voffen Skrevet 12. januar 2008 Del Skrevet 12. januar 2008 Har tydeligvis fått et eller annet virus. Når PC-en er koblet til nettet begynner NAV å skanne utgående mailer, selv om ikke Outlook er åpnet. Fyller hele skjermen med små NAV vinduer. Får ikke scannet via nettet da alt er veldig tregt. Tar jeg ut kabelen får jeg lukket vinduene. Har scannet med NAV/NIS og det fant en trojan som den "fikset" uten at det hjalp meg noe.. Her er HJT loggen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:32:10, on 12.01.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\WINDOWS\ALCFDRTM.EXE C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\Programfiler\QuickTime\QTTask.exe C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe C:\Programfiler\Microsoft ActiveSync\Wcescomm.exe C:\Programfiler\Messenger\msmsgs.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Fellesfiler\Logitech\khalshared\KHALMNPR.EXE C:\Programfiler\Fellesfiler\Teleca Shared\Generic.exe C:\Programfiler\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\system32\msiexec.exe C:\Programfiler\Fellesfiler\Logitech\WebColct\webcolct.exe C:\Documents and Settings\Vegard.STUA\Skrivebord\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nettavisen.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Programfiler\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [unlockerAssistant] "C:\Programfiler\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programfiler\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe O4 - HKCU\..\Policies\Explorer\Run: [system Patcher] BTCPatcher.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: Logitech SetPoint.lnk = ? O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Opprett mobil favoritt... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1196040768218 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 11862 bytes Noen som kan komme med tips? Lenke til kommentar
Gavekort Skrevet 12. januar 2008 Del Skrevet 12. januar 2008 Fragmentering kunne passet til den pc-en! Lenke til kommentar
simen_k Skrevet 12. januar 2008 Del Skrevet 12. januar 2008 Fragmentering kunne passet til den pc-en! Defragmentering tenker jeg Lenke til kommentar
norbat Skrevet 12. januar 2008 Del Skrevet 12. januar 2008 Kjør hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe O4 - HKCU\..\Policies\Explorer\Run: [system Patcher] BTCPatcher.exe Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
voffen Skrevet 12. januar 2008 Forfatter Del Skrevet 12. januar 2008 Her er combofixen: ((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 ))))))))))))))))))))))))))))))) . 2008-01-12 17:14 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-12 13:27 . 2008-01-12 13:27 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny 2008-01-12 13:27 . 2008-01-12 13:27 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere 2008-01-12 13:27 . 2008-01-12 13:27 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord 2008-01-12 13:27 . 2008-01-12 13:27 <DIR> d--h----- C:\Documents and Settings\Administrator\Siste 2008-01-12 13:27 . 2008-01-12 13:27 <DIR> d-------- C:\Documents and Settings\Administrator\Mine dokumenter 2008-01-12 13:27 . 2008-01-12 13:27 <DIR> d-------- C:\Documents and Settings\Administrator\Favoritter 2008-01-12 13:27 . 2008-01-12 13:27 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask 2008-01-12 13:25 . 2008-01-07 18:56 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Apple Computer 2008-01-12 13:25 . 2008-01-12 13:27 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata 2008-01-12 13:25 . 2008-01-12 13:27 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler 2008-01-12 13:25 . 2008-01-12 13:27 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger 2008-01-11 23:52 . 2008-01-12 13:27 <DIR> d-------- C:\Documents and Settings\Vegard.STUA\.housecall6.6 2008-01-11 23:34 . 2008-01-12 10:24 58,880 --a------ C:\ugmsfom.exe 2008-01-11 23:34 . 2008-01-11 23:34 54,764 --a------ C:\WINDOWS\system32\dxdss.sys 2008-01-11 23:34 . 2008-01-12 10:24 15,360 --a------ C:\imvmi.exe 2008-01-11 23:34 . 2008-01-12 10:24 8 --a------ C:\WINDOWS\system32\1688949442 2008-01-07 18:56 . 2008-01-07 18:56 <DIR> d-------- C:\Documents and Settings\Default User.WINDOWS\Programdata\Apple Computer 2008-01-06 23:34 . 2008-01-06 23:34 <DIR> d-------- C:\Programfiler\iTunes 2008-01-06 23:34 . 2008-01-06 23:34 <DIR> d-------- C:\Programfiler\iPod 2008-01-06 23:34 . 2008-01-06 23:34 <DIR> d-------- C:\Documents and Settings\Vegard.STUA\Programdata\Apple Computer 2008-01-06 23:34 . 2008-01-12 16:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-06 23:34 . 2008-01-06 23:34 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-06 23:33 . 2008-01-06 23:34 <DIR> d-------- C:\Programfiler\QuickTime 2008-01-06 23:33 . 2008-01-06 23:33 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple 2008-01-06 23:33 . 2008-01-06 23:33 <DIR> d-------- C:\Programfiler\Apple Software Update 2008-01-06 23:33 . 2008-01-06 23:34 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\Apple Computer 2008-01-06 23:33 . 2008-01-06 23:33 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\Apple 2008-01-06 16:39 . 2008-01-06 16:39 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\vsosdk 2008-01-06 15:34 . 2008-01-12 16:30 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Programdata\TEMP 2008-01-06 15:34 . 2004-08-30 21:00 1,499,136 --a------ C:\WINDOWS\system32\BTCPatcher.exe 2008-01-06 15:34 . 2008-01-06 18:14 39,936 --a------ C:\WINDOWS\system32\NTSpool.exe 2008-01-06 15:34 . 2008-01-06 15:35 37,888 --a------ C:\WINDOWS\system32\rar.exe 2007-12-31 21:50 . 2007-12-31 21:50 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\Ahead 2007-12-28 13:00 . 2007-04-03 13:59 108,680 -ra------ C:\WINDOWS\system32\drivers\s616mdm.sys 2007-12-28 13:00 . 2007-04-03 13:59 100,360 -ra------ C:\WINDOWS\system32\drivers\s616mgmt.sys 2007-12-28 13:00 . 2007-04-03 13:59 99,080 -ra------ C:\WINDOWS\system32\drivers\s616unic.sys 2007-12-28 13:00 . 2007-04-03 13:59 98,568 -ra------ C:\WINDOWS\system32\drivers\s616obex.sys 2007-12-28 13:00 . 2007-04-03 13:59 23,176 -ra------ C:\WINDOWS\system32\drivers\s616nd5.sys 2007-12-28 13:00 . 2007-04-03 13:59 15,112 -ra------ C:\WINDOWS\system32\drivers\s616mdfl.sys 2007-12-28 13:00 . 2007-04-03 13:59 12,424 -ra------ C:\WINDOWS\system32\drivers\s616cmnt.sys 2007-12-28 13:00 . 2007-04-03 13:59 12,424 -ra------ C:\WINDOWS\system32\drivers\s616cm.sys 2007-12-28 13:00 . 2007-04-03 13:59 11,016 -ra------ C:\WINDOWS\system32\drivers\s616cr.sys 2007-12-28 12:59 . 2007-04-03 13:59 83,208 -ra------ C:\WINDOWS\system32\drivers\s616bus.sys 2007-12-28 12:59 . 2007-04-03 13:59 12,424 -ra------ C:\WINDOWS\system32\drivers\s616whnt.sys 2007-12-28 12:59 . 2007-04-03 13:59 12,424 -ra------ C:\WINDOWS\system32\drivers\s616wh.sys 2007-12-27 18:42 . 2007-12-27 18:42 <DIR> d-------- C:\Documents and Settings\Vegard.STUA\Programdata\Buena Vista Games 2007-12-27 18:42 . 2007-12-27 19:58 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2007-12-21 18:50 . 2007-12-21 19:04 <DIR> d-------- C:\Documents and Settings\Vegard.STUA\Backup DVD Profiler 2007-12-21 18:35 . 2007-12-21 18:35 <DIR> d-------- C:\Programfiler\VideoLAN 2007-12-21 18:03 . 2007-12-21 18:03 <DIR> d-------- C:\Programfiler\Runtime Software 2007-12-21 16:16 . 2008-01-06 19:34 <DIR> d-------- C:\Documents and Settings\Vegard.STUA\Programdata\DVD Profiler 2007-12-21 16:09 . 2008-01-06 19:32 <DIR> d-------- C:\Programfiler\DVD Profiler 2007-12-20 19:22 . 2007-12-22 02:08 <DIR> d-------- C:\Documents and Settings\Vegard.STUA\Programdata\Canon 2007-12-20 16:10 . 2007-12-20 16:10 <DIR> d-------- C:\WINDOWS\A4W_DATA 2007-12-20 16:10 . 2007-12-20 16:10 35 --a------ C:\WINDOWS\A4W.INI 2007-12-20 16:10 . 2007-12-20 16:10 21 --a------ C:\WINDOWS\phbase.ini 2007-12-20 16:09 . 2007-12-20 16:09 572 --a------ C:\WINDOWS\maxlink.ini 2007-12-20 16:09 . 2007-12-20 16:09 0 --a------ C:\WINDOWS\OP70.INI 2007-12-20 16:08 . 2007-12-20 16:09 <DIR> d-------- C:\WINDOWS\Pixtran 2007-12-20 16:08 . 2007-12-20 16:09 <DIR> d-------- C:\Programfiler\Fellesfiler\Caere 2007-12-20 16:08 . 2007-12-20 16:08 <DIR> d-------- C:\Programfiler\Caere 2007-12-20 16:08 . 1998-10-12 18:08 299,520 --a------ C:\WINDOWS\Uninsop9.exe 2007-12-20 16:08 . 1995-07-31 13:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL 2007-12-20 16:08 . 1998-10-12 18:13 97,280 --a------ C:\WINDOWS\system32\opshel32.dll 2007-12-20 16:08 . 1998-10-16 09:45 44,032 --a------ C:\WINDOWS\OP9Deins.exe 2007-12-20 16:08 . 2007-12-20 16:08 143 --a------ C:\WINDOWS\pstudio.ini 2007-12-20 16:08 . 2007-12-20 16:08 28 --a------ C:\WINDOWS\album.ini 2007-12-20 16:08 . 1998-07-21 20:29 21 --a------ C:\WINDOWS\Ps_setup.ini 2007-12-20 16:07 . 2007-12-20 16:10 <DIR> d-------- C:\Programfiler\ArcSoft 2007-12-20 16:04 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-12-20 16:04 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2007-12-20 16:02 . 2007-12-20 16:02 0 --a------ C:\WINDOWS\Twunk002.MTX 2007-12-19 23:32 . 2007-12-19 23:32 <DIR> d-------- C:\Documents and Settings\Vegard.STUA\Programdata\Teleca 2007-12-19 23:32 . 2007-04-03 13:57 23,176 -ra------ C:\WINDOWS\system32\drivers\s116nd5.sys 2007-12-19 23:30 . 2007-12-19 23:30 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2007-12-19 23:30 . 2007-12-19 23:30 <DIR> d-------- C:\Programfiler\Sony Ericsson 2007-12-19 23:30 . 2007-12-19 23:31 <DIR> d-------- C:\Programfiler\Fellesfiler\Teleca Shared 2007-12-19 23:30 . 2007-12-19 23:30 <DIR> d-------- C:\Programfiler\Fellesfiler\Sony Ericsson Shared 2007-12-19 23:30 . 2007-12-19 23:30 <DIR> d-------- C:\Documents and Settings\Vegard.STUA\Programdata\Sony Ericsson 2007-12-19 23:29 . 2007-12-19 23:30 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\Teleca 2007-12-19 23:29 . 2007-12-19 23:30 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\Sony Ericsson 2007-12-18 20:13 . 2007-12-18 20:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\QuickTime 2007-12-18 20:13 . 2007-12-18 20:13 63 --a------ C:\WINDOWS\Art_Sabeltann.ini 2007-12-18 20:13 . 2007-12-18 20:13 32 --a------ C:\WINDOWS\Art_Sabeltann 2007-12-17 23:50 . 1999-12-13 02:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE 2007-12-17 23:50 . 1999-11-18 02:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE 2007-12-17 23:42 . 2007-12-17 23:42 <DIR> d-------- C:\Documents and Settings\Vegard.STUA\Programdata\Creative 2007-12-17 23:28 . 2007-12-17 23:28 <DIR> d-------- C:\Programfiler\Fellesfiler\Creative 2007-12-17 23:28 . 2007-12-17 23:28 <DIR> d--h----- C:\Programfiler\Creative Installation Information 2007-12-17 23:28 . 2007-12-17 23:28 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\Creative 2007-12-17 22:19 . 2007-12-17 22:19 <DIR> d-------- C:\Programfiler\Windows Media Connect 2 2007-12-17 22:19 . 2004-08-04 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-12-17 22:18 . 2007-12-17 23:59 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2007-12-17 21:43 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd 2007-12-17 21:38 . 2000-05-22 09:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx 2007-12-17 21:38 . 1999-10-11 02:00 41,984 --------- C:\WINDOWS\Ctregrun.exe 2007-12-17 21:35 . 1999-06-25 10:55 149,504 --a------ C:\WINDOWS\UNWISE.EXE 2007-12-17 21:34 . 2007-12-17 23:50 <DIR> d-------- C:\Programfiler\Creative 2007-12-17 20:24 . 1998-01-27 12:50 304,128 --a------ C:\WINDOWS\IsUn0414.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-11 22:53 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Programdata\Symantec 2008-01-11 22:52 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-01-06 15:45 --------- d-----w C:\Programfiler\DVDFab Platinum 4 2008-01-06 15:29 --------- d-----w C:\Documents and Settings\Vegard.STUA\Programdata\Vso 2007-12-27 17:41 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-12-20 18:29 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2007-12-20 15:10 --------- d-----w C:\Programfiler\Canon 2007-12-16 12:09 --------- d-----w C:\Programfiler\audiograbber 2007-12-05 12:25 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-12-05 12:25 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-12-05 12:25 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-12-05 12:25 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-12-05 12:25 --------- d-----w C:\Programfiler\Symantec 2007-12-04 17:10 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-12-04 00:13 --------- d-----w C:\Programfiler\MagicISO 2007-12-02 20:01 --------- d-----w C:\Programfiler\NCH Software 2007-12-02 20:00 --------- d-----w C:\Programfiler\NCH Swift Sound 2007-12-02 20:00 --------- d-----w C:\Documents and Settings\Vegard.STUA\Programdata\NCH Swift Sound 2007-12-02 20:00 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Programdata\NCH Swift Sound 2007-12-02 19:36 --------- d-----w C:\Programfiler\Audacity 2007-12-02 19:12 --------- d-----w C:\Programfiler\POI-Warner GoPal Edition 2007-12-02 18:25 --------- d-----w C:\Programfiler\Dnote Software 2007-12-02 17:46 372,736 ----a-w C:\WINDOWS\suinsta4001.exe 2007-12-02 12:47 --------- d-----w C:\Programfiler\Microsoft ActiveSync 2007-12-01 22:04 --------- d-----w C:\Programfiler\GameSpy 2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys 2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys 2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys 2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat 2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat 2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat 2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf 2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf 2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf 2007-11-29 23:04 --------- d-----w C:\Programfiler\DX-Ball 2007-11-26 22:38 --------- d--h--r C:\Documents and Settings\Vegard.STUA\Programdata\SecuROM 2007-11-26 22:33 --------- d-----w C:\Programfiler\SystemRequirementsLab 2007-11-26 21:03 --------- d-----w C:\Programfiler\MSXML 4.0 2007-11-26 20:01 --------- d-----w C:\Programfiler\Pinnacle 2007-11-26 19:59 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Programdata\Pinnacle 2007-11-26 19:28 --------- d--h--w C:\Documents and Settings\All Users.WINDOWS\Programdata\CanonBJ 2007-11-26 18:55 --------- d-----w C:\Documents and Settings\Vegard.STUA\Programdata\Logitech 2007-11-26 18:02 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys 2007-11-26 18:02 47,360 ----a-w C:\Documents and Settings\Vegard.STUA\Programdata\pcouffin.sys 2007-11-26 11:48 --------- d-----w C:\Documents and Settings\Vegard.STUA\Programdata\Ahead 2007-11-26 11:47 --------- d-----w C:\Programfiler\Logitech 2007-11-26 11:47 --------- d-----w C:\Programfiler\Fellesfiler\Logitech 2007-11-26 11:42 --------- d-----w C:\Programfiler\Lavalys 2007-11-26 11:19 --------- d-----w C:\Programfiler\Nero 2007-11-26 11:19 --------- d-----w C:\Programfiler\Fellesfiler\Ahead 2007-11-26 08:15 --------- d-----w C:\Programfiler\Microsoft Works 2007-11-26 07:56 --------- d-----w C:\Programfiler\Microsoft.NET 2007-11-26 01:37 --------- d-----w C:\Programfiler\Microsoft CAPICOM 2.1.0.2 2007-11-26 01:31 --------- d-----w C:\Programfiler\Reference Assemblies 2007-11-26 01:31 --------- d-----w C:\Programfiler\MSBuild 2007-11-26 01:30 --------- d-----w C:\Programfiler\Futuremark 2007-11-26 01:29 --------- d-----w C:\Programfiler\MSXML 6.0 2007-11-26 01:29 --------- d-----w C:\Programfiler\Google 2007-11-26 00:38 --------- d-----w C:\Programfiler\Norton Internet Security 2007-11-25 23:24 73,728 ----a-w C:\WINDOWS\ALCFDRTM.EXE 2007-11-25 23:23 --------- d-----w C:\Documents and Settings\Vegard.STUA\Programdata\InstallShield 2007-11-25 23:22 315,392 ----a-w C:\WINDOWS\HideWin.exe 2007-11-25 03:24 --------- d-----w C:\Programfiler\U-ABIT 2007-11-25 02:20 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2007-11-25 01:49 --------- d-----w C:\Programfiler\Fellesfiler\SpeechEngines 2007-11-25 01:49 --------- d-----w C:\Programfiler\Fellesfiler\ODBC 2007-11-25 01:09 --------- d-----w C:\Programfiler\Realtek 2007-11-25 01:08 --------- d-----w C:\Programfiler\Intel 2007-11-25 00:58 --------- d-----w C:\Programfiler\microsoft frontpage 2007-11-25 00:57 --------- d-----w C:\Programfiler\Elektroniske tjenester 2007-11-25 00:56 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester 2007-11-25 00:56 --------- d-----w C:\Programfiler\Fellesfiler\MSSoap 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-30 18:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll 2007-10-30 18:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 17:28 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2007-10-25 16:17 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-10-25 16:17 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-10-25 16:17 8,527,872 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-10-25 16:17 757,760 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-10-25 16:17 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-10-25 16:17 6,541,312 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-10-25 16:17 5,767,808 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-10-25 16:17 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-10-25 16:17 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-10-25 16:17 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-10-25 16:17 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-10-25 16:17 380,928 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-10-25 16:17 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe 2007-10-25 16:17 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-10-25 16:17 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-10-25 16:17 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-10-25 16:17 3,698,688 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-10-25 16:17 3,407,872 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-10-25 16:17 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-10-25 16:17 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll 2007-10-25 16:17 2,486,272 ----a-w C:\WINDOWS\system32\nvwss.dll 2007-10-25 16:17 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-26 02:29 68856] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18 94208] "H/PC Connection Agent"="C:\Programfiler\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 17:56 1289000] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208] "CTSyncU.exe"="C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 11:03 868352] "Creative Detector"="C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe" [2004-10-05 09:52 98304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-01-30 11:54 16116224 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe] "JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 07:36 36864] "36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-05-25 05:13 1957888] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-25 17:17 8527872] "nwiz"="nwiz.exe" [2007-10-25 17:17 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-25 17:17 81920] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-02-20 13:17 115816] "osCheck"="C:\Programfiler\Norton Internet Security\osCheck.exe" [2007-02-20 13:16 771704] "Symantec PIF AlertEng"="C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2006-10-23 01:48 40048] "NWEReboot"="" [] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 12:03 94208 C:\WINDOWS\KHALMNPR.Exe] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-12-04 12:34 406016] "Easy-PrintToolBox"="C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2007-12-11 10:56 286720] "Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 08:16 528384] "UnlockerAssistant"="C:\Programfiler\Unlocker\UnlockerAssistant.exe" [ ] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] C:\Documents and Settings\All Users.WINDOWS\Start-meny\Programmer\Oppstart\ Adobe Gamma Loader.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-20 19:30:16] Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2007-11-26 12:47:49] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe] --a------ 2007-06-29 15:03 36864 C:\Programfiler\GameSpy\Comrade\Comrade.exe R1 DCxxMJPG;Pinnacle DC10plus, Motion-JPEG VideoIO Board;C:\WINDOWS\system32\drivers\DCxxMJPG.sys [2002-06-04 11:18] R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 13:03] R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-09-01 12:32] S3 ALLOW-IO;ALLOW-IO;F:\ALLOW-IO.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdfd45e3-9bb1-11dc-b6f1-806d6172696f}] \Shell\AutoRun\command - F:\Autorun.exe root.ini *Newly Created Service* - COMHOST *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder "2008-01-06 22:33:40 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2007-12-29 00:26:48 C:\WINDOWS\Tasks\Norton Internet Security Online - Kjør fullstendig systemsøk - Vegard.job" - C:\Programfiler\Norton Internet Security\Norton AntiVirus\Navw32.exek/TASK: . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-12 17:17:36 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-12 17:17:50 ComboFix-quarantined-files.txt 2008-01-12 16:17:49 . 2008-01-09 20:01:30 --- E O F --- Lenke til kommentar
norbat Skrevet 12. januar 2008 Del Skrevet 12. januar 2008 (endret) Vil be deg først å sjekke noen filer. Det du gjør er å gå til følgnede nettsted: Jotti. Øverst på siden kan du laste opp filer for virussjekk. Det lages en rapport for filen. Gi tilbakemelding på hva rapportene sier. C:\ugmsfom.exe C:\WINDOWS\system32\dxdss.sys C:\imvmi.exe C:\WINDOWS\system32\rar.exe Følgende to filer skal fjernes. Du kan bruke utforsker til å finne dem: C:\WINDOWS\system32\BTCPatcher.exe C:\WINDOWS\system32\NTSpool.exe Det kan hende at du må slå på 'Vis skjulte filer og mapper' samt aktivere å vise 'beskyttede operativsystemfiler'. Det gjør du fra Kontrollpanel->Mappealternativier->Vis Endret 12. januar 2008 av norbat Lenke til kommentar
voffen Skrevet 12. januar 2008 Forfatter Del Skrevet 12. januar 2008 (endret) På ugmsfom.exe og imvmi.exe står det Infected/Malware. De 2 andre får jeg ikke lastet opp, jotti sier at de blir sperret av noe Tar litt tid, skjermen fylles av NAV vinduer... Endret 12. januar 2008 av voffen Lenke til kommentar
Gavekort Skrevet 12. januar 2008 Del Skrevet 12. januar 2008 Fragmentering kunne passet til den pc-en! Defragmentering tenker jeg Trodde defragmentering var diskopprydding... Men uansett reinstaller hele pc-en! Lenke til kommentar
norbat Skrevet 12. januar 2008 Del Skrevet 12. januar 2008 Ok, vi fjerner dem alle: Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. File:: C:\ugmsfom.exe C:\WINDOWS\system32\dxdss.sys C:\imvmi.exe C:\WINDOWS\system32\rar.exe C:\WINDOWS\system32\BTCPatcher.exe C:\WINDOWS\system32\NTSpool.exe Lenke til kommentar
voffen Skrevet 12. januar 2008 Forfatter Del Skrevet 12. januar 2008 C:\WINDOWS\system32\dxdss.sys - fil 0 bytes stenges av et prog C:\WINDOWS\system32\rar.exe - står det OK Lenke til kommentar
norbat Skrevet 12. januar 2008 Del Skrevet 12. januar 2008 (endret) Fjern alle. Rar.exe har ingenting i system32-mappa og gjøre, så mest sannsynlig er det en eller annen trojan. Endret 12. januar 2008 av norbat Lenke til kommentar
voffen Skrevet 12. januar 2008 Forfatter Del Skrevet 12. januar 2008 Da har jeg en ny combologg: ComboFix 08-01-11.3 - Vegard 2008-01-12 18:45:20.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.2742 [GMT 1:00] Running from: C:\Documents and Settings\Vegard.STUA\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Vegard.STUA\Skrivebord\CFScript.txt * Created a new restore point FILE C:\imvmi.exe C:\ugmsfom.exe C:\WINDOWS\system32\BTCPatcher.exe C:\WINDOWS\system32\dxdss.sys C:\WINDOWS\system32\NTSpool.exe C:\WINDOWS\system32\rar.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\rar.exe . ---- Previous Run ------- . C:\imvmi.exe C:\Programfiler\Helper C:\Programfiler\Helper\superfindout.dll C:\Programfiler\Internet Explorer\setupapi.dll C:\ugmsfom.exe C:\WINDOWS\system32\dxdss.sys . ((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 ))))))))))))))))))))))))))))))) . 2008-01-12 17:14 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-12 13:27 . 2008-01-12 13:27 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny 2008-01-12 13:27 . 2008-01-12 13:27 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere 2008-01-12 13:27 . 2008-01-12 13:27 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord 2008-01-12 13:27 . 2008-01-12 13:27 <DIR> d--h----- C:\Documents and Settings\Administrator\Siste 2008-01-12 13:27 . 2008-01-12 13:27 <DIR> d-------- C:\Documents and Settings\Administrator\Mine dokumenter 2008-01-12 13:27 . 2008-01-12 13:27 <DIR> d-------- C:\Documents and Settings\Administrator\Favoritter 2008-01-12 13:27 . 2008-01-12 13:27 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask 2008-01-12 13:25 . 2008-01-07 18:56 <DIR> d-------- C:\Documents and Settings\Administrator\Programdata\Apple Computer 2008-01-12 13:25 . 2008-01-12 13:27 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata 2008-01-12 13:25 . 2008-01-12 13:27 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler 2008-01-12 13:25 . 2008-01-12 17:17 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger 2008-01-11 23:52 . 2008-01-12 13:27 <DIR> d-------- C:\Documents and Settings\Vegard.STUA\.housecall6.6 2008-01-11 23:34 . 2008-01-12 17:50 8 --a------ C:\WINDOWS\system32\1688949442 2008-01-07 18:56 . 2008-01-07 18:56 <DIR> d-------- C:\Documents and Settings\Default User.WINDOWS\Programdata\Apple Computer 2008-01-06 23:34 . 2008-01-06 23:34 <DIR> d-------- C:\Programfiler\iTunes 2008-01-06 23:34 . 2008-01-06 23:34 <DIR> d-------- C:\Programfiler\iPod 2008-01-06 23:34 . 2008-01-06 23:34 <DIR> d-------- C:\Documents and Settings\Vegard.STUA\Programdata\Apple Computer 2008-01-06 23:34 . 2008-01-12 18:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-06 23:34 . 2008-01-06 23:34 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-06 23:33 . 2008-01-06 23:34 <DIR> d-------- C:\Programfiler\QuickTime 2008-01-06 23:33 . 2008-01-06 23:33 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple 2008-01-06 23:33 . 2008-01-06 23:33 <DIR> d-------- C:\Programfiler\Apple Software Update 2008-01-06 23:33 . 2008-01-06 23:34 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\Apple Computer 2008-01-06 23:33 . 2008-01-06 23:33 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\Apple 2008-01-06 16:39 . 2008-01-06 16:39 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\vsosdk 2008-01-06 15:34 . 2008-01-12 16:30 <DIR> d-a------ C:\Documents and Settings\All Users.WINDOWS\Programdata\TEMP 2007-12-31 21:50 . 2007-12-31 21:50 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\Ahead 2007-12-28 13:00 . 2007-04-03 13:59 108,680 -ra------ C:\WINDOWS\system32\drivers\s616mdm.sys 2007-12-28 13:00 . 2007-04-03 13:59 100,360 -ra------ C:\WINDOWS\system32\drivers\s616mgmt.sys 2007-12-28 13:00 . 2007-04-03 13:59 99,080 -ra------ C:\WINDOWS\system32\drivers\s616unic.sys 2007-12-28 13:00 . 2007-04-03 13:59 98,568 -ra------ C:\WINDOWS\system32\drivers\s616obex.sys 2007-12-28 13:00 . 2007-04-03 13:59 23,176 -ra------ C:\WINDOWS\system32\drivers\s616nd5.sys 2007-12-28 13:00 . 2007-04-03 13:59 15,112 -ra------ C:\WINDOWS\system32\drivers\s616mdfl.sys 2007-12-28 13:00 . 2007-04-03 13:59 12,424 -ra------ C:\WINDOWS\system32\drivers\s616cmnt.sys 2007-12-28 13:00 . 2007-04-03 13:59 12,424 -ra------ C:\WINDOWS\system32\drivers\s616cm.sys 2007-12-28 13:00 . 2007-04-03 13:59 11,016 -ra------ C:\WINDOWS\system32\drivers\s616cr.sys 2007-12-28 12:59 . 2007-04-03 13:59 83,208 -ra------ C:\WINDOWS\system32\drivers\s616bus.sys 2007-12-28 12:59 . 2007-04-03 13:59 12,424 -ra------ C:\WINDOWS\system32\drivers\s616whnt.sys 2007-12-28 12:59 . 2007-04-03 13:59 12,424 -ra------ C:\WINDOWS\system32\drivers\s616wh.sys 2007-12-27 18:42 . 2007-12-27 18:42 <DIR> d-------- C:\Documents and Settings\Vegard.STUA\Programdata\Buena Vista Games 2007-12-27 18:42 . 2007-12-27 19:58 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2007-12-21 18:50 . 2007-12-21 19:04 <DIR> d-------- C:\Documents and Settings\Vegard.STUA\Backup DVD Profiler 2007-12-21 18:35 . 2007-12-21 18:35 <DIR> d-------- C:\Programfiler\VideoLAN 2007-12-21 18:03 . 2007-12-21 18:03 <DIR> d-------- C:\Programfiler\Runtime Software 2007-12-21 16:16 . 2008-01-06 19:34 <DIR> d-------- C:\Documents and Settings\Vegard.STUA\Programdata\DVD Profiler 2007-12-21 16:09 . 2008-01-06 19:32 <DIR> d-------- C:\Programfiler\DVD Profiler 2007-12-20 19:22 . 2007-12-22 02:08 <DIR> d-------- C:\Documents and Settings\Vegard.STUA\Programdata\Canon 2007-12-20 16:10 . 2007-12-20 16:10 <DIR> d-------- C:\WINDOWS\A4W_DATA 2007-12-20 16:10 . 2007-12-20 16:10 35 --a------ C:\WINDOWS\A4W.INI 2007-12-20 16:10 . 2007-12-20 16:10 21 --a------ C:\WINDOWS\phbase.ini 2007-12-20 16:09 . 2007-12-20 16:09 572 --a------ C:\WINDOWS\maxlink.ini 2007-12-20 16:09 . 2007-12-20 16:09 0 --a------ C:\WINDOWS\OP70.INI 2007-12-20 16:08 . 2007-12-20 16:09 <DIR> d-------- C:\WINDOWS\Pixtran 2007-12-20 16:08 . 2007-12-20 16:09 <DIR> d-------- C:\Programfiler\Fellesfiler\Caere 2007-12-20 16:08 . 2007-12-20 16:08 <DIR> d-------- C:\Programfiler\Caere 2007-12-20 16:08 . 1998-10-12 18:08 299,520 --a------ C:\WINDOWS\Uninsop9.exe 2007-12-20 16:08 . 1995-07-31 13:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL 2007-12-20 16:08 . 1998-10-12 18:13 97,280 --a------ C:\WINDOWS\system32\opshel32.dll 2007-12-20 16:08 . 1998-10-16 09:45 44,032 --a------ C:\WINDOWS\OP9Deins.exe 2007-12-20 16:08 . 2007-12-20 16:08 143 --a------ C:\WINDOWS\pstudio.ini 2007-12-20 16:08 . 2007-12-20 16:08 28 --a------ C:\WINDOWS\album.ini 2007-12-20 16:08 . 1998-07-21 20:29 21 --a------ C:\WINDOWS\Ps_setup.ini 2007-12-20 16:07 . 2007-12-20 16:10 <DIR> d-------- C:\Programfiler\ArcSoft 2007-12-20 16:04 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-12-20 16:04 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2007-12-20 16:02 . 2007-12-20 16:02 0 --a------ C:\WINDOWS\Twunk002.MTX 2007-12-19 23:32 . 2007-12-19 23:32 <DIR> d-------- C:\Documents and Settings\Vegard.STUA\Programdata\Teleca 2007-12-19 23:32 . 2007-04-03 13:57 23,176 -ra------ C:\WINDOWS\system32\drivers\s116nd5.sys 2007-12-19 23:30 . 2007-12-19 23:30 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2007-12-19 23:30 . 2007-12-19 23:30 <DIR> d-------- C:\Programfiler\Sony Ericsson 2007-12-19 23:30 . 2007-12-19 23:31 <DIR> d-------- C:\Programfiler\Fellesfiler\Teleca Shared 2007-12-19 23:30 . 2007-12-19 23:30 <DIR> d-------- C:\Programfiler\Fellesfiler\Sony Ericsson Shared 2007-12-19 23:30 . 2007-12-19 23:30 <DIR> d-------- C:\Documents and Settings\Vegard.STUA\Programdata\Sony Ericsson 2007-12-19 23:29 . 2007-12-19 23:30 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\Teleca 2007-12-19 23:29 . 2007-12-19 23:30 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\Sony Ericsson 2007-12-18 20:13 . 2007-12-18 20:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\QuickTime 2007-12-18 20:13 . 2007-12-18 20:13 63 --a------ C:\WINDOWS\Art_Sabeltann.ini 2007-12-18 20:13 . 2007-12-18 20:13 32 --a------ C:\WINDOWS\Art_Sabeltann 2007-12-17 23:50 . 1999-12-13 02:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE 2007-12-17 23:50 . 1999-11-18 02:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE 2007-12-17 23:42 . 2007-12-17 23:42 <DIR> d-------- C:\Documents and Settings\Vegard.STUA\Programdata\Creative 2007-12-17 23:28 . 2007-12-17 23:28 <DIR> d-------- C:\Programfiler\Fellesfiler\Creative 2007-12-17 23:28 . 2007-12-17 23:28 <DIR> d--h----- C:\Programfiler\Creative Installation Information 2007-12-17 23:28 . 2007-12-17 23:28 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Programdata\Creative 2007-12-17 22:19 . 2007-12-17 22:19 <DIR> d-------- C:\Programfiler\Windows Media Connect 2 2007-12-17 22:19 . 2004-08-04 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-12-17 22:18 . 2007-12-17 23:59 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2007-12-17 21:43 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd 2007-12-17 21:38 . 2000-05-22 09:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx 2007-12-17 21:38 . 1999-10-11 02:00 41,984 --------- C:\WINDOWS\Ctregrun.exe 2007-12-17 21:35 . 1999-06-25 10:55 149,504 --a------ C:\WINDOWS\UNWISE.EXE 2007-12-17 21:34 . 2007-12-17 23:50 <DIR> d-------- C:\Programfiler\Creative 2007-12-17 20:24 . 1998-01-27 12:50 304,128 --a------ C:\WINDOWS\IsUn0414.exe 2007-12-17 20:24 . 2007-12-27 18:42 2,195 --a------ C:\WINDOWS\disney.ini 2007-12-17 20:24 . 2007-12-27 18:38 381 --a------ C:\WINDOWS\disneysy.ini 2007-12-17 00:23 . 2007-12-17 00:23 <DIR> d-------- C:\WINDOWS\Sun 2007-12-15 13:48 . 2008-01-07 20:48 <DIR> d-------- C:\Documents and Settings\Vegard.STUA\Shared 2007-12-15 13:47 . 2008-01-05 15:09 <DIR> d-------- C:\Documents and Settings\Vegard.STUA\Programdata\LimeWire 2007-12-15 13:47 . 2008-01-07 20:51 <DIR> d-------- C:\Documents and Settings\Vegard.STUA\Incomplete . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-12 17:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Programdata\Symantec 2008-01-12 16:52 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-01-06 15:45 --------- d-----w C:\Programfiler\DVDFab Platinum 4 2008-01-06 15:29 --------- d-----w C:\Documents and Settings\Vegard.STUA\Programdata\Vso 2007-12-27 17:41 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2007-12-20 18:29 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2007-12-20 15:10 --------- d-----w C:\Programfiler\Canon 2007-12-16 12:09 --------- d-----w C:\Programfiler\audiograbber 2007-12-05 12:25 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-12-05 12:25 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-12-05 12:25 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-12-05 12:25 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-12-05 12:25 --------- d-----w C:\Programfiler\Symantec 2007-12-04 17:10 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-12-04 00:13 --------- d-----w C:\Programfiler\MagicISO 2007-12-02 20:01 --------- d-----w C:\Programfiler\NCH Software 2007-12-02 20:00 --------- d-----w C:\Programfiler\NCH Swift Sound 2007-12-02 20:00 --------- d-----w C:\Documents and Settings\Vegard.STUA\Programdata\NCH Swift Sound 2007-12-02 20:00 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Programdata\NCH Swift Sound 2007-12-02 19:36 --------- d-----w C:\Programfiler\Audacity 2007-12-02 19:12 --------- d-----w C:\Programfiler\POI-Warner GoPal Edition 2007-12-02 18:25 --------- d-----w C:\Programfiler\Dnote Software 2007-12-02 17:46 372,736 ----a-w C:\WINDOWS\suinsta4001.exe 2007-12-02 12:47 --------- d-----w C:\Programfiler\Microsoft ActiveSync 2007-12-01 22:04 --------- d-----w C:\Programfiler\GameSpy 2007-11-30 22:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys 2007-11-30 22:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys 2007-11-30 22:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys 2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat 2007-11-30 22:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat 2007-11-30 22:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat 2007-11-30 22:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf 2007-11-30 22:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf 2007-11-30 22:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf 2007-11-29 23:04 --------- d-----w C:\Programfiler\DX-Ball 2007-11-26 22:38 --------- d--h--r C:\Documents and Settings\Vegard.STUA\Programdata\SecuROM 2007-11-26 22:33 --------- d-----w C:\Programfiler\SystemRequirementsLab 2007-11-26 21:03 --------- d-----w C:\Programfiler\MSXML 4.0 2007-11-26 20:01 --------- d-----w C:\Programfiler\Pinnacle 2007-11-26 19:59 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Programdata\Pinnacle 2007-11-26 19:28 --------- d--h--w C:\Documents and Settings\All Users.WINDOWS\Programdata\CanonBJ 2007-11-26 18:55 --------- d-----w C:\Documents and Settings\Vegard.STUA\Programdata\Logitech 2007-11-26 18:02 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys 2007-11-26 18:02 47,360 ----a-w C:\Documents and Settings\Vegard.STUA\Programdata\pcouffin.sys 2007-11-26 11:48 --------- d-----w C:\Documents and Settings\Vegard.STUA\Programdata\Ahead 2007-11-26 11:47 --------- d-----w C:\Programfiler\Logitech 2007-11-26 11:47 --------- d-----w C:\Programfiler\Fellesfiler\Logitech 2007-11-26 11:42 --------- d-----w C:\Programfiler\Lavalys 2007-11-26 11:19 --------- d-----w C:\Programfiler\Nero 2007-11-26 11:19 --------- d-----w C:\Programfiler\Fellesfiler\Ahead 2007-11-26 08:15 --------- d-----w C:\Programfiler\Microsoft Works 2007-11-26 07:56 --------- d-----w C:\Programfiler\Microsoft.NET 2007-11-26 01:37 --------- d-----w C:\Programfiler\Microsoft CAPICOM 2.1.0.2 2007-11-26 01:31 --------- d-----w C:\Programfiler\Reference Assemblies 2007-11-26 01:31 --------- d-----w C:\Programfiler\MSBuild 2007-11-26 01:30 --------- d-----w C:\Programfiler\Futuremark 2007-11-26 01:29 --------- d-----w C:\Programfiler\MSXML 6.0 2007-11-26 01:29 --------- d-----w C:\Programfiler\Google 2007-11-26 00:38 --------- d-----w C:\Programfiler\Norton Internet Security 2007-11-25 23:24 73,728 ----a-w C:\WINDOWS\ALCFDRTM.EXE 2007-11-25 23:23 --------- d-----w C:\Documents and Settings\Vegard.STUA\Programdata\InstallShield 2007-11-25 23:22 315,392 ----a-w C:\WINDOWS\HideWin.exe 2007-11-25 03:24 --------- d-----w C:\Programfiler\U-ABIT 2007-11-25 02:20 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2007-11-25 01:49 --------- d-----w C:\Programfiler\Fellesfiler\SpeechEngines 2007-11-25 01:49 --------- d-----w C:\Programfiler\Fellesfiler\ODBC 2007-11-25 01:09 --------- d-----w C:\Programfiler\Realtek 2007-11-25 01:08 --------- d-----w C:\Programfiler\Intel 2007-11-25 00:58 --------- d-----w C:\Programfiler\microsoft frontpage 2007-11-25 00:57 --------- d-----w C:\Programfiler\Elektroniske tjenester 2007-11-25 00:56 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester 2007-11-25 00:56 --------- d-----w C:\Programfiler\Fellesfiler\MSSoap 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-30 18:55 625,032 ----a-w C:\WINDOWS\system32\SymNeti.dll 2007-10-30 18:55 242,056 ----a-w C:\WINDOWS\system32\SymRedir.dll 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 17:28 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE 2007-10-25 16:17 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll 2007-10-25 16:17 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-10-25 16:17 8,527,872 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-10-25 16:17 757,760 ----a-w C:\WINDOWS\system32\nvcplui.exe 2007-10-25 16:17 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll 2007-10-25 16:17 6,541,312 ----a-w C:\WINDOWS\system32\nvdisps.dll 2007-10-25 16:17 5,767,808 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-10-25 16:17 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-10-25 16:17 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-10-25 16:17 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe 2007-10-25 16:17 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-10-25 16:17 380,928 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-10-25 16:17 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe 2007-10-25 16:17 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll 2007-10-25 16:17 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll 2007-10-25 16:17 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll 2007-10-25 16:17 3,698,688 ----a-w C:\WINDOWS\system32\nvvitvs.dll 2007-10-25 16:17 3,407,872 ----a-w C:\WINDOWS\system32\nvgames.dll 2007-10-25 16:17 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-10-25 16:17 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll 2007-10-25 16:17 2,486,272 ----a-w C:\WINDOWS\system32\nvwss.dll 2007-10-25 16:17 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll . ((((((((((((((((((((((((((((( snapshot@2008-01-12_17.17.39,70 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-12 16:15:53 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT + 2008-01-12 17:45:17 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT - 2008-01-12 16:15:53 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat + 2008-01-12 17:45:17 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat - 2008-01-12 16:15:53 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT + 2008-01-12 17:45:17 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT - 2008-01-12 16:15:53 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat + 2008-01-12 17:45:17 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat - 2008-01-12 16:15:53 4,849,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT + 2008-01-12 17:45:18 4,849,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT - 2008-01-12 16:15:53 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat + 2008-01-12 17:45:18 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-26 02:29 68856] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18 94208] "H/PC Connection Agent"="C:\Programfiler\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 17:56 1289000] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208] "CTSyncU.exe"="C:\Programfiler\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 11:03 868352] "Creative Detector"="C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe" [2004-10-05 09:52 98304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-01-30 11:54 16116224 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe] "JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 07:36 36864] "36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-05-25 05:13 1957888] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-25 17:17 8527872] "nwiz"="nwiz.exe" [2007-10-25 17:17 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-25 17:17 81920] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-02-20 13:17 115816] "osCheck"="C:\Programfiler\Norton Internet Security\osCheck.exe" [2007-02-20 13:16 771704] "Symantec PIF AlertEng"="C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2006-10-23 01:48 40048] "NWEReboot"="" [] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 12:03 94208 C:\WINDOWS\KHALMNPR.Exe] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-12-04 12:34 406016] "Easy-PrintToolBox"="C:\Programfiler\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2007-12-11 10:56 286720] "Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 08:16 528384] "UnlockerAssistant"="C:\Programfiler\Unlocker\UnlockerAssistant.exe" [ ] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] C:\Documents and Settings\All Users.WINDOWS\Start-meny\Programmer\Oppstart\ Adobe Gamma Loader.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-20 19:30:16] Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2007-11-26 12:47:49] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe] --a------ 2007-06-29 15:03 36864 C:\Programfiler\GameSpy\Comrade\Comrade.exe R1 DCxxMJPG;Pinnacle DC10plus, Motion-JPEG VideoIO Board;C:\WINDOWS\system32\drivers\DCxxMJPG.sys [2002-06-04 11:18] R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 13:03] R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-09-01 12:32] S1 mp32;mp3 audio;C:\WINDOWS\system32\dxdss.sys [] S3 ALLOW-IO;ALLOW-IO;F:\ALLOW-IO.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdfd45e3-9bb1-11dc-b6f1-806d6172696f}] \Shell\AutoRun\command - F:\Autorun.exe root.ini *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-01-06 22:33:40 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2007-12-29 00:26:48 C:\WINDOWS\Tasks\Norton Internet Security Online - Kjør fullstendig systemsøk - Vegard.job" - C:\Programfiler\Norton Internet Security\Norton AntiVirus\Navw32.exek/TASK: . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-12 18:46:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-12 18:46:18 ComboFix-quarantined-files.txt 2008-01-12 17:46:16 ComboFix2.txt 2008-01-12 16:17:51 . 2008-01-09 20:01:30 --- E O F --- Lenke til kommentar
norbat Skrevet 12. januar 2008 Del Skrevet 12. januar 2008 (endret) Kjør en scan med et antispywareprog.: Last ned SAS, installer, oppdater og kjør en full (Complete) scan. Fortell hvordan det går med problemet. Endret 12. januar 2008 av norbat Lenke til kommentar
voffen Skrevet 14. januar 2008 Forfatter Del Skrevet 14. januar 2008 Har lagt inn SAS og startet søk. Går fint i 6-9 min. så henger den seg på en fil som har med mobiltelefonen min å gjøre (*.lnk). Jeg finner ikke den filen i mappen som er gitt opp. Får ikke lukket programmet uten å slå av maskinen. Lenke til kommentar
norbat Skrevet 14. januar 2008 Del Skrevet 14. januar 2008 Du kan forsøke å kjøre en scan fra sikker modus (tapp F8 under oppstart av PC-en, velg Sikker modus) Lenke til kommentar
simen_k Skrevet 14. januar 2008 Del Skrevet 14. januar 2008 Fragmentering kunne passet til den pc-en! Defragmentering tenker jeg Trodde defragmentering var diskopprydding... Men uansett reinstaller hele pc-en! Defragmentering setter sammen fragmentene på harddisken Lenke til kommentar
Gjest medlem-105082 Skrevet 14. januar 2008 Del Skrevet 14. januar 2008 (endret) Trodde defragmentering var diskopprydding... Men uansett reinstaller hele pc-en! Slutt å kom med slikte tullete kommentarer. Det er alltid siste utvei, og norbat har alltid klart å få PC-er rein etter de er blitt infisert. Endret 14. januar 2008 av medlem-105082 Lenke til kommentar
voffen Skrevet 14. januar 2008 Forfatter Del Skrevet 14. januar 2008 (endret) norbat ER KONGEN! Norbat: her er resultatet av din innsats for fred på...nettet: 24o et eller annet med cookies som ble fjernet av SAS. Endret 16. januar 2008 av voffen Lenke til kommentar
5-7 Skrevet 15. januar 2008 Del Skrevet 15. januar 2008 Møkka kan jo ha kommet fra noe av dette? M:\Documents and Settings\Vegard\Cookies\[email protected][1].txt M:\Documents and Settings\Vegard\Cookies\[email protected][2].txt M:\Documents and Settings\Vegard\Cookies\[email protected][2].txt M:\Documents and Settings\Vegard\Cookies\[email protected][1].txt M:\Documents and Settings\Vegard\Cookies\vegard@sexdate[1].txt M:\Documents and Settings\Vegard\Cookies\vegard@sexlist[2].txt M:\Documents and Settings\Vegard\Cookies\vegard@sexygames[2].txt M:\Documents and Settings\Vegard\Cookies\vegard@porn365[1].txt M:\Documents and Settings\Vegard\Cookies\vegard@pornaccess[1].txt M:\Documents and Settings\Vegard\Cookies\vegard@porninspector[1].txt M:\Documents and Settings\Vegard\Cookies\vegard@pornotube[1].txt M:\Documents and Settings\Vegard\Cookies\vegard@porntube[1].txt M:\Documents and Settings\Vegard\Cookies\vegard@myxxxgames[1].txt M:\Documents and Settings\Vegard\Cookies\vegard@sexdate[1].txt M:\Documents and Settings\Vegard\Cookies\vegard@sexlist[2].txt M:\Documents and Settings\Vegard\Cookies\vegard@sexygames[2].txt Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå