vegesim Skrevet 12. januar 2008 Del Skrevet 12. januar 2008 ComboFix 08-01-11.3 - Eier 2008-01-12 20:37:45.1 - NTFSx86 Running from: C:\Documents and Settings\Eier\Lokale innstillinger\Temporary Internet Files\Content.IE5\CEZOJA66\ComboFix[1].exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\445930.exe C:\WINDOWS\images.zip . ((((((((((((((((((((((((( Files Created from 2007-12-12 to 2008-01-12 ))))))))))))))))))))))))))))))) . 2008-01-12 20:35 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-11 22:11 . 2008-01-11 22:27 473,394 --a------ C:\chanrar.rar 2008-01-11 20:27 . 2008-01-11 20:35 <DIR> d-------- C:\Programfiler\Windows Live 2008-01-11 20:27 . 2008-01-11 20:32 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2008-01-11 20:27 . 2008-01-11 20:41 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-01-11 19:36 . 2008-01-11 19:36 45,568 -r-hs---- C:\WINDOWS\lssas.exe 2008-01-11 18:33 . 2008-01-11 18:33 36,864 -r-hs---- C:\WINDOWS\ntmngr.exe 2008-01-05 17:54 . 2008-01-05 17:54 <DIR> d-------- C:\Documents and Settings\Eier\Programdata\MSN6 2008-01-05 17:54 . 2008-01-05 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\MSN6 2007-12-24 00:02 . 2007-12-24 00:02 <DIR> d--h----- C:\WINDOWS\PIF . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-12 19:00 --------- d-----w C:\Documents and Settings\Eier\Programdata\Skype 2008-01-11 14:00 --------- d-----w C:\Programfiler\Norton Security Scan 2008-01-10 21:37 3,544 ----a-w C:\Documents and Settings\Eier\Programdata\wklnhst.dat 2008-01-09 12:32 --------- d-----w C:\Documents and Settings\Eier\Programdata\LimeWire 2008-01-04 17:29 --------- d-----w C:\Programfiler\TrackMania Nations ESWC 2007-12-25 23:29 --------- d-----w C:\Documents and Settings\Eier\Programdata\uTorrent 2007-12-24 11:50 --------- d-----w C:\Programfiler\Google 2007-12-12 21:52 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help 2007-12-09 21:51 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2007-12-03 09:52 --------- d-----w C:\Programfiler\Guild Wars 2007-12-02 10:37 --------- d-----w C:\Programfiler\Arthaus Paint & Fotoshop 2007-12-01 16:32 65,543 ----a-w C:\WINDOWS\BricoPackUninst.cmd 2007-12-01 16:32 6,112 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd 2007-12-01 16:32 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll 2007-12-01 12:58 --------- d-----w C:\Programfiler\Windows Live Toolbar 2007-12-01 12:52 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2007-11-30 14:04 --------- d-----w C:\Programfiler\QuickTime 2007-11-24 13:02 --------- d-----w C:\Programfiler\StepMania 2007-11-18 20:30 --------- d-----w C:\Programfiler\Fellesfiler\Thraex Software 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-21 11:55 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll 2007-10-10 13:14 20 ---h--w C:\Documents and Settings\All Users\Programdata\PKP_DLec.DAT 2007-10-10 13:14 20 ---h--w C:\Documents and Settings\All Users\Programdata\PKP_DLds.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "MSMSGS"="C:\Programfiler\Messenger\MSMSGS.exe" [2004-10-13 17:24 1694208] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360] "Creative Detector"="C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe" [2004-10-05 08:52 98304] "LDM"="C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-06-16 22:38 32768] "DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2007-09-18 15:16 171464] "Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AGRSMMSG"="AGRSMMSG.exe" [2003-05-05 12:16 88267 C:\WINDOWS\AGRSMMSG.exe] "SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2003-07-15 22:09 110592] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2003-07-15 22:08 618496] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 09:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-13 21:10 335872] "Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2003-07-17 13:50 184412] "UpdateManager"="C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48 36975] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2003-08-21 20:29 72536] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-05-03 18:41 95960] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 14:32 225280] "LogitechCameraAssistant"="C:\Programfiler\Logitech\Video\CameraAssistant.exe" [2005-12-07 09:26 489472] "LogitechVideo[inspector]"="C:\Programfiler\Logitech\Video\InstallHelper.exe" [2005-12-07 09:33 73728] "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 16:22 262144] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 09:03 110592 C:\WINDOWS\system32\bthprops.cpl] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-06-29 05:24 286720] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-09-26 13:42 267064] "GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] C:\Documents and Settings\Eier\Start-meny\Programmer\Oppstart\ RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 23:05:02] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Logitech Desktop Messenger.lnk - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-06-16 22:38:29] NkbMonitor.exe.lnk - C:\Programfiler\Nikon\PictureProject\NkbMonitor.exe [2007-07-12 18:52:40] R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 14:37] R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;C:\WINDOWS\system32\Drivers\WBSD.SYS [2003-03-20 17:24] *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder "2008-01-04 10:28:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2008-01-11 19:25:57 C:\WINDOWS\Tasks\Norton AntiVirus - Søk på min datamaskin.job" - C:\PROGRA~1\NORTON~1\Navw32.exec/task: "2008-01-11 14:00:52 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Programfiler\Norton Security Scan\Nss.exe "2008-01-12 19:01:01 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE "2007-05-03 17:26:45 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Programfiler\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-12 20:43:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe?????????9?9?8?2??????? ?deB???????????????B???????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechCameraAssistant"="C:\\Programfiler\\Logitech\\Video\\CameraAssistant.exe" . Completion time: 2008-01-12 20:46:25 ComboFix-quarantined-files.txt 2008-01-12 19:46:14 . 2008-01-10 13:35:28 --- E O F --- Lenke til kommentar
norbat Skrevet 12. januar 2008 Del Skrevet 12. januar 2008 Heisann, Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\chanrar.rar C:\WINDOWS\lssas.exe C:\WINDOWS\ntmngr.exe Post loggen. Lenke til kommentar
vegesim Skrevet 12. januar 2008 Forfatter Del Skrevet 12. januar 2008 Heisann, Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. File:: C:\chanrar.rar C:\WINDOWS\lssas.exe C:\WINDOWS\ntmngr.exe Post loggen. Men jeg har ikke noe Combofix-iconet jeg .. Lenke til kommentar
norbat Skrevet 12. januar 2008 Del Skrevet 12. januar 2008 Det er fordi du ikke lagret programmet på skrivebordet. Det burde du ha gjort ( ) Du får hente combofix igjen, og nå legger du det direkte på skrivebordet. Deretter drar du nevnte fil over iconet til programmet slik at combofix får ordnet sakene. Lenke til kommentar
vegesim Skrevet 12. januar 2008 Forfatter Del Skrevet 12. januar 2008 Det er fordi du ikke lagret programmet på skrivebordet. Det burde du ha gjort ( ) Du får hente combofix igjen, og nå legger du det direkte på skrivebordet. Deretter drar du nevnte fil over iconet til programmet slik at combofix får ordnet sakene. Okey takker men er viruset borte etter det? Lenke til kommentar
vegesim Skrevet 12. januar 2008 Forfatter Del Skrevet 12. januar 2008 Mest sannsynlig, ja. en nå fikk jeg jo fram en ny logg .. ComboFix 08-01-13.1 - Eier 2008-01-12 21:59:16.2 - NTFSx86 Running from: C:\Documents and Settings\Eier\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Eier\Skrivebord\CFScript.txt..txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE C:\chanrar.rar C:\WINDOWS\lssas.exe C:\WINDOWS\ntmngr.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\chanrar.rar C:\WINDOWS\lssas.exe C:\WINDOWS\ntmngr.exe . ((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 ))))))))))))))))))))))))))))))) . 2008-01-12 20:44 . 2008-01-12 20:47 59,110 --a------ C:\WINDOWS\rawr.rar 2008-01-12 20:35 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-11 20:27 . 2008-01-11 20:35 <DIR> d-------- C:\Programfiler\Windows Live 2008-01-11 20:27 . 2008-01-11 20:32 <DIR> d--hsc--- C:\Programfiler\Fellesfiler\WindowsLiveInstaller 2008-01-11 20:27 . 2008-01-11 20:41 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\WLInstaller 2008-01-05 17:54 . 2008-01-05 17:54 <DIR> d-------- C:\Documents and Settings\Eier\Programdata\MSN6 2008-01-05 17:54 . 2008-01-05 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\MSN6 2007-12-24 00:02 . 2007-12-24 00:02 <DIR> d--h----- C:\WINDOWS\PIF . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-13 21:03 --------- d-----w C:\Documents and Settings\Eier\Programdata\Skype 2008-01-11 14:00 --------- d-----w C:\Programfiler\Norton Security Scan 2008-01-10 21:37 3,544 ----a-w C:\Documents and Settings\Eier\Programdata\wklnhst.dat 2008-01-09 12:32 --------- d-----w C:\Documents and Settings\Eier\Programdata\LimeWire 2008-01-04 17:29 --------- d-----w C:\Programfiler\TrackMania Nations ESWC 2007-12-25 23:29 --------- d-----w C:\Documents and Settings\Eier\Programdata\uTorrent 2007-12-24 11:50 --------- d-----w C:\Programfiler\Google 2007-12-12 21:52 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help 2007-12-09 21:51 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2007-12-03 09:52 --------- d-----w C:\Programfiler\Guild Wars 2007-12-02 10:37 --------- d-----w C:\Programfiler\Arthaus Paint & Fotoshop 2007-12-01 16:32 65,543 ----a-w C:\WINDOWS\BricoPackUninst.cmd 2007-12-01 16:32 6,112 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd 2007-12-01 16:32 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll 2007-12-01 12:58 --------- d-----w C:\Programfiler\Windows Live Toolbar 2007-12-01 12:52 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2007-11-30 14:04 --------- d-----w C:\Programfiler\QuickTime 2007-11-24 13:02 --------- d-----w C:\Programfiler\StepMania 2007-11-18 20:30 --------- d-----w C:\Programfiler\Fellesfiler\Thraex Software 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 09:30 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:45 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-21 11:55 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll 2007-10-10 13:14 20 ---h--w C:\Documents and Settings\All Users\Programdata\PKP_DLec.DAT 2007-10-10 13:14 20 ---h--w C:\Documents and Settings\All Users\Programdata\PKP_DLds.DAT . ((((((((((((((((((((((((((((( snapshot@2008-01-12_20.45.52.58 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-12 19:37:11 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT + 2008-01-12 20:58:48 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT - 2008-01-12 19:37:12 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat + 2008-01-12 20:58:48 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat - 2008-01-12 19:37:12 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT + 2008-01-12 20:58:48 225,280 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT - 2008-01-12 19:37:12 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat + 2008-01-12 20:58:48 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat - 2008-01-12 19:37:13 5,316,608 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT + 2008-01-12 20:58:49 5,316,608 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT - 2008-01-12 19:37:13 135,168 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat + 2008-01-12 20:58:49 135,168 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "MSMSGS"="C:\Programfiler\Messenger\MSMSGS.exe" [2004-10-13 17:24 1694208] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:03 15360] "Creative Detector"="C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe" [2004-10-05 08:52 98304] "LDM"="C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-06-16 22:38 32768] "DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2007-09-18 15:16 171464] "Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AGRSMMSG"="AGRSMMSG.exe" [2003-05-05 12:16 88267 C:\WINDOWS\AGRSMMSG.exe] "SynTPLpr"="C:\Programfiler\Synaptics\SynTP\SynTPLpr.exe" [2003-07-15 22:09 110592] "SynTPEnh"="C:\Programfiler\Synaptics\SynTP\SynTPEnh.exe" [2003-07-15 22:08 618496] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 09:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-13 21:10 335872] "Cpqset"="C:\Programfiler\HPQ\Default Settings\cpqset.exe" [2003-07-17 13:50 184412] "UpdateManager"="C:\Programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48 36975] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2003-08-21 20:29 72536] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-05-03 18:41 95960] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 14:32 225280] "LogitechCameraAssistant"="C:\Programfiler\Logitech\Video\CameraAssistant.exe" [2005-12-07 09:26 489472] "LogitechVideo[inspector]"="C:\Programfiler\Logitech\Video\InstallHelper.exe" [2005-12-07 09:33 73728] "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 16:22 262144] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 09:03 110592 C:\WINDOWS\system32\bthprops.cpl] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2007-06-29 05:24 286720] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-09-26 13:42 267064] "GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "Adobe Photo Downloader"="C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] C:\Documents and Settings\Eier\Start-meny\Programmer\Oppstart\ RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 23:05:02] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Logitech Desktop Messenger.lnk - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-06-16 22:38:29] NkbMonitor.exe.lnk - C:\Programfiler\Nikon\PictureProject\NkbMonitor.exe [2007-07-12 18:52:40] R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 14:37] R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;C:\WINDOWS\system32\Drivers\WBSD.SYS [2003-03-20 17:24] *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder "2008-01-04 10:28:17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe "2008-01-11 19:25:57 C:\WINDOWS\Tasks\Norton AntiVirus - Søk på min datamaskin.job" - C:\PROGRA~1\NORTON~1\Navw32.exe "2008-01-11 14:00:52 C:\WINDOWS\Tasks\Norton Security Scan.job" - C:\Programfiler\Norton Security Scan\Nss.exe "2008-01-13 21:01:24 C:\WINDOWS\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Programfiler\Windows Live Toolbar\MSNTBUP.EXE "2007-05-03 17:26:45 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Programfiler\Symantec\LiveUpdate\NDETECT.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-13 22:03:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Programfiler\HPQ\Default Settings\cpqset.exe?????????9?9?8?2??????? ?deB???????????????B???????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechCameraAssistant"="C:\\Programfiler\\Logitech\\Video\\CameraAssistant.exe" . Completion time: 2008-01-13 22:05:13 ComboFix-quarantined-files.txt 2008-01-13 21:05:03 ComboFix2.txt 2008-01-12 19:46:25 . 2008-01-10 13:35:28 --- E O F --- Lenke til kommentar
norbat Skrevet 12. januar 2008 Del Skrevet 12. januar 2008 Ser fint ut. Vet du hva dette er for en fil: C:\WINDOWS\rawr.rar? Du kunne ha sjekket den på en av følgende nettsteder: Jotti eller Virustotal (Du laster opp fila og lar nettstedet sjekke fila vha. div. antivirusprog.) Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå