bearss Skrevet 23. november 2008 Del Skrevet 23. november 2008 (endret) hei Klarte da å klikke på en link fra en venn på MSN og faktisk åpne innholdet. Sliter nå med at jeg driver å sender linker til alle vennene mine. Har kjørt programmene, men kjørte combofix før mbam (vet ikke om dette har noe å si). MBAM: Malwarebytes' Anti-Malware 1.30 Database versjon: 1419 Windows 6.0.6001 Service Pack 1 23.11.2008 23:38:21 mbam-log-2008-11-23 (23-38-21).txt Skanntype: Rask Skann Objekter skannet: 52685 Tid tilbakelagt: 6 minute(s), 21 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 3 Registerverdier infisert: 0 Registerfiler infisert: 1 Mapper infisert: 3 Filer infisert: 2 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CLASSES_ROOT\EZVideo (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\EZVideo (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EZVideo (Trojan.DNSChanger) -> Quarantined and deleted successfully. Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.70 85.255.112.201 -> Quarantined and deleted successfully. Mapper infisert: C:\Users\Bjørnar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EZVideo (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Program Files\EZVideo (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZVideo (Trojan.DNSChanger) -> Quarantined and deleted successfully. Filer infisert: C:\Program Files\EZVideo\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZVideo\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully. Combofix: ComboFix 08-11-23.01 - Bjørnar 2008-11-24 11:47:11.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.242 [GMT 1:00] Running from: c:\users\Bjørnar\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2008-10-24 to 2008-11-24 ))))))))))))))))))))))))))))))) . 2008-11-24 03:19 . 2008-11-24 11:23 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-11-24 01:40 . 2008-11-24 01:40 97,928 --a------ c:\windows\System32\drivers\avgldx86.sys 2008-11-24 01:40 . 2008-11-24 01:40 10,520 --a------ c:\windows\System32\avgrsstx.dll 2008-11-24 01:39 . 2008-11-24 01:44 <DIR> d-------- c:\windows\System32\drivers\Avg 2008-11-24 01:39 . 2008-11-24 02:00 <DIR> d-------- c:\users\All Users\avg8 2008-11-24 01:39 . 2008-11-24 02:00 <DIR> d-------- c:\programdata\avg8 2008-11-24 01:39 . 2008-11-24 01:39 <DIR> d-------- c:\program files\AVG 2008-11-23 23:30 . 2008-11-23 23:30 <DIR> d-------- c:\users\Bjørnar\AppData\Roaming\Malwarebytes 2008-11-23 23:30 . 2008-11-23 23:30 <DIR> d-------- c:\users\All Users\Malwarebytes 2008-11-23 23:30 . 2008-11-23 23:30 <DIR> d-------- c:\programdata\Malwarebytes 2008-11-23 23:30 . 2008-11-23 23:30 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-23 23:30 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2008-11-23 23:30 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2008-11-23 15:13 . 2008-11-23 15:13 <DIR> d-------- c:\program files\SopCast 2008-11-21 10:49 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll 2008-11-21 10:49 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll 2008-11-21 10:49 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe 2008-11-21 10:49 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll 2008-11-21 10:48 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll 2008-11-21 10:48 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll 2008-11-21 10:48 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll 2008-11-21 10:48 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll 2008-11-21 10:48 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe 2008-11-20 00:54 . 2008-11-20 00:54 56 --ah----- c:\users\All Users\ezsidmv.dat 2008-11-20 00:54 . 2008-11-20 00:54 56 --ah----- c:\programdata\ezsidmv.dat 2008-11-20 00:53 . 2008-11-20 00:53 <DIR> d-------- c:\program files\Common Files\Skype 2008-11-12 19:06 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll 2008-11-12 19:06 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll 2008-11-12 19:06 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys 2008-10-29 10:51 . 2008-10-29 10:51 <DIR> d-------- c:\users\All Users\NOS 2008-10-29 10:51 . 2008-10-29 10:51 <DIR> d-------- c:\programdata\NOS 2008-10-29 10:51 . 2008-10-29 10:51 <DIR> d-------- c:\program files\NOS 2008-10-29 10:46 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll 2008-10-28 23:36 . 2008-10-28 23:36 823,296 --a------ c:\windows\System32\divx_xx0c.dll 2008-10-28 23:36 . 2008-10-28 23:36 823,296 --a------ c:\windows\System32\divx_xx07.dll 2008-10-28 23:35 . 2008-10-28 23:35 815,104 --a------ c:\windows\System32\divx_xx0a.dll 2008-10-28 23:35 . 2008-10-28 23:35 802,816 --a------ c:\windows\System32\divx_xx11.dll 2008-10-28 23:35 . 2008-10-28 23:35 729,088 --a------ c:\windows\System32\divxdec.ax 2008-10-28 23:35 . 2008-10-28 23:35 684,032 --a------ c:\windows\System32\DivX.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-24 10:53 3,145,728 --sha-w c:\users\Bjørnar\ntuser.dat 2008-11-24 10:53 3,145,728 --sha-w c:\users\Bjørnar\ntuser.dat 2008-11-24 00:55 0 ----a-w c:\windows\system32\drivers\lvuvc.hs 2008-11-24 00:26 --------- d-----w c:\users\Bjørnar\AppData\Roaming\Skype 2008-11-23 23:08 --------- d-----w c:\users\Bjørnar\AppData\Roaming\skypePM 2008-11-23 22:30 --------- d-----w c:\users\Bjørnar\AppData\Roaming\Malwarebytes 2008-11-16 20:32 --------- d-----w c:\users\Bjørnar\AppData\Roaming\dvdcss 2008-11-13 11:38 --------- d-----w c:\programdata\Microsoft Help 2008-11-13 01:41 --------- d-----w c:\programdata\Rosetta Stone 2008-11-10 19:03 --------- d-----w c:\program files\DivX 2008-11-06 12:18 --------- d-----w c:\programdata\Installations 2008-11-05 18:47 --------- d-s---w c:\users\Bjørnar\AppData\Roaming\Microsoft 2008-10-22 23:33 --------- d-----w c:\program files\Flock 2008-10-22 19:43 --------- d-----w c:\program files\Free Music Zilla 2008-09-29 09:30 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-09-28 17:15 174 --sha-w c:\program files\desktop.ini 2008-09-28 17:02 --------- d-----w c:\program files\Windows Sidebar 2008-09-28 17:02 --------- d-----w c:\program files\Windows Photo Gallery 2008-09-28 17:02 --------- d-----w c:\program files\Windows Mail 2008-09-28 17:02 --------- d-----w c:\program files\Windows Journal 2008-09-28 17:02 --------- d-----w c:\program files\Windows Defender 2008-09-28 17:02 --------- d-----w c:\program files\Windows Collaboration 2008-09-28 17:02 --------- d-----w c:\program files\Windows Calendar 2008-04-10 22:37 32 ----a-w c:\users\All Users\ezsid.dat 2008-04-10 22:37 32 ----a-w c:\programdata\ezsid.dat 2008-04-10 22:34 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-04-10 22:34 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-04-10 22:34 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 2008-02-04 16:31 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-02-04 16:31 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-08-07 06:06 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-11-23_22.02.06,04 ))))))))))))))))))))))))))))))))))))))))) . - 2008-11-23 19:28:01 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-11-24 00:55:24 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-11-23 19:28:01 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2008-11-24 00:55:24 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-11-23 21:00:13 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat + 2008-11-24 00:56:42 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat - 2008-11-23 21:00:13 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat + 2008-11-24 00:57:40 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat - 2008-11-23 19:28:08 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-11-24 01:30:11 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-11-23 19:28:08 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-11-24 01:30:11 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-11-23 19:28:08 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-11-24 01:30:11 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-11-23 20:52:07 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat + 2008-11-24 10:46:44 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat - 2007-12-20 18:49:31 26,952 ----a-w c:\windows\System32\drivers\avgmfx86.sys + 2008-11-24 00:40:11 26,824 ----a-w c:\windows\System32\drivers\avgmfx86.sys - 2008-11-23 19:34:58 102,094 ----a-w c:\windows\System32\perfc009.dat + 2008-11-24 01:02:48 102,094 ----a-w c:\windows\System32\perfc009.dat - 2008-11-23 19:34:58 77,322 ----a-w c:\windows\System32\perfc014.dat + 2008-11-24 01:02:48 77,322 ----a-w c:\windows\System32\perfc014.dat - 2008-11-23 19:34:58 590,082 ----a-w c:\windows\System32\perfh009.dat + 2008-11-24 01:02:48 590,082 ----a-w c:\windows\System32\perfh009.dat - 2008-11-23 19:34:58 455,238 ----a-w c:\windows\System32\perfh014.dat + 2008-11-24 01:02:48 455,238 ----a-w c:\windows\System32\perfh014.dat - 2008-11-23 19:30:13 14,090 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4198181764-3112785799-1122992718-1000_UserData.bin + 2008-11-24 00:57:36 14,468 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4198181764-3112785799-1122992718-1000_UserData.bin - 2008-11-23 19:30:11 105,522 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-11-24 00:57:35 106,840 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-11-23 19:30:14 60,842 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-11-24 00:57:35 61,318 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-29 171464] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-18 815104] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-15 98304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-15 106496] "Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-15 81920] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-08-21 77824] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-28 1540096] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920] "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2008-10-22 1261200] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-24 1234712] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe] "SigmatelSysTrayApp"="sttray.exe" [2007-02-08 c:\windows\sttray.exe] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 703280] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-08-21 50688] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-06-19 784912] QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-08-21 45056] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{6638B658-9DC4-41AF-BE53-78D871DC70A7}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent "{68674C66-98B7-4308-B8B6-31494E8FF685}"= TCP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent "TCP Query User{F3BCF4AD-518D-48E3-991B-A7DFEBD5EE7F}g:\\program\\utorrent.exe"= UDP:g:\program\utorrent.exe:utorrent "UDP Query User{EB590807-D8C8-4701-AF78-98BD5725838A}g:\\program\\utorrent.exe"= TCP:g:\program\utorrent.exe:utorrent "TCP Query User{902A435B-52D6-42E9-8066-09A09EC34B33}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{70F30DBD-1F1B-40A1-8AB4-D4F139106AD3}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{A1823AB3-23FF-47C2-9B56-60BF30DCBB51}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{6D96E84D-4978-4FDF-B0ED-85FAFF8C62E9}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{75D502FC-9F90-4E4C-B077-20A69826415C}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire "UDP Query User{A6CBECC7-4D21-4F96-A2F2-BECA4A33707F}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire "TCP Query User{FE6EE234-E1D1-4CC2-925C-4C709C37ACD9}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus "UDP Query User{C96EBA87-F2B8-42CA-B172-6D06ED84D5B6}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus "TCP Query User{9F7DA078-5E09-4F38-BA37-E17B90975A71}c:\\program files\\nero\\nero 7\\nero showtime\\showtime.exe"= UDP:c:\program files\nero\nero 7\nero showtime\showtime.exe:Nero ShowTime "UDP Query User{A6BA1848-B8A7-4424-AAB3-9B729A196976}c:\\program files\\nero\\nero 7\\nero showtime\\showtime.exe"= TCP:c:\program files\nero\nero 7\nero showtime\showtime.exe:Nero ShowTime "TCP Query User{A7806049-1CDF-4214-BDFD-0582DE27E7CD}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{D91EDC8E-3605-4435-94A4-19A5F97AE104}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{9746BFB0-E0C7-4D3B-A277-A17102266045}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire "UDP Query User{0D96E119-0077-4BE9-BAA7-29B6ACC83A28}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire "TCP Query User{E569D57E-08A7-4EB3-A4B2-6EFCD3E6240C}c:\\program files\\free music zilla\\fmzilla.exe"= UDP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module "UDP Query User{92BB8A51-5006-440B-B201-9E0A9657F5F9}c:\\program files\\free music zilla\\fmzilla.exe"= TCP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module "TCP Query User{E74C5E5A-ED62-427C-8B49-1729CBEBB870}c:\\users\\bjørnar\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= UDP:c:\users\bjørnar\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe:octoshapeclient.exe "UDP Query User{45D79512-56E5-440C-8563-1CCB85751376}c:\\users\\bjørnar\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= TCP:c:\users\bjørnar\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe:octoshapeclient.exe "TCP Query User{624EFE15-63AE-448D-9D6E-07ED2F1AF4D4}c:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= UDP:c:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home "UDP Query User{DEC222A5-7F31-4F70-8AC7-A0A299260549}c:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= TCP:c:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home "{5F6B366E-46CA-4220-BDF3-E0106448F78A}"= Disabled:UDP:c:\program files\SPSSInc\SPSS16\SPSSWinWrapIDE.exe:SPSS Basic Script Editor (1033) "{F7CEA839-5A56-4A50-BC78-A2B43F820FB8}"= Disabled:UDP:c:\program files\SPSSInc\SPSS16\spss.com:SPSS 16.0 for Windows (1033:com) "{0B5E5EC5-F928-45A3-8137-C384EEDEAA71}"= Disabled:UDP:c:\program files\SPSSInc\SPSS16\spss.exe:SPSS 16.0 for Windows (1033:exe) "{8ED58BF6-A4FC-41E0-9830-C7A029378F65}"= Disabled:TCP:c:\program files\SPSSInc\SPSS16\SPSSWinWrapIDE.exe:SPSS Basic Script Editor (1033) "{8F7030C7-99BC-472C-B40A-D514101DBD3C}"= Disabled:TCP:c:\program files\SPSSInc\SPSS16\spss.com:SPSS 16.0 for Windows (1033:com) "{62DCF891-69BC-4478-85CC-AE00A347857D}"= Disabled:TCP:c:\program files\SPSSInc\SPSS16\spss.exe:SPSS 16.0 for Windows (1033:exe) "{9BEF03E2-8E0B-4892-BB4F-D5B275BBB702}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{FD1F12BF-E160-4ED1-91D2-58922FE7FD14}"= inRosettaStoneLtdServices.exe:Rosetta Stone Online Component (inbound) "{EAEAC692-9B46-4289-8B30-DBDEEBDE3FA1}"= RosettaStoneVersion3.exe:Rosetta Stone V3 Application (inbound) "TCP Query User{4D474214-A0A6-4376-BE5A-2C542D0CDB55}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{77140CF2-8BE3-4A7D-947F-DB7EEFCCB732}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "{AD0E5BC3-B433-4FF7-B86C-3C4BA2FE378E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{7D1A1B81-4A5A-47A9-8EC4-110EAF861EF2}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{162572AC-A606-452F-956D-1D5F9CF33DF9}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{72175D47-9DB1-4E0E-83F2-E33A271703F5}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{D3F6120B-3333-4352-AF69-95815307CFBB}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{87DB582F-2E5E-4668-B3EF-B4F0CE636C13}c:\\program files\\watchguard\\mobile vpn\\ncpmon.exe"= UDP:c:\program files\watchguard\mobile vpn\ncpmon.exe:ncpmon.exe "UDP Query User{2AC9D4E5-2624-4849-8182-E43E09441EDA}c:\\program files\\watchguard\\mobile vpn\\ncpmon.exe"= TCP:c:\program files\watchguard\mobile vpn\ncpmon.exe:ncpmon.exe "TCP Query User{E45C5609-C01C-4703-A15C-DB10C3F6A558}c:\\program files\\sonicwall\\sonicwall global vpn client\\swgvpnclient.exe"= UDP:c:\program files\sonicwall\sonicwall global vpn client\swgvpnclient.exe:SonicWALL Global VPN Client "UDP Query User{38277DFF-7567-432C-B6F2-C45146D4145B}c:\\program files\\sonicwall\\sonicwall global vpn client\\swgvpnclient.exe"= TCP:c:\program files\sonicwall\sonicwall global vpn client\swgvpnclient.exe:SonicWALL Global VPN Client "TCP Query User{B1C658D1-E796-4EAF-B249-AF07AD3C312A}c:\\program files\\sonicwall\\sonicwall global vpn client\\swgvpnclient.exe"= UDP:c:\program files\sonicwall\sonicwall global vpn client\swgvpnclient.exe:SonicWALL Global VPN Client "UDP Query User{95E2DF44-F9E0-468A-A5A4-3ECEA8BED1A2}c:\\program files\\sonicwall\\sonicwall global vpn client\\swgvpnclient.exe"= TCP:c:\program files\sonicwall\sonicwall global vpn client\swgvpnclient.exe:SonicWALL Global VPN Client "TCP Query User{B0C2D114-31FC-4E51-8AA0-6C67D6CDB828}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{9B6B9CD1-F1FC-43B1-A60D-0954D21633DD}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{64F5CF45-46DB-4380-AF76-7DC04D1F2932}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{47FF9BF1-E8DE-4996-8DE0-0C3DD8ADF6CC}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{A1AB92D2-4B6F-4001-8517-7C6837B7749E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{C656BAD9-2BD9-4385-906F-9B18BD01FF19}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{6F8465C3-1086-42D6-B0AA-7A0592AFF0CE}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "UDP Query User{967808B6-00BD-4FFF-81B7-DC74AD539CAB}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "TCP Query User{EC0E47FE-A48A-411B-AEB5-D1A39C15FB3C}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "UDP Query User{F838EB9E-A1BE-4BA9-8A42-4B08D187AF90}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "TCP Query User{8151F053-8DFD-43E0-875F-33374199D620}c:\\program files\\esvnc\\winvnc.exe"= UDP:c:\program files\esvnc\winvnc.exe:WinVNC "UDP Query User{659AA287-347D-4E35-A2D0-F42CD1EA0B58}c:\\program files\\esvnc\\winvnc.exe"= TCP:c:\program files\esvnc\winvnc.exe:WinVNC "{3F334A57-02C6-4317-AA93-797333A6832F}"= c:\windows\system32\ntrplugin124.exe:NTR Plugin 1.2.4 "{9A623898-D21E-452B-BB61-A76CC6E1A848}"= c:\windows\system32\ntrplugin124a.exe:NTR Plugin 1.2.4 a "{56039665-3F87-42D8-992C-F652700B99EA}"= c:\windows\system32\ntrplugin124h.exe:NTR Plugin 1.2.4 h "TCP Query User{E93FAAC7-2C00-4B55-9C29-A3C15D41822D}c:\\users\\vikar1\\downloads\\ntrsupport_3168.exe"= UDP:c:\users\vikar1\downloads\ntrsupport_3168.exe:ntrsupport_3168.exe "UDP Query User{E6149C1B-B09D-48F6-8DE8-4C8F6F055AFB}c:\\users\\vikar1\\downloads\\ntrsupport_3168.exe"= TCP:c:\users\vikar1\downloads\ntrsupport_3168.exe:ntrsupport_3168.exe "TCP Query User{CF8CEFC0-BC0B-4EAC-9940-87C315F2F9BC}c:\\users\\vikar1\\downloads\\ntrsupport_22268.exe"= UDP:c:\users\vikar1\downloads\ntrsupport_22268.exe:ntrsupport_22268.exe "UDP Query User{14491C9A-796F-4160-8ED9-D965E5EF0311}c:\\users\\vikar1\\downloads\\ntrsupport_22268.exe"= TCP:c:\users\vikar1\downloads\ntrsupport_22268.exe:ntrsupport_22268.exe "TCP Query User{C869E600-FB26-4A93-93F2-68A42B9047C0}c:\\users\\vikar1\\downloads\\ntrsupport_1797.exe"= UDP:c:\users\vikar1\downloads\ntrsupport_1797.exe:ntrsupport_1797.exe "UDP Query User{C0DB102B-8FA8-4867-8072-59DDB82F4043}c:\\users\\vikar1\\downloads\\ntrsupport_1797.exe"= TCP:c:\users\vikar1\downloads\ntrsupport_1797.exe:ntrsupport_1797.exe "TCP Query User{51A7C1AE-BC89-47C2-859A-A3CD2D216FAE}c:\\users\\vikar1\\downloads\\ntrsupport_48472.exe"= UDP:c:\users\vikar1\downloads\ntrsupport_48472.exe:ntrsupport_48472.exe "UDP Query User{63B75723-D4A6-4926-80DE-DB2EC73CE5FF}c:\\users\\vikar1\\downloads\\ntrsupport_48472.exe"= TCP:c:\users\vikar1\downloads\ntrsupport_48472.exe:ntrsupport_48472.exe "TCP Query User{B4396115-7336-4970-802F-4AC67081C522}c:\\users\\vikar1\\downloads\\ntrsupport_33990.exe"= UDP:c:\users\vikar1\downloads\ntrsupport_33990.exe:ntrsupport_33990.exe "UDP Query User{85D9BBCE-0B02-4BC9-8CB7-B7976AE63CB3}c:\\users\\vikar1\\downloads\\ntrsupport_33990.exe"= TCP:c:\users\vikar1\downloads\ntrsupport_33990.exe:ntrsupport_33990.exe "TCP Query User{14C16883-D550-45AD-B8E2-5B6435288A57}c:\\program files\\free music zilla\\fmzilla.exe"= UDP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module "UDP Query User{8253E887-58E6-407F-9840-A6E405BA87A8}c:\\program files\\free music zilla\\fmzilla.exe"= TCP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module "TCP Query User{5C1FA67D-9DCD-477E-933F-FE46FF22B550}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{D5631BDF-FC50-438B-B7C8-26CC413C57CF}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{63760C9A-C192-4DD9-A227-F251F30B78AE}c:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= UDP:c:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home "UDP Query User{EEA8CFA6-34A1-4A39-B5DB-918FAC211121}c:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= TCP:c:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home "{2472FB19-5452-48D7-AE39-43F53FD78769}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{8DBA2D22-E32D-4243-8B64-13729E0A75E6}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{1F79565A-3512-4263-886C-8F776F1086A2}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath "{AC03B4DB-DF86-4BC8-8EE3-B0F8015D99A6}"= c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{84C0D566-1916-4EB7-A373-F159E90532F5}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application "UDP Query User{764FF062-50B8-4776-BB9E-80D234317C30}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application "TCP Query User{8F0405D0-5195-4D47-A301-A54D0C7BC65A}c:\\program files\\azureus\\azureus.exe"= Disabled:UDP:c:\program files\azureus\azureus.exe:Azureus "UDP Query User{4A0EACA7-BD4C-4C2B-870F-510F870F559A}c:\\program files\\azureus\\azureus.exe"= Disabled:TCP:c:\program files\azureus\azureus.exe:Azureus "TCP Query User{8CEB7B51-C736-4F98-A994-C7DB4E09B956}c:\\program files\\sopcast\\adv\\sopadver.exe"= Disabled:UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver "UDP Query User{F0E9765F-A9E7-42AF-81C8-2D4EDDC0573A}c:\\program files\\sopcast\\adv\\sopadver.exe"= Disabled:TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver "{6F30DA2E-027B-4C04-854E-37B8B2A1F397}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-24 97928] S3 LVRS;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs.sys [2008-09-18 627864] S3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136] S3 WSDPrintDevice;WSD-utskriftsstøtte via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-09-21 16896] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . . ------- Supplementary Scan ------- . FireFox -: Profile - c:\users\Bjørnar\AppData\Roaming\Mozilla\Firefox\Profiles\dd9irgxi.default\ FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava11.dll FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava12.dll FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava13.dll FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava14.dll FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjava32.dll FF -: plugin - c:\program files\Java\jre1.6.0\bin\npjpi160.dll FF -: plugin - c:\program files\Java\jre1.6.0\bin\npoji610.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\np_gp.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\npoctoshape.dll FF -: plugin - c:\users\Bjørnar\AppData\Local\myVRnpapi\npmyvr.dll FF -: plugin - c:\users\Bjørnar\AppData\Local\Octoshape\Octoshape Streaming Services\octoprogram-L03-N00-U00-C00_0712211_000\npoctoshape.dll FF -: plugin - c:\users\Bjørnar\AppData\Roaming\Mozilla\Firefox\Profiles\dd9irgxi.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-24 11:52:52 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(700) c:\windows\system32\avgrsstx.dll - - - - - - - > 'lsass.exe'(760) c:\windows\system32\avgrsstx.dll - - - - - - - > 'Explorer.exe'(5888) c:\program files\Logitech\SetPoint\lgscroll.dll . Completion time: 2008-11-24 11:56:12 ComboFix-quarantined-files.txt 2008-11-24 10:56:05 ComboFix2.txt 2008-11-23 21:03:36 Pre-Run: 33 817 571 328 byte ledig Post-Run: 33,783,402,496 byte ledig 302 --- E O F --- 2008-11-21 09:57:45 HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:58:01, on 24.11.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Windows\PixArt\Pac207\Monitor.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Windows\sttray.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\system32\conime.exe C:\Windows\Explorer.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Bjørnar\Desktop\HJT\test.exe.exe C:\Windows\system32\DllHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hials.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "c:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: QuickSet.lnk = ? O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.euro.dell.com/systemprofiler/SysProExe.CAB O16 - DPF: {7BABCBE7-ECFF-4EA0-A344-1DC32458A6ED} (NTR Plugin 1.2.4) - http://www.ntrsupport.com/inquiero/mod/set...ugin124v_30.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing) O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11103 bytes Har da kjørt programmene i riktig rekkefølge. Kjørte også virusscan med AVG som fant en trojaner med navn Agent.AMQR Endret 24. november 2008 av bearss Lenke til kommentar
r2d290 Skrevet 24. november 2008 Del Skrevet 24. november 2008 Hmm. du har postet HijackThis-logg der du skriver at du har postet MBAM-logg Du har postet MBAM-logg der du sier du har postet Combofix-logg Og, jeg ser ingen combofix-logg. MBAM må kjøres først, deretter Combofix, og til sultt: HijackThis. Du er ferdig med å kjøre MBAM, nå kjører du Combofix, og til slutt HijackThis Lenke til kommentar
bearss Skrevet 24. november 2008 Forfatter Del Skrevet 24. november 2008 Takk for hjelpen så langt. Da har jeg kjørt programmene og oppdatert loggene ovenfor. Skal jeg bare slette trojaneren med AVG eller trengs det noen andre triks til også? Lenke til kommentar
Pizzaen Skrevet 24. november 2008 Del Skrevet 24. november 2008 Vent litt så kommer det en og analyserer loggene dine, også gir han/hun videre instrukser. Lenke til kommentar
raWrz Skrevet 24. november 2008 Del Skrevet 24. november 2008 Trykk Start - Alle Programmer - Tilbehør - Notisblokk Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken: File:: c:\windows\system32\drivers\lvuvc.hs Lagre det som CFScript på Skrivebordet Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser. Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang. Post innholdet til ComboFix.txt inn i ditt neste svar på forumet. Lenke til kommentar
bearss Skrevet 24. november 2008 Forfatter Del Skrevet 24. november 2008 Da er det gjort. Ble ikke bedt om reboot. Ny Combofix logg: ComboFix 08-11-23.02 - Bjørnar 2008-11-24 17:56:59.3 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.359 [GMT 1:00] Running from: c:\users\Bjørnar\Desktop\ComboFix.exe Command switches used :: c:\users\Bjørnar\Desktop\CFScript.txt FILE :: c:\windows\system32\drivers\lvuvc.hs . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\lvuvc.hs . ((((((((((((((((((((((((( Files Created from 2008-10-24 to 2008-11-24 ))))))))))))))))))))))))))))))) . 2008-11-24 03:19 . 2008-11-24 11:23 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-11-24 01:40 . 2008-11-24 01:40 97,928 --a------ c:\windows\System32\drivers\avgldx86.sys 2008-11-24 01:40 . 2008-11-24 01:40 10,520 --a------ c:\windows\System32\avgrsstx.dll 2008-11-24 01:39 . 2008-11-24 15:19 <DIR> d-------- c:\windows\System32\drivers\Avg 2008-11-24 01:39 . 2008-11-24 02:00 <DIR> d-------- c:\users\All Users\avg8 2008-11-24 01:39 . 2008-11-24 02:00 <DIR> d-------- c:\programdata\avg8 2008-11-24 01:39 . 2008-11-24 01:39 <DIR> d-------- c:\program files\AVG 2008-11-23 23:30 . 2008-11-23 23:30 <DIR> d-------- c:\users\Bjørnar\AppData\Roaming\Malwarebytes 2008-11-23 23:30 . 2008-11-23 23:30 <DIR> d-------- c:\users\All Users\Malwarebytes 2008-11-23 23:30 . 2008-11-23 23:30 <DIR> d-------- c:\programdata\Malwarebytes 2008-11-23 23:30 . 2008-11-23 23:30 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-23 23:30 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2008-11-23 23:30 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2008-11-23 15:13 . 2008-11-23 15:13 <DIR> d-------- c:\program files\SopCast 2008-11-21 10:49 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll 2008-11-21 10:49 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll 2008-11-21 10:49 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe 2008-11-21 10:49 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll 2008-11-21 10:48 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll 2008-11-21 10:48 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll 2008-11-21 10:48 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll 2008-11-21 10:48 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll 2008-11-21 10:48 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe 2008-11-20 00:54 . 2008-11-20 00:54 56 --ah----- c:\users\All Users\ezsidmv.dat 2008-11-20 00:54 . 2008-11-20 00:54 56 --ah----- c:\programdata\ezsidmv.dat 2008-11-20 00:53 . 2008-11-20 00:53 <DIR> d-------- c:\program files\Common Files\Skype 2008-11-12 19:06 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll 2008-11-12 19:06 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll 2008-11-12 19:06 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys 2008-10-29 10:51 . 2008-10-29 10:51 <DIR> d-------- c:\users\All Users\NOS 2008-10-29 10:51 . 2008-10-29 10:51 <DIR> d-------- c:\programdata\NOS 2008-10-29 10:51 . 2008-10-29 10:51 <DIR> d-------- c:\program files\NOS 2008-10-29 10:46 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll 2008-10-28 23:36 . 2008-10-28 23:36 823,296 --a------ c:\windows\System32\divx_xx0c.dll 2008-10-28 23:36 . 2008-10-28 23:36 823,296 --a------ c:\windows\System32\divx_xx07.dll 2008-10-28 23:35 . 2008-10-28 23:35 815,104 --a------ c:\windows\System32\divx_xx0a.dll 2008-10-28 23:35 . 2008-10-28 23:35 802,816 --a------ c:\windows\System32\divx_xx11.dll 2008-10-28 23:35 . 2008-10-28 23:35 729,088 --a------ c:\windows\System32\divxdec.ax 2008-10-28 23:35 . 2008-10-28 23:35 684,032 --a------ c:\windows\System32\DivX.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-24 17:03 3,145,728 --sha-w c:\users\Bjørnar\ntuser.dat 2008-11-24 17:03 3,145,728 --sha-w c:\users\Bjørnar\ntuser.dat 2008-11-24 00:26 --------- d-----w c:\users\Bjørnar\AppData\Roaming\Skype 2008-11-23 23:08 --------- d-----w c:\users\Bjørnar\AppData\Roaming\skypePM 2008-11-23 22:30 --------- d-----w c:\users\Bjørnar\AppData\Roaming\Malwarebytes 2008-11-16 20:32 --------- d-----w c:\users\Bjørnar\AppData\Roaming\dvdcss 2008-11-13 11:38 --------- d-----w c:\programdata\Microsoft Help 2008-11-13 01:41 --------- d-----w c:\programdata\Rosetta Stone 2008-11-10 19:03 --------- d-----w c:\program files\DivX 2008-11-06 12:18 --------- d-----w c:\programdata\Installations 2008-11-05 18:47 --------- d-s---w c:\users\Bjørnar\AppData\Roaming\Microsoft 2008-10-22 23:33 --------- d-----w c:\program files\Flock 2008-10-22 19:43 --------- d-----w c:\program files\Free Music Zilla 2008-09-29 09:30 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-09-28 17:15 174 --sha-w c:\program files\desktop.ini 2008-09-28 17:02 --------- d-----w c:\program files\Windows Sidebar 2008-09-28 17:02 --------- d-----w c:\program files\Windows Photo Gallery 2008-09-28 17:02 --------- d-----w c:\program files\Windows Mail 2008-09-28 17:02 --------- d-----w c:\program files\Windows Journal 2008-09-28 17:02 --------- d-----w c:\program files\Windows Defender 2008-09-28 17:02 --------- d-----w c:\program files\Windows Collaboration 2008-09-28 17:02 --------- d-----w c:\program files\Windows Calendar 2008-04-10 22:37 32 ----a-w c:\users\All Users\ezsid.dat 2008-04-10 22:37 32 ----a-w c:\programdata\ezsid.dat 2008-04-10 22:34 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-04-10 22:34 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-04-10 22:34 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 2008-02-04 16:31 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-02-04 16:31 32,768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-08-07 06:06 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((( snapshot_2008-11-24_11.54.58,64 ))))))))))))))))))))))))))))))))))))))))) . - 2008-11-24 00:55:24 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-11-24 14:17:05 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-11-24 00:55:24 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2008-11-24 14:17:05 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-11-24 00:56:42 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat + 2008-11-24 14:18:13 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat + 2008-11-24 14:18:13 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-11-24 00:57:40 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat + 2008-11-24 14:18:08 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat + 2008-11-24 14:18:08 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-11-24 10:46:44 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat + 2008-11-24 16:56:05 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat - 2008-11-24 01:02:48 102,094 ----a-w c:\windows\System32\perfc009.dat + 2008-11-24 14:21:33 102,094 ----a-w c:\windows\System32\perfc009.dat - 2008-11-24 01:02:48 77,322 ----a-w c:\windows\System32\perfc014.dat + 2008-11-24 14:21:33 77,322 ----a-w c:\windows\System32\perfc014.dat - 2008-11-24 01:02:48 590,082 ----a-w c:\windows\System32\perfh009.dat + 2008-11-24 14:21:33 590,082 ----a-w c:\windows\System32\perfh009.dat - 2008-11-24 01:02:48 455,238 ----a-w c:\windows\System32\perfh014.dat + 2008-11-24 14:21:33 455,238 ----a-w c:\windows\System32\perfh014.dat - 2008-11-24 00:57:36 14,468 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4198181764-3112785799-1122992718-1000_UserData.bin + 2008-11-24 14:19:01 14,722 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4198181764-3112785799-1122992718-1000_UserData.bin - 2008-11-24 00:57:35 106,840 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-11-24 14:19:00 107,022 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-11-23 17:41:43 2,986 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat + 2008-11-24 11:10:57 2,986 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat - 2008-11-24 00:57:35 61,318 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-11-24 14:18:59 61,528 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-08-29 171464] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-18 815104] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-15 98304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-15 106496] "Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-15 81920] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-08-21 77824] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-28 1540096] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920] "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-05-02 184320] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2008-10-22 1261200] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-24 1234712] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 c:\windows\KHALMNPR.Exe] "SigmatelSysTrayApp"="sttray.exe" [2007-02-08 c:\windows\sttray.exe] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 703280] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-08-21 50688] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-06-19 784912] QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-08-21 45056] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{6638B658-9DC4-41AF-BE53-78D871DC70A7}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent "{68674C66-98B7-4308-B8B6-31494E8FF685}"= TCP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent "TCP Query User{F3BCF4AD-518D-48E3-991B-A7DFEBD5EE7F}g:\\program\\utorrent.exe"= UDP:g:\program\utorrent.exe:utorrent "UDP Query User{EB590807-D8C8-4701-AF78-98BD5725838A}g:\\program\\utorrent.exe"= TCP:g:\program\utorrent.exe:utorrent "TCP Query User{902A435B-52D6-42E9-8066-09A09EC34B33}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{70F30DBD-1F1B-40A1-8AB4-D4F139106AD3}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{A1823AB3-23FF-47C2-9B56-60BF30DCBB51}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{6D96E84D-4978-4FDF-B0ED-85FAFF8C62E9}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{75D502FC-9F90-4E4C-B077-20A69826415C}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire "UDP Query User{A6CBECC7-4D21-4F96-A2F2-BECA4A33707F}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire "TCP Query User{FE6EE234-E1D1-4CC2-925C-4C709C37ACD9}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus "UDP Query User{C96EBA87-F2B8-42CA-B172-6D06ED84D5B6}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus "TCP Query User{9F7DA078-5E09-4F38-BA37-E17B90975A71}c:\\program files\\nero\\nero 7\\nero showtime\\showtime.exe"= UDP:c:\program files\nero\nero 7\nero showtime\showtime.exe:Nero ShowTime "UDP Query User{A6BA1848-B8A7-4424-AAB3-9B729A196976}c:\\program files\\nero\\nero 7\\nero showtime\\showtime.exe"= TCP:c:\program files\nero\nero 7\nero showtime\showtime.exe:Nero ShowTime "TCP Query User{A7806049-1CDF-4214-BDFD-0582DE27E7CD}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{D91EDC8E-3605-4435-94A4-19A5F97AE104}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{9746BFB0-E0C7-4D3B-A277-A17102266045}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire "UDP Query User{0D96E119-0077-4BE9-BAA7-29B6ACC83A28}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire "TCP Query User{E569D57E-08A7-4EB3-A4B2-6EFCD3E6240C}c:\\program files\\free music zilla\\fmzilla.exe"= UDP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module "UDP Query User{92BB8A51-5006-440B-B201-9E0A9657F5F9}c:\\program files\\free music zilla\\fmzilla.exe"= TCP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module "TCP Query User{E74C5E5A-ED62-427C-8B49-1729CBEBB870}c:\\users\\bjørnar\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= UDP:c:\users\bjørnar\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe:octoshapeclient.exe "UDP Query User{45D79512-56E5-440C-8563-1CCB85751376}c:\\users\\bjørnar\\appdata\\local\\octoshape\\octoshape streaming services\\octoshapeclient.exe"= TCP:c:\users\bjørnar\appdata\local\octoshape\octoshape streaming services\octoshapeclient.exe:octoshapeclient.exe "TCP Query User{624EFE15-63AE-448D-9D6E-07ED2F1AF4D4}c:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= UDP:c:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home "UDP Query User{DEC222A5-7F31-4F70-8AC7-A0A299260549}c:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= TCP:c:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home "{5F6B366E-46CA-4220-BDF3-E0106448F78A}"= Disabled:UDP:c:\program files\SPSSInc\SPSS16\SPSSWinWrapIDE.exe:SPSS Basic Script Editor (1033) "{F7CEA839-5A56-4A50-BC78-A2B43F820FB8}"= Disabled:UDP:c:\program files\SPSSInc\SPSS16\spss.com:SPSS 16.0 for Windows (1033:com) "{0B5E5EC5-F928-45A3-8137-C384EEDEAA71}"= Disabled:UDP:c:\program files\SPSSInc\SPSS16\spss.exe:SPSS 16.0 for Windows (1033:exe) "{8ED58BF6-A4FC-41E0-9830-C7A029378F65}"= Disabled:TCP:c:\program files\SPSSInc\SPSS16\SPSSWinWrapIDE.exe:SPSS Basic Script Editor (1033) "{8F7030C7-99BC-472C-B40A-D514101DBD3C}"= Disabled:TCP:c:\program files\SPSSInc\SPSS16\spss.com:SPSS 16.0 for Windows (1033:com) "{62DCF891-69BC-4478-85CC-AE00A347857D}"= Disabled:TCP:c:\program files\SPSSInc\SPSS16\spss.exe:SPSS 16.0 for Windows (1033:exe) "{9BEF03E2-8E0B-4892-BB4F-D5B275BBB702}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{FD1F12BF-E160-4ED1-91D2-58922FE7FD14}"= inRosettaStoneLtdServices.exe:Rosetta Stone Online Component (inbound) "{EAEAC692-9B46-4289-8B30-DBDEEBDE3FA1}"= RosettaStoneVersion3.exe:Rosetta Stone V3 Application (inbound) "TCP Query User{4D474214-A0A6-4376-BE5A-2C542D0CDB55}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{77140CF2-8BE3-4A7D-947F-DB7EEFCCB732}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "{AD0E5BC3-B433-4FF7-B86C-3C4BA2FE378E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{7D1A1B81-4A5A-47A9-8EC4-110EAF861EF2}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{162572AC-A606-452F-956D-1D5F9CF33DF9}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{72175D47-9DB1-4E0E-83F2-E33A271703F5}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{D3F6120B-3333-4352-AF69-95815307CFBB}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{87DB582F-2E5E-4668-B3EF-B4F0CE636C13}c:\\program files\\watchguard\\mobile vpn\\ncpmon.exe"= UDP:c:\program files\watchguard\mobile vpn\ncpmon.exe:ncpmon.exe "UDP Query User{2AC9D4E5-2624-4849-8182-E43E09441EDA}c:\\program files\\watchguard\\mobile vpn\\ncpmon.exe"= TCP:c:\program files\watchguard\mobile vpn\ncpmon.exe:ncpmon.exe "TCP Query User{E45C5609-C01C-4703-A15C-DB10C3F6A558}c:\\program files\\sonicwall\\sonicwall global vpn client\\swgvpnclient.exe"= UDP:c:\program files\sonicwall\sonicwall global vpn client\swgvpnclient.exe:SonicWALL Global VPN Client "UDP Query User{38277DFF-7567-432C-B6F2-C45146D4145B}c:\\program files\\sonicwall\\sonicwall global vpn client\\swgvpnclient.exe"= TCP:c:\program files\sonicwall\sonicwall global vpn client\swgvpnclient.exe:SonicWALL Global VPN Client "TCP Query User{B1C658D1-E796-4EAF-B249-AF07AD3C312A}c:\\program files\\sonicwall\\sonicwall global vpn client\\swgvpnclient.exe"= UDP:c:\program files\sonicwall\sonicwall global vpn client\swgvpnclient.exe:SonicWALL Global VPN Client "UDP Query User{95E2DF44-F9E0-468A-A5A4-3ECEA8BED1A2}c:\\program files\\sonicwall\\sonicwall global vpn client\\swgvpnclient.exe"= TCP:c:\program files\sonicwall\sonicwall global vpn client\swgvpnclient.exe:SonicWALL Global VPN Client "TCP Query User{B0C2D114-31FC-4E51-8AA0-6C67D6CDB828}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{9B6B9CD1-F1FC-43B1-A60D-0954D21633DD}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{64F5CF45-46DB-4380-AF76-7DC04D1F2932}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{47FF9BF1-E8DE-4996-8DE0-0C3DD8ADF6CC}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{A1AB92D2-4B6F-4001-8517-7C6837B7749E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{C656BAD9-2BD9-4385-906F-9B18BD01FF19}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{6F8465C3-1086-42D6-B0AA-7A0592AFF0CE}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "UDP Query User{967808B6-00BD-4FFF-81B7-DC74AD539CAB}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater "TCP Query User{EC0E47FE-A48A-411B-AEB5-D1A39C15FB3C}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "UDP Query User{F838EB9E-A1BE-4BA9-8A42-4B08D187AF90}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process "TCP Query User{8151F053-8DFD-43E0-875F-33374199D620}c:\\program files\\esvnc\\winvnc.exe"= UDP:c:\program files\esvnc\winvnc.exe:WinVNC "UDP Query User{659AA287-347D-4E35-A2D0-F42CD1EA0B58}c:\\program files\\esvnc\\winvnc.exe"= TCP:c:\program files\esvnc\winvnc.exe:WinVNC "{3F334A57-02C6-4317-AA93-797333A6832F}"= c:\windows\system32\ntrplugin124.exe:NTR Plugin 1.2.4 "{9A623898-D21E-452B-BB61-A76CC6E1A848}"= c:\windows\system32\ntrplugin124a.exe:NTR Plugin 1.2.4 a "{56039665-3F87-42D8-992C-F652700B99EA}"= c:\windows\system32\ntrplugin124h.exe:NTR Plugin 1.2.4 h "TCP Query User{E93FAAC7-2C00-4B55-9C29-A3C15D41822D}c:\\users\\vikar1\\downloads\\ntrsupport_3168.exe"= UDP:c:\users\vikar1\downloads\ntrsupport_3168.exe:ntrsupport_3168.exe "UDP Query User{E6149C1B-B09D-48F6-8DE8-4C8F6F055AFB}c:\\users\\vikar1\\downloads\\ntrsupport_3168.exe"= TCP:c:\users\vikar1\downloads\ntrsupport_3168.exe:ntrsupport_3168.exe "TCP Query User{CF8CEFC0-BC0B-4EAC-9940-87C315F2F9BC}c:\\users\\vikar1\\downloads\\ntrsupport_22268.exe"= UDP:c:\users\vikar1\downloads\ntrsupport_22268.exe:ntrsupport_22268.exe "UDP Query User{14491C9A-796F-4160-8ED9-D965E5EF0311}c:\\users\\vikar1\\downloads\\ntrsupport_22268.exe"= TCP:c:\users\vikar1\downloads\ntrsupport_22268.exe:ntrsupport_22268.exe "TCP Query User{C869E600-FB26-4A93-93F2-68A42B9047C0}c:\\users\\vikar1\\downloads\\ntrsupport_1797.exe"= UDP:c:\users\vikar1\downloads\ntrsupport_1797.exe:ntrsupport_1797.exe "UDP Query User{C0DB102B-8FA8-4867-8072-59DDB82F4043}c:\\users\\vikar1\\downloads\\ntrsupport_1797.exe"= TCP:c:\users\vikar1\downloads\ntrsupport_1797.exe:ntrsupport_1797.exe "TCP Query User{51A7C1AE-BC89-47C2-859A-A3CD2D216FAE}c:\\users\\vikar1\\downloads\\ntrsupport_48472.exe"= UDP:c:\users\vikar1\downloads\ntrsupport_48472.exe:ntrsupport_48472.exe "UDP Query User{63B75723-D4A6-4926-80DE-DB2EC73CE5FF}c:\\users\\vikar1\\downloads\\ntrsupport_48472.exe"= TCP:c:\users\vikar1\downloads\ntrsupport_48472.exe:ntrsupport_48472.exe "TCP Query User{B4396115-7336-4970-802F-4AC67081C522}c:\\users\\vikar1\\downloads\\ntrsupport_33990.exe"= UDP:c:\users\vikar1\downloads\ntrsupport_33990.exe:ntrsupport_33990.exe "UDP Query User{85D9BBCE-0B02-4BC9-8CB7-B7976AE63CB3}c:\\users\\vikar1\\downloads\\ntrsupport_33990.exe"= TCP:c:\users\vikar1\downloads\ntrsupport_33990.exe:ntrsupport_33990.exe "TCP Query User{14C16883-D550-45AD-B8E2-5B6435288A57}c:\\program files\\free music zilla\\fmzilla.exe"= UDP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module "UDP Query User{8253E887-58E6-407F-9840-A6E405BA87A8}c:\\program files\\free music zilla\\fmzilla.exe"= TCP:c:\program files\free music zilla\fmzilla.exe:FMZilla Module "TCP Query User{5C1FA67D-9DCD-477E-933F-FE46FF22B550}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{D5631BDF-FC50-438B-B7C8-26CC413C57CF}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{63760C9A-C192-4DD9-A227-F251F30B78AE}c:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= UDP:c:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home "UDP Query User{EEA8CFA6-34A1-4A39-B5DB-918FAC211121}c:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= TCP:c:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home "{2472FB19-5452-48D7-AE39-43F53FD78769}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{8DBA2D22-E32D-4243-8B64-13729E0A75E6}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{1F79565A-3512-4263-886C-8F776F1086A2}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath "{AC03B4DB-DF86-4BC8-8EE3-B0F8015D99A6}"= c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{84C0D566-1916-4EB7-A373-F159E90532F5}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application "UDP Query User{764FF062-50B8-4776-BB9E-80D234317C30}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application "TCP Query User{8F0405D0-5195-4D47-A301-A54D0C7BC65A}c:\\program files\\azureus\\azureus.exe"= Disabled:UDP:c:\program files\azureus\azureus.exe:Azureus "UDP Query User{4A0EACA7-BD4C-4C2B-870F-510F870F559A}c:\\program files\\azureus\\azureus.exe"= Disabled:TCP:c:\program files\azureus\azureus.exe:Azureus "TCP Query User{8CEB7B51-C736-4F98-A994-C7DB4E09B956}c:\\program files\\sopcast\\adv\\sopadver.exe"= Disabled:UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver "UDP Query User{F0E9765F-A9E7-42AF-81C8-2D4EDDC0573A}c:\\program files\\sopcast\\adv\\sopadver.exe"= Disabled:TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver "{6F30DA2E-027B-4C04-854E-37B8B2A1F397}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-24 97928] S3 LVRS;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs.sys [2008-09-18 627864] S3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136] S3 WSDPrintDevice;WSD-utskriftsstøtte via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-09-21 16896] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-24 18:03:44 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-11-24 18:06:23 ComboFix-quarantined-files.txt 2008-11-24 17:06:18 ComboFix2.txt 2008-11-24 10:56:14 ComboFix3.txt 2008-11-23 21:03:36 Pre-Run: 35 749 945 344 byte ledig Post-Run: 35,711,930,368 byte ledig 275 --- E O F --- 2008-11-21 09:57:45 Lenke til kommentar
bearss Skrevet 24. november 2008 Forfatter Del Skrevet 24. november 2008 Er jeg nå kvitt alt tullet jeg rotet meg inn i? Anbefaler du/dere å slette trojaneren fra virushvelvet eller kan den bare ligge der? Ligger også noen cookies med warning der. Lenke til kommentar
raWrz Skrevet 24. november 2008 Del Skrevet 24. november 2008 hvent litt skal bare ta en sjapp titt Combofix må avinstalleres. Gå til Start > Kjør Skriv følgende i boksen: ComboFix /u PS: legg merke til mellomrommet mellom X og /u Du skal nå ha noe som tilsvarer bildet nedenfor: Trykk Enter. Denne kommandoen vil: Fjerne følgende:ComboFix og dets tilhørende filer og mapper. VundoFix backups, hvis de eksisterer. Mappen C:\Deckard, hvis den eksisterer Mappen C:\OtMoveIt, hvis den eksisterer [*] Nullstille klokke-instillingene. [*] Skjule filetternavn hvis det er nødvendig. [*] Skjule System/Skjulte filer og mapper hvis det er nødvendig. [*] Nullstille systemgjennoprettingspunkter. Mbam kan du beholde Lenke til kommentar
bearss Skrevet 24. november 2008 Forfatter Del Skrevet 24. november 2008 Takk skal du ha. ComboFix forsvant sammen med mesteparten av mapper, men det ligger igjen en: "C:ComboFix" med filen "nirccmd". Kan jeg bare slette den? Lenke til kommentar
r2d290 Skrevet 24. november 2008 Del Skrevet 24. november 2008 Går ut ifra at du mener NirCmd (med én C). Det er en fil som hører til combofix, og så vidt jeg vet så burde den ha blitt fjernet. Tviler på at det vil gjøre noen stor skade om du sletter den manuelt... Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå