"photobucket" link virus

BlackieL · 11. januar 2008

Ser ut til at jeg har fått det berømte viruset her....

kan noen fortelle meg hva jeg skal gjøre?

Takk.

11.01.2008_21230423.txt

ComboFix.txt

vargaz · 11. januar 2008

https://www.diskusjon.no/index.php?showtopic=893521&hl=

sett på denne, det er en pågående tråd om akkurat dette emnet.

norbat · 11. januar 2008

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen.

File::

C:\WINDOWS\lssas.exe

C:\WINDOWS\ntmngr.exe

Gjør også det som du fikk melding om da du kjørte MSNFix:

Last opp fila: C:\DOCUME~1\Stig-Are\SKRIVE~1\Upload_Me.zip på nettstedet <a href="http://upload.changelog.fr" target="_blank">http://upload.changelog.fr</a>

Endret 11. januar 2008 av norbat

BlackieL · 11. januar 2008

ComboFix.txt

norbat · 11. januar 2008

Gjenta opprettelsen av CFScript.txt med følgende innhold:

File::

C:\WINDOWS\ntmngr.exe

Post combofix-loggen sammen med en HJT-logg (Last ned Hijackthis. Legg det i en egen mappe på skrivebordet.

Start programmet, velg "Do a system scan and save a logfile". Loggfilen kopierer du og poster.)

BlackieL · 11. januar 2008

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:45:26, on 11.01.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

C:\Programfiler\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\AGRSMMSG.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Programfiler\Apoint2K\Apoint.exe

C:\Programfiler\TOSHIBA\TouchED\TouchED.Exe

C:\WINDOWS\system320THotkey.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Programfiler\Apoint2K\Apntex.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programfiler\CyberLink\Shared files\RichVideo.exe

C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\Tablet.exe

C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\Programfiler\Opera\Opera.exe

C:\WINDOWS\system32\Tablet.exe

C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Stig-Are\Skrivebord\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [TouchED] C:\Programfiler\TOSHIBA\TouchED\TouchED.Exe

O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system320THotkey.exe

O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe

O4 - HKLM\..\Run: [LanguageShortcut] C:\Programfiler\CyberLink\PowerDVD\Language\Language.exe

O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Lokale innstillinger\Temp" (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\NLDRV" (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,LaunchINFSection nlite.inf,I (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Lokale innstillinger\Temp" (User 'NETTVERKSTJENESTE')

O4 - Global Startup: Bluetooth Manager.lnk = ?

O8 - Extra context menu item: Download using LeechGet - file://C:\Programfiler\LeechGet 2005\\AddUrl.html

O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Programfiler\LeechGet 2005\\Wizard.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Parse with LeechGet - file://C:\Programfiler\LeechGet 2005\\Parser.html

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1193516802312

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programfiler\CyberLink\Shared files\RichVideo.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programfiler\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--

End of file - 6339 bytes

ComboFix.txt

norbat · 11. januar 2008

Hent Avenger og pakk det ut.

Start programmet, sett prikk i "Input Script Manually" og klikk på lupen.

I vinduet som kommer opp kopierer du og limer inn det som er i fet skrift under:

Files to delete:

C:\WINDOWS\ntmngr.exe

Klikk på Trafikklyset. Restart PC-en.

Etter restart vil det komme en loggfil som forteller hva som har skjedd. Post den.

Kjør en full scan med SAS (gratisversjonen). Fortell om den fant noe.

BlackieL · 11. januar 2008

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\epcwrvxd

*******************

Script file located at: \??\C:\vnbrkxeg.txt

Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\ntmngr.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

SAS fant 16 Adware. Tracking cookies

norbat · 11. januar 2008

Da ønsker jeg å se en ny Combofix-logg.

Fortell også om msn oppfører seg normalt.

BlackieL · 11. januar 2008

ComboFix 08-01-11.1 - Stig-Are 2008-01-11 23:38:57.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1455 [GMT 1:00]

Running from: C:\Documents and Settings\Stig-Are\Skrivebord\ComboFix.exe

.

((((((((((((((((((((((((( Files Created from 2007-12-11 to 2008-01-11 )))))))))))))))))))))))))))))))

.

2008-01-11 23:02 . 2008-01-11 23:34 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-01-11 23:02 . 2008-01-11 23:02 <DIR> d-------- C:\Documents and Settings\Stig-Are\Programdata\SUPERAntiSpyware.com

2008-01-11 23:02 . 2008-01-11 23:02 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-01-11 23:01 . 2008-01-11 23:01 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-01-11 21:25 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-12-19 20:32 . 2007-12-19 20:32 <DIR> d-------- C:\Programfiler\DivX

2007-12-19 00:30 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll

2007-12-19 00:30 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll

2007-12-19 00:13 . 2007-12-19 00:31 <DIR> d-------- C:\Programfiler\The Golden Compass

2007-12-11 23:34 . 2007-12-11 23:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll

2007-12-11 23:34 . 2007-12-11 23:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-11 22:01 --------- d-----w C:\Documents and Settings\Stig-Are\Programdata\WTablet

2007-11-28 17:44 --------- d-----w C:\Documents and Settings\Stig-Are\Programdata\Toshiba

2007-11-25 01:31 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll

2007-11-25 01:31 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll

2007-11-25 01:31 --------- d-----w C:\Programfiler\OpenAL

2007-11-25 01:26 --------- d-----w C:\Programfiler\The Adventure Company

2007-11-12 22:02 --------- d-----w C:\Documents and Settings\Stig-Are\Programdata\Ambient Design

2007-10-27 20:00 88,358 ----a-w C:\WINDOWS\agrsmmsg.exe

2007-10-27 20:00 77,824 ----a-w C:\WINDOWS\system32\tosmreg.exe

2007-10-27 20:00 64,512 ------w C:\WINDOWS\agrsmdel.exe

2007-10-27 20:00 45,056 ----a-w C:\WINDOWS\system32\csellang.dll

2007-10-27 20:00 110,592 ----a-w C:\WINDOWS\system32\cselect.exe

.

((((((((((((((((((((((((((((( snapshot@2008-01-11_21.28.23,28 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-01-11 20:26:23 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT

+ 2008-01-11 21:42:53 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT

- 2008-01-11 20:26:23 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat

+ 2008-01-11 21:42:53 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat

- 2008-01-11 20:26:23 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT

+ 2008-01-11 21:42:53 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT

- 2008-01-11 20:26:23 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat

+ 2008-01-11 21:42:53 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat

- 2008-01-11 20:26:23 3,497,984 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT

+ 2008-01-11 21:42:54 3,497,984 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT

- 2008-01-11 20:26:24 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat

+ 2008-01-11 21:42:54 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat

+ 2008-01-11 22:02:09 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe

+ 2008-01-11 22:02:09 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe

+ 2008-01-11 22:02:09 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe

+ 2008-01-11 22:00:38 16,384 ----atw C:\WINDOWS\system32\config\systemprofile\Lokale innstillinger\Temp\Perflib_Perfdata_634.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:54 5674352]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 08:11 1388544]

"SoundMAX"="C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 07:27 860160]

"AGRSMMSG"="AGRSMMSG.exe" [2007-10-27 21:00 88358 C:\WINDOWS\agrsmmsg.exe]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-08-23 17:33 7122944]

"nwiz"="nwiz.exe" [2005-08-23 17:33 1519616 C:\WINDOWS\system32\nwiz.exe]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06 79224]

"Apoint"="C:\Programfiler\Apoint2K\Apoint.exe" [2005-06-08 12:40 196608]

"TouchED"="C:\Programfiler\TOSHIBA\TouchED\TouchED.Exe" [2003-03-11 13:07 122880]

"00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [2005-01-27 09:14 270336]

"000StTHK"="000StTHK.exe" [2001-06-23 19:28 24576 C:\WINDOWS\system32\000StTHK.exe]

"LanguageShortcut"="C:\Programfiler\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 16:21 54832]

"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [ ]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2007-10-10 19:51 39792 C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

--a------ 2006-10-27 00:47 31016 C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LeechGet]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--------- 2007-02-07 16:24 71216 C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteX]

--a------ 2006-04-05 16:58 69632 C:\Programfiler\Remotex\RemoteX.exe

R0 KR10N;KR10N;C:\WINDOWS\system32\DRIVERS\KR10N.sys [2006-05-28 13:59]

R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Programfiler\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]

R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 20:55]

R3 tosrfec;Bluetooth ACPI;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2006-10-23 15:32]

R3 ttv200x;TOSHIBA PCI TV Tuner type W;C:\WINDOWS\system32\DRIVERS\ttv200x.sys [2005-06-08 12:43]

R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 20:12]

R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 19:30]

*Newly Created Service* - SASDIFSV

*Newly Created Service* - SASENUM

*Newly Created Service* - SASKUTIL

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-11 23:40:15

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-01-11 23:40:49

ComboFix-quarantined-files.txt 2008-01-11 22:40:35

ComboFix2.txt 2008-01-11 21:44:04

ComboFix3.txt 2008-01-11 21:30:08

ComboFix4.txt 2008-01-11 20:28:49

Slik som det ser ut nå,oppfører msn seg som normalt.......i alle fall de 5 minuttene som jeg har vert pålogget nå...

Endret 11. januar 2008 av BlackieL

norbat · 11. januar 2008

Loggen ser fin ut.

Du bør nullstille gjenopprettingsmappa slik at du ikke blir infisert ved en evt. systemgjenoppretting.

Kontrollpanel->system->systemgjenoppretting .

Sett merke framfor "Slå av Systemgjenopprettingen .....",

restart pc,

fjern merket igjen for å aktivere funksjonen.

BlackieL · 11. januar 2008

Done...

Tnx alot for din tid og hjelp...

norbat · 11. januar 2008

Surf trygt og hold deg unna disse msn-linkene nå da

BlackieL · 11. januar 2008

hehe...føler bare at jeg må nevne at dette var samboeren min sitt verk.......selv om jeg flere ganger har advart henne om slike linker...hehe:p

Tnx again...

nå må jeg bare se om jeg får til å fjerne det på min søsters pc....(som i utgangspunktet er roten til dette)....

Endret 11. januar 2008 av BlackieL

norbat · 11. januar 2008

nå må jeg bare se om jeg får til å fjerne det på min søsters pc....(som i utgangspunktet er roten til dette)....

Det klarer du. Du har i alle fall et lite utgangspunkt i de tråden som ligger her på forumet slik at du vet hvilken filer som du bør se etter.

Lykke til.

pirkus · 11. januar 2008

ComboFix 08-01-11.1 - Simen Strand 2008-01-11 23:44:36.2 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.487 [GMT 1:00]

Running from: C:\Documents and Settings\Simen Strand\Skrivebord\ComboFix.exe

.

((((((((((((((((((((((((( Files Created from 2007-12-11 to 2008-01-11 )))))))))))))))))))))))))))))))

.

2008-01-11 23:26 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-11 22:11 . 2008-01-11 22:30 574,119 --a------ C:\chanrar.rar

2008-01-11 21:42 . 2008-01-11 21:42 <DIR> d-------- C:\Programfiler\Lavasoft

2008-01-11 21:42 . 2008-01-11 21:42 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft

2008-01-11 21:41 . 2008-01-11 21:41 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-01-11 21:27 . 2008-01-11 21:27 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy

2008-01-11 20:31 . 2008-01-11 20:31 <DIR> d-------- C:\Programfiler\Alwil Software

2008-01-11 20:31 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe

2008-01-11 20:31 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx

2008-01-11 20:31 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr

2008-01-11 20:31 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2008-01-11 20:31 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2008-01-11 20:31 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2008-01-11 20:31 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2008-01-11 20:31 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2008-01-11 19:56 . 2004-08-04 01:03 21,504 --a------ C:\WINDOWS\system32\hidserv.dll

2008-01-11 19:56 . 2004-08-04 01:03 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll

2008-01-11 19:49 . 2008-01-11 19:49 45,568 -r-hs---- C:\WINDOWS\lssas.exe

2008-01-11 19:42 . 2008-01-11 19:42 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

2008-01-07 21:45 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

2008-01-07 21:44 . 2008-01-07 21:44 <DIR> d-------- C:\Programfiler\Microsoft Works

2008-01-07 21:43 . 2008-01-07 21:43 <DIR> d-------- C:\Programfiler\MSBuild

2008-01-07 21:41 . 2008-01-07 21:41 <DIR> d-------- C:\Programfiler\Microsoft.NET

2008-01-07 21:36 . 2008-01-07 21:36 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-01-07 21:35 . 2008-01-07 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-01-07 21:34 . 2008-01-07 21:34 <DIR> dr-h----- C:\MSOCache

2008-01-07 21:23 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys

2008-01-07 21:23 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys

2008-01-07 21:23 . 2004-08-04 20:00 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-01-07 21:23 . 2004-08-04 20:00 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys

2008-01-07 19:54 . 2008-01-07 19:54 188 --a------ C:\WINDOWS\system32\eDataSecurity.dat

2008-01-07 17:54 . 2008-01-07 17:54 <DIR> d-------- C:\Documents and Settings\Simen Strand\Programdata\Sports Interactive

2008-01-07 17:54 . 2008-01-07 17:54 <DIR> dr-h----- C:\Documents and Settings\Simen Strand\Programdata\SecuROM

2008-01-07 17:54 . 2008-01-07 17:54 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-01-07 17:48 . 2008-01-07 17:48 <DIR> d--h----- C:\Programfiler\Zero G Registry

2008-01-07 17:48 . 2008-01-07 17:48 <DIR> d-------- C:\Programfiler\Sports Interactive

2008-01-07 17:47 . 2008-01-07 17:47 <DIR> d--h----- C:\Documents and Settings\Simen Strand\InstallAnywhere

2008-01-07 17:37 . 2004-08-04 20:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-01-07 17:36 . 2008-01-07 17:36 <DIR> d-------- C:\Programfiler\Windows Media Connect 2

2008-01-07 17:34 . 2008-01-07 17:34 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-01-07 17:34 . 2008-01-07 17:34 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-01-06 22:22 . 2008-01-06 22:22 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Telenor

2008-01-06 22:15 . 2008-01-06 22:15 27,624 --a------ C:\empsiklasttrace.xml

2008-01-06 22:13 . 2008-01-06 22:13 <DIR> d-------- C:\Programfiler\Telenor

2008-01-03 22:49 . 2008-01-03 22:49 <DIR> d-------- C:\Documents and Settings\Simen Strand\Programdata\AdobeUM

2008-01-02 17:31 . 2008-01-02 17:31 <DIR> d-------- C:\WINDOWS\Sun

2008-01-02 17:31 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-01-02 17:30 . 2008-01-02 17:30 <DIR> d-------- C:\Programfiler\Java

2008-01-02 17:30 . 2008-01-02 17:30 <DIR> d-------- C:\Programfiler\Fellesfiler\Java

2008-01-02 13:37 . 2008-01-04 03:29 1,406 --a------ C:\WINDOWS\mozver.dat

2008-01-02 13:31 . 2008-01-02 13:31 0 --a------ C:\WINDOWS\nsreg.dat

2008-01-02 13:15 . 2008-01-02 13:15 <DIR> d--hs---- C:\Recycled

2008-01-02 02:37 . 2008-01-02 02:37 <DIR> d-------- C:\Programfiler\Microsoft CAPICOM 2.1.0.2

2008-01-02 02:37 . 2006-01-09 20:08 1,492,480 --a------ C:\WINDOWS\system32\SET70C.tmp

2008-01-02 02:34 . 2006-08-21 10:14 128,896 --------- C:\WINDOWS\system32\dllcache\SET5F7.tmp

2008-01-02 02:34 . 2006-08-21 10:14 23,040 --------- C:\WINDOWS\system32\SET5F5.tmp

2008-01-02 02:34 . 2006-08-21 10:14 23,040 --------- C:\WINDOWS\system32\dllcache\SET5F8.tmp

2008-01-02 02:34 . 2006-08-21 13:28 16,896 --------- C:\WINDOWS\system32\SET5F6.tmp

2008-01-02 02:34 . 2006-08-21 13:28 16,896 --------- C:\WINDOWS\system32\dllcache\SET5F9.tmp

2008-01-01 15:29 . 2004-08-04 20:00 1,082,368 --a------ C:\WINDOWS\system32\SET318.tmp

2008-01-01 15:29 . 2004-08-04 20:00 526,848 --a------ C:\WINDOWS\system32\SET32F.tmp

2008-01-01 15:29 . 2004-08-04 20:00 278,016 --a------ C:\WINDOWS\system32\SET33C.tmp

2008-01-01 15:29 . 2004-08-04 20:00 134,144 --a------ C:\WINDOWS\system32\SET332.tmp

2008-01-01 15:21 . 2008-01-01 15:21 <DIR> d-------- C:\Programfiler\MSXML 4.0

2008-01-01 15:21 . 2004-08-04 20:00 66,560 --a------ C:\WINDOWS\system32\SETF8.tmp

2008-01-01 15:12 . 2007-10-25 17:57 8,460,800 --------- C:\WINDOWS\system32\SET76E.tmp

2008-01-01 15:12 . 2007-10-25 17:57 8,460,800 --------- C:\WINDOWS\system32\SET3F9.tmp

2008-01-01 15:11 . 2007-07-09 14:11 584,192 --------- C:\WINDOWS\system32\SET73D.tmp

2008-01-01 15:11 . 2007-07-09 14:11 584,192 --a------ C:\WINDOWS\system32\SET3A4.tmp

2008-01-01 15:11 . 2007-07-09 14:11 584,192 --------- C:\WINDOWS\system32\dllcache\SET73F.tmp

2008-01-01 15:11 . 2007-07-09 14:11 584,192 --a------ C:\WINDOWS\system32\dllcache\SET3A6.tmp

2008-01-01 15:11 . 2007-04-02 06:59 546,304 --------- C:\WINDOWS\system32\SET3C1.tmp

2008-01-01 15:09 . 2007-04-18 17:15 2,854,400 --------- C:\WINDOWS\system32\SET706.tmp

2008-01-01 15:09 . 2007-04-18 17:15 2,854,400 --a------ C:\WINDOWS\system32\SET34B.tmp

2008-01-01 15:09 . 2005-10-20 23:31 1,082,368 --------- C:\WINDOWS\system32\SET6E8.tmp

2008-01-01 15:09 . 2005-10-20 23:31 1,082,368 --a------ C:\WINDOWS\system32\SET315.tmp

2008-01-01 14:55 . 2008-01-01 14:57 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-01-01 14:55 . 2008-01-01 14:57 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF

2007-12-31 13:53 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2007-12-31 13:53 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2007-12-31 13:53 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2007-12-30 23:18 . 2007-12-30 23:18 <DIR> d-------- C:\Documents and Settings\Simen Strand\Programdata\CyberLink

2007-12-30 19:44 . 2008-01-07 16:35 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll

2007-12-30 19:23 . 2007-12-30 19:23 <DIR> d-------- C:\Valve

2007-12-30 18:43 . 2001-10-06 13:36 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

2007-12-30 18:43 . 2001-10-06 13:36 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys

2007-12-30 18:43 . 2004-08-04 20:00 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2007-12-30 18:43 . 2004-08-04 20:00 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys

2007-12-30 17:12 . 2007-12-30 17:12 <DIR> d-------- C:\Programfiler\Norton Security Scan

2007-12-30 17:04 . 2007-12-30 17:04 <DIR> d-------- C:\Programfiler\Google

2007-12-30 16:49 . 2007-12-30 16:49 <DIR> d-------- C:\Documents and Settings\Simen Strand\Contacts

2007-12-30 16:47 . 2007-12-30 16:48 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE

2007-12-30 16:42 . 2007-12-30 16:42 <DIR> d--hs---- C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2007-12-30 16:41 . 2007-12-30 16:42 <DIR> d-------- C:\Programfiler\Windows Live

2007-12-30 16:41 . 2007-12-30 16:41 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller

2007-12-30 16:37 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll

2007-12-30 16:37 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui

2007-12-30 16:37 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

2007-12-30 16:37 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2007-12-30 16:37 . 2007-07-30 19:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-11 20:49 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys

2008-01-11 20:49 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys

2008-01-11 20:49 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

2008-01-01 13:57 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL

2008-01-01 13:57 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-11-14 07:29 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll

2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys

2007-10-30 10:20 3,079,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll

2007-10-25 16:57 8,460,800 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll

2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll

2007-10-11 06:14 96,768 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll

2007-10-11 06:14 658,944 ----a-w C:\WINDOWS\system32\wininet.dll

2007-10-11 06:14 658,944 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll

2007-10-11 06:14 615,424 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll

2007-10-11 06:14 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll

2007-10-11 06:14 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll

2007-10-11 06:14 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll

2007-10-11 06:14 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-10-11 06:14 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll

2007-10-11 06:14 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll

2007-10-11 06:14 251,392 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll

2007-10-11 06:14 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

2007-10-11 06:14 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

2007-10-11 06:14 151,552 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll

2007-10-11 06:14 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll

2007-10-11 06:14 1,494,528 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll

2007-10-11 06:14 1,054,720 ----a-w C:\WINDOWS\system32\dllcache\danim.dll

2007-10-11 06:14 1,023,488 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll

.

((((((((((((((((((((((((((((( snapshot@2008-01-11_23.36.27.21 )))))))))))))))))))))))))))))))))))))))))

.

+ 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\F3M\ERDNT.EXE

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-05 15:32 68856]

"SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="Alaunch" []

"RTHDCPL"="RTHDCPL.EXE" [2005-11-16 20:27 15600128 C:\WINDOWS\RTHDCPL.exe]

"SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-01-07 16:17 102491]

"SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-01-07 16:16 692315]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 20:00 208952]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 20:00 59392]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 20:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 20:00 455168]

"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]

"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632]

"ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2005-09-17 15:27 52848]

"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-08-31 19:59 147456]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-18 04:09 94208]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-18 04:06 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-18 04:10 114688]

"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-25 15:59 212992]

"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 11:04 3084288]

"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-30 20:39 471040]

"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00 397312]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"Telenor Online Start"="C:\Programfiler\Telenor\Online Start\Telenor.exe" [2006-11-30 14:51 178312]

"GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 20:00 15360]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]

R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 01:14]

R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]

R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]

R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]

R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]

R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]

R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]

R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]

S3 asbp2poa;asbp2poa;C:\DOCUME~1\SIMENS~1\LOKALE~1\Temp\asbp2poa.sys []

S4 viaagp;VIA AGP-bussfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 23:07]

.

Contents of the 'Scheduled Tasks' folder

"2008-01-11 19:32:58 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Simen Strand.job"

- C:\PROGRA~1\NORTON~1\Navw32.exec/TASK:

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-11 23:47:51

Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-01-11 23:49:13

ComboFix-quarantined-files.txt 2008-01-11 22:49:08

ComboFix2.txt 2008-01-11 22:37:04

.

2008-01-09 20:34:08 --- E O F ---

Har gjort det du sa "norbat"... hva nå?

norbat · 11. januar 2008

pirkus:

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen.

File::

C:\WINDOWS\lssas.exe

C:\chanrar.rar

erikpau1 · 11. januar 2008

jeg skjønner ikkje hva vi skal gjøre når vi skal laste opp den upload_me filen på den msnfix-siden. Hva må jeg fylle ut der, får det ikkje til, står jo på spansk eller noe...

pirkus · 11. januar 2008

ComboFix 08-01-11.1 - Simen Strand 2008-01-12 0:35:50.3 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.448 [GMT 1:00]

Running from: C:\Documents and Settings\Simen Strand\Skrivebord\ComboFix.exe

Command switches used :: C:\Documents and Settings\Simen Strand\Skrivebord\CFScript.txt..txt

* Created a new restore point

FILE

C:\chanrar.rar

C:\WINDOWS\lssas.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))