billywillie Skrevet 3. september 2008 Del Skrevet 3. september 2008 Poster mine logger. Fikk ikke kjørt combofix ferdig da maskinen bare restartet. Prøvde 5 ganger også med deaktivering av Normann uten at det hjalp. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 09/03/2008 at 06:12 PM Application Version : 4.20.1046 Core Rules Database Version : 3555 Trace Rules Database Version: 1543 Scan type : Quick Scan Total Scan Time : 00:49:42 Memory items scanned : 531 Memory threats detected : 0 Registry items scanned : 458 Registry threats detected : 0 File items scanned : 11772 File threats detected : 0 Lenke til kommentar
r2d290 Skrevet 3. september 2008 Del Skrevet 3. september 2008 Ingen informasjon om problemet, og en logg som ikke viser noen infeksjoner... Her var det ikke mye å gå ut ifra Vi ser om det hjelper å starte maskinen i Sikkerhetsmodus for å kjøre combofix: Restart maskinen på vanlig måte Trykk mange ganger på F8 rett før Windows starter å laste inn. Velg alternativet Sikkerhetsmodus. Til slutt logger du deg inn på brukeren din, og velger det passordet du pleier å bruke. Merk: I noen tilfeller logger Windows seg inn på en bruker automatisk, og du trenger da ikke å skrive inn brukernavn eller passord. Når du er inne i sikkerhetsmodus, prøver du å kjøre combofix, og ser om du får noe bedre resultater nå Lenke til kommentar
billywillie Skrevet 4. september 2008 Forfatter Del Skrevet 4. september 2008 Ingen informasjon om problemet, og en logg som ikke viser noen infeksjoner... Her var det ikke mye å gå ut ifra Vi ser om det hjelper å starte maskinen i Sikkerhetsmodus for å kjøre combofix: Restart maskinen på vanlig måte Trykk mange ganger på F8 rett før Windows starter å laste inn. Velg alternativet Sikkerhetsmodus. Til slutt logger du deg inn på brukeren din, og velger det passordet du pleier å bruke. Merk: I noen tilfeller logger Windows seg inn på en bruker automatisk, og du trenger da ikke å skrive inn brukernavn eller passord. Når du er inne i sikkerhetsmodus, prøver du å kjøre combofix, og ser om du får noe bedre resultater nå Har nå vært i sikkerhetsmodus og kjørt combofix, her er loggen. ComboFix 08-09-01.05 - Terje 2008-09-04 11:12:29.2 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.799 [GMT 2:00] Running from: D:\Documents and Settings\Terje\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\Documents and Settings\Terje\Local Settings\Temporary Internet Files\SuggestedSites.dat D:\WINDOWS\system32\docent0.dll D:\WINDOWS\system32\linksrvd.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NSESVC -------\Service_nsesvc ((((((((((((((((((((((((( Files Created from 2008-08-04 to 2008-09-04 ))))))))))))))))))))))))))))))) . 2008-09-03 17:19 . 2008-09-03 17:19 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-09-03 17:18 . 2008-09-03 17:18 <DIR> d-------- D:\Documents and Settings\Terje\Application Data\SUPERAntiSpyware.com 2008-09-03 15:41 . 2008-09-03 15:41 <DIR> d-------- D:\Documents and Settings\Terje\Application Data\Malwarebytes 2008-09-03 15:41 . 2008-09-03 15:41 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-03 15:41 . 2008-09-02 00:16 38,528 --a------ D:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-03 15:41 . 2008-09-02 00:16 17,200 --a------ D:\WINDOWS\system32\drivers\mbam.sys 2008-09-02 23:52 . 2008-09-02 23:53 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft 2008-09-02 10:45 . 2008-09-02 10:45 <DIR> d--hs---- D:\Documents and Settings\Terje\PrivacIE 2008-08-31 12:10 . 2002-03-22 09:14 38,667 -ra------ D:\WINDOWS\system32\isdncoin.dll 2008-08-31 12:10 . 2001-12-28 07:31 27,136 -ra------ D:\WINDOWS\system32\utilcpy.exe 2008-08-31 12:10 . 2000-10-20 08:50 9,216 -ra------ D:\WINDOWS\system32\capi2032.dll 2008-08-31 12:10 . 1999-12-01 01:16 8,976 -ra------ D:\WINDOWS\system32\capi20.dll 2008-08-31 12:10 . 1998-05-30 03:24 3,584 -ra------ D:\WINDOWS\system32\capitask.exe 2008-08-29 11:02 . 2008-08-29 11:03 <DIR> d--h-c--- D:\WINDOWS\ie8 2008-08-22 03:15 . 2008-08-22 03:15 1,216,512 --------- D:\WINDOWS\system32\ieframe.dll.mui 2008-08-22 03:14 . 2008-08-22 03:14 10,240 --------- D:\WINDOWS\system32\advpack.dll.mui 2008-08-22 03:05 . 2008-08-22 03:05 48,640 --------- D:\WINDOWS\system32\PrivacIE.dll 2008-08-21 14:02 . 2008-08-21 14:02 <DIR> d-------- D:\Documents and Settings\Terje\Application Data\Ectaco 2008-08-05 17:55 . 2008-08-05 17:55 265,720 --a------ D:\WINDOWS\system32\msdbg2.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-03 15:18 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard 2008-09-03 09:43 102,664 ----a-w D:\WINDOWS\system32\drivers\tmcomm.sys 2008-09-02 19:49 --------- d-----w D:\Documents and Settings\Terje\Application Data\Skype 2008-09-02 15:49 --------- d-----w D:\Documents and Settings\Terje\Application Data\skypePM 2008-08-30 09:06 --------- d-----w D:\Program Files\Java 2008-08-23 10:29 --------- d-----w D:\Documents and Settings\Terje\Application Data\Orbit 2008-08-22 01:08 878,592 ----a-w D:\WINDOWS\system32\wininet.dll 2008-08-22 01:08 43,008 ----a-w D:\WINDOWS\system32\licmgr10.dll 2008-08-22 01:07 18,944 ----a-w D:\WINDOWS\system32\corpol.dll 2008-08-22 01:06 72,704 ----a-w D:\WINDOWS\system32\admparse.dll 2008-08-22 01:06 71,680 ----a-w D:\WINDOWS\system32\iesetup.dll 2008-08-22 01:06 434,176 ----a-w D:\WINDOWS\system32\vbscript.dll 2008-08-22 01:05 48,128 ----a-w D:\WINDOWS\system32\mshtmler.dll 2008-08-22 01:05 35,840 ----a-w D:\WINDOWS\system32\imgutil.dll 2008-08-22 01:04 45,568 ----a-w D:\WINDOWS\system32\mshta.exe 2008-08-22 00:57 156,160 ----a-w D:\WINDOWS\system32\msls31.dll 2008-08-19 13:02 --------- d-----w D:\Documents and Settings\Terje\Application Data\dvdcss 2008-08-19 11:00 --------- d-----w D:\Program Files\Common Files\BHPS 2008-08-19 10:58 --------- d-----w D:\Program Files\DxO Labs 2008-08-16 10:11 163,712 ----a-w D:\WINDOWS\system32\drivers\vidstub.sys 2008-08-12 19:55 --------- d-----w D:\Program Files\UltimateZip 2.7 2008-08-12 19:55 --------- d-----w D:\Program Files\QuickTime Alternative 2008-08-09 12:41 --------- d-----w D:\Program Files\Logitech 2008-08-09 12:41 --------- d-----w D:\Documents and Settings\All Users\Application Data\Logitech 2008-07-18 20:10 94,920 ----a-w D:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w D:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w D:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w D:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w D:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w D:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w D:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w D:\WINDOWS\system32\wuaueng.dll 2008-07-07 21:24 --------- d-----w D:\Documents and Settings\Terje\Application Data\Creative 2008-07-07 20:32 253,952 ----a-w D:\WINDOWS\system32\es.dll 2008-06-24 16:23 74,240 ----a-w D:\WINDOWS\system32\mscms.dll 2008-06-20 17:41 245,248 ----a-w D:\WINDOWS\system32\mswsock.dll 2008-06-12 09:27 26,144 ----a-w D:\WINDOWS\system32\spupdsvc.exe 2008-06-12 09:27 26,112 ----a-w D:\WINDOWS\system32\idndl.dll 2008-06-12 09:27 24,576 ----a-w D:\WINDOWS\system32\nlsdl.dll 2008-06-12 09:27 23,552 ----a-w D:\WINDOWS\system32\normaliz.dll 2008-02-29 12:19 32 -c--a-w D:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-12-05 17:53 47,360 -c--a-w D:\Documents and Settings\Terje\Application Data\pcouffin.sys 2005-04-06 09:55 456,384 -c--a-w D:\WINDOWS\inf\WG311T\WG311T13.sys 2004-10-19 17:58 35,232 -c--a-w D:\WINDOWS\inf\WG311T\ME_INST.EXE 2004-10-19 17:58 26,112 -c--a-w D:\WINDOWS\inf\WG311T\install.exe . ------- Sigcheck ------- 2007-04-13 04:28 502272 6225f14b8ce08ccba8b25ad27843c674 D:\WINDOWS\system32\winlogon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86753232-2331-2734-6784-6799ca323026}] 2008-08-21 19:05 53760 --------- D:\Program Files\Common Files\System\vss rc0.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SkinClock"="D:\Program Files\Clock Tray Skins\ClockTraySkins.exe" [2007-04-16 448768] "MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208] "H/PC Connection Agent"="E:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2006-11-24 7630848] "NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2006-11-24 86016] "Norman ZANDA"="D:\Norman\Npm\bin\ZLH.EXE" [2008-06-02 273520] "Easy Synchronization"="E:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 53248] "SSBkgdUpdate"="D:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648] "PDF3 Registry Controller"="E:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe" [2005-04-12 106496] "BootSkin Startup Jobs"="D:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336] "NeroFilterCheck"="D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "Launch LCDMon"="D:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-18 1687824] "Launch LGDCore"="D:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-18 2094352] "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "nwiz"="nwiz.exe" [2006-11-24 D:\WINDOWS\system32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 D:\WINDOWS\KHALMNPR.Exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 D:\WINDOWS\KHALMNPR.Exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Easy Synchronization"="E:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 53248] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] D:\Documents and Settings\Terje\Start Menu\Programs\Startup\ Dialog Helper.lnk - E:\Program Files\VCOM\PowerDesk\pddlghlp.exe [2005-09-08 40960] NVidia Desktop Run.exe [2008-08-27 26624] Thoosje Sidebar.lnk - E:\Program Files\Thoosje Vista Sidebar\Thoosje Sidebar.exe [2008-08-18 605696] D:\Documents and Settings\All Users\Start Menu\Programs\Startup\ BTTray.lnk - D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 561213] Logitech SetPoint.lnk - E:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-02-22 805392] Logiteck Office Run.exe [2008-08-27 26624] NETGEAR WG311T Wireless Assistant.lnk - D:\Program Files\NETGEAR\WG311T\wlancfg5.exe [2005-05-09 4517888] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= "E:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll" [2005-10-05 69632] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "E:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 E:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 02:42 72208 d:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "msacm.imc"= imc32.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=D:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hurtigstart for Adobe Reader.lnk] path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Hurtigstart for Adobe Reader.lnk backup=D:\WINDOWS\pss\Hurtigstart for Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\D:^Documents and Settings^Terje^Start Menu^Programs^Startup^TomTom HOME.lnk] path=D:\Documents and Settings\Terje\Start Menu\Programs\Startup\TomTom HOME.lnk backup=D:\WINDOWS\pss\TomTom HOME.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe] --------- 2006-06-12 14:32 700416 D:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Synchronization] --a------ 2005-10-05 12:00 53248 E:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox] --a------ 2004-01-14 03:10 409600 D:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser] --a------ 2003-07-25 11:15 536576 E:\Program Files\Eraser\eraser.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 18:24 1694208 D:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a--c--- 2007-04-13 04:11 98304 D:\WINDOWS\system32\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon] --a------ 2002-04-11 04:19 69632 E:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] -ra------ 2001-12-07 17:24 1216512 D:\WINDOWS\Mixer.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "E:\\Program Files\\Opera\\Opera.exe"= "E:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "E:\Program Files\Microsoft ActiveSync\rapimgr.exe"= E:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "E:\Program Files\Microsoft ActiveSync\wcescomm.exe"= E:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "E:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= E:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "D:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= "E:\\Program Files\\LimeWire\\LimeWire.exe"= "E:\\Program Files\\eMule\\emule.exe"= "D:\\Program Files\\Sprite Software\\Sprite Backup\\SpriteService.exe"= "e:\\Program Files\\Orbitdownloader\\orbitdm.exe"= "e:\\Program Files\\Orbitdownloader\\orbitnet.exe"= "D:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "E:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "D:\\Program Files\\uTorrent\\uTorrent.exe"= "D:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "4672:TCP"= 4672:TCP:4662 R0 WDMCAPI;ISDN PCI CAPI;D:\WINDOWS\system32\DRIVERS\WDMCAPI.sys [2002-04-24 612669] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};e:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51 13560] R2 Ndiskio;Ndiskio;D:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 20448] R2 ousbehci;%OWC_USBEHCD.DeviceDesc%;D:\WINDOWS\system32\Drivers\ousbehci.sys [2002-02-01 26752] R3 NvcMFlt;NvcMFlt;D:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 19512] R3 nvcoas;Norman Virus Control on-access component;D:\Norman\Nvc\bin\nvcoas.exe [2008-04-29 183352] R3 NVCScheduler;Norman Virus Control Scheduler;D:\Norman\Nvc\BIN\NVCSCHED.EXE [2008-03-11 146488] R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;D:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2002-02-01 40704] R3 WDMWANMP;NDIS WAN miniport;D:\WINDOWS\system32\DRIVERS\wdmwanmp.sys [2002-03-26 26067] S2 P1C1394;Phase One 1394 Camera Driver;D:\WINDOWS\system32\Drivers\p1c1394.sys [ ] S3 msloop;Microsoft Loopback Adapter Driver;D:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 4992] S3 NPF;NetGroup Packet Filter Driver;D:\WINDOWS\system32\drivers\npf.sys [2007-01-25 42000] S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;D:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 17280] S3 nvcfsr;nvcfsr;D:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 6712] S3 nvcoafl51;nvcoafl51;D:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 30264] S3 nvcoaft51;nvcoaft51;D:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 129848] S3 nvcoarc51;nvcoarc51;D:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 23224] S3 usbprint;Microsoft USB PRINTER Class;D:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07048ee9-6d14-11dc-b011-00146c89304b}] \Shell\AutoRun\command - J:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{332f440c-62d0-11dc-a8f0-00146c89304b}] \Shell\AutoRun\command - J:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad8e1168-f319-11db-a880-00146c89304b}] \Shell\AutoRun\command - I:\InstallTomTomHOME.exe . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - HKLM-Run-Bluetooth Connection Assistant - LBTWIZ.EXE Notify-WgaLogon - (no file) MSConfigStartUp-Norman ZANDA - D:\Norman\bin\ZLH.EXE MSConfigStartUp-Device Detector - DevDetect.exe . ------- Supplementary Scan ------- . FireFox -: Profile - D:\Documents and Settings\Terje\Application Data\Mozilla\Firefox\Profiles\swqlvsw7.default\ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-04 11:34:44 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\konfig] "ImagePath"="f:\opt\MBCASE\pm\bin\mcp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\license] "ImagePath"="f:\opt\MBCASE\pm\bin\mcp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mcp] "ImagePath"="f:\opt\MBCASE\pm\bin\mcp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\e:\Program Files\CyberLink\PowerDVD\000.fcl" . ------------------------ Other Running Processes ------------------------ . D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe D:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe D:\Norman\npm\bin\elogsvc.exe D:\Norman\npm\bin\Zanda.exe E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe D:\WINDOWS\system32\scardsvr.exe D:\WINDOWS\system32\acs.exe D:\WINDOWS\system32\CTSVCCDA.EXE E:\Program Files\Logitech\Easy Synchronization\servicestub.exe D:\WINDOWS\system32\nvsvc32.exe D:\Program Files\Cyberlink\Shared files\RichVideo.exe E:\Program Files\Logitech\SetPoint\LBTWiz.exe D:\PROGRA~1\Logitech\GAMEPA~1\LCDMAN~1\LCDMon.exe D:\PROGRA~1\Logitech\GAMEPA~1\G-SERI~1\LGDCore.exe D:\PROGRA~1\Java\JRE16~4.0_0\bin\jusched.exe D:\PROGRA~1\CLOCKT~1\CLOCKT~1.EXE D:\PROGRA~1\MESSEN~1\msmsgs.exe D:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe D:\PROGRA~1\NETGEAR\WG311T\wlancfg5.exe D:\PROGRA~1\Logitech\GAMEPA~1\LCDMAN~1\Applets\LCDClock.exe E:\PROGRA~1\MICROS~2\rapimgr.exe D:\Norman\npm\bin\Njeeves.exe D:\PROGRA~1\Logitech\GAMEPA~1\LCDMAN~1\Applets\LCDCOU~1.EXE D:\PROGRA~1\Logitech\GAMEPA~1\LCDMAN~1\Applets\LCDPop3.exe D:\PROGRA~1\Logitech\GAMEPA~1\LCDMAN~1\Applets\LCDMedia.exe D:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE D:\PROGRA~1\COMMON~1\Logishrd\KHAL2\KHALMNPR.exe D:\Norman\NVC\Bin\Nip.exe D:\Norman\NVC\Bin\CClaw.exe . ************************************************************************** . Completion time: 2008-09-04 11:39:28 - machine was rebooted [Terje] ComboFix-quarantined-files.txt 2008-09-04 09:39:16 Pre-Run: 10,016,100,352 bytes free Post-Run: 9,837,699,072 bytes free 287 --- E O F --- 2008-08-29 09:15:22 Lenke til kommentar
r2d290 Skrevet 4. september 2008 Del Skrevet 4. september 2008 Kjenner du denne mappen: D:\Documents and Settings\Terje\PrivacIE Gå til http://virusscan.jotti.org , trykk på Browse, og last opp følgende fil til analyse: D:\WINDOWS\system32\isdncoin.dll D:\WINDOWS\system32\utilcpy.exe D:\Program Files\Common Files\System\vss rc0.dll D:\Program Files\Clock Tray Skins\ClockTraySkins.exe E:\Program Files\Thoosje Vista Sidebar\Thoosje Sidebar.exe Deretter trykker du på Submit. Godta at filen blir scannet. Til slutt kopierer du resultatet, og limer det inn i din neste post, så jeg kan se på den, og vurdere hva som må gjøres videre. Lenke til kommentar
billywillie Skrevet 4. september 2008 Forfatter Del Skrevet 4. september 2008 (endret) Kjenner du denne mappen: D:\Documents and Settings\Terje\PrivacIE Åpnet den og fant en fil som heter index.dat Client UrlCache MMF Ver 5.2 € @ € 2 ÿÿÿÿÿÿ HASH À±žñ X @ü"G W @£l R HN> V @’”æ U ÀPí S €,åµ Q ÊÉ P @Qj÷ T ï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾ Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þ ¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾ ï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾ Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾ÞURL põ.CØÉ €Q ` h þ ¸ "9±E ï¾ÞPrivacIE:doubleclick.net/adi/N1893.nrk.no/*/B3058983;sz=180x500;ord=1247493259 Þ n r k . n o Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾ÞURL Ð5DØÉ €Q ` h þ œ , "9²E ï¾ÞPrivacIE:2mdn.net/879366/*/DartRichMedia_1_03.js ¾Þ d o u b l e c l i c k . n e t ï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾ÞURL ÅvPØÉ €Q ` h þ ˜ "9¼E ï¾ÞPrivacIE:statistik-gallup.net/*/VC1220345155389 n r k . n o Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾ÞURL pý¯PØÉ €Q ` h þ ” "9½E ï¾ÞPrivacIE:statistik-gallup.net/V11http://*/ Þ n r k . n o Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾ÞURL àbRØÉ €Q ` h þ Œ "9ÀE ï¾ÞPrivacIE:sitestat.com/nrk/nrk/*/s Þ n r k . n o Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þ RL DÿRØÉ €Q ` h þ Ü "9ÁE ï¾ÞPrivacIE:adtech.de/*/addyn%7C3.0%7C580%7C1675256%7C0%7C339%7CADTECH;loc=100;target=_blank;misc=282001299;rdclick= Þ n r k . n o Þï¾Þï¾ÞURL €_fðØÉ €Q ` h þ ¼ "9MF ï¾ÞPrivacIE:doubleclick.net/noidadi/N1893.nrk.no/*/B3058983;sz=180x500;ord=125161282 Þ n r k . n o Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾ÞURL €‹L"‰É €Q ` h þ ( $9c ï¾ÞPrivacIE:google-analytics.com/*/ga.js Þ e e t n o r d i c . c o m üï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾ÞURL `_È=‰É €Q ` h þ ” ( $9c ï¾ÞPrivacIE:google-analytics.com/*/__utm.gif Þ e e t n o r d i c . c o m ï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þï¾Þ Gå til http://virusscan.jotti.org , trykk på Browse, og last opp følgende fil til analyse: D:\WINDOWS\system32\isdncoin.dll D:\WINDOWS\system32\utilcpy.exe D:\Program Files\Common Files\System\vss rc0.dll D:\Program Files\Clock Tray Skins\ClockTraySkins.exe E:\Program Files\Thoosje Vista Sidebar\Thoosje Sidebar.exe Deretter trykker du på Submit. Godta at filen blir scannet. Til slutt kopierer du resultatet, og limer det inn i din neste post, så jeg kan se på den, og vurdere hva som må gjøres videre. Her fant den noe og resultatet er her. Service load: 0% 100% File: vss_rc0.dll Status: POSSIBLY INFECTED/MALWARE (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.) MD5: 81e5335e9ef4185c188d132e3dff2ab9 Packers detected: UPX Scanner results Scan taken on 04 Sep 2008 14:57:41 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found Trojan.Dropper.IRC.TKB ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Ikarus Found Virus.Win32.BHO.PO Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing Endret 4. september 2008 av billywillie Lenke til kommentar
r2d290 Skrevet 4. september 2008 Del Skrevet 4. september 2008 altså, det var den eneste fila du fant noe på? Da tror jeg kanskje noen andre bør overta her. Ble litt usikker Lenke til kommentar
billywillie Skrevet 4. september 2008 Forfatter Del Skrevet 4. september 2008 altså, det var den eneste fila du fant noe på? Da tror jeg kanskje noen andre bør overta her. Ble litt usikker Ja alle de andre var (grønne) ok Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå