BlueAgent Skrevet 4. juni 2008 Del Skrevet 4. juni 2008 (endret) Hallo..Jeg var en av dem som var dum nok til å trykke på en viss msn-link ..Hvis noen kunne være så grei å se gjennom denne ComboFix-loggen for meg hadde det vært kjempegreit! Jeg har ikke så veldig mye peiling på slikt... ComboFix 08-06-04.1 - Oyvind 2008-06-04 23:30:44.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2863 [GMT 2:00] Running from: C:\Documents and Settings\Oyvind\Desktop\Nedlastede filre og programmer\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-05-04 to 2008-06-04 ))))))))))))))))))))))))))))))) . 2008-06-04 22:44 . 2008-06-04 22:44 53,254 -r-hs---- C:\WINDOWS\ehSched.exe 2008-06-04 21:43 . 2008-06-04 21:43 <DIR> d-------- C:\Program Files\Yenka 2008-06-03 17:21 . 2008-06-03 17:21 <DIR> d-------- C:\Documents and Settings\Oyvind\Application Data\vlc 2008-06-03 17:20 . 2008-06-03 17:20 <DIR> d-------- C:\Program Files\VideoLAN 2008-05-31 19:01 . 2008-05-31 19:02 8 --a------ C:\WINDOWS\system32\nvModes.dat 2008-05-31 19:00 . 2008-05-31 19:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles 2008-05-28 20:02 . 2008-06-04 22:32 <DIR> d-------- C:\Documents and Settings\Oyvind\Application Data\OpenOffice.org2 2008-05-28 20:01 . 2008-05-28 20:01 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4 2008-05-27 12:38 . 2008-05-27 12:38 <DIR> d-------- C:\Program Files\QuickTime 2008-05-27 12:38 . 2008-05-27 12:38 <DIR> d-------- C:\Program Files\iTunes 2008-05-27 12:38 . 2008-05-27 12:38 <DIR> d-------- C:\Program Files\iPod 2008-05-27 12:38 . 2008-05-27 12:38 <DIR> d-------- C:\Program Files\Bonjour 2008-05-27 12:38 . 2008-05-27 12:38 <DIR> d-------- C:\Program Files\Apple Software Update 2008-05-27 12:38 . 2008-06-03 17:13 <DIR> d-------- C:\Documents and Settings\Oyvind\Application Data\Apple Computer 2008-05-27 12:38 . 2008-05-27 12:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-05-27 12:38 . 2008-06-04 22:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-27 12:38 . 2008-05-27 12:39 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-27 12:37 . 2008-05-27 12:37 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-05-27 12:37 . 2008-05-27 12:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-05-23 21:14 . 2008-05-23 21:14 <DIR> d-------- C:\Program Files\CCleaner 2008-05-23 17:40 . 2008-05-23 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\media center programs 2008-05-23 16:38 . 2008-05-23 16:38 <DIR> d-------- C:\Program Files\Funcom 2008-05-23 16:37 . 2008-05-23 16:37 268 --ah----- C:\sqmdata01.sqm 2008-05-23 16:37 . 2008-05-23 16:37 244 --ah----- C:\sqmnoopt01.sqm 2008-05-23 16:11 . 2008-05-23 16:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Funcom 2008-05-23 07:17 . 2008-05-23 07:17 268 --ah----- C:\sqmdata00.sqm 2008-05-23 07:17 . 2008-05-23 07:17 244 --ah----- C:\sqmnoopt00.sqm 2008-05-22 20:46 . 2008-05-22 20:46 <DIR> d-------- C:\Documents and Settings\Oyvind\Contacts 2008-05-22 20:44 . 2008-05-29 16:37 <DIR> d-------- C:\Program Files\MSN Messenger 2008-05-22 20:05 . 2008-05-22 20:05 1,169 --a------ C:\WINDOWS\mozver.dat 2008-05-22 20:01 . 2008-06-04 23:19 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-05-22 20:01 . 2008-05-22 20:01 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-05-22 20:01 . 2008-05-22 20:01 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2008-05-22 20:01 . 2008-04-14 02:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-05-22 18:52 . 2008-05-22 18:52 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-05-22 18:52 . 2008-05-22 18:52 <DIR> d-------- C:\WINDOWS\system32\en 2008-05-22 18:52 . 2008-05-22 18:52 <DIR> d-------- C:\WINDOWS\system32\bits 2008-05-22 18:52 . 2008-05-22 18:52 <DIR> d-------- C:\WINDOWS\l2schemas 2008-05-22 18:51 . 2008-05-22 18:51 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-05-22 18:38 . 2008-05-29 16:41 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-05-22 18:38 . 2007-08-10 20:46 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-05-22 18:35 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2008-05-22 18:35 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-05-22 18:35 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-05-22 18:35 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-05-22 18:35 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-05-22 18:33 . 2008-05-22 18:33 <DIR> d--hs---- C:\Documents and Settings\Oyvind\UserData 2008-05-22 18:27 . 2008-05-22 18:27 <DIR> d-------- C:\Program Files\RALINK 2008-05-22 18:27 . 2006-05-04 19:02 380,928 --a------ C:\WINDOWS\system32\drivers\rt61.sys 2008-05-22 18:27 . 2005-12-15 10:38 315,392 --a------ C:\WINDOWS\system32\AegisI5.exe 2008-05-22 18:27 . 2006-05-15 16:25 295,028 --a------ C:\WINDOWS\system32\Install6x.dll 2008-05-22 18:27 . 2008-05-22 18:27 21,275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2008-05-22 18:27 . 2006-04-06 13:15 8,192 --a------ C:\WINDOWS\system32\drivers\RT2661.bin 2008-05-22 18:27 . 2006-04-06 13:15 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561s.bin 2008-05-22 18:27 . 2006-04-06 13:15 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561.bin 2008-05-22 18:27 . 2006-03-10 15:33 78 --a------ C:\WINDOWS\filespec6x 2008-05-22 18:26 . 2007-06-29 14:47 34,304 --a------ C:\WINDOWS\system32\drivers\AmdLLD.sys 2008-05-22 18:25 . 2008-05-22 18:25 <DIR> d-------- C:\WINDOWS\nview 2008-05-22 18:25 . 2008-05-22 18:25 <DIR> d-------- C:\WINDOWS\nvidia icons 2008-05-22 18:25 . 2008-05-22 18:25 <DIR> d-------- C:\NVIDIA 2008-05-22 18:25 . 2008-05-02 22:46 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe 2008-05-22 18:25 . 2008-06-04 22:32 182,038 --a------ C:\WINDOWS\system32\nvapps.xml 2008-05-22 18:25 . 2008-05-02 22:46 181,895 --a------ C:\WINDOWS\system32\nvdsp.chm 2008-05-22 18:25 . 2008-05-02 22:46 121,529 --a------ C:\WINDOWS\system32\nvcpl.chm 2008-05-22 18:25 . 2008-05-02 22:46 116,384 --a------ C:\WINDOWS\system32\nv3d.chm 2008-05-22 18:25 . 2008-05-02 22:46 54,988 --a------ C:\WINDOWS\system32\nvmob.chm 2008-05-22 18:25 . 2008-05-02 22:46 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu 2008-05-22 18:24 . 2008-05-27 12:38 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-05-22 18:24 . 2008-05-22 18:26 <DIR> d-------- C:\Program Files\AMD 2008-05-22 18:24 . 2008-05-22 18:24 <DIR> d-------- C:\Documents and Settings\Oyvind\Application Data\InstallShield 2008-05-22 18:24 . 2006-07-01 22:39 36,864 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys 2008-05-22 18:14 . 2008-05-22 19:04 <DIR> d--h----- C:\Program Files\InstallShield Installation Information 2008-05-22 18:13 . 2008-05-22 18:13 <DIR> d-------- C:\Program Files\NVIDIA Corporation 2008-05-22 18:13 . 2006-03-23 19:53 442,368 --a------ C:\WINDOWS\system32\CapabilityTable.exe 2008-05-22 18:13 . 2008-02-23 00:43 208,896 --------- C:\WINDOWS\system32\nvuide.exe 2008-05-22 18:13 . 2008-02-23 00:43 1,570 --------- C:\WINDOWS\system32\nvide.nvu 2008-05-22 18:13 . 2008-05-22 18:13 1,024 --a------ C:\.rnd 2008-05-22 18:13 . 2008-05-22 18:13 22 --a------ C:\WINDOWS\FileName 2008-05-22 18:12 . 2008-05-22 18:13 <DIR> d-------- C:\Program Files\Common Files\InstallShield 2008-05-22 18:12 . 2008-04-30 17:27 442,368 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2008-05-22 18:12 . 2008-02-23 00:43 356,352 --a------ C:\WINDOWS\system32\nvunrm.exe 2008-05-22 18:12 . 2008-05-22 19:04 32,861 --a------ C:\WINDOWS\Ascd_tmp.ini 2008-05-22 18:12 . 2006-10-11 05:33 10,288 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS 2008-05-22 18:12 . 2004-08-13 04:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys 2008-05-22 18:12 . 2008-02-23 00:43 3,903 --a------ C:\WINDOWS\system32\nvnrm.nvu 2008-05-22 18:12 . 2008-02-23 00:43 1,428 --a------ C:\WINDOWS\system32\drivers\nvphy.bin 2008-05-22 18:10 . 2008-06-04 23:18 <DIR> d-------- C:\Documents and Settings\Oyvind 2008-05-22 18:09 . 2008-05-22 18:09 <DIR> d---s---- C:\WINDOWS\system32\Microsoft 2008-05-22 18:09 . 2008-05-22 18:09 <DIR> d--hs---- C:\Documents and Settings\NetworkService 2008-05-22 18:09 . 2008-05-22 18:09 <DIR> d--hs---- C:\Documents and Settings\LocalService 2008-05-22 18:09 . 2008-05-22 18:09 8,192 --a------ C:\WINDOWS\REGLOCS.OLD 2008-05-22 18:07 . 2008-04-14 02:09 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll 2008-05-22 18:06 . 2008-05-22 18:06 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-05-22 18:06 . 2008-05-22 18:06 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-05-22 18:06 . 2008-05-22 18:06 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2008-05-22 18:06 . 2008-05-22 18:06 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest 2008-05-22 18:06 . 2008-05-22 18:06 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2008-05-22 18:06 . 2008-05-22 18:06 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2008-05-22 18:00 . 2004-08-04 14:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2008-05-22 18:00 . 2004-08-04 14:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll 2008-05-22 18:00 . 2004-08-04 14:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2008-05-22 18:00 . 2004-08-04 14:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-28 18:01 --------- d-----w C:\Program Files\Java 2008-05-22 17:51 --------- d-----w C:\Documents and Settings\Oyvind\Application Data\Comodo 2008-05-22 17:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Comodo 2008-05-22 17:49 --------- d-----w C:\Program Files\Comodo 2008-05-22 17:42 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-05-22 17:42 --------- d-----w C:\Documents and Settings\Oyvind\Application Data\SystemRequirementsLab 2008-05-22 17:41 --------- d-----w C:\Program Files\Common Files\Java 2008-05-22 17:20 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys 2008-05-22 17:20 75,272 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys 2008-05-22 17:20 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll 2008-05-22 17:20 --------- d-----w C:\Program Files\AVG 2008-05-22 17:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8 2008-05-22 17:04 --------- d-----w C:\Program Files\Analog Devices 2008-05-22 15:43 --------- d-----w C:\Program Files\microsoft frontpage 2008-04-14 03:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll 2008-04-14 03:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe 2008-04-14 03:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll 2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin 2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe 2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll 2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll 2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys 2008-04-14 00:13 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll 2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys 2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys 2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll 2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys 2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll 2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll 2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll 2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll 2008-04-14 00:10 102,912 ----a-w C:\WINDOWS\system32\dpcdll.dll 2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys 2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys 2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys 2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys 2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys 2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys 2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys 2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys 2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys 2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys 2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys 2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys 2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys 2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys 2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys 2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys 2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys 2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys 2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys 2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys 2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys 2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys 2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys 2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys 2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys 2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys 2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys 2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys 2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys 2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys 2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys 2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys 2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys 2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys 2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys 2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys 2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys 2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys 2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys 2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys 2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys 2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys 2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys 2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys 2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys 2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys 2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys 2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys 2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys 2008-04-13 18:46 61,696 ----a-w C:\WINDOWS\system32\drivers\ohci1394.sys 2008-04-13 18:46 59,136 ------w C:\WINDOWS\system32\drivers\rfcomm.sys 2008-04-13 18:46 53,376 ----a-w C:\WINDOWS\system32\drivers\1394bus.sys 2008-04-13 18:46 37,888 ------w C:\WINDOWS\system32\drivers\bthmodem.sys 2008-04-13 18:46 36,480 ------w C:\WINDOWS\system32\drivers\bthprint.sys 2008-04-13 18:46 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-04-13 18:46 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys 2008-04-13 18:46 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys 2008-04-13 18:46 18,944 ------w C:\WINDOWS\system32\drivers\bthusb.sys 2008-04-13 18:46 17,024 ------w C:\WINDOWS\system32\drivers\bthenum.sys 2008-04-13 18:46 121,984 ------w C:\WINDOWS\system32\drivers\usbvideo.sys 2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys 2008-04-13 18:44 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:12 15360] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088] "nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016] "amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 11:06 77824] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 11:07 843776] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-22 19:20 1177368] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-05-22 19:49 1115728] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "Windows UDP Control Center"="ehSched.exe" [2008-06-04 22:44 53254 C:\WINDOWS\ehSched.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:12 15360] C:\Documents and Settings\Oyvind\Start Menu\Programs\Startup\ OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [1/21/2008 3:41:28 PM 393216] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [5/22/2008 6:27:45 PM 618496] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-22 19:20] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-22 19:20] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-22 19:20] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-22 19:20] *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-05-27 10:38:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-04 23:31:22 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-06-04 23:31:44 ComboFix-quarantined-files.txt 2008-06-04 21:31:42 Pre-Run: 214,343,999,488 bytes free Post-Run: 214,358,532,096 bytes free 279 --- E O F --- 2008-05-29 14:41:24 Endret 5. juni 2008 av BlueAgent Lenke til kommentar
norbat Skrevet 4. juni 2008 Del Skrevet 4. juni 2008 Last ned MSNFix, og pakk det ut på skrivebordet. Kjør filen 'MSNFix.bat'. Følg veiledningen Post loggen den lager. Lenke til kommentar
BlueAgent Skrevet 4. juni 2008 Forfatter Del Skrevet 4. juni 2008 Last ned MSNFix, og pakk det ut på skrivebordet.Kjør filen 'MSNFix.bat'. Følg veiledningen Post loggen den lager. Jeg vet ikke om det er for seint å poste loggen nå, ble litt borte en stund..Takk for rask respons forresten. Her er den uansett MSNFix 1.720 C:\Documents and Settings\Oyvind\Desktop\Nedlastede filre og programmer\MSNFix\MSNFix Søk ferdig på to 06/05/2008 - 0:51:16,73 By Oyvind normalmodus ************************ Finner filer Ingen filer funnet ************************ Finner mapper Ingen mapper funnet ************************ Mistenkelige filer Ingen filer funnet ************************ HKLM\...\Winlogon\Userinit Userinit = C:\WINDOWS\system32\userinit.exe, ------------------------------------------------------------------------ Laget av : !aur3n7 Contact: http://changelog.fr ------------------------------------------------------------------------ --------------------------------------------- END --------------------------------------------- Lenke til kommentar
norbat Skrevet 5. juni 2008 Del Skrevet 5. juni 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. File:: C:\WINDOWS\ehSched.exe Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows UDP Control Center"=- Lenke til kommentar
BlueAgent Skrevet 5. juni 2008 Forfatter Del Skrevet 5. juni 2008 Sånn. Her er loggen. Tusen hjertelig takk for at du hjelper meg med dette! ComboFix 08-06-04.1 - Oyvind 2008-06-05 14:02:02.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3143 [GMT 2:00] Running from: C:\Documents and Settings\Oyvind\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Oyvind\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\ehSched.exe . ((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 ))))))))))))))))))))))))))))))) . 2008-06-04 22:44 . 2008-06-04 22:44 53,254 --a------ C:\WINDOWS\ehSched.MSNFix 2008-06-04 21:43 . 2008-06-04 21:43 <DIR> d-------- C:\Program Files\Yenka 2008-06-03 17:21 . 2008-06-03 17:21 <DIR> d-------- C:\Documents and Settings\Oyvind\Application Data\vlc 2008-06-03 17:20 . 2008-06-03 17:20 <DIR> d-------- C:\Program Files\VideoLAN 2008-05-31 19:01 . 2008-05-31 19:02 8 --a------ C:\WINDOWS\system32\nvModes.dat 2008-05-31 19:00 . 2008-05-31 19:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles 2008-05-28 20:02 . 2008-06-05 13:11 <DIR> d-------- C:\Documents and Settings\Oyvind\Application Data\OpenOffice.org2 2008-05-28 20:01 . 2008-05-28 20:01 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4 2008-05-27 12:38 . 2008-05-27 12:38 <DIR> d-------- C:\Program Files\QuickTime 2008-05-27 12:38 . 2008-05-27 12:38 <DIR> d-------- C:\Program Files\iTunes 2008-05-27 12:38 . 2008-05-27 12:38 <DIR> d-------- C:\Program Files\iPod 2008-05-27 12:38 . 2008-05-27 12:38 <DIR> d-------- C:\Program Files\Bonjour 2008-05-27 12:38 . 2008-05-27 12:38 <DIR> d-------- C:\Program Files\Apple Software Update 2008-05-27 12:38 . 2008-06-03 17:13 <DIR> d-------- C:\Documents and Settings\Oyvind\Application Data\Apple Computer 2008-05-27 12:38 . 2008-05-27 12:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-05-27 12:38 . 2008-06-05 13:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-27 12:38 . 2008-05-27 12:39 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-27 12:37 . 2008-05-27 12:37 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-05-27 12:37 . 2008-05-27 12:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-05-23 21:14 . 2008-05-23 21:14 <DIR> d-------- C:\Program Files\CCleaner 2008-05-23 17:40 . 2008-05-23 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\media center programs 2008-05-23 16:38 . 2008-05-23 16:38 <DIR> d-------- C:\Program Files\Funcom 2008-05-23 16:37 . 2008-05-23 16:37 268 --ah----- C:\sqmdata01.sqm 2008-05-23 16:37 . 2008-05-23 16:37 244 --ah----- C:\sqmnoopt01.sqm 2008-05-23 16:11 . 2008-05-23 16:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Funcom 2008-05-23 07:17 . 2008-05-23 07:17 268 --ah----- C:\sqmdata00.sqm 2008-05-23 07:17 . 2008-05-23 07:17 244 --ah----- C:\sqmnoopt00.sqm 2008-05-22 20:46 . 2008-05-22 20:46 <DIR> d-------- C:\Documents and Settings\Oyvind\Contacts 2008-05-22 20:44 . 2008-05-29 16:37 <DIR> d-------- C:\Program Files\MSN Messenger 2008-05-22 20:05 . 2008-05-22 20:05 1,169 --a------ C:\WINDOWS\mozver.dat 2008-05-22 20:01 . 2008-06-04 23:19 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-05-22 20:01 . 2008-05-22 20:01 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-05-22 20:01 . 2008-05-22 20:01 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2008-05-22 20:01 . 2008-04-14 02:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-05-22 18:52 . 2008-05-22 18:52 <DIR> d-------- C:\WINDOWS\system32\scripting 2008-05-22 18:52 . 2008-05-22 18:52 <DIR> d-------- C:\WINDOWS\system32\en 2008-05-22 18:52 . 2008-05-22 18:52 <DIR> d-------- C:\WINDOWS\system32\bits 2008-05-22 18:52 . 2008-05-22 18:52 <DIR> d-------- C:\WINDOWS\l2schemas 2008-05-22 18:51 . 2008-05-22 18:51 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-05-22 18:38 . 2008-05-29 16:41 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-05-22 18:38 . 2007-08-10 20:46 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-05-22 18:35 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2008-05-22 18:35 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-05-22 18:35 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-05-22 18:35 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-05-22 18:35 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-05-22 18:33 . 2008-05-22 18:33 <DIR> d--hs---- C:\Documents and Settings\Oyvind\UserData 2008-05-22 18:27 . 2008-05-22 18:27 <DIR> d-------- C:\Program Files\RALINK 2008-05-22 18:27 . 2006-05-04 19:02 380,928 --a------ C:\WINDOWS\system32\drivers\rt61.sys 2008-05-22 18:27 . 2005-12-15 10:38 315,392 --a------ C:\WINDOWS\system32\AegisI5.exe 2008-05-22 18:27 . 2006-05-15 16:25 295,028 --a------ C:\WINDOWS\system32\Install6x.dll 2008-05-22 18:27 . 2008-05-22 18:27 21,275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2008-05-22 18:27 . 2006-04-06 13:15 8,192 --a------ C:\WINDOWS\system32\drivers\RT2661.bin 2008-05-22 18:27 . 2006-04-06 13:15 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561s.bin 2008-05-22 18:27 . 2006-04-06 13:15 8,192 --a------ C:\WINDOWS\system32\drivers\RT2561.bin 2008-05-22 18:27 . 2006-03-10 15:33 78 --a------ C:\WINDOWS\filespec6x 2008-05-22 18:26 . 2007-06-29 14:47 34,304 --a------ C:\WINDOWS\system32\drivers\AmdLLD.sys 2008-05-22 18:25 . 2008-05-22 18:25 <DIR> d-------- C:\WINDOWS\nview 2008-05-22 18:25 . 2008-05-22 18:25 <DIR> d-------- C:\WINDOWS\nvidia icons 2008-05-22 18:25 . 2008-05-22 18:25 <DIR> d-------- C:\NVIDIA 2008-05-22 18:25 . 2008-05-02 22:46 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe 2008-05-22 18:25 . 2008-06-05 13:11 182,038 --a------ C:\WINDOWS\system32\nvapps.xml 2008-05-22 18:25 . 2008-05-02 22:46 181,895 --a------ C:\WINDOWS\system32\nvdsp.chm 2008-05-22 18:25 . 2008-05-02 22:46 121,529 --a------ C:\WINDOWS\system32\nvcpl.chm 2008-05-22 18:25 . 2008-05-02 22:46 116,384 --a------ C:\WINDOWS\system32\nv3d.chm 2008-05-22 18:25 . 2008-05-02 22:46 54,988 --a------ C:\WINDOWS\system32\nvmob.chm 2008-05-22 18:25 . 2008-05-02 22:46 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu 2008-05-22 18:24 . 2008-05-27 12:38 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-05-22 18:24 . 2008-05-22 18:26 <DIR> d-------- C:\Program Files\AMD 2008-05-22 18:24 . 2008-05-22 18:24 <DIR> d-------- C:\Documents and Settings\Oyvind\Application Data\InstallShield 2008-05-22 18:24 . 2006-07-01 22:39 36,864 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys 2008-05-22 18:14 . 2008-05-22 19:04 <DIR> d--h----- C:\Program Files\InstallShield Installation Information 2008-05-22 18:13 . 2008-05-22 18:13 <DIR> d-------- C:\Program Files\NVIDIA Corporation 2008-05-22 18:13 . 2006-03-23 19:53 442,368 --a------ C:\WINDOWS\system32\CapabilityTable.exe 2008-05-22 18:13 . 2008-02-23 00:43 208,896 --------- C:\WINDOWS\system32\nvuide.exe 2008-05-22 18:13 . 2008-02-23 00:43 1,570 --------- C:\WINDOWS\system32\nvide.nvu 2008-05-22 18:13 . 2008-05-22 18:13 1,024 --a------ C:\.rnd 2008-05-22 18:13 . 2008-05-22 18:13 22 --a------ C:\WINDOWS\FileName 2008-05-22 18:12 . 2008-05-22 18:13 <DIR> d-------- C:\Program Files\Common Files\InstallShield 2008-05-22 18:12 . 2008-04-30 17:27 442,368 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2008-05-22 18:12 . 2008-02-23 00:43 356,352 --a------ C:\WINDOWS\system32\nvunrm.exe 2008-05-22 18:12 . 2008-05-22 19:04 32,861 --a------ C:\WINDOWS\Ascd_tmp.ini 2008-05-22 18:12 . 2006-10-11 05:33 10,288 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS 2008-05-22 18:12 . 2004-08-13 04:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys 2008-05-22 18:12 . 2008-02-23 00:43 3,903 --a------ C:\WINDOWS\system32\nvnrm.nvu 2008-05-22 18:12 . 2008-02-23 00:43 1,428 --a------ C:\WINDOWS\system32\drivers\nvphy.bin 2008-05-22 18:10 . 2008-06-04 23:18 <DIR> d-------- C:\Documents and Settings\Oyvind 2008-05-22 18:09 . 2008-05-22 18:09 <DIR> d---s---- C:\WINDOWS\system32\Microsoft 2008-05-22 18:09 . 2008-05-22 18:09 <DIR> d--hs---- C:\Documents and Settings\NetworkService 2008-05-22 18:09 . 2008-05-22 18:09 <DIR> d--hs---- C:\Documents and Settings\LocalService 2008-05-22 18:09 . 2008-05-22 18:09 8,192 --a------ C:\WINDOWS\REGLOCS.OLD 2008-05-22 18:07 . 2008-04-14 02:09 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll 2008-05-22 18:06 . 2008-05-22 18:06 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-05-22 18:06 . 2008-05-22 18:06 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-05-22 18:06 . 2008-05-22 18:06 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2008-05-22 18:06 . 2008-05-22 18:06 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest 2008-05-22 18:06 . 2008-05-22 18:06 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2008-05-22 18:06 . 2008-05-22 18:06 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2008-05-22 18:00 . 2004-08-04 14:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2008-05-22 18:00 . 2004-08-04 14:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll 2008-05-22 18:00 . 2004-08-04 14:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2008-05-22 18:00 . 2004-08-04 14:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-04 21:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8 2008-05-28 18:01 --------- d-----w C:\Program Files\Java 2008-05-22 17:51 --------- d-----w C:\Documents and Settings\Oyvind\Application Data\Comodo 2008-05-22 17:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Comodo 2008-05-22 17:49 --------- d-----w C:\Program Files\Comodo 2008-05-22 17:42 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-05-22 17:42 --------- d-----w C:\Documents and Settings\Oyvind\Application Data\SystemRequirementsLab 2008-05-22 17:41 --------- d-----w C:\Program Files\Common Files\Java 2008-05-22 17:20 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys 2008-05-22 17:20 75,272 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys 2008-05-22 17:20 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll 2008-05-22 17:20 --------- d-----w C:\Program Files\AVG 2008-05-22 17:04 --------- d-----w C:\Program Files\Analog Devices 2008-05-22 15:43 --------- d-----w C:\Program Files\microsoft frontpage 2008-04-14 03:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll 2008-04-14 03:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe 2008-04-14 03:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll 2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin 2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe 2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll 2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll 2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys 2008-04-14 00:13 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll 2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys 2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys 2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll 2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys 2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll 2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll 2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll 2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll 2008-04-14 00:10 102,912 ----a-w C:\WINDOWS\system32\dpcdll.dll 2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys 2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys 2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys 2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys 2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys 2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys 2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys 2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys 2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys 2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys 2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys 2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys 2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys 2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys 2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys 2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys 2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys 2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys 2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys 2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys 2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys 2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys 2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys 2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys 2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys 2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys 2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys 2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys 2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys 2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys 2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys 2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys 2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys 2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys 2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys 2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys 2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys 2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys 2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys 2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys 2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys 2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys 2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys 2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys 2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys 2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys 2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys 2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys 2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys 2008-04-13 18:46 61,696 ----a-w C:\WINDOWS\system32\drivers\ohci1394.sys 2008-04-13 18:46 59,136 ------w C:\WINDOWS\system32\drivers\rfcomm.sys 2008-04-13 18:46 53,376 ----a-w C:\WINDOWS\system32\drivers\1394bus.sys 2008-04-13 18:46 37,888 ------w C:\WINDOWS\system32\drivers\bthmodem.sys 2008-04-13 18:46 36,480 ------w C:\WINDOWS\system32\drivers\bthprint.sys 2008-04-13 18:46 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-04-13 18:46 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys 2008-04-13 18:46 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys 2008-04-13 18:46 18,944 ------w C:\WINDOWS\system32\drivers\bthusb.sys 2008-04-13 18:46 17,024 ------w C:\WINDOWS\system32\drivers\bthenum.sys 2008-04-13 18:46 121,984 ------w C:\WINDOWS\system32\drivers\usbvideo.sys 2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys 2008-04-13 18:44 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys . ((((((((((((((((((((((((((((( snapshot@2008-06-04_23.31.38,42 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-04 10:00:31 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-05 11:11:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:12 15360] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088] "nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016] "amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 11:06 77824] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 11:07 843776] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-22 19:20 1177368] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-05-22 19:49 1115728] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:12 15360] C:\Documents and Settings\Oyvind\Start Menu\Programs\Startup\ OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [1/21/2008 3:41:28 PM 393216] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [5/22/2008 6:27:45 PM 618496] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-22 19:20] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-22 19:20] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-22 19:20] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-22 19:20] . Contents of the 'Scheduled Tasks' folder "2008-05-27 10:38:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-05 14:03:13 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-06-05 14:03:31 ComboFix-quarantined-files.txt 2008-06-05 12:03:29 ComboFix2.txt 2008-06-04 21:33:26 ComboFix3.txt 2008-06-04 21:31:44 Pre-Run: 214,326,341,632 bytes free Post-Run: 214,310,633,472 bytes free 287 --- E O F --- 2008-05-29 14:41:24 Lenke til kommentar
norbat Skrevet 5. juni 2008 Del Skrevet 5. juni 2008 Bruk utforsker til å slette følgende fil (i fet): C:\WINDOWS\ehSched.MSNFix Ut over dette ser loggen fin ut. Ingen flere infiserte filer Hvis PC-en kjører ok, avinstallerer du combofix ved å skrive combofix /u i kjør-feltet (start->kjør). Du kan også slette MSNFix-programmet. Lenke til kommentar
BlueAgent Skrevet 5. juni 2008 Forfatter Del Skrevet 5. juni 2008 Greit. Da var det gjort . Skal prøve å være mye mer forsiktig med å klikke på linker i fremtiden. Spesielt hvis de kommer via msn. Lenke til kommentar
norbat Skrevet 5. juni 2008 Del Skrevet 5. juni 2008 Ja, du får prøve Surf trygt. Lenke til kommentar
r2d290 Skrevet 5. juni 2008 Del Skrevet 5. juni 2008 Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full redigering. Øverst der emnetittelen diner, skriver du: [LØST] foran emnetittelen din. Eks: [LØST] Har fått virus på maskinen -Surf trygt- Lenke til kommentar
bruker234 Skrevet 5. juni 2008 Del Skrevet 5. juni 2008 Eg klarte å åpna en slags YouTube link, va det samma som "msn viruset" men, klarar nok å fikse det selv Lenke til kommentar
BlueAgent Skrevet 5. juni 2008 Forfatter Del Skrevet 5. juni 2008 (endret) Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full redigering. Øverst der emnetittelen diner, skriver du:[LØST] foran emnetittelen din. Eks: [LØST] Har fått virus på maskinen -Surf trygt- Takk for påminnelsen. Har endret emnetittelen nå. Endret 5. juni 2008 av BlueAgent Lenke til kommentar
r2d290 Skrevet 5. juni 2008 Del Skrevet 5. juni 2008 Eg klarte å åpna en slags YouTube link, va det samma som "msn viruset" men, klarar nok å fikse det selv Sikker? For å bli helt sikker på at det ikke er noe galt, kan du poste en combofix-logg. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå