Just nu i M3-nätverket
Gå till innehåll

Dator beter sig konstigt


tankado

Rekommendera Poster

Min dator har börjat göra konstiga saker bl a med Msn Messenger så jag avinstallerade msn. Jag bifogar en HiJackThis logg. Kan någon expert här titta till den och kanske ge lite tips om vad jag ska göra härnäst.

 

Hijack This Logg:

[log]Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 21:25:07, on 2008-02-02

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LckFldService.exe

C:\Program\NetLimiter 2 Pro\nlsvc.exe

C:\Program\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\Eset\nod32kui.exe

C:\Program\Java\jre1.6.0_03\bin\jusched.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program\Alarm Me\AlarmMe.exe

C:\Program\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe

C:\Program\DAEMON Tools\daemon.exe

C:\Program\Messenger\msmsgs.exe

C:\Program\NetLimiter 2 Pro\NLClient.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program\iPod\bin\iPodService.exe

C:\WINDOWS\system32\winsrs.exe

C:\Program\Windows Media Player\wmplayer.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Mattias\Skrivbord\HiJackThis_v2\HiJackThis_v2.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33171&LegitCheckError=8

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nod32kui] "C:\Program\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [AlarmMe] "C:\Program\Alarm Me\AlarmMe.exe" "-h"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [WIndos Update] winsrs.exe

O4 - HKLM\..\RunServices: [WIndos Update] winsrs.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Comrade.exe] C:\Program\GameSpy\Comrade\Comrade.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program\NetLimiter 2 Pro\nlsvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

--

End of file - 6896 bytes

[/log]

 

Länk till kommentar
Dela på andra webbplatser

 

[log]Ladda ner ComboFix till Skrivbordet:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Dra ur internetanslutningen och stäng av antivirusprogram och antispionprogram.

Kör ComboFix och följ anvisningarna som visas.

 

VIKTIGT! Klicka inte på ComboFix-fönstret med musen när den körs annars kan den hänga upp sig.

 

När den är färdig så ska en logg komma upp, klistra in den här. Kontrollera att antivirusprogram mm är igång innan du ansluter till internet.

 

Om du får problem med att komma ut på internet:

Kontrollpanelen - Nätverksanslutningar

högerklicka på din internetanslutning och välj Reparera

eller starta om datorn. [/log]

 

Länk till kommentar
Dela på andra webbplatser

ComBo Fix logg. (xtrmsupra.exe.zip o.s.v är filer som skickades via msn till mina kompisar då det var installerat)

 

[log]ComboFix 08-02.03.1 - Mattias 2008-02-02 21:43:30.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.668 [GMT 1:00]

Running from: G:\Mattias\Program\ComboFix\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-01-02 to 2008-02-02 )))))))))))))))))))))))))))))))

.

 

2008-02-02 21:18 . 2006-09-05 18:59 97,088 -ra------ C:\WINDOWS\system32\drivers\se58mdm.sys

2008-02-02 21:18 . 2006-09-05 18:59 9,360 -ra------ C:\WINDOWS\system32\drivers\se58mdfl.sys

2008-02-02 21:18 . 2006-09-05 19:00 6,240 -ra------ C:\WINDOWS\system32\drivers\se58cmnt.sys

2008-02-02 21:18 . 2006-09-05 19:00 6,240 -ra------ C:\WINDOWS\system32\drivers\se58cm.sys

2008-02-02 21:09 . 2008-02-02 21:09 741,102 --a------ C:\WINDOWS\nirvana_maggot.exe.zip

2008-02-02 21:09 . 2008-02-02 21:09 741,100 --a------ C:\WINDOWS\oskuldforlife.exe.zip

2008-02-02 21:09 . 2008-02-02 21:09 741,100 --a------ C:\WINDOWS\mats_joensson.exe.zip

2008-02-02 21:09 . 2008-02-02 21:09 741,098 --a------ C:\WINDOWS\sandra_lilja.exe.zip

2008-02-02 21:09 . 2008-02-02 21:09 741,098 --a------ C:\WINDOWS\oliviaflasch.exe.zip

2008-02-02 21:09 . 2008-02-02 21:09 741,096 --a------ C:\WINDOWS\rap_cs_alex.exe.zip

2008-02-02 21:09 . 2008-02-02 21:09 741,096 --a------ C:\WINDOWS\lina.4.life.exe.zip

2008-02-02 21:09 . 2008-02-02 21:09 741,094 --a------ C:\WINDOWS\hi_im_lost.exe.zip

2008-02-02 21:09 . 2008-02-02 21:09 741,092 --a------ C:\WINDOWS\xtrmsupra.exe.zip

2008-02-02 21:09 . 2008-02-02 21:09 741,092 --a------ C:\WINDOWS\snoddas93.exe.zip

2008-02-02 21:08 . 2008-02-02 21:09 741,094 --a------ C:\WINDOWS\pic0382.zip

2008-02-02 21:08 . 2008-02-02 21:08 741,086 --a------ C:\WINDOWS\jojjet.exe.zip

2008-02-02 21:01 . 2008-02-02 21:01 <KAT> d-------- C:\Program\Disc2Phone

2008-02-02 20:59 . 2006-09-05 18:58 61,536 -ra------ C:\WINDOWS\system32\drivers\se58bus.sys

2008-02-02 20:59 . 2006-09-05 18:58 5,872 -ra------ C:\WINDOWS\system32\drivers\se58whnt.sys

2008-02-02 20:59 . 2006-09-05 18:58 5,872 -ra------ C:\WINDOWS\system32\drivers\se58wh.sys

2008-02-01 19:25 . 2008-02-01 19:25 <KAT> dr-h----- C:\Documents and Settings\Therese\Application Data\SecuROM

2008-02-01 18:51 . 2008-02-01 19:21 <KAT> d-------- C:\Program\EA GAMES

2008-02-01 18:51 . 2005-02-26 06:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll

2008-02-01 18:27 . 2008-02-01 18:27 1,409 --a------ C:\WINDOWS\system32\tmp08005.FOT

2008-02-01 18:25 . 2008-02-01 18:25 1,409 --a------ C:\WINDOWS\system32\tmpE30F2.FOT

2008-02-01 18:25 . 2008-02-01 18:25 1,409 --a------ C:\WINDOWS\system32\tmpC90F2.FOT

2008-02-01 14:52 . 2008-02-01 14:52 <KAT> d-------- C:\Program\GameSpy

2008-02-01 14:51 . 2008-02-01 14:51 <KAT> d-------- C:\WINDOWS\system32\LogFiles

2008-02-01 14:51 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll

2008-02-01 14:51 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll

2008-02-01 14:51 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll

2008-02-01 14:51 . 2008-02-01 14:51 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe

2008-02-01 14:51 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll

2008-02-01 14:51 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll

2008-02-01 14:51 . 2008-02-01 14:51 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe

2008-02-01 14:51 . 2008-02-01 14:51 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

2008-02-01 14:51 . 2008-02-01 14:51 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-02-01 14:51 . 2008-02-01 14:51 22,328 --a------ C:\Documents and Settings\Mattias\Application Data\PnkBstrK.sys

2008-02-01 14:50 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll

2008-02-01 14:50 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll

2008-02-01 14:39 . 2008-02-01 14:39 <KAT> d-------- C:\Program\Electronic Arts

2008-01-31 21:55 . 2007-12-04 15:44 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS

2008-01-31 21:24 . 2008-01-31 21:24 <KAT> d-------- C:\Program\SystemRequirementsLab

2008-01-31 21:24 . 2008-01-31 21:24 <KAT> d-------- C:\Documents and Settings\Mattias\Application Data\SystemRequirementsLab

2008-01-31 19:44 . 2008-01-31 19:44 <KAT> d-------- C:\Documents and Settings\Mattias\Application Data\AdobeUM

2008-01-31 08:06 . 2008-01-31 08:06 <KAT> d-------- C:\Program\Alarm Me

2008-01-29 22:01 . 2008-01-29 22:01 335 --a------ C:\WINDOWS\mozregistry.dat

2008-01-29 20:45 . 2008-01-29 20:45 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems

2008-01-29 20:44 . 2008-01-29 20:44 <KAT> d-------- C:\Program\Delade filer\Adobe Systems Shared

2008-01-29 20:38 . 2008-01-29 20:38 <KAT> d-------- C:\Program\MyPhoneExplorer

2008-01-29 20:38 . 2008-01-29 20:39 <KAT> d-------- C:\Documents and Settings\Mattias\Application Data\MyPhoneExplorer

2008-01-29 20:01 . 2008-01-29 20:01 <KAT> d-------- C:\Program\Notepad++

2008-01-29 20:01 . 2008-01-29 20:24 <KAT> d-------- C:\Documents and Settings\Mattias\Application Data\Notepad++

2008-01-29 18:51 . 2008-01-29 18:51 1,409 --a------ C:\WINDOWS\system32\tmp35AF8.FOT

2008-01-29 18:41 . 2008-01-29 18:41 1,409 --a------ C:\WINDOWS\system32\tmp510CF.FOT

2008-01-29 18:41 . 2008-01-29 18:41 1,409 --a------ C:\WINDOWS\system32\tmp430CF.FOT

2008-01-28 19:31 . 2008-01-28 19:32 <KAT> d-------- C:\Documents and Settings\Päronen\cbt

2008-01-28 19:31 . 2008-01-28 19:32 <KAT> d-------- C:\Documents and Settings\Päronen\cbt

2008-01-28 19:10 . 2008-01-31 08:07 <KAT> d-------- C:\Program\MilkShape 3D 1.8.0

2008-01-28 19:10 . 2008-01-28 19:21 <KAT> d-------- C:\Documents and Settings\Mattias\Application Data\MilkShape 3D 1.x.x

2008-01-28 19:10 . 2008-01-28 19:21 4 --a------ C:\Documents and Settings\All Users\Application Data\463DC390.DAT

2008-01-28 16:07 . 2008-01-28 16:07 1,409 --a------ C:\WINDOWS\system32\tmp70CDA.FOT

2008-01-28 16:07 . 2008-01-28 16:07 1,409 --a------ C:\WINDOWS\system32\tmp55CDA.FOT

2008-01-28 16:07 . 2008-01-28 16:07 1,409 --a------ C:\WINDOWS\system32\tmp2CB0B.FOT

2008-01-27 21:50 . 2008-01-27 22:44 <KAT> d--h----- C:\LGFolder

2008-01-27 21:48 . 2008-01-27 21:53 <KAT> d-------- C:\Program\LG PC Suite

2008-01-27 21:48 . 2008-01-27 21:48 <KAT> d-------- C:\Documents and Settings\Mattias\Application Data\LG Electronics

2008-01-27 21:46 . 2008-01-27 21:46 <KAT> d-------- C:\Program\LG Electronics

2008-01-27 21:46 . 2005-06-24 18:36 39,036 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys

2008-01-27 21:46 . 2005-05-26 11:01 38,144 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys

2008-01-27 21:46 . 2005-05-26 11:01 21,344 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys

2008-01-27 14:05 . 2008-02-01 14:41 <KAT> d-------- C:\Documents and Settings\Mattias\Shared

2008-01-27 14:05 . 2008-02-01 14:42 <KAT> d-------- C:\Documents and Settings\Mattias\Incomplete

2008-01-27 14:04 . 2008-01-27 14:04 <KAT> d-------- C:\Program\LimeWire

2008-01-27 14:04 . 2008-02-01 14:37 <KAT> d-------- C:\Documents and Settings\Mattias\Application Data\LimeWire

2008-01-27 12:58 . 2008-01-27 12:58 1,409 --a------ C:\WINDOWS\system32\tmp1DEB0.FOT

2008-01-27 12:52 . 2008-01-27 12:52 1,409 --a------ C:\WINDOWS\system32\tmpD564B.FOT

2008-01-27 12:52 . 2008-01-27 12:52 1,409 --a------ C:\WINDOWS\system32\tmpC864B.FOT

2008-01-27 11:08 . 2008-01-27 11:08 1,409 --a------ C:\WINDOWS\system32\tmp49A5B.FOT

2008-01-27 11:08 . 2008-01-27 11:08 1,409 --a------ C:\WINDOWS\system32\tmp10B5B.FOT

2008-01-27 11:08 . 2008-01-27 11:08 1,409 --a------ C:\WINDOWS\system32\tmp04F8B.FOT

2008-01-26 14:11 . 2008-01-26 14:11 <KAT> d-------- C:\Program\uTorrent

2008-01-26 14:11 . 2008-01-26 14:14 <KAT> d-------- C:\Program\GTASA-Ultimate Editor

2008-01-26 14:11 . 2008-02-02 12:24 <KAT> d-------- C:\Documents and Settings\Mattias\Application Data\uTorrent

2008-01-26 14:11 . 2008-01-26 14:11 249,856 --------- C:\WINDOWS\Setup1.exe

2008-01-26 14:11 . 2008-01-26 14:11 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-01-26 12:52 . 2008-01-26 12:52 <KAT> d-------- C:\Programmi

2008-01-26 08:09 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-01-26 08:09 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys

2008-01-26 08:09 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-01-26 08:09 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys

2008-01-26 08:08 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-01-26 08:08 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

2008-01-25 23:06 . 2008-01-25 23:06 <KAT> d-------- C:\Program\MSXML 4.0

2008-01-25 19:33 . 2008-01-25 19:33 <KAT> d-------- C:\Documents and Settings\Therese\Application Data\Talkback

2008-01-25 19:26 . 2008-02-01 19:25 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-01-25 19:20 . 2008-01-25 19:20 <KAT> d-------- C:\WINDOWS\system32\URTTemp

2008-01-25 18:52 . 2008-01-25 18:52 <KAT> d-------- C:\WINDOWS\San Andreas Mod Installer

2008-01-25 18:52 . 2008-01-25 18:53 <KAT> d-------- C:\Program\San Andreas Mod Installer

2008-01-25 18:17 . 2008-01-25 18:17 <KAT> d-------- C:\Program\Rockstar Games

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-02 20:40 --------- d-----w C:\Program\ESET

2008-01-29 19:44 --------- d-----w C:\Program\Delade filer\Adobe

2008-01-29 14:52 --------- d-----w C:\Program\epson

2008-01-27 20:55 --------- d-----w C:\Program\Game_Maker6

2008-01-27 20:53 --------- d--h--w C:\Program\InstallShield Installation Information

2008-01-24 20:53 --------- d-----w C:\Program\Google

2008-01-23 21:25 --------- d-----w C:\Program\Delade filer\SpeechEngines

2008-01-23 21:25 --------- d-----w C:\Program\Delade filer\ODBC

2008-01-23 21:24 --------- d-----w C:\Program\NetLimiter 2 Pro

2008-01-23 21:24 --------- d-----w C:\Program\Delade filer\Logitech

2008-01-23 21:23 --------- d-----w C:\Program\Delade filer\InstallShield

2008-01-23 21:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Locktime

2008-01-23 21:19 --------- d-----w C:\Program\iTunes

2008-01-23 21:19 --------- d-----w C:\Program\iPod

2008-01-23 21:19 --------- d-----w C:\Program\Guitar Pro 5

2008-01-23 21:19 --------- d-----w C:\Documents and Settings\Mattias\Application Data\Apple Computer

2008-01-23 21:18 --------- d-----w C:\Program\QuickTime

2008-01-23 21:18 --------- d-----w C:\Program\Delade filer\Apple

2008-01-23 21:18 --------- d-----w C:\Program\Apple Software Update

2008-01-23 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-01-23 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple

2008-01-23 21:14 --------- d-----w C:\Program\Microsoft ActiveSync

2008-01-23 21:13 --------- d-----w C:\Program\Teslain Crypto

2008-01-23 21:06 --------- d-----w C:\Program\Java

2008-01-23 21:06 --------- d-----w C:\Program\Delade filer\Java

2008-01-23 21:02 --------- d-----w C:\Program\CCleaner

2008-01-23 20:59 --------- d-----w C:\Program\FolderAccess

2008-01-23 20:56 --------- d-----w C:\Program\Broadcom

2008-01-23 20:56 --------- d-----w C:\Program\Analog Devices

2008-01-23 20:35 --------- d-----w C:\Program\microsoft frontpage

2008-01-23 20:33 --------- d-----w C:\Program\Onlinetjänster

2008-01-23 20:32 --------- d-----w C:\Program\Delade filer\MSSoap

2007-11-07 09:29 722,432 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-06-13 13:23 740,968 --sh--r C:\WINDOWS\system32\winsrs.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:34 15360]

"MsnMsgr"="C:\Program\MSN Messenger\MsnMsgr.exe" [ ]

"swg"="C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-25 19:33 68856]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]

"DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]

"MSMSGS"="C:\Program\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

"Comrade.exe"="C:\Program\GameSpy\Comrade\Comrade.exe" [2007-06-29 15:03 36864]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]

"nwiz"="nwiz.exe" [2007-09-17 01:07 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07 81920]

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"QuickTime Task"="C:\Program\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

"iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]

"EPSON Stylus Photo RX420 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.exe" [2004-04-09 04:00 98304]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]

"NeroFilterCheck"="C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]

"AlarmMe"="C:\Program\Alarm Me\AlarmMe.exe" [2007-03-03 16:00 2102272]

"SoundMAXPnP"="C:\Program\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42 1404928]

"WIndos Update"="winsrs.exe" [2007-06-13 14:23 740968 C:\WINDOWS\system32\winsrs.exe]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"WIndos Update"="winsrs.exe" [2007-06-13 14:23 740968 C:\WINDOWS\system32\winsrs.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:34 15360]

 

R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 12:03]

S3 se58bus;Sony Ericsson Device 088 driver (WDM);C:\WINDOWS\system32\DRIVERS\se58bus.sys [2006-09-05 18:58]

S3 se58mdfl;Sony Ericsson Device 088 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se58mdfl.sys [2006-09-05 18:59]

S3 se58mdm;Sony Ericsson Device 088 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se58mdm.sys [2006-09-05 18:59]

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-02 21:45:56

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-02-02 21:46:23

.

2008-01-29 21:05:20 --- E O F ---

[/log]

 

Länk till kommentar
Dela på andra webbplatser

 

[log]Kopiera alla rader nedan

 

 

File::

C:\WINDOWS\nirvana_maggot.exe.zip

C:\WINDOWS\oskuldforlife.exe.zip

C:\WINDOWS\mats_joensson.exe.zip

C:\WINDOWS\sandra_lilja.exe.zip

C:\WINDOWS\oliviaflasch.exe.zip

C:\WINDOWS\rap_cs_alex.exe.zip

C:\WINDOWS\lina.4.life.exe.zip

C:\WINDOWS\hi_im_lost.exe.zip

C:\WINDOWS\xtrmsupra.exe.zip

C:\WINDOWS\snoddas93.exe.zip

C:\WINDOWS\pic0382.zip

C:\WINDOWS\jojjet.exe.zip

C:\WINDOWS\system32\winsrs.exe

 

 

 

och klistra in i notepad.

Spara den på Skrivbordet med namn CFScript

 

Sen dra CFScript med musen i Combofix och kör den.

Skicka loggen som kommer ut och en ny Hijack log.[/log]

 

Länk till kommentar
Dela på andra webbplatser

Jag råkade ta bort den första combofix loggen då det raderade filerna men jag gjorde en ny med CFScript och då var ju filerna borttagna här är den:

[log]ComboFix 08-02.03.1 - Mattias 2008-02-02 22:48:27.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.46.1053.18.499 [GMT 1:00]

Running from: C:\Documents and Settings\Mattias\Skrivbord\ComboFix.exe

Command switches used :: C:\Documents and Settings\Mattias\Skrivbord\CFScript.txt

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

 

FILE

C:\WINDOWS\hi_im_lost.exe.zip

C:\WINDOWS\jojjet.exe.zip

C:\WINDOWS\lina.4.life.exe.zip

C:\WINDOWS\mats_joensson.exe.zip

C:\WINDOWS\nirvana_maggot.exe.zip

C:\WINDOWS\oliviaflasch.exe.zip

C:\WINDOWS\oskuldforlife.exe.zip

C:\WINDOWS\pic0382.zip

C:\WINDOWS\rap_cs_alex.exe.zip

C:\WINDOWS\sandra_lilja.exe.zip

C:\WINDOWS\snoddas93.exe.zip

C:\WINDOWS\system32\winsrs.exe

C:\WINDOWS\xtrmsupra.exe.zip

.

 

((((((((((((((((((((((((( Files Created from 2008-01-02 to 2008-02-02 )))))))))))))))))))))))))))))))

.

 

2008-02-02 21:49 . 2008-02-02 21:49 <KAT> d-------- C:\Program\SiteAdvisor

2008-02-02 21:49 . 2008-02-02 21:49 <KAT> d-------- C:\Documents and Settings\Mattias\Application Data\SiteAdvisor

2008-02-02 21:48 . 2008-02-02 21:48 <KAT> d-------- C:\WINDOWS\LastGood

2008-02-02 21:48 . 2008-02-02 21:48 <KAT> d-------- C:\Program\McAfee.com

2008-02-02 21:48 . 2008-02-02 21:49 <KAT> d-------- C:\Program\McAfee

2008-02-02 21:48 . 2008-02-02 21:48 <KAT> d-------- C:\Program\Delade filer\McAfee

2008-02-02 21:48 . 2006-07-14 00:09 161,768 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys

2008-02-02 21:48 . 2006-07-17 21:56 104,024 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys

2008-02-02 21:48 . 2006-07-08 15:46 84,744 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys

2008-02-02 21:48 . 2006-07-14 00:10 37,800 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys

2008-02-02 21:48 . 2006-07-14 00:09 33,896 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys

2008-02-02 21:48 . 2006-07-14 00:09 31,560 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys

2008-02-02 21:48 . 2006-07-27 16:45 1,808 --a------ C:\WINDOWS\system32\subst.inf

2008-02-02 21:47 . 2008-02-02 21:50 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\McAfee

2008-02-02 21:18 . 2006-09-05 18:59 97,088 -ra------ C:\WINDOWS\system32\drivers\se58mdm.sys

2008-02-02 21:18 . 2006-09-05 18:59 9,360 -ra------ C:\WINDOWS\system32\drivers\se58mdfl.sys

2008-02-02 21:18 . 2006-09-05 19:00 6,240 -ra------ C:\WINDOWS\system32\drivers\se58cmnt.sys

2008-02-02 21:18 . 2006-09-05 19:00 6,240 -ra------ C:\WINDOWS\system32\drivers\se58cm.sys

2008-02-02 21:01 . 2008-02-02 21:01 <KAT> d-------- C:\Program\Disc2Phone

2008-02-02 20:59 . 2006-09-05 18:58 61,536 -ra------ C:\WINDOWS\system32\drivers\se58bus.sys

2008-02-02 20:59 . 2006-09-05 18:58 5,872 -ra------ C:\WINDOWS\system32\drivers\se58whnt.sys

2008-02-02 20:59 . 2006-09-05 18:58 5,872 -ra------ C:\WINDOWS\system32\drivers\se58wh.sys

2008-02-01 19:25 . 2008-02-01 19:25 <KAT> dr-h----- C:\Documents and Settings\Therese\Application Data\SecuROM

2008-02-01 18:51 . 2008-02-01 19:21 <KAT> d-------- C:\Program\EA GAMES

2008-02-01 18:51 . 2005-02-26 06:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll

2008-02-01 18:27 . 2008-02-01 18:27 1,409 --a------ C:\WINDOWS\system32\tmp08005.FOT

2008-02-01 18:25 . 2008-02-01 18:25 1,409 --a------ C:\WINDOWS\system32\tmpE30F2.FOT

2008-02-01 18:25 . 2008-02-01 18:25 1,409 --a------ C:\WINDOWS\system32\tmpC90F2.FOT

2008-02-01 14:52 . 2008-02-01 14:52 <KAT> d-------- C:\Program\GameSpy

2008-02-01 14:51 . 2008-02-01 14:51 <KAT> d-------- C:\WINDOWS\system32\LogFiles

2008-02-01 14:51 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll

2008-02-01 14:51 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll

2008-02-01 14:51 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll

2008-02-01 14:51 . 2008-02-01 14:51 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe

2008-02-01 14:51 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll

2008-02-01 14:51 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll

2008-02-01 14:51 . 2008-02-01 14:51 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe

2008-02-01 14:51 . 2008-02-01 14:51 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

2008-02-01 14:51 . 2008-02-01 14:51 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-02-01 14:51 . 2008-02-01 14:51 22,328 --a------ C:\Documents and Settings\Mattias\Application Data\PnkBstrK.sys

2008-02-01 14:50 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll

2008-02-01 14:50 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll

2008-02-01 14:39 . 2008-02-01 14:39 <KAT> d-------- C:\Program\Electronic Arts

2008-01-31 21:55 . 2007-12-04 15:44 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS

2008-01-31 21:24 . 2008-01-31 21:24 <KAT> d-------- C:\Program\SystemRequirementsLab

2008-01-31 21:24 . 2008-01-31 21:24 <KAT> d-------- C:\Documents and Settings\Mattias\Application Data\SystemRequirementsLab

2008-01-31 19:44 . 2008-01-31 19:44 <KAT> d-------- C:\Documents and Settings\Mattias\Application Data\AdobeUM

2008-01-31 08:06 . 2008-01-31 08:06 <KAT> d-------- C:\Program\Alarm Me

2008-01-29 22:01 . 2008-01-29 22:01 335 --a------ C:\WINDOWS\mozregistry.dat

2008-01-29 20:45 . 2008-01-29 20:45 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems

2008-01-29 20:44 . 2008-01-29 20:44 <KAT> d-------- C:\Program\Delade filer\Adobe Systems Shared

2008-01-29 20:38 . 2008-01-29 20:38 <KAT> d-------- C:\Program\MyPhoneExplorer

2008-01-29 20:38 . 2008-01-29 20:39 <KAT> d-------- C:\Documents and Settings\Mattias\Application Data\MyPhoneExplorer

2008-01-29 20:01 . 2008-01-29 20:01 <KAT> d-------- C:\Program\Notepad++

2008-01-29 20:01 . 2008-01-29 20:24 <KAT> d-------- C:\Documents and Settings\Mattias\Application Data\Notepad++

2008-01-29 18:51 . 2008-01-29 18:51 1,409 --a------ C:\WINDOWS\system32\tmp35AF8.FOT

2008-01-29 18:41 . 2008-01-29 18:41 1,409 --a------ C:\WINDOWS\system32\tmp510CF.FOT

2008-01-29 18:41 . 2008-01-29 18:41 1,409 --a------ C:\WINDOWS\system32\tmp430CF.FOT

2008-01-28 19:31 . 2008-01-28 19:32 <KAT> d-------- C:\Documents and Settings\Päronen\cbt

2008-01-28 19:31 . 2008-01-28 19:32 <KAT> d-------- C:\Documents and Settings\Päronen\cbt

2008-01-28 19:10 . 2008-01-31 08:07 <KAT> d-------- C:\Program\MilkShape 3D 1.8.0

2008-01-28 19:10 . 2008-01-28 19:21 <KAT> d-------- C:\Documents and Settings\Mattias\Application Data\MilkShape 3D 1.x.x

2008-01-28 19:10 . 2008-01-28 19:21 4 --a------ C:\Documents and Settings\All Users\Application Data\463DC390.DAT

2008-01-28 16:07 . 2008-01-28 16:07 1,409 --a------ C:\WINDOWS\system32\tmp70CDA.FOT

2008-01-28 16:07 . 2008-01-28 16:07 1,409 --a------ C:\WINDOWS\system32\tmp55CDA.FOT

2008-01-28 16:07 . 2008-01-28 16:07 1,409 --a------ C:\WINDOWS\system32\tmp2CB0B.FOT

2008-01-27 21:50 . 2008-01-27 22:44 <KAT> d--h----- C:\LGFolder

2008-01-27 21:48 . 2008-01-27 21:53 <KAT> d-------- C:\Program\LG PC Suite

2008-01-27 21:48 . 2008-01-27 21:48 <KAT> d-------- C:\Documents and Settings\Mattias\Application Data\LG Electronics

2008-01-27 21:46 . 2008-01-27 21:46 <KAT> d-------- C:\Program\LG Electronics

2008-01-27 21:46 . 2005-06-24 18:36 39,036 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys

2008-01-27 21:46 . 2005-05-26 11:01 38,144 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys

2008-01-27 21:46 . 2005-05-26 11:01 21,344 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys

2008-01-27 14:05 . 2008-02-01 14:41 <KAT> d-------- C:\Documents and Settings\Mattias\Shared

2008-01-27 14:05 . 2008-02-01 14:42 <KAT> d-------- C:\Documents and Settings\Mattias\Incomplete

2008-01-27 14:04 . 2008-01-27 14:04 <KAT> d-------- C:\Program\LimeWire

2008-01-27 14:04 . 2008-02-01 14:37 <KAT> d-------- C:\Documents and Settings\Mattias\Application Data\LimeWire

2008-01-27 12:58 . 2008-01-27 12:58 1,409 --a------ C:\WINDOWS\system32\tmp1DEB0.FOT

2008-01-27 12:52 . 2008-01-27 12:52 1,409 --a------ C:\WINDOWS\system32\tmpD564B.FOT

2008-01-27 12:52 . 2008-01-27 12:52 1,409 --a------ C:\WINDOWS\system32\tmpC864B.FOT

2008-01-27 11:08 . 2008-01-27 11:08 1,409 --a------ C:\WINDOWS\system32\tmp49A5B.FOT

2008-01-27 11:08 . 2008-01-27 11:08 1,409 --a------ C:\WINDOWS\system32\tmp10B5B.FOT

2008-01-27 11:08 . 2008-01-27 11:08 1,409 --a------ C:\WINDOWS\system32\tmp04F8B.FOT

2008-01-26 14:11 . 2008-01-26 14:11 <KAT> d-------- C:\Program\uTorrent

2008-01-26 14:11 . 2008-01-26 14:14 <KAT> d-------- C:\Program\GTASA-Ultimate Editor

2008-01-26 14:11 . 2008-02-02 12:24 <KAT> d-------- C:\Documents and Settings\Mattias\Application Data\uTorrent

2008-01-26 14:11 . 2008-01-26 14:11 249,856 --------- C:\WINDOWS\Setup1.exe

2008-01-26 14:11 . 2008-01-26 14:11 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-01-26 12:52 . 2008-01-26 12:52 <KAT> d-------- C:\Programmi

2008-01-26 08:09 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-01-26 08:09 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys

2008-01-26 08:09 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-01-26 08:09 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys

2008-01-26 08:08 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-01-26 08:08 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

2008-01-25 23:06 . 2008-01-25 23:06 <KAT> d-------- C:\Program\MSXML 4.0

2008-01-25 19:33 . 2008-01-25 19:33 <KAT> d-------- C:\Documents and Settings\Therese\Application Data\Talkback

2008-01-25 19:26 . 2008-02-01 19:25 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-01-25 19:20 . 2008-01-25 19:20 <KAT> d-------- C:\WINDOWS\system32\URTTemp

2008-01-25 18:52 . 2008-01-25 18:52 <KAT> d-------- C:\WINDOWS\San Andreas Mod Installer

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-02 20:40 --------- d-----w C:\Program\ESET

2008-01-29 19:44 --------- d-----w C:\Program\Delade filer\Adobe

2008-01-29 14:52 --------- d-----w C:\Program\epson

2008-01-27 20:55 --------- d-----w C:\Program\Game_Maker6

2008-01-27 20:53 --------- d--h--w C:\Program\InstallShield Installation Information

2008-01-24 20:53 --------- d-----w C:\Program\Google

2008-01-23 21:25 --------- d-----w C:\Program\Delade filer\SpeechEngines

2008-01-23 21:25 --------- d-----w C:\Program\Delade filer\ODBC

2008-01-23 21:24 --------- d-----w C:\Program\NetLimiter 2 Pro

2008-01-23 21:24 --------- d-----w C:\Program\Delade filer\Logitech

2008-01-23 21:23 --------- d-----w C:\Program\Delade filer\InstallShield

2008-01-23 21:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Locktime

2008-01-23 21:19 --------- d-----w C:\Program\iTunes

2008-01-23 21:19 --------- d-----w C:\Program\iPod

2008-01-23 21:19 --------- d-----w C:\Program\Guitar Pro 5

2008-01-23 21:19 --------- d-----w C:\Documents and Settings\Mattias\Application Data\Apple Computer

2008-01-23 21:18 --------- d-----w C:\Program\QuickTime

2008-01-23 21:18 --------- d-----w C:\Program\Delade filer\Apple

2008-01-23 21:18 --------- d-----w C:\Program\Apple Software Update

2008-01-23 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-01-23 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple

2008-01-23 21:14 --------- d-----w C:\Program\Microsoft ActiveSync

2008-01-23 21:13 --------- d-----w C:\Program\Teslain Crypto

2008-01-23 21:06 --------- d-----w C:\Program\Java

2008-01-23 21:06 --------- d-----w C:\Program\Delade filer\Java

2008-01-23 21:02 --------- d-----w C:\Program\CCleaner

2008-01-23 20:59 --------- d-----w C:\Program\FolderAccess

2008-01-23 20:56 --------- d-----w C:\Program\Broadcom

2008-01-23 20:56 --------- d-----w C:\Program\Analog Devices

2008-01-23 20:35 --------- d-----w C:\Program\microsoft frontpage

2008-01-23 20:33 --------- d-----w C:\Program\Onlinetjänster

2008-01-23 20:32 --------- d-----w C:\Program\Delade filer\MSSoap

2007-11-07 09:29 722,432 ----a-w C:\WINDOWS\system32\lsasrv.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:34 15360]

"MsnMsgr"="C:\Program\MSN Messenger\MsnMsgr.exe" [ ]

"swg"="C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-25 19:33 68856]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]

"DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]

"MSMSGS"="C:\Program\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

"Comrade.exe"="C:\Program\GameSpy\Comrade\Comrade.exe" [2007-06-29 15:03 36864]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]

"nwiz"="nwiz.exe" [2007-09-17 01:07 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07 81920]

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"QuickTime Task"="C:\Program\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

"iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]

"EPSON Stylus Photo RX420 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.exe" [2004-04-09 04:00 98304]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]

"NeroFilterCheck"="C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]

"AlarmMe"="C:\Program\Alarm Me\AlarmMe.exe" [2007-03-03 16:00 2102272]

"SoundMAXPnP"="C:\Program\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42 1404928]

"WIndos Update"="winsrs.exe" []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"WIndos Update"="winsrs.exe" []

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:34 15360]

 

R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 12:03]

S3 se58bus;Sony Ericsson Device 088 driver (WDM);C:\WINDOWS\system32\DRIVERS\se58bus.sys [2006-09-05 18:58]

S3 se58mdfl;Sony Ericsson Device 088 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se58mdfl.sys [2006-09-05 18:59]

S3 se58mdm;Sony Ericsson Device 088 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se58mdm.sys [2006-09-05 18:59]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0dbc0d7e-d094-11dc-af51-001111c2139b}]

\Shell\AutoRun\command - setupSNK.exe

 

*Newly Created Service* - EMPROXY

*Newly Created Service* - IPFILTERDRIVER

*Newly Created Service* - MCAFEE_HACKERWATCH_SERVICE

*Newly Created Service* - MCLOGMANAGERSERVICE

*Newly Created Service* - MCMISPUPDMGR

*Newly Created Service* - MCNASVC

*Newly Created Service* - MCODS

*Newly Created Service* - MCPROMGR

*Newly Created Service* - MCREDIRECTOR

*Newly Created Service* - MCSHIELD

*Newly Created Service* - MCSYSMON

*Newly Created Service* - MCTSKSHD.EXE

*Newly Created Service* - MCUSRMGR

*Newly Created Service* - MFEAVFK

*Newly Created Service* - MFEBOPK

*Newly Created Service* - MFEHIDK

*Newly Created Service* - MFERKDK

*Newly Created Service* - MFESMFK

*Newly Created Service* - MPFP

*Newly Created Service* - MPFSERVICE

.

Contents of the 'Scheduled Tasks' folder

"2008-02-02 20:48:37 C:\WINDOWS\Tasks\McDefragTask.job"

- C:\WINDOWS\system32\defrag.exe

"2008-02-02 20:48:35 C:\WINDOWS\Tasks\McQcTask.job"

- c:\program\mcafee\mqc\QcConsol.exe.4158 0

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net'>http://www.gmer.net

Rootkit scan 2008-02-02 22:49:21

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-02-02 22:49:54

ComboFix-quarantined-files.txt 2008-02-02 21:49:46

ComboFix2.txt 2008-02-02 21:46:41

ComboFix3.txt 2008-02-02 20:46:23

.

2008-01-29 21:05:20 --- E O F ---

[/log]

 

Här är en ny "från scratch" ComboFix eftersom jag råkade ta bort den första..

[log]ComboFix 08-02.03.1 - Mattias 2008-02-02 22:52:24.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.495 [GMT 1:00]

Running from: C:\Documents and Settings\Mattias\Skrivbord\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-01-02 to 2008-02-02 )))))))))))))))))))))))))))))))

.

 

2008-02-02 21:49 . 2008-02-02 21:49 <KAT> d-------- C:\Program\SiteAdvisor

2008-02-02 21:49 . 2008-02-02 21:49 <KAT> d-------- C:\Documents and Settings\Mattias\Application Data\SiteAdvisor

2008-02-02 21:48 . 2008-02-02 21:48 <KAT> d-------- C:\WINDOWS\LastGood

2008-02-02 21:48 . 2008-02-02 21:48 <KAT> d-------- C:\Program\McAfee.com

2008-02-02 21:48 . 2008-02-02 21:49 <KAT> d-------- C:\Program\McAfee

2008-02-02 21:48 . 2008-02-02 21:48 <KAT> d-------- C:\Program\Delade filer\McAfee

2008-02-02 21:48 . 2006-07-14 00:09 161,768 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys

2008-02-02 21:48 . 2006-07-17 21:56 104,024 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys

2008-02-02 21:48 . 2006-07-08 15:46 84,744 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys

2008-02-02 21:48 . 2006-07-14 00:10 37,800 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys

2008-02-02 21:48 . 2006-07-14 00:09 33,896 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys

2008-02-02 21:48 . 2006-07-14 00:09 31,560 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys

2008-02-02 21:48 . 2006-07-27 16:45 1,808 --a------ C:\WINDOWS\system32\subst.inf

2008-02-02 21:47 . 2008-02-02 21:50 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\McAfee

2008-02-02 21:18 . 2006-09-05 18:59 97,088 -ra------ C:\WINDOWS\system32\drivers\se58mdm.sys

2008-02-02 21:18 . 2006-09-05 18:59 9,360 -ra------ C:\WINDOWS\system32\drivers\se58mdfl.sys

2008-02-02 21:18 . 2006-09-05 19:00 6,240 -ra------ C:\WINDOWS\system32\drivers\se58cmnt.sys

2008-02-02 21:18 . 2006-09-05 19:00 6,240 -ra------ C:\WINDOWS\system32\drivers\se58cm.sys

2008-02-02 21:01 . 2008-02-02 21:01 <KAT> d-------- C:\Program\Disc2Phone

2008-02-02 20:59 . 2006-09-05 18:58 61,536 -ra------ C:\WINDOWS\system32\drivers\se58bus.sys

2008-02-02 20:59 . 2006-09-05 18:58 5,872 -ra------ C:\WINDOWS\system32\drivers\se58whnt.sys

2008-02-02 20:59 . 2006-09-05 18:58 5,872 -ra------ C:\WINDOWS\system32\drivers\se58wh.sys

2008-02-01 19:25 . 2008-02-01 19:25 <KAT> dr-h----- C:\Documents and Settings\Therese\Application Data\SecuROM

2008-02-01 18:51 . 2008-02-01 19:21 <KAT> d-------- C:\Program\EA GAMES

2008-02-01 18:51 . 2005-02-26 06:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll

2008-02-01 18:27 . 2008-02-01 18:27 1,409 --a------ C:\WINDOWS\system32\tmp08005.FOT

2008-02-01 18:25 . 2008-02-01 18:25 1,409 --a------ C:\WINDOWS\system32\tmpE30F2.FOT

2008-02-01 18:25 . 2008-02-01 18:25 1,409 --a------ C:\WINDOWS\system32\tmpC90F2.FOT

2008-02-01 14:52 . 2008-02-01 14:52 <KAT> d-------- C:\Program\GameSpy

2008-02-01 14:51 . 2008-02-01 14:51 <KAT> d-------- C:\WINDOWS\system32\LogFiles

2008-02-01 14:51 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll

2008-02-01 14:51 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll

2008-02-01 14:51 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll

2008-02-01 14:51 . 2008-02-01 14:51 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe

2008-02-01 14:51 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll

2008-02-01 14:51 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll

2008-02-01 14:51 . 2008-02-01 14:51 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe

2008-02-01 14:51 . 2008-02-01 14:51 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

2008-02-01 14:51 . 2008-02-01 14:51 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-02-01 14:51 . 2008-02-01 14:51 22,328 --a------ C:\Documents and Settings\Mattias\Application Data\PnkBstrK.sys

2008-02-01 14:50 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll

2008-02-01 14:50 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll

2008-02-01 14:39 . 2008-02-01 14:39 <KAT> d-------- C:\Program\Electronic Arts

2008-01-31 21:55 . 2007-12-04 15:44 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS

2008-01-31 21:24 . 2008-01-31 21:24 <KAT> d-------- C:\Program\SystemRequirementsLab

2008-01-31 21:24 . 2008-01-31 21:24 <KAT> d-------- C:\Documents and Settings\Mattias\Application Data\SystemRequirementsLab

2008-01-31 19:44 . 2008-01-31 19:44 <KAT> d-------- C:\Documents and Settings\Mattias\Application Data\AdobeUM

2008-01-31 08:06 . 2008-01-31 08:06 <KAT> d-------- C:\Program\Alarm Me

2008-01-29 22:01 . 2008-01-29 22:01 335 --a------ C:\WINDOWS\mozregistry.dat

2008-01-29 20:45 . 2008-01-29 20:45 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems

2008-01-29 20:44 . 2008-01-29 20:44 <KAT> d-------- C:\Program\Delade filer\Adobe Systems Shared

2008-01-29 20:38 . 2008-01-29 20:38 <KAT> d-------- C:\Program\MyPhoneExplorer

2008-01-29 20:38 . 2008-01-29 20:39 <KAT> d-------- C:\Documents and Settings\Mattias\Application Data\MyPhoneExplorer

2008-01-29 20:01 . 2008-01-29 20:01 <KAT> d-------- C:\Program\Notepad++

2008-01-29 20:01 . 2008-01-29 20:24 <KAT> d-------- C:\Documents and Settings\Mattias\Application Data\Notepad++

2008-01-29 18:51 . 2008-01-29 18:51 1,409 --a------ C:\WINDOWS\system32\tmp35AF8.FOT

2008-01-29 18:41 . 2008-01-29 18:41 1,409 --a------ C:\WINDOWS\system32\tmp510CF.FOT

2008-01-29 18:41 . 2008-01-29 18:41 1,409 --a------ C:\WINDOWS\system32\tmp430CF.FOT

2008-01-28 19:31 . 2008-01-28 19:32 <KAT> d-------- C:\Documents and Settings\Päronen\cbt

2008-01-28 19:31 . 2008-01-28 19:32 <KAT> d-------- C:\Documents and Settings\Päronen\cbt

2008-01-28 19:10 . 2008-01-31 08:07 <KAT> d-------- C:\Program\MilkShape 3D 1.8.0

2008-01-28 19:10 . 2008-01-28 19:21 <KAT> d-------- C:\Documents and Settings\Mattias\Application Data\MilkShape 3D 1.x.x

2008-01-28 19:10 . 2008-01-28 19:21 4 --a------ C:\Documents and Settings\All Users\Application Data\463DC390.DAT

2008-01-28 16:07 . 2008-01-28 16:07 1,409 --a------ C:\WINDOWS\system32\tmp70CDA.FOT

2008-01-28 16:07 . 2008-01-28 16:07 1,409 --a------ C:\WINDOWS\system32\tmp55CDA.FOT

2008-01-28 16:07 . 2008-01-28 16:07 1,409 --a------ C:\WINDOWS\system32\tmp2CB0B.FOT

2008-01-27 21:50 . 2008-01-27 22:44 <KAT> d--h----- C:\LGFolder

2008-01-27 21:48 . 2008-01-27 21:53 <KAT> d-------- C:\Program\LG PC Suite

2008-01-27 21:48 . 2008-01-27 21:48 <KAT> d-------- C:\Documents and Settings\Mattias\Application Data\LG Electronics

2008-01-27 21:46 . 2008-01-27 21:46 <KAT> d-------- C:\Program\LG Electronics

2008-01-27 21:46 . 2005-06-24 18:36 39,036 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys

2008-01-27 21:46 . 2005-05-26 11:01 38,144 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys

2008-01-27 21:46 . 2005-05-26 11:01 21,344 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys

2008-01-27 14:05 . 2008-02-01 14:41 <KAT> d-------- C:\Documents and Settings\Mattias\Shared

2008-01-27 14:05 . 2008-02-01 14:42 <KAT> d-------- C:\Documents and Settings\Mattias\Incomplete

2008-01-27 14:04 . 2008-01-27 14:04 <KAT> d-------- C:\Program\LimeWire

2008-01-27 14:04 . 2008-02-01 14:37 <KAT> d-------- C:\Documents and Settings\Mattias\Application Data\LimeWire

2008-01-27 12:58 . 2008-01-27 12:58 1,409 --a------ C:\WINDOWS\system32\tmp1DEB0.FOT

2008-01-27 12:52 . 2008-01-27 12:52 1,409 --a------ C:\WINDOWS\system32\tmpD564B.FOT

2008-01-27 12:52 . 2008-01-27 12:52 1,409 --a------ C:\WINDOWS\system32\tmpC864B.FOT

2008-01-27 11:08 . 2008-01-27 11:08 1,409 --a------ C:\WINDOWS\system32\tmp49A5B.FOT

2008-01-27 11:08 . 2008-01-27 11:08 1,409 --a------ C:\WINDOWS\system32\tmp10B5B.FOT

2008-01-27 11:08 . 2008-01-27 11:08 1,409 --a------ C:\WINDOWS\system32\tmp04F8B.FOT

2008-01-26 14:11 . 2008-01-26 14:11 <KAT> d-------- C:\Program\uTorrent

2008-01-26 14:11 . 2008-01-26 14:14 <KAT> d-------- C:\Program\GTASA-Ultimate Editor

2008-01-26 14:11 . 2008-02-02 12:24 <KAT> d-------- C:\Documents and Settings\Mattias\Application Data\uTorrent

2008-01-26 14:11 . 2008-01-26 14:11 249,856 --------- C:\WINDOWS\Setup1.exe

2008-01-26 14:11 . 2008-01-26 14:11 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-01-26 12:52 . 2008-01-26 12:52 <KAT> d-------- C:\Programmi

2008-01-26 08:09 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-01-26 08:09 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys

2008-01-26 08:09 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-01-26 08:09 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys

2008-01-26 08:08 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-01-26 08:08 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

2008-01-25 23:06 . 2008-01-25 23:06 <KAT> d-------- C:\Program\MSXML 4.0

2008-01-25 19:33 . 2008-01-25 19:33 <KAT> d-------- C:\Documents and Settings\Therese\Application Data\Talkback

2008-01-25 19:26 . 2008-02-01 19:25 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-01-25 19:20 . 2008-01-25 19:20 <KAT> d-------- C:\WINDOWS\system32\URTTemp

2008-01-25 18:52 . 2008-01-25 18:52 <KAT> d-------- C:\WINDOWS\San Andreas Mod Installer

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-02 20:40 --------- d-----w C:\Program\ESET

2008-01-29 19:44 --------- d-----w C:\Program\Delade filer\Adobe

2008-01-29 14:52 --------- d-----w C:\Program\epson

2008-01-27 20:55 --------- d-----w C:\Program\Game_Maker6

2008-01-27 20:53 --------- d--h--w C:\Program\InstallShield Installation Information

2008-01-24 20:53 --------- d-----w C:\Program\Google

2008-01-23 21:25 --------- d-----w C:\Program\Delade filer\SpeechEngines

2008-01-23 21:25 --------- d-----w C:\Program\Delade filer\ODBC

2008-01-23 21:24 --------- d-----w C:\Program\NetLimiter 2 Pro

2008-01-23 21:24 --------- d-----w C:\Program\Delade filer\Logitech

2008-01-23 21:23 --------- d-----w C:\Program\Delade filer\InstallShield

2008-01-23 21:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Locktime

2008-01-23 21:19 --------- d-----w C:\Program\iTunes

2008-01-23 21:19 --------- d-----w C:\Program\iPod

2008-01-23 21:19 --------- d-----w C:\Program\Guitar Pro 5

2008-01-23 21:19 --------- d-----w C:\Documents and Settings\Mattias\Application Data\Apple Computer

2008-01-23 21:18 --------- d-----w C:\Program\QuickTime

2008-01-23 21:18 --------- d-----w C:\Program\Delade filer\Apple

2008-01-23 21:18 --------- d-----w C:\Program\Apple Software Update

2008-01-23 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-01-23 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple

2008-01-23 21:14 --------- d-----w C:\Program\Microsoft ActiveSync

2008-01-23 21:13 --------- d-----w C:\Program\Teslain Crypto

2008-01-23 21:06 --------- d-----w C:\Program\Java

2008-01-23 21:06 --------- d-----w C:\Program\Delade filer\Java

2008-01-23 21:02 --------- d-----w C:\Program\CCleaner

2008-01-23 20:59 --------- d-----w C:\Program\FolderAccess

2008-01-23 20:56 --------- d-----w C:\Program\Broadcom

2008-01-23 20:56 --------- d-----w C:\Program\Analog Devices

2008-01-23 20:35 --------- d-----w C:\Program\microsoft frontpage

2008-01-23 20:33 --------- d-----w C:\Program\Onlinetjänster

2008-01-23 20:32 --------- d-----w C:\Program\Delade filer\MSSoap

2007-11-07 09:29 722,432 ----a-w C:\WINDOWS\system32\lsasrv.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:34 15360]

"MsnMsgr"="C:\Program\MSN Messenger\MsnMsgr.exe" [ ]

"swg"="C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-25 19:33 68856]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]

"DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]

"MSMSGS"="C:\Program\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

"Comrade.exe"="C:\Program\GameSpy\Comrade\Comrade.exe" [2007-06-29 15:03 36864]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]

"nwiz"="nwiz.exe" [2007-09-17 01:07 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07 81920]

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"QuickTime Task"="C:\Program\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

"iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]

"EPSON Stylus Photo RX420 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.exe" [2004-04-09 04:00 98304]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]

"NeroFilterCheck"="C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]

"AlarmMe"="C:\Program\Alarm Me\AlarmMe.exe" [2007-03-03 16:00 2102272]

"SoundMAXPnP"="C:\Program\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42 1404928]

"WIndos Update"="winsrs.exe" []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

"WIndos Update"="winsrs.exe" []

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:34 15360]

 

R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 12:03]

S3 se58bus;Sony Ericsson Device 088 driver (WDM);C:\WINDOWS\system32\DRIVERS\se58bus.sys [2006-09-05 18:58]

S3 se58mdfl;Sony Ericsson Device 088 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se58mdfl.sys [2006-09-05 18:59]

S3 se58mdm;Sony Ericsson Device 088 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se58mdm.sys [2006-09-05 18:59]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0dbc0d7e-d094-11dc-af51-001111c2139b}]

\Shell\AutoRun\command - setupSNK.exe

 

*Newly Created Service* - EMPROXY

*Newly Created Service* - IPFILTERDRIVER

*Newly Created Service* - MCAFEE_HACKERWATCH_SERVICE

*Newly Created Service* - MCLOGMANAGERSERVICE

*Newly Created Service* - MCMISPUPDMGR

*Newly Created Service* - MCNASVC

*Newly Created Service* - MCODS

*Newly Created Service* - MCPROMGR

*Newly Created Service* - MCREDIRECTOR

*Newly Created Service* - MCSHIELD

*Newly Created Service* - MCSYSMON

*Newly Created Service* - MCTSKSHD.EXE

*Newly Created Service* - MCUSRMGR

*Newly Created Service* - MFEAVFK

*Newly Created Service* - MFEBOPK

*Newly Created Service* - MFEHIDK

*Newly Created Service* - MFERKDK

*Newly Created Service* - MFESMFK

*Newly Created Service* - MPFP

*Newly Created Service* - MPFSERVICE

.

Contents of the 'Scheduled Tasks' folder

"2008-02-02 20:48:37 C:\WINDOWS\Tasks\McDefragTask.job"

- C:\WINDOWS\system32\defrag.exe

"2008-02-02 20:48:35 C:\WINDOWS\Tasks\McQcTask.job"

- c:\program\mcafee\mqc\QcConsol.exe.4158 0

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-02 22:53:19

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-02-02 22:53:51

ComboFix-quarantined-files.txt 2008-02-02 21:53:43

ComboFix2.txt 2008-02-02 21:49:55

ComboFix3.txt 2008-02-02 21:46:41

ComboFix4.txt 2008-02-02 20:46:23

.

2008-01-29 21:05:20 --- E O F ---

[/log]

 

Och till sist en ny Hijack logg:

[log]Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 22:57:02, on 2008-02-02

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\LckFldService.exe

C:\Program\NetLimiter 2 Pro\nlsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\Java\jre1.6.0_03\bin\jusched.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program\Alarm Me\AlarmMe.exe

C:\Program\Analog Devices\Core\smax4pnp.exe

C:\Program\NetLimiter 2 Pro\NLClient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe

C:\Program\DAEMON Tools\daemon.exe

C:\Program\Messenger\msmsgs.exe

C:\WINDOWS\system32\winsrs.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\McAfee\MSC\mcpromgr.exe

C:\Program\McAfee\MSC\mcusrmgr.exe

C:\Program\McAfee\MSC\mcupdmgr.exe

C:\Program\McAfee\MSC\mclogsrv.exe

C:\Program\McAfee\MSC\mctskshd.exe

c:\program\mcafee.com\agent\mcagent.exe

c:\program\delade filer\mcafee\mna\mcnasvc.exe

C:\Program\McAfee\VIRUSS~1\mcshield.exe

C:\Program\Delade filer\McAfee\HackerWatch\HWAPI.exe

c:\program\DELADE~1\mcafee\redirsvc\redirsvc.exe

C:\Program\DELADE~1\McAfee\EmProxy\emproxy.exe

C:\Program\McAfee\VIRUSS~1\mcods.exe

C:\Program\McAfee\MPF\MPFSrv.exe

C:\Program\Mozilla Firefox\firefox.exe

c:\program\mcafee\msc\mcuimgr.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Mattias\Skrivbord\HiJackThis_v2.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33171&LegitCheckError=8

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program\SiteAdvisor\SiteAdv.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program\mcafee\virusscan\scriptsn.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program\SiteAdvisor\SiteAdv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [AlarmMe] "C:\Program\Alarm Me\AlarmMe.exe" "-h"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [WIndos Update] winsrs.exe

O4 - HKLM\..\RunServices: [WIndos Update] winsrs.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Comrade.exe] C:\Program\GameSpy\Comrade\Comrade.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\Program\DELADE~1\McAfee\EmProxy\emproxy.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program\Delade filer\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\Program\McAfee\MSC\mclogsrv.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\Program\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program\delade filer\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\Program\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\program\DELADE~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\Program\McAfee\MSC\mctskshd.exe

O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\Program\McAfee\MSC\mcusrmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program\McAfee\MPF\MPFSrv.exe

O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program\NetLimiter 2 Pro\nlsvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

--

End of file - 8867 bytes

[/log]

 

Länk till kommentar
Dela på andra webbplatser

 

Scanna med Hijack bocka i följande rader stäng Web-läsaren och klicka Fix checked

 

O4 - HKLM\..\Run: [WIndos Update] winsrs.exe

O4 - HKLM\..\RunServices: [WIndos Update] winsrs.exe

 

sen ska det vara ok enligt loggar.

 

 

 

 

Länk till kommentar
Dela på andra webbplatser

Gjorde det!

Tack så mycket för hjälpen! :)

 

Gjorde två sista sökningar för säkerhets skull:

 

Hijack:

[log]Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:33:51, on 2008-02-02

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\LckFldService.exe

C:\Program\NetLimiter 2 Pro\nlsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program\Java\jre1.6.0_03\bin\jusched.exe

C:\Program\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program\Alarm Me\AlarmMe.exe

C:\Program\Analog Devices\Core\smax4pnp.exe

C:\Program\NetLimiter 2 Pro\NLClient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe

C:\Program\DAEMON Tools\daemon.exe

C:\Program\Messenger\msmsgs.exe

C:\WINDOWS\system32\winsrs.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe

C:\Program\Delade filer\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\McAfee\MSC\mcpromgr.exe

C:\Program\McAfee\MSC\mcusrmgr.exe

C:\Program\McAfee\MSC\mcupdmgr.exe

C:\Program\McAfee\MSC\mclogsrv.exe

C:\Program\McAfee\MSC\mctskshd.exe

c:\program\mcafee.com\agent\mcagent.exe

c:\program\delade filer\mcafee\mna\mcnasvc.exe

C:\Program\McAfee\VIRUSS~1\mcshield.exe

C:\Program\Delade filer\McAfee\HackerWatch\HWAPI.exe

c:\program\DELADE~1\mcafee\redirsvc\redirsvc.exe

C:\Program\DELADE~1\McAfee\EmProxy\emproxy.exe

C:\Program\McAfee\VIRUSS~1\mcods.exe

C:\Program\McAfee\MPF\MPFSrv.exe

c:\program\mcafee\msc\mcuimgr.exe

C:\WINDOWS\explorer.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Mattias\Skrivbord\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33171&LegitCheckError=8

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program\SiteAdvisor\SiteAdv.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program\mcafee\virusscan\scriptsn.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program\SiteAdvisor\SiteAdv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [AlarmMe] "C:\Program\Alarm Me\AlarmMe.exe" "-h"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Comrade.exe] C:\Program\GameSpy\Comrade\Comrade.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\Program\DELADE~1\McAfee\EmProxy\emproxy.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program\Delade filer\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program\Delade filer\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\Program\McAfee\MSC\mclogsrv.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\Program\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program\delade filer\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\Program\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\program\DELADE~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\Program\McAfee\MSC\mctskshd.exe

O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\Program\McAfee\MSC\mcusrmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program\McAfee\MPF\MPFSrv.exe

O23 - Service: NBService - Nero AG - C:\Program\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program\NetLimiter 2 Pro\nlsvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program\Delade filer\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

--

End of file - 8548 bytes

[/log]

ComboFix:

[log]ComboFix 08-02.03.1 - Mattias 2008-02-02 23:29:42.6 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.46.1053.18.515 [GMT 1:00]

Running from: C:\Documents and Settings\Mattias\Skrivbord\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

G:\Autorun.inf

 

.

((((((((((((((((((((((((( Files Created from 2008-01-02 to 2008-02-02 )))))))))))))))))))))))))))))))

.

 

2008-02-02 21:49 . 2008-02-02 21:49 <KAT> d-------- C:\Program\SiteAdvisor

2008-02-02 21:49 . 2008-02-02 21:49 <KAT> d-------- C:\Documents and Settings\Mattias\Application Data\SiteAdvisor

2008-02-02 21:48 . 2008-02-02 21:48 <KAT> d-------- C:\WINDOWS\LastGood

2008-02-02 21:48 . 2008-02-02 21:48 <KAT> d-------- C:\Program\McAfee.com

2008-02-02 21:48 . 2008-02-02 21:49 <KAT> d-------- C:\Program\McAfee

2008-02-02 21:48 . 2008-02-02 21:48 <KAT> d-------- C:\Program\Delade filer\McAfee

2008-02-02 21:48 . 2006-07-14 00:09 161,768 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys

2008-02-02 21:48 . 2006-07-17 21:56 104,024 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys

2008-02-02 21:48 . 2006-07-08 15:46 84,744 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys

2008-02-02 21:48 . 2006-07-14 00:10 37,800 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys

2008-02-02 21:48 . 2006-07-14 00:09 33,896 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys

2008-02-02 21:48 . 2006-07-14 00:09 31,560 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys

2008-02-02 21:48 . 2006-07-27 16:45 1,808 --a------ C:\WINDOWS\system32\subst.inf

2008-02-02 21:47 . 2008-02-02 21:50 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\McAfee

2008-02-02 21:18 . 2006-09-05 18:59 97,088 -ra------ C:\WINDOWS\system32\drivers\se58mdm.sys

2008-02-02 21:18 . 2006-09-05 18:59 9,360 -ra------ C:\WINDOWS\system32\drivers\se58mdfl.sys

2008-02-02 21:18 . 2006-09-05 19:00 6,240 -ra------ C:\WINDOWS\system32\drivers\se58cmnt.sys

2008-02-02 21:18 . 2006-09-05 19:00 6,240 -ra------ C:\WINDOWS\system32\drivers\se58cm.sys

2008-02-02 21:01 . 2008-02-02 21:01 <KAT> d-------- C:\Program\Disc2Phone

2008-02-02 20:59 . 2006-09-05 18:58 61,536 -ra------ C:\WINDOWS\system32\drivers\se58bus.sys

2008-02-02 20:59 . 2006-09-05 18:58 5,872 -ra------ C:\WINDOWS\system32\drivers\se58whnt.sys

2008-02-02 20:59 . 2006-09-05 18:58 5,872 -ra------ C:\WINDOWS\system32\drivers\se58wh.sys

2008-02-01 19:25 . 2008-02-01 19:25 <KAT> dr-h----- C:\Documents and Settings\Therese\Application Data\SecuROM

2008-02-01 18:51 . 2008-02-01 19:21 <KAT> d-------- C:\Program\EA GAMES

2008-02-01 18:51 . 2005-02-26 06:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll

2008-02-01 18:27 . 2008-02-01 18:27 1,409 --a------ C:\WINDOWS\system32\tmp08005.FOT

2008-02-01 18:25 . 2008-02-01 18:25 1,409 --a------ C:\WINDOWS\system32\tmpE30F2.FOT

2008-02-01 18:25 . 2008-02-01 18:25 1,409 --a------ C:\WINDOWS\system32\tmpC90F2.FOT

2008-02-01 14:52 . 2008-02-01 14:52 <KAT> d-------- C:\Program\GameSpy

2008-02-01 14:51 . 2008-02-01 14:51 <KAT> d-------- C:\WINDOWS\system32\LogFiles

2008-02-01 14:51 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll

2008-02-01 14:51 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll

2008-02-01 14:51 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll

2008-02-01 14:51 . 2008-02-01 14:51 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe

2008-02-01 14:51 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll

2008-02-01 14:51 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll

2008-02-01 14:51 . 2008-02-01 14:51 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe

2008-02-01 14:51 . 2008-02-01 14:51 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe

2008-02-01 14:51 . 2008-02-01 14:51 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-02-01 14:51 . 2008-02-01 14:51 22,328 --a------ C:\Documents and Settings\Mattias\Application Data\PnkBstrK.sys

2008-02-01 14:50 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll

2008-02-01 14:50 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll

2008-02-01 14:39 . 2008-02-01 14:39 <KAT> d-------- C:\Program\Electronic Arts

2008-01-31 21:55 . 2007-12-04 15:44 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS

2008-01-31 21:24 . 2008-01-31 21:24 <KAT> d-------- C:\Program\SystemRequirementsLab

2008-01-31 21:24 . 2008-01-31 21:24 <KAT> d-------- C:\Documents and Settings\Mattias\Application Data\SystemRequirementsLab

2008-01-31 19:44 . 2008-01-31 19:44 <KAT> d-------- C:\Documents and Settings\Mattias\Application Data\AdobeUM

2008-01-31 08:06 . 2008-01-31 08:06 <KAT> d-------- C:\Program\Alarm Me

2008-01-29 22:01 . 2008-01-29 22:01 335 --a------ C:\WINDOWS\mozregistry.dat

2008-01-29 20:45 . 2008-01-29 20:45 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems

2008-01-29 20:44 . 2008-01-29 20:44 <KAT> d-------- C:\Program\Delade filer\Adobe Systems Shared

2008-01-29 20:38 . 2008-01-29 20:38 <KAT> d-------- C:\Program\MyPhoneExplorer

2008-01-29 20:38 . 2008-01-29 20:39 <KAT> d-------- C:\Documents and Settings\Mattias\Application Data\MyPhoneExplorer

2008-01-29 20:01 . 2008-01-29 20:01 <KAT> d-------- C:\Program\Notepad++

2008-01-29 20:01 . 2008-01-29 20:24 <KAT> d-------- C:\Documents and Settings\Mattias\Application Data\Notepad++

2008-01-29 18:51 . 2008-01-29 18:51 1,409 --a------ C:\WINDOWS\system32\tmp35AF8.FOT

2008-01-29 18:41 . 2008-01-29 18:41 1,409 --a------ C:\WINDOWS\system32\tmp510CF.FOT

2008-01-29 18:41 . 2008-01-29 18:41 1,409 --a------ C:\WINDOWS\system32\tmp430CF.FOT

2008-01-28 19:31 . 2008-01-28 19:32 <KAT> d-------- C:\Documents and Settings\Päronen\cbt

2008-01-28 19:31 . 2008-01-28 19:32 <KAT> d-------- C:\Documents and Settings\Päronen\cbt

2008-01-28 19:10 . 2008-01-31 08:07 <KAT> d-------- C:\Program\MilkShape 3D 1.8.0

2008-01-28 19:10 . 2008-01-28 19:21 <KAT> d-------- C:\Documents and Settings\Mattias\Application Data\MilkShape 3D 1.x.x

2008-01-28 19:10 . 2008-01-28 19:21 4 --a------ C:\Documents and Settings\All Users\Application Data\463DC390.DAT

2008-01-28 16:07 . 2008-01-28 16:07 1,409 --a------ C:\WINDOWS\system32\tmp70CDA.FOT

2008-01-28 16:07 . 2008-01-28 16:07 1,409 --a------ C:\WINDOWS\system32\tmp55CDA.FOT

2008-01-28 16:07 . 2008-01-28 16:07 1,409 --a------ C:\WINDOWS\system32\tmp2CB0B.FOT

2008-01-27 21:50 . 2008-01-27 22:44 <KAT> d--h----- C:\LGFolder

2008-01-27 21:48 . 2008-01-27 21:53 <KAT> d-------- C:\Program\LG PC Suite

2008-01-27 21:48 . 2008-01-27 21:48 <KAT> d-------- C:\Documents and Settings\Mattias\Application Data\LG Electronics

2008-01-27 21:46 . 2008-01-27 21:46 <KAT> d-------- C:\Program\LG Electronics

2008-01-27 21:46 . 2005-06-24 18:36 39,036 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys

2008-01-27 21:46 . 2005-05-26 11:01 38,144 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys

2008-01-27 21:46 . 2005-05-26 11:01 21,344 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys

2008-01-27 14:05 . 2008-02-01 14:41 <KAT> d-------- C:\Documents and Settings\Mattias\Shared

2008-01-27 14:05 . 2008-02-01 14:42 <KAT> d-------- C:\Documents and Settings\Mattias\Incomplete

2008-01-27 14:04 . 2008-01-27 14:04 <KAT> d-------- C:\Program\LimeWire

2008-01-27 14:04 . 2008-02-01 14:37 <KAT> d-------- C:\Documents and Settings\Mattias\Application Data\LimeWire

2008-01-27 12:58 . 2008-01-27 12:58 1,409 --a------ C:\WINDOWS\system32\tmp1DEB0.FOT

2008-01-27 12:52 . 2008-01-27 12:52 1,409 --a------ C:\WINDOWS\system32\tmpD564B.FOT

2008-01-27 12:52 . 2008-01-27 12:52 1,409 --a------ C:\WINDOWS\system32\tmpC864B.FOT

2008-01-27 11:08 . 2008-01-27 11:08 1,409 --a------ C:\WINDOWS\system32\tmp49A5B.FOT

2008-01-27 11:08 . 2008-01-27 11:08 1,409 --a------ C:\WINDOWS\system32\tmp10B5B.FOT

2008-01-27 11:08 . 2008-01-27 11:08 1,409 --a------ C:\WINDOWS\system32\tmp04F8B.FOT

2008-01-26 14:11 . 2008-01-26 14:11 <KAT> d-------- C:\Program\uTorrent

2008-01-26 14:11 . 2008-01-26 14:14 <KAT> d-------- C:\Program\GTASA-Ultimate Editor

2008-01-26 14:11 . 2008-02-02 12:24 <KAT> d-------- C:\Documents and Settings\Mattias\Application Data\uTorrent

2008-01-26 14:11 . 2008-01-26 14:11 249,856 --------- C:\WINDOWS\Setup1.exe

2008-01-26 14:11 . 2008-01-26 14:11 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-01-26 12:52 . 2008-01-26 12:52 <KAT> d-------- C:\Programmi

2008-01-26 08:09 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-01-26 08:09 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys

2008-01-26 08:09 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-01-26 08:09 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys

2008-01-26 08:08 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

2008-01-26 08:08 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

2008-01-25 23:06 . 2008-01-25 23:06 <KAT> d-------- C:\Program\MSXML 4.0

2008-01-25 19:33 . 2008-01-25 19:33 <KAT> d-------- C:\Documents and Settings\Therese\Application Data\Talkback

2008-01-25 19:26 . 2008-02-01 19:25 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-01-25 19:20 . 2008-01-25 19:20 <KAT> d-------- C:\WINDOWS\system32\URTTemp

2008-01-25 18:52 . 2008-01-25 18:52 <KAT> d-------- C:\WINDOWS\San Andreas Mod Installer

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-02 20:40 --------- d-----w C:\Program\ESET

2008-01-29 19:44 --------- d-----w C:\Program\Delade filer\Adobe

2008-01-29 14:52 --------- d-----w C:\Program\epson

2008-01-27 20:55 --------- d-----w C:\Program\Game_Maker6

2008-01-27 20:53 --------- d--h--w C:\Program\InstallShield Installation Information

2008-01-24 20:53 --------- d-----w C:\Program\Google

2008-01-23 21:25 --------- d-----w C:\Program\Delade filer\SpeechEngines

2008-01-23 21:25 --------- d-----w C:\Program\Delade filer\ODBC

2008-01-23 21:24 --------- d-----w C:\Program\NetLimiter 2 Pro

2008-01-23 21:24 --------- d-----w C:\Program\Delade filer\Logitech

2008-01-23 21:23 --------- d-----w C:\Program\Delade filer\InstallShield

2008-01-23 21:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Locktime

2008-01-23 21:19 --------- d-----w C:\Program\iTunes

2008-01-23 21:19 --------- d-----w C:\Program\iPod

2008-01-23 21:19 --------- d-----w C:\Program\Guitar Pro 5

2008-01-23 21:19 --------- d-----w C:\Documents and Settings\Mattias\Application Data\Apple Computer

2008-01-23 21:18 --------- d-----w C:\Program\QuickTime

2008-01-23 21:18 --------- d-----w C:\Program\Delade filer\Apple

2008-01-23 21:18 --------- d-----w C:\Program\Apple Software Update

2008-01-23 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-01-23 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple

2008-01-23 21:14 --------- d-----w C:\Program\Microsoft ActiveSync

2008-01-23 21:13 --------- d-----w C:\Program\Teslain Crypto

2008-01-23 21:06 --------- d-----w C:\Program\Java

2008-01-23 21:06 --------- d-----w C:\Program\Delade filer\Java

2008-01-23 21:02 --------- d-----w C:\Program\CCleaner

2008-01-23 20:59 --------- d-----w C:\Program\FolderAccess

2008-01-23 20:56 --------- d-----w C:\Program\Broadcom

2008-01-23 20:56 --------- d-----w C:\Program\Analog Devices

2008-01-23 20:35 --------- d-----w C:\Program\microsoft frontpage

2008-01-23 20:33 --------- d-----w C:\Program\Onlinetjänster

2008-01-23 20:32 --------- d-----w C:\Program\Delade filer\MSSoap

2007-11-07 09:29 722,432 ----a-w C:\WINDOWS\system32\lsasrv.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:34 15360]

"MsnMsgr"="C:\Program\MSN Messenger\MsnMsgr.exe" [ ]

"swg"="C:\Program\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-25 19:33 68856]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program\Delade filer\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]

"DAEMON Tools"="C:\Program\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]

"MSMSGS"="C:\Program\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

"Comrade.exe"="C:\Program\GameSpy\Comrade\Comrade.exe" [2007-06-29 15:03 36864]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]

"nwiz"="nwiz.exe" [2007-09-17 01:07 1626112 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07 81920]

"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"QuickTime Task"="C:\Program\QuickTime\qttask.exe" [2007-06-29 06:24 286720]

"iTunesHelper"="C:\Program\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]

"EPSON Stylus Photo RX420 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.exe" [2004-04-09 04:00 98304]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]

"NeroFilterCheck"="C:\Program\Delade filer\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]

"AlarmMe"="C:\Program\Alarm Me\AlarmMe.exe" [2007-03-03 16:00 2102272]

"SoundMAXPnP"="C:\Program\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42 1404928]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:34 15360]

 

R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 12:03]

S3 se58bus;Sony Ericsson Device 088 driver (WDM);C:\WINDOWS\system32\DRIVERS\se58bus.sys [2006-09-05 18:58]

S3 se58mdfl;Sony Ericsson Device 088 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se58mdfl.sys [2006-09-05 18:59]

S3 se58mdm;Sony Ericsson Device 088 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se58mdm.sys [2006-09-05 18:59]

 

*Newly Created Service* - EMPROXY

*Newly Created Service* - IPFILTERDRIVER

*Newly Created Service* - MCAFEE_HACKERWATCH_SERVICE

*Newly Created Service* - MCLOGMANAGERSERVICE

*Newly Created Service* - MCMISPUPDMGR

*Newly Created Service* - MCNASVC

*Newly Created Service* - MCODS

*Newly Created Service* - MCPROMGR

*Newly Created Service* - MCREDIRECTOR

*Newly Created Service* - MCSHIELD

*Newly Created Service* - MCSYSMON

*Newly Created Service* - MCTSKSHD.EXE

*Newly Created Service* - MCUSRMGR

*Newly Created Service* - MFEAVFK

*Newly Created Service* - MFEBOPK

*Newly Created Service* - MFEHIDK

*Newly Created Service* - MFERKDK

*Newly Created Service* - MFESMFK

*Newly Created Service* - MPFP

*Newly Created Service* - MPFSERVICE

.

Contents of the 'Scheduled Tasks' folder

"2008-02-02 20:48:37 C:\WINDOWS\Tasks\McDefragTask.job"

- C:\WINDOWS\system32\defrag.exe

"2008-02-02 20:48:35 C:\WINDOWS\Tasks\McQcTask.job"

- c:\program\mcafee\mqc\QcConsol.exe.4158 0

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-02 23:30:41

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-02-02 23:31:14

ComboFix-quarantined-files.txt 2008-02-02 22:31:06

ComboFix2.txt 2008-02-02 21:53:52

ComboFix3.txt 2008-02-02 21:49:55

ComboFix4.txt 2008-02-02 21:46:41

ComboFix5.txt 2008-02-02 20:46:23

.

2008-01-29 21:05:20 --- E O F ---

[/log]

 

Är det nu säkert att installera om och börja använda MSN som vanligt igen?

[inlägget ändrat 2008-02-02 23:36:09 av tankado]

Länk till kommentar
Dela på andra webbplatser

Arkiverat

Det här ämnet är nu arkiverat och är stängt för ytterligare svar.

×
×
  • Skapa nytt...