Home   News  Product reviews  Website reviews  Forums   Competitions  Subscribe 
Search
You are not logged in.
Login | New user registration 		Main Index | Search | Active Topics | Who's Online | FAQ / HELP

Security >> HijackThis logs help and analysis
Previous thread Previous   View all threads Index   Next thread Next   Flat Mode Flat  

 |  Print Thread
katysmith
regular


Reg'd: Mon
Posts: 29
Re: ns###.tmp files
      Sun Feb 17 2008 05:28 PM
Reply to this post Reply   Reply to this post Quote  

Hallo, I've just run Combofix again - the result follows:


ComboFix 08-02-17.2 - Griesbach 2008-02-17 18:15:47.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1031.18.192 [GMT 1:00]
ausgeführt von:: E:\PROGRAMME\FreshDevices\FreshDownload\Fresh Downloads\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\winsys.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_IPRIP
-------\LEGACY_NPF
-------\Iprip
-------\NPF




((((((((((((((((((((((( Dateien erstellt von 2008-01-17 bis 2008-02-17 ))))))))))))))))))))))))))))))
.

2008-02-17 15:47 . 2008-02-17 15:47 <DIR> d-------- C:\ComboFix1
2008-02-16 20:21 . 2008-02-16 20:21 1,374 --a--c--- C:\WINDOWS\imsins.BAK
2008-02-16 15:09 . 2008-02-16 15:09 <DIR> d-------- C:\Dokumente und Einstellungen\Griesbach\Anwendungsdaten\Grisoft
2008-02-16 15:08 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-15 18:21 . 2008-02-15 18:21 <DIR> d-------- C:\Programme\Trend Micro
2008-02-03 14:46 . 2008-02-03 14:46 <DIR> d----c--- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Office Genuine Advantage
2008-01-27 19:50 . 2008-02-17 18:13 <DIR> d-------- C:\Programme\RSSoft

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 14:06 --------- dc----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2008-02-16 19:18 --------- d-----w C:\Dokumente und Einstellungen\Griesbach\Anwendungsdaten\AVG7
2008-02-16 14:08 --------- dc----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Grisoft
2008-01-03 08:59 --------- d-----w C:\Dokumente und Einstellungen\Griesbach\Anwendungsdaten\Auslogics
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-07 00:46 671,744 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:40 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2005-09-05 07:17 56 -csh--r C:\WINDOWS\system32\C983C3E6CF.sys
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Red Swoosh"="C:\Programme\RSSoft\RedSwoosh.exe" [2007-07-19 03:17 62436]
"swg"="C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 14:46 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 16:22 7618560]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"SoundMan"="SOUNDMAN.EXE" [2006-03-01 15:22 577536 C:\WINDOWS\soundman.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-06-01 16:22 86016]
"AVG7_CC"="E:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-08 13:37 579072]
"!AVG Anti-Spyware"="C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:57 15360]
"AVG7_Run"="E:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-26 08:25 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 8 (0x8)
"NoStartMenuMorePrograms"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"GreyMSIAds"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"NoUserNameInStartMenu"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoStartMenuMFUProgramsList"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoNetworkConnections"= 1000000 (0xf4240)
"NoEntireNetwork"= 1 (0x1)
"NoFavoritesMenu"= 1 (0x1)
"NoSimpleStartMenu"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
D:\PROGRA~1\WINDOW~1\fastload.dll 2001-12-20 21:34 24576 D:\PROGRA~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-07-05 05:33]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-10-25 15:47]
S3 AdslUsbLdr;MicroLink ADSL Fun USB Loader Driver;C:\WINDOWS\system32\drivers\mldsluld.sys [2002-11-07 10:29]
S3 drhard;DRHARD;C:\WINDOWS\system32\DRIVERS\DRHARD.SYS [2005-12-01 10:49]
S3 mladslusb;MicroLink ADSL Fun USB Driver;C:\WINDOWS\system32\DRIVERS\mldslusb.sys [2002-11-07 10:29]
S3 p2pgasvc;Peernetzwerk-Gruppenauthentifizierung;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:58]
S3 p2pimsvc;Peernetzwerkidentitäts-Manager;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:58]
S3 p2psvc;Peernetzwerk;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:58]
S3 PNRPSvc;Peer Name Resolution-Protokoll;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 18:19:06
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-02-17 18:20:05
ComboFix-quarantined-files.txt 2008-02-17 17:19:47
.
2008-02-16 19:21:40 --- E O F ---

Post Extras Print Post   Remind Me!     Notify Moderator
Rate this thread

Jump to


Entire topic
Subject Posted by Posted on
* ns###.tmp files katysmith Fri Feb 15 2008 05:37 PM
. * * Re: ns###.tmp files katysmith   Sat Feb 16 2008 04:38 PM
. * * Re: ns###.tmp files bricatModerator   Sat Feb 16 2008 04:55 PM
. * * Re: ns###.tmp files katysmith   Sun Feb 17 2008 09:36 AM
. * * Re: ns###.tmp files katysmith   Sun Feb 17 2008 03:31 PM
. * * Re: ns###.tmp files bricatModerator   Sun Feb 17 2008 03:33 PM
. * * Re: ns###.tmp files katysmith   Sun Feb 17 2008 05:28 PM
. * * Re: ns###.tmp files bricatModerator   Sun Feb 17 2008 07:10 PM
. * * Re: ns###.tmp files bricatModerator   Sun Feb 17 2008 09:50 AM
. * * Re: ns###.tmp files bricatModerator   Fri Feb 15 2008 06:49 PM
. * * Re: ns###.tmp files katysmith   Sat Feb 16 2008 12:51 PM
. * * Re: ns###.tmp files bricatModerator   Sat Feb 16 2008 01:28 PM
. * * Re: ns###.tmp files katysmith   Sat Feb 16 2008 02:18 PM

Extra information
0 registered and 22 anonymous users are browsing this forum.

Moderator:  putasolutions, greysts, bricat, AndrewC, Joe_London, John_McKenna, Mouse, Hello_There, TheFatControlleR, Nanook, Noviciate 


Print Thread
Forum Permissions
      You cannot start new topics
      You cannot reply to topics
      HTML is disabled
      Mark-up is enabled

Rating:
Thread views: 0

Contact Us | Privacy statement Main website
Hitwise Top 10 Award Winner - Jan-Mar 2005

About us | Contact us | Link to us | Terms & Conditions | Privacy Policy
© Copyright IPC Media Limited, All rights reserved