Klarte å trykke på youtube link, msn virus

slippern · 3. juni 2008

Men den C:\a.bat kan ikke slettes. pga Norman tar å setter den i karantene. å blir flyttet i fra C:\

Filen kommer hele tiden opp på nytt.

r2d290 · 3. juni 2008

kan du ikke slette den fra karantene da?

edit: glem det. tror jeg leste feil. Det kommer altså en ny a.bat med en gang norman setter den i karantene?

Endret 3. juni 2008 av r2d290

slippern · 3. juni 2008

Har fått dem ut av karantene. slette filene. var 2stk. håper dem er borte..

slippern · 3. juni 2008

Filen kom tilbake.

nå tok jeg den ut av karantene. den prøvde med en gang å fucke opp Norman.

lagret en kopi å prøvde å åpne å se hva som stod inni den. men fikk ikke tilgang.

Endret 3. juni 2008 av slippern

norbat · 3. juni 2008

Kjør en gang til med følgend innhold i CFScript-fila:

File::

C:\WINDOWS\system32\sysregi.exe

C:\a.bat

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"Nod32 Runtime"=-

Trenger ingen ny logg.

Fortell hvordan PC-en kjører.

Endret 3. juni 2008 av norbat

fre4k · 3. juni 2008

ComboFix 08-06-01.6 - ADMIN 2008-06-02 23:10:32.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.884 [GMT 2:00]

Running from: C:\Documents and Settings\ADMIN\Desktop\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\059573.exe

C:\WINDOWS\images.zip

.

((((((((((((((((((((((((( Files Created from 2008-05-02 to 2008-06-02 )))))))))))))))))))))))))))))))

.

2008-06-02 22:35 . 2008-06-02 22:34 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2008-06-02 22:34 . 2008-06-02 22:34 <DIR> d-------- C:\WINDOWS\Sun

2008-06-02 22:34 . 2008-06-02 22:35 <DIR> d-------- C:\Documents and Settings\ADMIN\.housecall6.6

2008-06-02 22:02 . 2008-06-02 22:02 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-06-02 22:02 . 2008-06-02 22:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-06-02 21:36 . 2008-06-02 21:36 <DIR> d--h----- C:\WINDOWS\PIF

2008-06-02 21:30 . 2008-06-02 21:30 53,252 -r-hs---- C:\WINDOWS\ehSched.exe

2008-06-01 13:06 . 2008-06-01 13:06 <DIR> d-------- C:\WINDOWS\LastGood

2008-06-01 01:57 . 2008-06-01 01:57 <DIR> d-------- C:\Logs

2008-06-01 01:34 . 2008-06-01 02:00 <DIR> d-------- C:\Program Files\World of Warcraft

2008-05-31 21:02 . 2008-06-01 01:32 <DIR> d-------- C:\Program Files\WoW-2.3.0.7561-enGB

2008-05-31 21:02 . 2008-06-01 01:45 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment

2008-05-31 03:24 . 2008-05-31 03:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet

2008-05-31 03:09 . 2008-05-31 03:09 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared

2008-05-30 15:01 . 2008-05-30 15:01 <DIR> d-------- C:\Program Files\Red Kawa

2008-05-30 15:01 . 2008-05-30 15:01 <DIR> d-------- C:\Program Files\AviSynth 2.5

2008-05-30 14:39 . 2008-06-01 06:53 54,400 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx

2008-05-30 14:39 . 2008-06-01 06:53 54,400 --a------ C:\WINDOWS\system32\BMXState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx

2008-05-30 14:39 . 2008-06-01 06:53 788 --a------ C:\WINDOWS\system32\DVCState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx

2008-05-30 14:37 . 2007-02-26 15:24 94,208 --a------ C:\WINDOWS\system32\cttele32.dll

2008-05-29 07:48 . 2008-05-29 07:48 <DIR> d-------- C:\Program Files\MSXML 4.0

2008-05-28 19:22 . 2008-05-28 19:22 <DIR> d-------- C:\Program Files\Microsoft Games

2008-05-28 19:22 . 2008-05-29 12:11 <DIR> d-------- C:\Program Files\GameSpy Arcade

2008-05-28 18:26 . 2008-05-28 18:26 <DIR> d-------- C:\Program Files\directx

2008-05-28 18:23 . 2008-05-28 18:26 <DIR> d-------- C:\Program Files\Sudden Strike II

2008-05-26 23:24 . 2008-05-26 23:24 <DIR> d-------- C:\Program Files\BODYGRAMLOUD

2008-05-25 23:51 . 2008-05-25 23:55 720,896 --a------ C:\WINDOWS\iun6002.exe

2008-05-25 23:50 . 2008-05-25 23:56 <DIR> d-------- C:\Program Files\Command And Conquer Red Alert 2 Yuri's Revenge

2008-05-25 20:01 . 2008-05-25 20:01 <DIR> d-------- C:\Program Files\Winamp Now Playing AutoHotkey script

2008-05-25 16:40 . 2008-05-25 19:37 <DIR> d-------- C:\Program Files\SopCast

2008-05-24 21:34 . 2008-05-24 21:54 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

2008-05-24 21:06 . 2008-04-10 12:08 71,184 -ra------ C:\WINDOWS\system32\drivers\DefragFS.sys

2008-05-24 21:05 . 2008-05-24 21:05 <DIR> d-------- C:\Program Files\Raxco

2008-05-24 21:05 . 2008-05-24 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco

2008-05-24 21:04 . 2008-05-24 21:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Protexis

2008-05-24 03:16 . 2008-05-24 03:16 <DIR> d-------- C:\Program Files\GoldWave

2008-05-23 13:57 . 2008-05-23 13:57 <DIR> d-------- C:\Program Files\Apple Software Update

2008-05-22 15:40 . 2008-05-22 15:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania

2008-05-22 09:48 . 2008-05-22 09:48 <DIR> d-------- C:\Program Files\Rockstar Games

2008-05-21 19:05 . 2008-06-01 20:25 <DIR> d-------- C:\Filmer

2008-05-20 23:32 . 2008-05-20 23:32 <DIR> d-------- C:\Program Files\K-Lite Codec Pack

2008-05-20 23:32 . 2008-01-10 13:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll

2008-05-20 23:32 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll

2008-05-20 23:19 . 2008-05-20 23:19 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\Media Player Classic

2008-05-19 23:21 . 2008-05-19 23:21 <DIR> d-------- C:\Program Files\ZX-Playback-Pack

2008-05-19 23:20 . 2008-05-19 23:21 <DIR> d-------- C:\Program Files\ffdshow

2008-05-19 20:00 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

2008-05-19 14:10 . 2008-05-19 14:10 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-05-18 23:48 . 2008-06-02 23:11 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\NoNameScript

2008-05-18 20:23 . 2008-05-18 20:23 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\BODYGRAMLOUD

2008-05-18 16:03 . 2008-05-21 19:05 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\BODYGRAMLOUD

2008-05-18 16:00 . 2008-05-18 16:00 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

2008-05-18 03:45 . 2008-05-20 14:01 <DIR> d-------- C:\Serier

2008-05-18 02:40 . 2008-05-18 02:40 <DIR> d-------- C:\WINDOWS\system32\Futuremark

2008-05-18 02:40 . 2007-09-07 14:55 27,672 --a------ C:\WINDOWS\system32\drivers\Entech.sys

2008-05-18 02:40 . 2007-09-07 14:55 12,744 --a------ C:\WINDOWS\system32\drivers\Entech64.sys

2008-05-18 02:40 . 2007-09-07 14:55 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd

2008-05-18 02:40 . 2001-11-19 20:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys

2008-05-18 02:38 . 2008-05-18 02:38 <DIR> d-------- C:\Program Files\Futuremark

2008-05-17 23:30 . 2008-05-17 23:30 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire

2008-05-17 23:30 . 2007-10-12 03:56 490,776 --a------ C:\WINDOWS\system32\drivers\LV561AV.SYS

2008-05-17 23:29 . 2008-05-17 23:30 <DIR> d-------- C:\Program Files\Common Files\LogiShrd

2008-05-17 23:29 . 2008-05-17 23:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech

2008-05-17 23:29 . 2008-05-17 23:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd

2008-05-17 19:27 . 2008-05-31 03:15 <DIR> d-------- C:\Program Files\Common Files\Adobe

2008-05-17 18:27 . 2008-05-17 18:28 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\Bioshock

2008-05-17 18:27 . 2008-05-17 18:27 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-05-17 16:29 . 2008-05-17 16:59 <DIR> d-------- C:\Program Files\Electronic Arts

2008-05-17 16:25 . 2008-05-26 00:19 <DIR> d-------- C:\Spill

2008-05-17 14:09 . 2008-05-17 14:11 <DIR> d-------- C:\Program Files\WhatPulse

2008-05-17 13:53 . 2008-05-16 11:39 211 --ahs---- C:\BOOT.BKK

2008-05-17 13:49 . 2008-05-17 13:49 <DIR> d-------- C:\Program Files\TGTSoft

2008-05-17 13:06 . 2008-05-17 13:06 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire

2008-05-17 13:05 . 2008-05-29 08:09 <DIR> d-------- C:\Program Files\Xfire

2008-05-17 13:05 . 2008-05-20 21:48 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\Xfire

2008-05-17 12:34 . 2008-05-17 12:34 <DIR> d-------- C:\Program Files\QuickTime

2008-05-17 12:34 . 2008-05-17 12:34 <DIR> d-------- C:\Program Files\iTunes

2008-05-17 12:34 . 2008-05-17 12:34 <DIR> d-------- C:\Program Files\iPod

2008-05-17 12:34 . 2008-05-17 12:34 <DIR> d-------- C:\Program Files\Common Files\Apple

2008-05-17 12:34 . 2008-05-17 12:34 <DIR> d-------- C:\Program Files\Bonjour

2008-05-17 12:34 . 2008-05-17 12:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-05-17 12:34 . 2008-05-17 12:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

2008-05-17 12:34 . 2008-05-25 14:59 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\Apple Computer

2008-05-17 12:34 . 2008-06-01 06:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-05-17 12:34 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys

2008-05-17 12:34 . 2008-05-17 12:35 1,409 --a------ C:\WINDOWS\QTFont.for

2008-05-17 12:02 . 2008-06-02 22:17 <DIR> d--h----- C:\$AVG8.VAULT$

2008-05-17 11:25 . 2008-05-17 23:29 <DIR> d-------- C:\Program Files\Logitech

2008-05-17 11:25 . 2008-05-17 11:25 <DIR> d-------- C:\Program Files\Common Files\Logitech

2008-05-17 11:22 . 2008-05-17 11:22 <DIR> d-------- C:\1db783fa3f8a2c54ba9e2e838f0f

2008-05-17 11:01 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-05-17 11:01 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-05-17 11:01 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-05-17 03:01 . 2008-05-30 20:20 <DIR> d-------- C:\Anime

2008-05-17 03:00 . 2008-05-17 03:00 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat

2008-05-17 02:59 . 2008-05-17 02:59 <DIR> d-------- C:\Program Files\Skype

2008-05-17 02:59 . 2008-05-17 02:59 <DIR> d-------- C:\Program Files\Common Files\Skype

2008-05-17 02:59 . 2008-05-17 02:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype

2008-05-17 02:59 . 2008-06-02 16:06 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\skypePM

2008-05-17 02:59 . 2008-06-02 23:28 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\Skype

2008-05-17 02:35 . 2008-05-17 02:35 <DIR> d-------- C:\Program Files\DAEMON Tools Lite

2008-05-17 02:25 . 2008-05-17 02:25 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\DAEMON Tools

2008-05-17 02:25 . 2008-05-17 02:25 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-05-17 01:52 . 2008-05-17 01:52 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\Ubisoft

2008-05-17 01:48 . 2008-05-17 01:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft

2008-05-17 01:47 . 2008-05-17 01:47 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition

2008-05-17 01:47 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2008-05-17 01:46 . 2008-06-02 22:10 <DIR> d-------- C:\Program Files\Windows Live Toolbar

2008-05-17 01:39 . 2008-05-17 01:39 <DIR> d-------- C:\Program Files\Ubisoft

2008-05-17 01:39 . 2008-05-17 01:43 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-05-17 01:38 . 2008-06-02 21:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-05-17 01:25 . 2008-05-17 01:25 <DIR> d-------- C:\Program Files\nbs-irc

2008-05-16 14:17 . 2008-06-01 06:55 <DIR> d-------- C:\Program Files\mIRC

2008-05-16 14:17 . 2008-05-18 23:48 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\mIRC

2008-05-16 14:07 . 2008-05-16 14:07 <DIR> d-------- C:\Documents and Settings\ADMIN\Application Data\vlc

2008-05-16 14:06 . 2008-05-16 14:06 <DIR> d-------- C:\Program Files\VideoLAN

2008-05-16 14:03 . 2008-06-02 19:54 <DIR> d-------- C:\Program Files\SpeedFan

2008-05-16 14:03 . 2008-05-16 14:03 45 --a------ C:\WINDOWS\system32\initdebug.nfo

2008-05-16 14:00 . 2008-06-02 13:54 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-05-16 14:00 . 2008-05-16 14:00 <DIR> d-------- C:\Program Files\AVG

2008-05-16 14:00 . 2008-05-16 14:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8

2008-05-16 14:00 . 2008-05-16 14:00 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-05-16 14:00 . 2008-05-16 14:00 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys

2008-05-16 14:00 . 2008-05-16 14:00 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-05-16 13:58 . 2008-05-16 13:58 <DIR> d-------- C:\Program Files\Lavasoft

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-30 12:37 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll

2008-05-30 12:37 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll

2008-05-16 09:51 --------- d-----w C:\Program Files\Intel

2008-05-16 09:43 --------- d-----w C:\Program Files\microsoft frontpage

2008-04-16 11:00 230,664 ----a-w C:\WINDOWS\system32\PDBoot.exe

2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-05-16 13:12 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-05-16 13:12 267592]

[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

"Creative MediaSource Go"="C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe" [2005-12-12 09:36 143360]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]

"Steam"="C:\Program Files\Steam\Steam.exe" [2008-05-16 13:14 1271032]

"grimplatform"="C:\DOCUME~1\ADMIN\APPLIC~1\BODYGR~1\OptionBike.exe" [2008-05-26 23:23 440320]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]

"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31 1372160]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 11:19 1426432]

"CPU Power Monitor"="C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-10-16 11:35 626176]

"Cpu Level Up help"="C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 10:32 880640]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-02-28 07:34 13516800]

"nwiz"="nwiz.exe" [2008-02-28 07:34 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-02-28 07:34 86016]

"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]

"CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-01-09 04:43 53340]

"Lachesis"="C:\Program Files\Razer\Lachesis\razerhid.exe" [2007-09-12 11:52 172032]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-16 14:00 1177368]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]

"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]

"Long Internet Team Stupid"="C:\Documents and Settings\All Users\Application Data\comp two long internet\bold glue.exe" [2008-06-02 20:18 781824]

"CTHelper"="CTHELPER.EXE" [2008-02-20 20:58 19456 C:\WINDOWS\system32\CtHelper.exe]

"CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 20:58 19968 C:\WINDOWS\system32\Ctxfihlp.exe]

"Windows UDP Control Center"="ehSched.exe" [2008-06-02 21:30 53252 C:\WINDOWS\ehSched.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

C:\Documents and Settings\ADMIN\Start Menu\Programs\Startup\

Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-05-14 03:29:28 3007824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="C:\\Program Files\\TGTSoft\\StyleXP\\Logon\\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\FrostWire\\FrostWire.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\mIRC\\mirc.exe"=

"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=

"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=

"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=

"C:\\Program Files\\Steam\\steamapps\\moal_1993\\counter-strike\\hl.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Xfire\\xfire.exe"=

"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis SP Demo\\Bin32\\Crysis.exe"=

"C:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=

"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"C:\\Program Files\\SopCast\\SopCast.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-16 14:00]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-16 14:00]

R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2008-02-25 09:44]

R3 LachesisFltr;Lachesis Mouse Driver;C:\WINDOWS\system32\drivers\Lachesis.sys [2007-08-08 11:04]

S3 uisp;Freescale USB JW32 driver;C:\WINDOWS\system32\Drivers\usbicp.sys [2005-12-21 11:23]

S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-02-18 11:16]

*Newly Created Service* - APPMGMT

*Newly Created Service* - CATCHME

*Newly Created Service* - DEFRAGFS

*Newly Created Service* - TMCOMM

.

Contents of the 'Scheduled Tasks' folder

"2008-05-29 08:33:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

"2008-06-02 21:00:07 C:\WINDOWS\Tasks\E0E420248353F150.job"

- c:\docume~1\admin\applic~1\bodygr~1\debugupsite.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-02 23:27:43

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-06-02 23:39:03

ComboFix-quarantined-files.txt 2008-06-02 21:38:27

Pre-Run: 569,818,845,184 bytes free

Post-Run: 570,175,045,632 bytes free

255 --- E O F --- 2008-06-01 12:30:32

Det får jeg opp, kan noen hjelpe meg med å få bort youtube viruset?

slippern · 3. juni 2008

Kommer opp et konsoll vindu. med blå bakgrunn, først scanner den noe eller tar backup elns. går veldig fort

Den går igjennom ca 40steg.

Så blir den ferdig å tar og lager loggen.

fre4k · 3. juni 2008

Er ikke det der loggen da?

slippern · 3. juni 2008

Loggen etter siste kjøring.

ComboFix 08-06-01.6 - tord.kristensen 2008-06-03 14:55:32.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1249 [GMT 2:00]

Running from: C:\Documents and Settings\tord.kristensen\Skrivebord\ComboFix.exe

Command switches used :: C:\Documents and Settings\tord.kristensen\Skrivebord\CFScript.txt

* Created a new restore point

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::

C:\a.bat

C:\WINDOWS\system32\sysregi.exe

.

((((((((((((((((((((((((( Files Created from 2008-05-03 to 2008-06-03 )))))))))))))))))))))))))))))))

.

2008-06-03 14:23 . 2008-06-03 14:50 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy

2008-06-03 13:49 . 2008-06-03 13:49 214 --a------ C:\home.reg

2008-06-03 12:07 . 2008-06-03 12:07 <DIR> d-------- C:\Documents and Settings\Administrator.FK15-12

2008-06-02 15:49 . 2008-06-02 15:49 <DIR> d-------- C:\Programfiler\Trend Micro

2008-06-02 15:48 . 2008-06-02 15:48 <DIR> d-------- C:\Documents and Settings\LocalService\Start-meny

2008-06-02 15:48 . 2008-02-11 14:56 19,512 --a------ C:\WINDOWS\system32\drivers\nvcw32mf.sys

2008-06-02 15:44 . 2008-06-02 15:44 <DIR> d-------- C:\WINDOWS\PushWiz

2008-06-02 15:44 . 2008-06-03 14:29 <DIR> d-------- C:\NORMAN

2008-06-02 15:39 . 2008-06-02 15:39 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2008-06-02 15:39 . 2008-06-02 15:39 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Kaspersky Lab

2008-06-02 15:38 . 2008-06-02 15:38 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-06-02 15:37 . 2008-06-02 15:37 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-06-02 15:37 . 2008-06-02 15:37 <DIR> d-------- C:\Documents and Settings\tord.kristensen\Programdata\SUPERAntiSpyware.com

2008-06-02 14:24 . 2008-06-02 14:55 <DIR> d-------- C:\Programfiler\BDD 2007

2008-06-02 11:32 . 2008-06-02 11:32 <DIR> d-------- C:\Programfiler\MSXML 6.0

2008-05-29 16:29 . 2008-05-29 16:31 <DIR> d-------- C:\Documents and Settings\tord.kristensen\Programdata\VMware

2008-05-29 16:29 . 2008-05-29 16:29 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\VMware

2008-05-27 11:53 . 2008-05-27 11:53 73 --a------ C:\WINDOWS\EurekaLog.ini

2008-05-27 09:39 . 2008-05-27 09:39 <DIR> d-------- C:\Programfiler\Runtime Software

2008-05-26 08:58 . 2008-05-26 08:58 <DIR> d-------- C:\Programfiler\QuickTime

2008-05-26 08:09 . 2008-05-29 12:48 <DIR> d-------- C:\WINDOWS\AutoLogin

2008-05-26 08:08 . 2008-05-26 08:08 <DIR> d-------- C:\WINDOWS\FPSoftware

2008-05-23 12:14 . 2008-05-23 12:14 <DIR> d-------- C:\Programfiler\JGsoft

2008-05-23 12:14 . 2008-05-23 12:14 <DIR> d-------- C:\Documents and Settings\tord.kristensen\Programdata\JGsoft

2008-05-23 12:14 . 2008-01-17 03:00 67,208 --a------ C:\WINDOWS\UnDeploy.exe

2008-05-21 11:13 . 2008-05-21 11:13 <DIR> d-------- C:\WINDOWS\Sun

2008-05-21 08:39 . 2008-05-21 08:39 <DIR> d-------- C:\Programfiler\Windows Media Connect 2

2008-05-21 08:39 . 2008-04-14 18:22 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-05-21 08:38 . 2008-05-21 08:38 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-05-21 08:38 . 2008-05-21 08:38 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-05-21 08:13 . 2008-04-25 19:41 218,624 --a--c--- C:\WINDOWS\system32\dllcache\uxtheme.dll

2008-05-20 13:52 . 1995-03-03 06:00 92,576 --a------ C:\WINDOWS\system\ODBCINST.DLL

2008-05-20 13:52 . 1995-03-03 06:00 56,240 --a------ C:\WINDOWS\system\ODBC.DLL

2008-05-20 13:52 . 2008-05-20 13:54 105 --a------ C:\WINDOWS\odbc.ini

2008-05-20 13:06 . 2008-06-02 12:21 9,906 --a------ C:\WINDOWS\IST.INI

2008-05-16 10:35 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-05-16 10:34 . 2008-05-16 10:35 <DIR> d-------- C:\Programfiler\Java

2008-05-16 10:34 . 2008-05-16 10:34 <DIR> d-------- C:\Programfiler\Fellesfiler\Java

2008-05-16 10:25 . 2008-05-16 10:25 62 --a------ C:\WINDOWS\ericsson.ini

2008-05-08 14:06 . 2008-05-08 14:06 51,300 --ah----- C:\WINDOWS\system32\mlfcache.dat

2008-05-08 10:11 . 2008-05-08 10:11 <DIR> d-------- C:\WINDOWS\system32\no

2008-05-08 10:11 . 2008-05-08 10:11 <DIR> d-------- C:\WINDOWS\system32\bits

2008-05-08 10:11 . 2008-05-08 10:11 <DIR> d-------- C:\WINDOWS\l2schemas

2008-05-08 10:10 . 2008-05-08 10:10 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-05-08 10:02 . 2004-08-03 22:29 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys

2008-05-07 16:30 . 2008-05-22 15:14 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-05-07 12:31 . 2008-05-22 14:32 <DIR> d-------- C:\temp

2008-05-07 12:31 . 2008-05-22 14:32 652 --a------ C:\WINDOWS\concept.ini

2008-05-07 12:31 . 2008-05-07 12:33 351 --a------ C:\WINDOWS\UqAnsatt.ini

2008-05-06 03:00 . 2008-05-06 03:00 <DIR> d-------- C:\Programfiler\MSXML 4.0

2008-05-05 12:57 . 2008-05-05 12:57 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe Systems Shared

2008-05-05 12:57 . 2008-05-05 12:57 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Adobe Systems

2008-05-05 11:32 . 2008-05-05 11:32 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\FLEXnet

2008-05-05 11:25 . 2008-05-16 09:06 <DIR> d-------- C:\Documents and Settings\tord.kristensen\Programdata\Ahead

2008-05-05 11:25 . 2008-05-05 11:25 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Ahead

2008-05-05 11:23 . 2008-05-05 11:24 <DIR> d-------- C:\Programfiler\Fellesfiler\Ahead

2008-05-05 11:23 . 2008-05-05 11:23 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Nero

2008-05-05 11:23 . 1998-03-10 01:00 42,496 --a------ C:\WINDOWS\ttuninst.exe

2008-05-05 11:01 . 2008-05-05 11:01 <DIR> d-------- C:\Programfiler\Bonjour

2008-05-05 10:58 . 2008-05-05 10:58 <DIR> d-------- C:\Programfiler\Fellesfiler\Macrovision Shared

2008-05-05 10:55 . 2008-06-02 09:33 <DIR> d-------- C:\Programfiler\Fellesfiler\Adobe

2008-05-05 10:39 . 2008-05-05 10:39 <DIR> d-------- C:\Documents and Settings\tord.kristensen\Programdata\DAEMON Tools

2008-05-05 10:39 . 2008-05-05 10:39 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-03 10:04 --------- d-----w C:\Documents and Settings\tord.kristensen\Programdata\mIRC

2008-06-03 06:25 --------- d-----w C:\Documents and Settings\tord.kristensen\Programdata\uTorrent

2008-06-02 13:37 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-05-27 07:39 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-05-21 06:27 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-05-20 10:03 --------- d-----w C:\Documents and Settings\tord.kristensen\Programdata\DameWare Development

2008-05-16 15:34 --------- d-----w C:\Documents and Settings\tord.kristensen\Programdata\MySQL

2008-05-08 08:18 --------- d-----w C:\Programfiler\MSN Messenger

2008-04-30 13:10 --------- d-----w C:\Programfiler\Intel

2008-04-30 13:10 --------- d-----w C:\Documents and Settings\tord.kristensen\Programdata\InstallShield

2008-04-25 17:41 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll

2008-04-25 10:00 --------- d-----w C:\Documents and Settings\tord.kristensen\Programdata\Alt-N

2008-04-25 09:59 --------- d-----w C:\Programfiler\Alt-N Technologies

2008-04-25 08:22 --------- d-----w C:\Documents and Settings\tord.kristensen\Programdata\Subversion

2008-04-25 08:01 --------- d--h--w C:\Programfiler\Zero G Registry

2008-04-25 07:15 --------- d-----w C:\Programfiler\uTorrent

2008-04-25 07:08 454,656 ----a-w C:\WINDOWS\system32\putty.exe

2008-04-23 14:51 --------- d-----w C:\Programfiler\MSBuild

2008-04-23 14:51 --------- d-----w C:\Programfiler\Microsoft Works

2008-04-23 14:45 --------- d-----w C:\Documents and Settings\All Users\Programdata\TechSmith

2008-04-23 14:28 --------- d-----w C:\Documents and Settings\tord.kristensen\Programdata\ComAgent

2008-04-23 13:33 --------- d-----w C:\Documents and Settings\administrator\Programdata\ComAgent

2008-04-23 11:30 --------- d-----w C:\Programfiler\Realtek

2008-04-23 11:30 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield

2008-04-23 11:21 --------- d-----w C:\Programfiler\ATI Technologies

2008-04-23 11:21 --------- d-----w C:\Programfiler\ATI

2008-04-23 10:20 --------- d-----w C:\Programfiler\microsoft frontpage

2008-04-23 10:19 --------- d-----w C:\Programfiler\Elektroniske tjenester

2008-04-23 10:18 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester

2008-04-14 16:39 1,804 ----a-w C:\WINDOWS\system32\dcache.bin

2008-04-14 16:26 330,752 ----a-w C:\WINDOWS\system32\netsetup.exe

2008-04-14 16:22 996,352 ----a-w C:\WINDOWS\system32\msgina.dll

2008-04-14 16:21 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll

2008-04-14 16:20 7,680 ----a-w C:\WINDOWS\system32\kbdsmsno.dll

2008-04-14 16:19 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll

2008-04-14 16:19 568,320 ----a-w C:\WINDOWS\system32\gpedit.dll

2008-04-14 16:19 3,584 ----a-w C:\WINDOWS\system32\icmp.dll

2008-04-14 16:19 3,072 ----a-w C:\WINDOWS\system32\dpnlobby.dll

2008-04-14 16:19 3,072 ----a-w C:\WINDOWS\system32\dpnaddr.dll

2008-04-14 16:19 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll

2008-04-14 16:19 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll

2008-04-14 16:19 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll

2008-04-14 15:56 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys

2008-04-14 15:56 120,192 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys

2008-04-14 15:55 80,000 ----a-w C:\WINDOWS\system32\drivers\parport.sys

2008-04-14 15:55 68,224 ----a-w C:\WINDOWS\system32\drivers\pci.sys

2008-04-14 15:55 46,592 ----a-w C:\WINDOWS\system32\drivers\p3.sys

2008-04-14 15:53 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-04-14 15:53 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-04-14 15:52 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll

2008-04-14 15:50 799,872 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys

2008-04-14 15:50 24,448 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys

2008-04-14 15:50 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys

2008-04-14 15:50 14,592 ----a-w C:\WINDOWS\system32\drivers\kbdhid.sys

2008-04-14 15:49 79,360 ------w C:\WINDOWS\system32\msxml6r.dll

2008-04-14 15:49 37,376 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys

2008-04-14 15:48 77,312 ------w C:\WINDOWS\system32\msshavmsg.dll

2008-04-14 15:48 40,576 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys

2008-04-14 15:48 40,192 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys

2008-04-14 15:47 556,032 ----a-w C:\WINDOWS\system32\shdoclc.dll

2008-04-14 15:47 47,616 ----a-w C:\WINDOWS\system32\inetres.dll

2008-04-14 15:46 64,640 ----a-w C:\WINDOWS\system32\drivers\serial.sys

2008-04-14 15:45 51,840 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys

2008-04-14 15:44 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys

2008-04-14 15:43 9,728 ----a-w C:\WINDOWS\system32\gpkrsrc.dll

2008-04-14 15:43 57,600 ----a-w C:\WINDOWS\system32\drivers\redbook.sys

2008-04-14 15:43 273,152 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-04-14 15:43 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys

2008-04-14 15:42 65,024 ----a-w C:\WINDOWS\system32\browselc.dll

2008-04-14 15:41 52,480 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys

2008-04-14 15:41 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys

2008-04-14 15:41 39,680 ----a-w C:\WINDOWS\system32\drivers\processr.sys

2008-04-14 15:39 41,600 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys

2008-04-14 15:39 41,216 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys

2008-04-14 15:38 22,912 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys

2008-04-14 15:37 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys

2008-04-14 15:37 187,776 ----a-w C:\WINDOWS\system32\drivers\acpi.sys

2008-04-14 07:23 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe

2008-04-14 07:22 987,136 ----a-w C:\WINDOWS\system32\setupapi.dll

2008-04-14 07:22 423,936 ----a-w C:\WINDOWS\system32\licdll.dll

2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys

2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys

2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys

2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys

2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys

2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys

2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys

2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys

2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys

2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys

2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys

2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys

2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys

2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys

2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys

2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys

2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys

.

((((((((((((((((((((((((((((( snapshot@2008-06-03_ 8.15.01,31 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-26 07:04:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-03 11:42:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-01-15 20:12:38 312,680 ----a-w C:\WINDOWS\Downloaded Program Files\avsniff.dll

+ 2008-01-15 20:12:40 255,336 ----a-w C:\WINDOWS\Downloaded Program Files\avsniffdlgs.dll

+ 2008-05-27 23:00:00 2,504 ----a-w C:\WINDOWS\Downloaded Program Files\catalog.dat

+ 2008-01-15 20:02:44 42,112 ----a-w C:\WINDOWS\Downloaded Program Files\ecmldr32.dll

+ 2008-05-27 23:00:00 284,016 ----a-w C:\WINDOWS\Downloaded Program Files\ecmsvr32.dll

+ 2008-01-15 20:02:58 201,896 ----a-w C:\WINDOWS\Downloaded Program Files\navapi32.dll

+ 2008-05-27 23:00:00 128,368 ----a-w C:\WINDOWS\Downloaded Program Files\naveng32.dll

+ 2008-05-27 23:00:00 943,472 ----a-w C:\WINDOWS\Downloaded Program Files\navex32a.dll

+ 2008-01-15 20:12:48 296,336 ----a-w C:\WINDOWS\Downloaded Program Files\rufsi.dll

+ 2008-05-27 23:00:00 97,776 ----a-w C:\WINDOWS\Downloaded Program Files\scrauth.dat

+ 2008-05-27 23:00:00 411,555 ----a-w C:\WINDOWS\Downloaded Program Files\tcdefs.dat

+ 2008-05-27 23:00:00 3,772,330 ----a-w C:\WINDOWS\Downloaded Program Files\tcscan7.dat

+ 2008-05-27 23:00:00 482,537 ----a-w C:\WINDOWS\Downloaded Program Files\tcscan8.dat

+ 2008-05-27 23:00:00 1,161,183 ----a-w C:\WINDOWS\Downloaded Program Files\tcscan9.dat

+ 2008-05-27 23:00:00 1,957 ----a-w C:\WINDOWS\Downloaded Program Files\tinfl.dat

+ 2008-05-27 23:00:00 71,435 ----a-w C:\WINDOWS\Downloaded Program Files\tscan1.dat

+ 2008-05-27 23:00:00 3,760 ----a-w C:\WINDOWS\Downloaded Program Files\tscan1hd.dat

+ 2008-05-27 23:00:00 1,007,646 ----a-w C:\WINDOWS\Downloaded Program Files\virscan1.dat

+ 2008-05-27 23:00:00 571,362 ----a-w C:\WINDOWS\Downloaded Program Files\virscan2.dat

+ 2008-05-27 23:00:00 151,832 ----a-w C:\WINDOWS\Downloaded Program Files\virscan3.dat

+ 2008-05-27 23:00:00 320,253 ----a-w C:\WINDOWS\Downloaded Program Files\virscan4.dat

+ 2008-05-27 23:00:00 7,708,633 ----a-w C:\WINDOWS\Downloaded Program Files\virscan5.dat

+ 2008-05-27 23:00:00 393,782 ----a-w C:\WINDOWS\Downloaded Program Files\virscan6.dat

+ 2008-05-27 23:00:00 27,357,239 ----a-w C:\WINDOWS\Downloaded Program Files\virscan7.dat

+ 2008-05-27 23:00:00 2,040,460 ----a-w C:\WINDOWS\Downloaded Program Files\virscan8.dat

+ 2008-05-27 23:00:00 6,266,048 ----a-w C:\WINDOWS\Downloaded Program Files\virscan9.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:22 15360]

"MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]

"DAEMON Tools Lite"="D:\Programfiler\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 09:27 153136]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640]

"SpybotSD TeaTimer"="D:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 14:27 16207872 C:\WINDOWS\RTHDCPL.exe]

"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-02-15 12:46 135168]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-02-15 12:46 159744]

"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-02-15 12:46 131072]

"NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]

"Norman ZANDA"="C:\NORMAN\Npm\bin\ZLH.exe" [2007-08-09 14:40 183352]

"DameWare MRC Agent"="C:\WINDOWS\system32\DWRCST.exe" [2008-02-19 15:40 78848]

"Nod32 Runtime"="sysregi.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 18:22 15360]

C:\Documents and Settings\tord.kristensen\Start-meny\Programmer\Oppstart\

Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

ComAgent.lnk - D:\Programfiler\ComAgent\ComAgent.exe [2008-04-23 15:33:10 1236992]

SnagIt 8.lnk - D:\Programfiler\TechSmith\SnagIt 8\SnagIt32.exe [2007-02-16 18:40:52 6379080]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSimpleStartMenu"= 1 (0x1)

"NoSMBalloonTip"= 1 (0x1)

"NoWelcomeScreen"= 1 (0x1)

"ForceStartMenuLogOff"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1177238915-630328440-1801674531-3369\Scripts\Logon\0\0]

"Script"=\\fauske.lokalt\SysVol\fauske.lokalt\scripts\logon.cmd

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\MSN Messenger\\livecall.exe"=

"D:\\Programfiler\\mIRC\\mirc.exe"=

"D:\\Programfiler\\Zend Studio\\ZendStudio.exe"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

"DEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~”ü"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;C:\WINDOWS\system32\DRIVERS\dwvkbd.sys [2007-02-15 20:00]

R2 Ndiskio;Ndiskio;C:\NORMAN\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]

R3 DwMirror;DwMirror;C:\WINDOWS\system32\DRIVERS\DamewareMini.sys [2007-02-07 20:00]

R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 14:56]

R3 nvcoas;Norman Virus Control on-access component;C:\NORMAN\Nvc\bin\nvcoas.exe [2007-12-12 11:45]

R3 NVCScheduler;Norman Virus Control Scheduler;C:\NORMAN\Nvc\BIN\NVCSCHED.EXE [2007-05-23 13:23]

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-03 14:56:31

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-06-03 14:57:12

ComboFix-quarantined-files.txt 2008-06-03 12:56:59

ComboFix2.txt 2008-06-03 12:52:33

ComboFix3.txt 2008-06-03 12:16:03

ComboFix4.txt 2008-06-03 06:15:14

Pre-Run: 5,710,680,064 byte ledig

Post-Run: 5,698,998,272 byte ledig

291 --- E O F --- 2008-05-22 01:00:40

r2d290 · 3. juni 2008

a.bat ble slettet.

Har du fortsatt problemer med pc-en?

slippern · 3. juni 2008

trojan advarselen har ikke poppet opp enda.. så kansje.. få se etterhvert. skal ta en restart nå

fre4k · 3. juni 2008

Er det noen som vet hav jeg må gjør?

slippern · 3. juni 2008

Har du gjort samme feilen som meg?

norbat · 3. juni 2008

fre4k:

Kan du kopiere og lime inn combofix-loggen din i en egen tråd (klikk Nytt Emne).

MSN-viruset skal vi få bort, skal du se

norbat · 3. juni 2008

slippern:

Post en hjt-logg, så tar vi siste rest derfra.

slippern · 3. juni 2008

Her er hjt-loggen.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:24, on 2008-06-03

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\NORMAN\Npm\bin\ELOGSVC.EXE

C:\NORMAN\Npm\bin\ZANDA.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\WINDOWS\SYSTEM32\DWRCS.EXE

C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\mdm.exe

C:\NORMAN\Npm\bin\NJEEVES.EXE

C:\NORMAN\Nvc\bin\nvcoas.exe

C:\NORMAN\Nvc\BIN\NVCSCHED.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\SYSTEM32\DWRCST.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe

C:\NORMAN\Npm\bin\ZLH.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\NORMAN\Nvc\BIN\NIP.EXE

C:\NORMAN\Nvc\bin\cclaw.exe

C:\Programfiler\MSN Messenger\MsnMsgr.Exe

D:\Programfiler\DAEMON Tools Lite\daemon.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe

C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

D:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

D:\Programfiler\ComAgent\ComAgent.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe

C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexStoreSvr.exe

D:\Programfiler\TechSmith\SnagIt 8\SnagIt32.exe

D:\Programfiler\TechSmith\SnagIt 8\TSCHelp.exe

D:\Programfiler\TechSmith\SnagIt 8\SnagPriv.exe

C:\Programfiler\MSN Messenger\usnsvc.exe

D:\Programfiler\Opera\opera.exe

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = fk003:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = e-torg.no.ihost.com;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Programfiler\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programfiler\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: AL2Spy Class - {DC200356-0864-4F66-8964-5D43A19300F5} - C:\WINDOWS\AUTOLO~1\AL2DLL.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Programfiler\TechSmith\SnagIt 8\SnagItIEAddin.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Npm\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [Nod32 Runtime] sysregi.exe

O4 - HKLM\..\Run: [DameWare MRC Agent] C:\WINDOWS\system32\DWRCST.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: ComAgent.lnk = D:\Programfiler\ComAgent\ComAgent.exe

O4 - Global Startup: SnagIt 8.lnk = D:\Programfiler\TechSmith\SnagIt 8\SnagIt32.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programfiler\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programfiler\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra button: Helpdesk - {71F62ED1-59FC-471A-84B0-F6E754C172D1} - http://fk008/MRcgi/MRentrancePage.pl (file missing) (HKCU)

O15 - Trusted Zone: http://security.symantec.com

O16 - DPF: iLO 2 Remote Console Applet - https://82.148.144.132/dvc.cab

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fauske.lokalt

O17 - HKLM\Software\..\Telephony: DomainName = fauske.lokalt

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fauske.lokalt

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fauske.lokalt

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = fauske.lokalt

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE

O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\NORMAN\Npm\bin\ELOGSVC.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: NBService - Nero AG - D:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Programfiler\Fellesfiler\Ahead\Lib\NMIndexingService.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\Npm\bin\NJEEVES.EXE

O23 - Service: Norman ZANDA - Norman ASA - C:\NORMAN\Npm\bin\ZANDA.EXE

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE

--

End of file - 9428 bytes

norbat · 3. juni 2008

Start hjt, velg "Do a system scan only", sett merke framfor følgende linje og klikk Fix checked:

O4 - HKLM\..\Run: [Nod32 Runtime] sysregi.exe

Ut over dette ser det fint ut.

Kjører alt som normalt?

slippern · 3. juni 2008

alt kjører som normalt nå ja.

Klarte å trykke på youtube link, msn virus

Anbefalte innlegg

Lenke til kommentar

Videoannonse

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Opprett konto

Logg inn

Populær nå

Hvem er aktive 0 medlemmer