoft\Internet Explorer\Quick Launch\virusresponse lab 2009 2.1.lnk (Rogue.AntiVirusLab) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:34:46, on 01.11.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: D:\WINTINY\System32\smss.exe D:\WINTINY\system32\winlogon.exe D:\WINTINY\system32\services.exe D:\WINTINY\system32\lsass.exe D:\WINTINY\system32\svchost.exe D:\WINTINY\System32\svchost.exe D:\WINTINY\system32\svchost.exe D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe D:\WINTINY\system32\spoolsv.exe D:\WINTINY\system32\CTsvcCDA.exe D:\Program Files\Symantec AntiVirus\DefWatch.exe D:\WINTINY\system32\nvsvc32.exe D:\WINTINY\system32\svchost.exe D:\Program Files\Symantec AntiVirus\Rtvscan.exe D:\Program Files\Common Files\Symantec Shared\ccApp.exe D:\PROGRA~1\SYMANT~1\VPTray.exe D:\WINTINY\system32\RUNDLL32.EXE D:\WINTINY\VM_STI.EXE D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe D:\WINTINY\system32\ctfmon.exe D:\Program Files\Skype\Phone\Skype.exe D:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\Belkinwcui.exe D:\Program Files\Skype\Plugin Manager\skypePM.exe D:\WINTINY\explorer.exe D:\WINTINY\system32\notepad.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\Miss M\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINTINY\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINTINY\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [bigDogPath] D:\WINTINY\VM_STI.EXE ZSMC USB PC Camera O4 - HKLM\..\Run: [MP10_EnsureFileVer] D:\WINTINY\inf\unregmp2.exe /EnsureFileVersions O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] D:\WINTINY\system32\ctfmon.exe O4 - HKCU\..\Run: [32 wait] D:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\MESSWA~1\DEFAULT BURN POKE.exe O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: Belkin Wireless Utility.lnk = D:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\Belkinwcui.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Indexing Service (CiSvc) - Unknown owner - D:\WINTINY\system32\cisvc.exe (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINTINY\system32\CTsvcCDA.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINTINY\system32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 6362 bytes Lenke til kommentar
Luddezor Skrevet 31. oktober 2008 Del Skrevet 31. oktober 2008 Jeg er helt enig med deg. Lenke til kommentar
norbat Skrevet 31. oktober 2008 Del Skrevet 31. oktober 2008 Åpne notisblokk, kopier og lim inn det som står i fet skrift under. Lagre fila på skrivebordet med navnet CFScript. Dra og slipp fila over Combofix-iconet. Combofix vil starte igjen. File:: D:\WINTINY\system32\dnpllduqemebumh.exe D:\WINTINY\Tasks\AD0E516791B9C71F.job Folder:: D:\Program Files\Mess Way Tons Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "32 wait"=- DirLook:: D:\Documents and Settings\All Users.WINTINY\Application Data\Software Licensors Post loggen. Lenke til kommentar
Maggi94 Skrevet 1. november 2008 Forfatter Del Skrevet 1. november 2008 ComboFix 08-10-30.13 - Administrator 2008-11-01 0:58:47.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.220 [GMT 1:00] Running from: D:\Documents and Settings\Administrator.EXPERIEN-68686C\Desktop\ComboFix.exe Command switches used :: D:\Documents and Settings\Administrator.EXPERIEN-68686C\Desktop\CFScript..txt * Created a new restore point FILE :: D:\WINTINY\system32\dnpllduqemebumh.exe D:\WINTINY\Tasks\AD0E516791B9C71F.job . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\Program Files\Mess Way Tons D:\WINTINY\system32\dnpllduqemebumh.exe D:\WINTINY\Tasks\AD0E516791B9C71F.job . ((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-31 ))))))))))))))))))))))))))))))) . 2008-11-01 00:07 . 2008-11-01 00:07 <DIR> d-------- D:\Program Files\Malwarebytes' Anti-Malware 2008-11-01 00:07 . 2008-11-01 00:07 <DIR> d-------- D:\Documents and Settings\All Users.WINTINY\Application Data\Malwarebytes 2008-11-01 00:07 . 2008-11-01 00:07 <DIR> d-------- D:\Documents and Settings\Administrator.EXPERIEN-68686C\Application Data\Malwarebytes 2008-11-01 00:07 . 2008-10-22 16:10 38,496 --a------ D:\WINTINY\system32\drivers\mbamswissarmy.sys 2008-11-01 00:07 . 2008-10-22 16:10 15,504 --a------ D:\WINTINY\system32\drivers\mbam.sys 2008-10-31 23:58 . 2008-10-31 23:58 <DIR> d-------- D:\Program Files\CCleaner 2008-10-30 22:41 . 2008-11-01 00:05 <DIR> d-------- D:\Documents and Settings\Administrator.EXPERIEN-68686C\Application Data\skypePM 2008-10-30 22:41 . 2008-10-30 22:41 56 --ah----- D:\WINTINY\system32\ezsidmv.dat 2008-10-30 22:40 . 2008-11-01 00:58 <DIR> d-------- D:\Documents and Settings\Administrator.EXPERIEN-68686C\Application Data\Skype 2008-10-30 22:39 . 2008-10-30 22:40 <DIR> d-------- D:\Documents and Settings\All Users.WINTINY\Application Data\Skype 2008-10-30 16:36 . 2008-10-30 16:36 49,676 --a------ D:\Documents and Settings\Administrator.EXPERIEN-68686C\java_plugin.exe 2008-10-29 08:00 . 2008-10-29 08:00 120 --a------ D:\sqmnoopt05.sqm 2008-10-29 08:00 . 2008-10-29 08:00 120 --a------ D:\sqmdata06.sqm 2008-10-29 07:58 . 2008-10-29 07:58 236 --a------ D:\sqmdata05.sqm 2008-10-29 07:58 . 2008-10-29 07:58 200 --a------ D:\sqmnoopt04.sqm 2008-10-27 21:24 . 2008-10-27 21:24 <DIR> d-------- D:\WINTINY\Sun 2008-10-27 18:05 . 2008-10-27 18:05 236 --a------ D:\sqmdata03.sqm 2008-10-27 18:05 . 2008-10-27 18:05 120 --a------ D:\sqmnoopt03.sqm 2008-10-27 18:05 . 2008-10-27 18:05 120 --a------ D:\sqmdata04.sqm 2008-10-27 14:35 . 2008-10-27 14:35 236 --a------ D:\sqmdata02.sqm 2008-10-27 14:35 . 2008-10-27 14:35 200 --a------ D:\sqmnoopt02.sqm 2008-10-24 15:13 . 2008-10-24 15:13 236 --a------ D:\sqmdata01.sqm 2008-10-24 15:13 . 2008-10-24 15:13 200 --a------ D:\sqmnoopt01.sqm 2008-10-24 15:04 . 2008-10-15 17:34 337,408 --------- D:\WINTINY\system32\dllcache\netapi32.dll 2008-10-24 14:36 . 2008-10-29 07:57 <DIR> d-------- D:\Documents and Settings\Administrator.EXPERIEN-68686C\Tracing 2008-10-24 14:36 . 2008-10-29 08:40 16,504 --a------ D:\WINTINY\system32\GDIPFONTCACHEV1.DAT 2008-10-24 14:30 . 2008-10-24 14:30 <DIR> d-------- D:\Program Files\Microsoft 2008-10-24 14:25 . 2008-10-24 14:25 <DIR> d-------- D:\Program Files\Common Files\Windows Live 2008-10-19 14:42 . 2008-10-19 14:42 <DIR> d-------- D:\Program Files\Lavasoft 2008-10-19 14:42 . 2008-10-19 14:43 <DIR> d-------- D:\Documents and Settings\All Users.WINTINY\Application Data\Lavasoft 2008-10-19 14:41 . 2008-10-19 14:41 <DIR> d-------- D:\Program Files\Common Files\Wise Installation Wizard 2008-10-18 18:00 . 2008-05-06 13:00 221,184 --a------ D:\WINTINY\system32\wmpns.dll 2008-10-16 21:36 . 2008-10-16 21:36 <DIR> d-------- D:\Documents and Settings\Administrator.EXPERIEN-68686C\Application Data\OpenOffice.org 2008-10-16 21:33 . 2008-10-16 21:33 <DIR> d-------- D:\Program Files\OpenOffice.org 3 2008-10-16 21:33 . 2008-10-16 21:33 <DIR> d-------- D:\Program Files\JRE 2008-10-16 21:32 . 2008-06-10 01:32 73,728 --a------ D:\WINTINY\system32\javacpl.cpl 2008-10-16 21:28 . 2008-10-16 21:28 <DIR> d-------- D:\Program Files\readmes 2008-10-16 21:28 . 2008-10-16 21:28 <DIR> d-------- D:\Program Files\licenses 2008-10-15 11:17 . 2008-08-14 11:11 2,189,184 --------- D:\WINTINY\system32\dllcache\ntoskrnl.exe 2008-10-15 11:17 . 2008-08-14 11:09 2,145,280 --------- D:\WINTINY\system32\dllcache\ntkrnlmp.exe 2008-10-15 11:17 . 2008-08-14 10:33 2,066,048 --------- D:\WINTINY\system32\dllcache\ntkrnlpa.exe 2008-10-15 11:17 . 2008-08-14 10:33 2,023,936 --------- D:\WINTINY\system32\dllcache\ntkrpamp.exe 2008-10-15 10:52 . 2008-09-08 11:41 333,824 --------- D:\WINTINY\system32\dllcache\srv.sys 2008-10-15 10:50 . 2008-09-15 13:12 1,846,400 --------- D:\WINTINY\system32\dllcache\win32k.sys 2008-10-11 16:42 . 2008-10-27 14:37 <DIR> d-------- D:\Documents and Settings\Administrator.EXPERIEN-68686C\Application Data\Creative 2008-10-11 16:36 . 2003-06-12 22:25 7,062 --a------ D:\WINTINY\system32\audiopid.vxd 2008-10-11 16:35 . 2008-10-11 16:35 <DIR> d-------- D:\Program Files\Audible 2008-10-11 16:35 . 2000-05-22 01:58 647,872 --------- D:\WINTINY\system32\Mscomct2.ocx 2008-10-11 16:35 . 2008-10-11 16:35 417,792 --a------ D:\WINTINY\system32\awrdscdc.ax 2008-10-11 16:35 . 2006-10-05 23:17 53,248 --------- D:\WINTINY\Ctregrun.exe 2008-10-11 16:35 . 2001-08-17 21:43 24,576 --------- D:\WINTINY\system32\msxml3a.dll 2008-10-11 16:34 . 2008-10-11 16:42 <DIR> d-------- D:\Documents and Settings\All Users.WINTINY\Application Data\Creative 2008-10-11 16:33 . 2008-10-11 16:33 <DIR> d-------- D:\Program Files\Common Files\Creative 2008-10-11 16:33 . 1999-12-12 18:01 44,032 --------- D:\WINTINY\system32\CTSVCCDA.EXE 2008-10-11 16:33 . 1999-11-17 18:00 25,088 --------- D:\WINTINY\system32\CTSVCCTL.EXE 2008-10-11 16:32 . 2008-10-11 16:32 <DIR> d-------- D:\WINTINY\system32\LogFiles 2008-10-11 16:32 . 2008-10-11 16:41 <DIR> d-------- D:\WINTINY\system32\drivers\UMDF 2008-10-11 16:32 . 2008-10-11 16:33 <DIR> d--h----- D:\Program Files\Creative Installation Information 2008-10-11 16:32 . 2008-10-11 16:35 <DIR> d-------- D:\Program Files\Creative 2008-10-11 13:49 . 2008-10-11 13:49 0 --a------ D:\WINTINY\nsreg.dat 2008-10-11 13:43 . 2008-10-13 13:31 <DIR> d-------- D:\Documents and Settings\All Users.WINTINY\Application Data\Software Licensors 2008-10-11 13:21 . 2008-10-11 13:21 <DIR> d--h----- D:\WINTINY\PIF 2008-10-11 12:58 . 2008-11-01 00:16 <DIR> d-------- D:\Program Files\Applications 2008-10-10 02:35 . 2008-04-13 22:15 32,128 --a------ D:\WINTINY\system32\drivers\usbccgp.sys 2008-10-08 01:08 . 2008-10-03 18:41 6,066,176 --------- D:\WINTINY\system32\dllcache\ieframe.dll 2008-10-08 01:08 . 2007-04-17 10:32 2,455,488 --------- D:\WINTINY\system32\dllcache\ieapfltr.dat 2008-10-08 01:08 . 2007-03-08 06:10 991,232 --------- D:\WINTINY\system32\dllcache\ieframe.dll.mui 2008-10-08 01:08 . 2008-08-26 08:24 459,264 --------- D:\WINTINY\system32\dllcache\msfeeds.dll 2008-10-08 01:08 . 2008-08-26 08:24 383,488 --------- D:\WINTINY\system32\dllcache\ieapfltr.dll 2008-10-08 01:08 . 2008-08-26 08:24 267,776 --------- D:\WINTINY\system32\dllcache\iertutil.dll 2008-10-08 01:08 . 2008-08-26 08:24 63,488 --------- D:\WINTINY\system32\dllcache\icardie.dll 2008-10-08 01:08 . 2008-08-26 08:24 52,224 --------- D:\WINTINY\system32\dllcache\msfeedsbs.dll 2008-10-08 01:08 . 2008-08-25 09:38 13,824 --------- D:\WINTINY\system32\dllcache\ieudinit.exe 2008-10-06 12:21 . 2006-10-18 20:47 2,450,944 --------- D:\WINTINY\system32\dllcache\wmvcore.dll 2008-10-06 11:06 . 2008-10-06 11:49 <DIR> d-------- D:\Documents and Settings\Administrator.EXPERIEN-68686C\Application Data\vlc 2008-10-06 10:19 . 2008-10-06 10:19 <DIR> d-------- D:\Documents and Settings\All Users.WINTINY\Application Data\Messenger Plus! 2008-10-06 10:17 . 2008-04-13 22:16 85,248 --a------ D:\WINTINY\system32\drivers\NABTSFEC.sys 2008-10-06 10:17 . 2008-04-13 22:16 19,200 --a------ D:\WINTINY\system32\drivers\WSTCODEC.SYS 2008-10-06 10:17 . 2008-04-13 22:16 17,024 --a------ D:\WINTINY\system32\drivers\CCDECODE.sys 2008-10-06 10:17 . 2008-04-14 03:42 16,384 --a------ D:\WINTINY\system32\ipsink.ax 2008-10-06 10:17 . 2008-04-13 22:16 15,232 --a------ D:\WINTINY\system32\drivers\StreamIP.sys 2008-10-06 10:17 . 2008-04-13 22:16 11,136 --a------ D:\WINTINY\system32\drivers\SLIP.sys 2008-10-06 10:17 . 2008-04-13 22:16 10,880 --a------ D:\WINTINY\system32\drivers\NdisIP.sys 2008-10-06 10:17 . 2008-04-13 22:09 5,504 --a------ D:\WINTINY\system32\drivers\MSTEE.sys 2008-10-06 10:16 . 2008-04-14 03:42 91,136 --a------ D:\WINTINY\system32\kswdmcap.ax 2008-10-06 10:16 . 2008-04-14 03:42 61,952 --a------ D:\WINTINY\system32\kstvtune.ax 2008-10-06 10:16 . 2008-04-14 03:42 53,760 --a------ D:\WINTINY\system32\vfwwdm32.dll 2008-10-06 10:16 . 2008-04-14 03:42 43,008 --a------ D:\WINTINY\system32\ksxbar.ax 2008-10-06 10:16 . 2008-04-14 03:42 28,672 --a------ D:\WINTINY\system32\vidcap.ax 2008-10-06 10:13 . 2008-10-29 08:59 <DIR> d-------- D:\Documents and Settings\Administrator.EXPERIEN-68686C\Application Data\Mess Way Tons 2008-10-06 10:12 . 2008-10-06 10:12 <DIR> d-------- D:\Program Files\Circle Developement 2008-10-06 10:06 . 2008-10-06 10:06 <DIR> d-------- D:\WINTINY\CatRoot 2008-10-06 10:06 . 2000-10-31 11:00 307,200 --------- D:\WINTINY\vidcap32.Exe 2008-10-06 10:06 . 2003-07-11 10:12 159,799 --a------ D:\WINTINY\system32\VM31bPrp.Ax 2008-10-06 10:06 . 2002-08-22 15:34 147,456 --a------ D:\WINTINY\VMCap.exe 2008-10-06 10:06 . 2004-01-07 13:22 90,527 --a------ D:\WINTINY\system32\drivers\usbVM31b.sys 2008-10-06 10:06 . 2003-05-15 16:17 61,440 --a------ D:\WINTINY\system32\VM31bSTI.dll 2008-10-06 10:06 . 2002-08-22 16:02 53,248 --a------ D:\WINTINY\StillCap.exe 2008-10-06 10:06 . 2002-10-16 08:29 49,152 --a------ D:\WINTINY\amcap.exe 2008-10-06 10:06 . 2003-01-21 14:19 40,960 --a------ D:\WINTINY\VM_STI.EXE 2008-10-05 18:28 . 2008-10-29 15:19 <DIR> d-------- D:\Documents and Settings\Administrator.EXPERIEN-68686C\Application Data\uTorrent 2008-10-05 18:24 . 2008-10-05 18:24 <DIR> d--hs---- D:\Documents and Settings\Administrator.EXPERIEN-68686C\UserData 2008-10-05 18:07 . 2008-06-13 12:05 272,128 --------- D:\WINTINY\system32\drivers\bthport.sys 2008-10-05 18:07 . 2008-06-13 12:05 272,128 --------- D:\WINTINY\system32\dllcache\bthport.sys 2008-10-05 18:06 . 2008-04-11 20:04 691,712 --------- D:\WINTINY\system32\dllcache\inetcomm.dll 2008-10-05 18:06 . 2008-05-01 15:33 331,776 --------- D:\WINTINY\system32\dllcache\msadce.dll 2008-10-05 18:06 . 2008-05-08 15:02 203,136 --------- D:\WINTINY\system32\dllcache\rmcast.sys 2008-10-05 18:00 . 2008-10-25 02:00 <DIR> d--h----- D:\WINTINY\$hf_mig$ 2008-10-05 18:00 . 2006-09-16 00:05 23,856 --a------ D:\WINTINY\system32\spupdsvc.exe 2008-10-05 17:58 . 2006-11-29 13:06 3,426,072 --a------ D:\WINTINY\system32\d3dx9_32.dll 2008-10-05 17:53 . 2008-10-23 15:13 <DIR> d-------- D:\Documents and Settings\Administrator.EXPERIEN-68686C\Contacts 2008-10-05 17:51 . 2008-10-29 08:55 <DIR> d----c--- D:\WINTINY\system32\DRVSTORE 2008-10-05 17:49 . 2008-07-18 21:07 270,880 --a------ D:\WINTINY\system32\mucltui.dll 2008-10-05 17:49 . 2008-07-18 21:07 210,976 --a------ D:\WINTINY\system32\muweb.dll 2008-10-05 17:49 . 2008-07-18 21:07 29,728 --a------ D:\WINTINY\system32\mucltui.dll.mui 2008-10-05 17:48 . 2008-10-05 17:48 <DIR> d-------- D:\Documents and Settings\All Users.WINTINY\Application Data\WLInstaller 2008-10-05 17:24 . 2008-10-05 17:24 0 --a------ D:\WINTINY\vpc32.INI 2008-10-05 17:02 . 2008-10-05 17:02 <DIR> d-------- D:\Documents and Settings\ADMINI~1~EXP\LOCALS~1 2008-10-05 17:02 . 2008-10-05 17:02 <DIR> d-------- D:\Documents and Settings\ADMINI~1~EXP 2008-10-05 17:02 . 2005-10-03 09:49 204,800 --a------ D:\WINTINY\system32\UploadDLL.dll 2008-10-05 17:02 . 2005-11-20 04:31 192,512 --a------ D:\WINTINY\system32\blkwcd.dll 2008-10-05 17:02 . 2005-10-03 09:50 167,936 --a------ D:\WINTINY\system32\BelkinwcuiDLL.dll 2008-10-05 17:02 . 2005-10-03 09:50 101,888 --a------ D:\WINTINY\system32\CrashRpt.dll 2008-10-05 17:02 . 2005-10-03 09:49 81,920 --a------ D:\WINTINY\system32\brdcm2k.dll 2008-10-05 17:02 . 2005-10-03 09:49 61,440 --a------ D:\WINTINY\system32\BelkinHWStatus.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-05 15:05 --------- d-----w D:\Documents and Settings\All Users.WINTINY\Application Data\Symantec 2008-09-30 17:06 128,535,711 ----a-w D:\Program Files\openofficeorg1.cab 2008-09-30 16:29 9,772,544 ----a-w D:\Program Files\openofficeorg30.msi 2008-09-30 16:29 217 ----a-w D:\Program Files\setup.ini 2008-09-15 12:12 1,846,400 ----a-w D:\WINTINY\system32\win32k.sys 2008-09-08 10:41 333,824 ----a-w D:\WINTINY\system32\drivers\srv.sys 2008-09-05 14:04 288,256 ----a-w D:\WINTINY\WLXPGSS.SCR 2008-08-27 08:24 3,593,216 ------w D:\WINTINY\system32\dllcache\mshtml.dll 2008-08-25 08:37 70,656 ------w D:\WINTINY\system32\dllcache\ie4uinit.exe 2008-08-23 05:56 635,848 ------w D:\WINTINY\system32\dllcache\iexplore.exe 2008-08-23 05:54 161,792 ------w D:\WINTINY\system32\dllcache\ieakui.dll 2008-08-14 10:09 2,145,280 ----a-w D:\WINTINY\system32\ntoskrnl.exe 2008-08-14 10:04 138,496 ------w D:\WINTINY\system32\dllcache\afd.sys 2008-08-14 09:33 2,023,936 ----a-w D:\WINTINY\system32\ntkrnlpa.exe 2008-07-18 21:10 94,920 ----a-w D:\WINTINY\system32\cdm.dll 2008-07-18 21:10 53,448 ----a-w D:\WINTINY\system32\wuauclt.exe 2008-07-18 21:10 45,768 ----a-w D:\WINTINY\system32\wups2.dll 2008-07-18 21:10 36,552 ----a-w D:\WINTINY\system32\wups.dll 2008-07-18 21:09 563,912 ----a-w D:\WINTINY\system32\wuapi.dll 2008-07-18 21:09 325,832 ----a-w D:\WINTINY\system32\wucltui.dll 2008-07-18 21:09 205,000 ----a-w D:\WINTINY\system32\wuweb.dll 2008-07-18 21:09 1,811,656 ----a-w D:\WINTINY\system32\wuaueng.dll 2008-07-11 08:55 712,704 ----a-w D:\WINTINY\system32\windowscodecs.dll 2008-07-11 08:55 347,648 ----a-w D:\WINTINY\system32\windowscodecsext.dll 2008-07-07 20:26 253,952 ----a-w D:\WINTINY\system32\es.dll 2008-07-07 20:26 253,952 ------w D:\WINTINY\system32\dllcache\es.dll 2002-03-11 09:06 1,822,520 ----a-w D:\Program Files\instmsiw.exe 2002-03-11 08:45 1,708,856 ----a-w D:\Program Files\instmsia.exe . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of D:\Documents and Settings\All Users.WINTINY\Application Data\Software Licensors ---- ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="D:\WINTINY\system32\ctfmon.exe" [2008-05-06 15360] "MsnMsgr"="D:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "Skype"="D:\Program Files\Skype\Phone\Skype.exe" [2008-09-29 21755688] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="D:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752] "vptray"="D:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-11-15 85744] "NvCplDaemon"="D:\WINTINY\system32\NvCpl.dll" [2006-10-22 7700480] "NvMediaCenter"="D:\WINTINY\system32\NvMcTray.dll" [2006-10-22 86016] "BigDogPath"="D:\WINTINY\VM_STI.EXE" [2003-01-21 40960] "MP10_EnsureFileVer"="D:\WINTINY\inf\unregmp2.exe" [2008-05-06 208896] "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 D:\WINTINY\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2006-10-22 D:\WINTINY\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2008-08-26 D:\WINTINY\system32\advpack.dll] D:\Documents and Settings\All Users.WINTINY\Start Menu\Programs\Startup\ Belkin Wireless Utility.lnk - D:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\Belkinwcui.exe [2008-09-03 1523712] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"= 1 (0x1) "DisableStatusMessages"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "StartMenuFavorites"= 0 (0x0) "Start_ShowMyComputer"= 1 (0x1) "Start_ShowMyDocs"= 1 (0x1) "Start_ShowMyMusic"= 0 (0x0) "Start_ShowRun"= 1 (0x1) "Start_ShowSearch"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoResolveSearch"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoResolveSearch"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "D:\\Program Files\\uTorrent\\uTorrent.exe"= "D:\\Program Files\\Opera\\opera.exe"= "D:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "D:\\Program Files\\MSN Messenger\\livecall.exe"= "D:\\Program Files\\Skype\\Phone\\Skype.exe"= R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;D:\PROGRA~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [2003-07-24 17149] S0 VIBUS;VIBUS;D:\WINTINY\system32\drivers\VIBUS.sys [2008-05-06 16896] S0 VIDEX32;VIDEX32;D:\WINTINY\system32\drivers\VIDEX32.sys [2008-05-06 9216] S3 s125bus;Sony Ericsson Device 125 driver (WDM);D:\WINTINY\system32\DRIVERS\s125bus.sys [2007-04-24 83336] S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;D:\WINTINY\system32\DRIVERS\s125mdfl.sys [2007-04-24 15112] S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;D:\WINTINY\system32\DRIVERS\s125mdm.sys [2007-04-24 108680] S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;D:\WINTINY\system32\DRIVERS\s125obex.sys [2007-04-24 98696] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-01 01:00:25 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-11-01 1:01:37 ComboFix-quarantined-files.txt 2008-11-01 00:01:11 ComboFix2.txt 2008-10-31 23:28:16 Pre-Run: 2 140 610 560 bytes free Post-Run: 2,131,279,872 bytes free 266 --- E O F --- 2008-10-25 01:00:39 Lenke til kommentar
norbat Skrevet 1. november 2008 Del Skrevet 1. november 2008 Ser greit ut. Hvordan går det med problemet? Lenke til kommentar
Maggi94 Skrevet 1. november 2008 Forfatter Del Skrevet 1. november 2008 Eg har kje merka noko gale endo Tusen takk Lenke til kommentar
norbat Skrevet 1. november 2008 Del Skrevet 1. november 2008 Du kan slette denne mappa også: D:\Documents and Settings\Administrator.EXPERIEN-68686C\Application Data\Mess Way Tons (mulig du må slå på 'Vis skjulte filer og mapper' for å se den - kontrollpanel->mappealternativ->vis) Vurder også om messenger Plus! er noe du må ha. Hvis ikke, avinstaller det via legg til/fjern programmer. Du bør fjerne combofix da du heller kan laste ned ny nå du evt. trenger det. Du fjerner det ved å skrive combofix /u i kjør-feltet (start->kjør). Dette vil også nullstille systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere. Var det slik at du ikke husker helt hva som sto på denne msn-linken? Lenke til kommentar
Maggi94 Skrevet 1. november 2008 Forfatter Del Skrevet 1. november 2008 (endret) Eg sletta mappo og combofix. Her er linken: Endret 1. november 2008 av Super8 Slettet link til infisert side Lenke til kommentar
Tosha0007 Skrevet 1. november 2008 Del Skrevet 1. november 2008 (endret) anbefale deg å fjerna linken sånn at ingen trykker innpå den og blir infisert. Gjer det snarast Flott at linken blei fjerna Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full endring. Øverst der emnetittelen din er, skriver du: [LØST] foran emnetittelen din. Eks: [LØST] Har fått virus på maskinen Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i. -Surf trygt- Endret 1. november 2008 av tosha0007 Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå