Ottesen Skrevet 3. november 2008 Del Skrevet 3. november 2008 (endret) Heisann... Håper på litt hjelp her, pc'n ble plutselig treg. 2-3 dager gammel windows bare. Den har vært rask og fin, men istad når jeg skulle skru den på så ble den mega treg. Bruker 10 min visst ikke mer bare å komme seg inn i windows og er treg til å få opp programer. Combofix-log: ComboFix 08-11-02.05 - Administrator 2008-11-04 18:34:48.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2780 [GMT 1:00] Running from: c:\documents and settings\Administrator\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\npf.sys c:\windows\system32\packet.dll c:\windows\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-10-04 to 2008-11-04 ))))))))))))))))))))))))))))))) . 2008-11-04 18:43 . 2008-11-04 18:43 42,512 --a------ c:\windows\system32\drivers\npf.sys 2008-11-04 18:42 . 2008-11-04 18:42 240,240 --a------ c:\windows\system32\wpcap.dll 2008-11-04 18:42 . 2008-11-04 18:42 88,704 --a------ c:\windows\system32\packet.dll 2008-11-04 17:29 . 2008-11-04 17:29 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-04 17:29 . 2008-11-04 17:29 <DIR> d-------- c:\program files\CCleaner 2008-11-04 17:29 . 2008-11-04 17:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-04 17:29 . 2008-11-04 17:29 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2008-11-04 17:29 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-04 17:29 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-04 17:00 . 2008-11-04 17:00 <DIR> d-------- c:\program files\Lavasoft 2008-11-04 17:00 . 2008-11-04 17:00 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Lavasoft 2008-11-04 07:11 . 2008-11-04 07:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems 2008-11-04 07:10 . 2008-11-04 07:10 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared 2008-11-02 23:20 . 2008-11-04 18:42 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2008-11-02 23:12 . 2008-11-04 18:42 <DIR> d-------- c:\program files\DNA 2008-11-02 23:12 . 2008-11-02 23:12 <DIR> d-------- c:\program files\BitTorrent 2008-11-02 23:12 . 2008-11-04 18:42 <DIR> d-------- c:\documents and settings\Administrator\Application Data\DNA 2008-11-02 23:12 . 2008-11-04 18:37 <DIR> d-------- c:\documents and settings\Administrator\Application Data\BitTorrent 2008-11-02 23:09 . 2008-11-04 06:56 69 --a------ c:\windows\NeroDigital.ini 2008-11-02 23:08 . 2008-11-02 23:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fallout3 2008-11-02 23:07 . 2008-11-02 23:07 <DIR> d-------- c:\program files\MSBuild 2008-11-02 23:05 . 2008-11-02 23:05 <DIR> d-------- c:\windows\system32\XPSViewer 2008-11-02 23:05 . 2008-11-02 23:05 <DIR> d-------- c:\program files\Reference Assemblies 2008-11-02 23:04 . 2008-11-02 23:04 <DIR> d-------- c:\windows\system32\xlive 2008-11-02 23:04 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll 2008-11-02 23:02 . 2008-11-02 23:02 107,888 --a------ c:\windows\system32\CmdLineExt.dll 2008-11-02 23:01 . 2008-11-02 23:01 <DIR> d-------- c:\windows\Downloaded Installations 2008-11-02 23:01 . 2008-11-02 23:01 <DIR> d-------- c:\program files\D-Tools 2008-11-02 23:01 . 2004-08-22 16:31 155,136 --a------ c:\windows\system32\drivers\d347bus.sys 2008-11-02 23:01 . 2004-08-22 16:31 5,248 --a------ c:\windows\system32\drivers\d347prt.sys 2008-11-02 22:33 . 2008-11-02 22:33 <DIR> d-------- c:\program files\Alcohol Soft 2008-11-02 22:33 . 2005-07-08 14:44 159,616 --a------ c:\windows\system32\drivers\vax347b.sys 2008-11-02 22:33 . 2004-04-30 09:33 5,248 --a------ c:\windows\system32\drivers\vax347s.sys 2008-11-02 22:08 . 2008-11-02 22:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro 2008-11-02 22:08 . 2008-11-02 22:08 <DIR> d-------- c:\documents and settings\Administrator\Application Data\DAEMON Tools Pro 2008-11-02 22:08 . 2008-11-02 22:08 717,296 --a------ c:\windows\system32\drivers\sptd.sys 2008-11-02 05:45 . 2008-11-02 05:45 <DIR> d-------- c:\documents and settings\Administrator\Application Data\vlc 2008-11-02 05:39 . 2008-11-02 05:39 <DIR> d-------- c:\program files\VideoLAN 2008-11-02 04:49 . 2008-11-02 04:49 <DIR> d-------- c:\program files\Lavalys 2008-11-02 00:49 . 2008-11-02 00:49 <DIR> d-------- c:\program files\MSXML 4.0 2008-11-02 00:36 . 2007-07-30 19:18 34,136 --a------ c:\windows\system32\wucltui.dll.mui 2008-11-02 00:36 . 2007-07-30 19:19 25,944 --a------ c:\windows\system32\wuaucpl.cpl.mui 2008-11-02 00:36 . 2007-07-30 19:19 25,944 --a------ c:\windows\system32\wuapi.dll.mui 2008-11-02 00:36 . 2007-07-30 19:18 20,312 --a------ c:\windows\system32\wuaueng.dll.mui 2008-11-01 23:12 . 2008-11-01 23:12 <DIR> d-------- c:\windows\system32\Futuremark 2008-11-01 23:12 . 2008-11-01 23:12 262,144 --a------ c:\windows\system32\wrap_oal.dll 2008-11-01 23:12 . 2008-11-01 23:12 86,016 --a------ c:\windows\system32\OpenAL32.dll 2008-11-01 23:12 . 2004-10-25 20:02 21,664 --a------ c:\windows\system32\drivers\Entech.sys 2008-11-01 23:12 . 1999-11-02 10:01 6,173 --a------ c:\windows\system32\drivers\Entech.vxd 2008-11-01 23:12 . 2004-06-22 15:44 5,632 --a------ c:\windows\system32\drivers\Entech64.sys 2008-11-01 23:12 . 2001-11-19 19:05 3,972 --a------ c:\windows\system32\drivers\PciBus.sys 2008-11-01 23:11 . 2008-11-01 23:11 <DIR> d-------- c:\program files\Futuremark 2008-11-01 23:11 . 2008-11-01 23:12 <DIR> d-------- C:\Directx 2008-11-01 22:35 . 2008-11-01 22:36 <DIR> d-------- c:\program files\Winamp 2008-11-01 22:35 . 2008-11-01 22:36 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Winamp 2008-11-01 22:34 . 2008-11-01 22:34 45 --a------ c:\windows\system32\initdebug.nfo 2008-11-01 22:32 . 2008-08-14 11:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-11-01 22:32 . 2008-08-14 11:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-11-01 22:32 . 2008-08-14 10:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-11-01 22:32 . 2008-08-14 10:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-11-01 22:32 . 2008-09-15 13:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys 2008-11-01 22:32 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-11-01 22:32 . 2008-06-13 12:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys 2008-11-01 22:32 . 2008-08-14 11:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys 2008-11-01 22:31 . 2008-11-02 00:51 <DIR> d--h----- c:\windows\$hf_mig$ 2008-11-01 22:31 . 2006-12-07 06:29 2,374,472 -----c--- c:\windows\system32\dllcache\wmvcore.dll 2008-11-01 22:31 . 2008-04-11 20:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll 2008-11-01 22:31 . 2008-05-01 15:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll 2008-11-01 22:31 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys 2008-11-01 22:30 . 2008-10-03 18:41 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll 2008-11-01 22:30 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat 2008-11-01 22:30 . 2007-03-08 06:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui 2008-11-01 22:30 . 2008-08-26 08:24 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll 2008-11-01 22:30 . 2008-08-26 08:24 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll 2008-11-01 22:30 . 2008-10-15 17:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-11-01 22:30 . 2008-08-26 08:24 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll 2008-11-01 22:30 . 2008-08-26 08:24 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll 2008-11-01 22:30 . 2008-08-26 08:24 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll 2008-11-01 22:30 . 2008-08-25 09:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe 2008-11-01 22:22 . 2008-11-04 17:47 <DIR> d-------- c:\documents and settings\Administrator\Application Data\skypePM 2008-11-01 22:22 . 2008-11-01 22:22 56 --ah----- c:\windows\system32\ezsidmv.dat 2008-11-01 22:20 . 2008-11-01 22:20 <DIR> d-------- c:\program files\Skype 2008-11-01 22:20 . 2008-11-01 22:20 <DIR> d-------- c:\program files\MSN Messenger 2008-11-01 22:20 . 2008-11-01 22:20 <DIR> d-------- c:\program files\Common Files\Skype 2008-11-01 22:20 . 2008-11-01 22:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype 2008-11-01 22:20 . 2008-11-04 18:18 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Skype 2008-11-01 22:17 . 2008-11-01 22:17 0 --a------ c:\windows\vpc32.INI 2008-11-01 22:10 . 2007-10-11 11:10 30,008 --a------ c:\windows\system32\drivers\ET5Drv.sys 2008-11-01 22:07 . 2008-11-01 22:07 <DIR> d-------- c:\windows\system32\LogFiles 2008-11-01 22:04 . 2008-04-14 05:42 1,306,624 --------- c:\windows\system32\msxml6.dll 2008-11-01 22:04 . 2008-04-14 05:42 1,306,624 -----c--- c:\windows\system32\dllcache\msxml6.dll 2008-11-01 22:04 . 2008-04-14 05:40 102,912 -----c--- c:\windows\system32\dllcache\dpcdll.dll 2008-11-01 22:04 . 2008-04-13 22:57 79,872 --------- c:\windows\system32\msxml6r.dll 2008-11-01 22:04 . 2008-04-13 22:57 79,872 -----c--- c:\windows\system32\dllcache\msxml6r.dll 2008-11-01 22:04 . 2001-08-17 14:59 3,072 --a------ c:\windows\system32\drivers\audstub.sys 2008-11-01 22:02 . 2008-11-01 22:02 <DIR> d-------- c:\windows\ServicePackFiles 2008-11-01 22:02 . 2008-04-14 00:10 57,600 --a------ c:\windows\system32\drivers\redbook.sys 2008-11-01 22:02 . 2001-08-17 14:46 6,400 --a------ c:\windows\system32\drivers\enum1394.sys 2008-11-01 22:00 . 2008-04-13 23:53 1,309,184 --------- c:\windows\system32\drivers\mtlstrm.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-04 17:40 --------- d-----w c:\program files\Common Files\Symantec Shared 2008-11-04 16:43 16,608 ----a-w c:\windows\gdrv.sys 2008-11-04 06:12 --------- d-----w c:\program files\Common Files\Adobe 2008-11-02 22:08 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-01 20:54 --------- d-----w c:\program files\Realtek 2008-11-01 20:53 --------- d-----w c:\documents and settings\Administrator\Application Data\InstallShield 2008-11-01 20:50 315,392 ----a-w c:\windows\HideWin.exe 2008-11-01 20:42 --------- d-----w c:\program files\Intel 2008-11-01 20:41 --------- d-----w c:\program files\GIGABYTE 2008-11-01 20:41 --------- d-----w c:\program files\Common Files\InstallShield 2008-11-01 20:37 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-11-01 20:37 --------- d-----w c:\program files\AGEIA Technologies 2008-11-01 20:36 94,636 ----a-w c:\windows\dropcpyr.dll 2008-11-01 20:36 73,728 ----a-w c:\windows\copyfstq.exe 2008-11-01 20:36 --------- d-----w c:\program files\Opera 2008-11-01 20:34 --------- d-----w c:\program files\RivaTuner v2.11 2008-11-01 20:19 --------- d-----w c:\program files\Symantec Client Security 2008-11-01 20:19 --------- d-----w c:\program files\Symantec 2008-11-01 20:19 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2008-11-01 20:18 --------- d-----w c:\program files\Trillian Pro 2008-11-01 20:18 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-11-01 20:18 --------- d-----w c:\program files\CyberLink 2008-11-01 20:18 --------- d-----w c:\program files\Ahead 2008-11-01 20:18 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-01 20:17 --------- d-----w c:\program files\Common Files\Ahead 2008-11-01 20:17 --------- d-----w c:\program files\7-Zip 2008-11-01 20:16 155,995 ----a-w c:\windows\java\Packages\EZDVV7NX.ZIP 2008-11-01 20:16 --------- d-----w c:\program files\Real Alternative 2008-11-01 20:16 --------- d-----w c:\program files\QuickTime Alternative 2008-11-01 20:16 --------- d-----w c:\program files\Media Player Classic 2008-11-01 20:16 --------- d-----w c:\program files\K-Lite Codec Pack 2008-11-01 20:16 --------- d-----w c:\program files\Java 2008-11-01 20:16 --------- d-----w c:\program files\Common Files\Java 2008-11-01 20:10 --------- d-----w c:\program files\microsoft frontpage 2008-10-02 23:46 81,920 ----a-w c:\windows\system32\frapsvid.dll 2008-10-02 09:07 453,152 ----a-w c:\windows\system32\NVUNINST.EXE 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys 2008-09-04 08:31 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe 2008-08-29 07:57 70,936 ----a-w c:\windows\system32\PhysXLoader.dll 2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll 2008-08-14 10:09 2,145,280 ----a-w c:\windows\system32\ntoskrnl.exe 2008-08-14 09:33 2,023,936 ----a-w c:\windows\system32\ntkrnlpa.exe 2008-04-14 04:42 933,888 --sh--r c:\windows\system32\szehost.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2005-10-13 7086080] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-02 342336] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752] "vptray"="c:\progra~1\SYMANT~1\SYMANT~2\VPTray.exe" [2005-04-17 85184] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "GEST"="c:\program files\GIGABYTE\GEST\RUN.exe" [2007-12-14 236040] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352] "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920] "Resume copy"="copyfstq.exe" [2008-11-01 c:\windows\copyfstq.exe] "nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-09-19 c:\windows\RTHDCPL.exe] "Zend Tech Driver"="szehost.exe" [2008-04-14 c:\windows\system32\szehost.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Zend Tech Driver"="szehost.exe" [2008-04-14 c:\windows\system32\szehost.exe] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.3iv2"= 3ivxVfWCodec.dll "VIDC.VP31"= vp31vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R3 EraserUtilDrvI7;EraserUtilDrvI7;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys [2008-10-15 99376] R3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [2007-12-14 47624] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-10-22 38496] S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2008-11-04 42512] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ae48d42-a856-11dd-9eb0-806d6172696f}] \Shell\AutoRun\command - M:\Run.exe . Contents of the 'Scheduled Tasks' folder 2008-11-01 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-03-31 17:32] . - - - - ORPHANS REMOVED - - - - HKCU-Run-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTProAgent.exe . ------- Supplementary Scan ------- . O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-04 18:42:56 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system32\drivers\npf.sys 42512 bytes executable scan completed successfully hidden files: 1 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\ccProxy.exe c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe c:\program files\Common Files\Symantec Shared\SNDSrvc.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe c:\windows\system32\nvsvc32.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe c:\program files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe c:\program files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\rundll32.exe c:\program files\GIGABYTE\GEST\gest.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Completion time: 2008-11-04 18:45:10 - machine was rebooted ComboFix-quarantined-files.txt 2008-11-04 17:45:07 Pre-Run: 238,199,377,920 bytes free Post-Run: 238,455,947,264 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 273 --- E O F --- 2008-11-01 23:51:34 Hijackthis-log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:48:30 PM, on 11/4/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\GIGABYTE\GEST\gest.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\D-Tools\daemon.exe C:\WINDOWS\system32\szehost.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\GIGABYTE\GEST\GSvr.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe D:\Progz\RealTemp_2.70\RealTemp.exe D:\Progz\SpeedFan\speedfan.exe D:\Progz\Fraps\fraps.exe C:\Program Files\Opera\opera.exe C:\HijackThisplease\blabla.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Zend Tech Driver] szehost.exe O4 - HKLM\..\RunServices: [Zend Tech Driver] szehost.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- End of file - 6715 bytes Endret 6. november 2008 av Ottesen Lenke til kommentar
Tosha0007 Skrevet 3. november 2008 Del Skrevet 3. november 2008 (endret) last ned combofix på nytt og legg det på skrivebordet. Køyr det deretter på nytt og post ein ny logg edit: Køyr og Malwarebytes Anti-Malware. Last ned Malwarebytes' Anti-Malware Her eller Her.''' Lagre den på Skrivebordet. Kjør fila og installer programmet. Velg Norsk språkdrakt. [*]Sett en hake ved siden av Oppdater Malwarebytes' Anti-Malware og Kjør Malwarebytes' Anti-Malware, og trykk Ferdig. La programmet oppdatere seg og velg Utfør hurtig systemskann. Du får en meldingsboks når programmet er ferdigkjørt Klikk deretter på Vis resultat-knappen. Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgt -knappen for å fjerne malwaren som evt. ble funnet. Notis: Hvis MBAM finner en fil som er vanskelig å fjerne, vil du bli spurt om to spørsmål. Trykk OK på begge, og la MBAM gjøre seg ferdig med desinfeksjonen. Hvis du blir spurt om å restarte maskinen, gjør du det med en gang. Når MBAM er ferdig med å fjerne det den har funnet, vil det bli åpnet en logg i notisblokk. Den poster du senere om den fant noe annet enn cookies Endret 3. november 2008 av tosha0007 Lenke til kommentar
Ottesen Skrevet 3. november 2008 Forfatter Del Skrevet 3. november 2008 Sånn, gjort som du as Tok skann med malware istad, fant ikke noe. Må si at pc'n faktisk virket ganske bra nå, but still... Combofix: ComboFix 08-11-02.05 - Administrator 2008-11-04 19:23:21.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2912 [GMT 1:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\npf.sys c:\windows\system32\packet.dll c:\windows\system32\wpcap.dll . ((((((((((((((((((((((((( Files Created from 2008-10-04 to 2008-11-04 ))))))))))))))))))))))))))))))) . 2008-11-04 19:29 . 2008-11-04 19:29 240,240 --a------ c:\windows\system32\wpcap.dll 2008-11-04 19:29 . 2008-11-04 19:29 88,704 --a------ c:\windows\system32\packet.dll 2008-11-04 19:29 . 2008-11-04 19:29 42,512 --a------ c:\windows\system32\drivers\npf.sys 2008-11-04 18:47 . 2008-11-04 18:48 <DIR> d-------- C:\HijackThisplease 2008-11-04 17:29 . 2008-11-04 17:29 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-04 17:29 . 2008-11-04 17:29 <DIR> d-------- c:\program files\CCleaner 2008-11-04 17:29 . 2008-11-04 17:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-04 17:29 . 2008-11-04 17:29 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2008-11-04 17:29 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-04 17:29 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-04 17:00 . 2008-11-04 17:00 <DIR> d-------- c:\program files\Lavasoft 2008-11-04 17:00 . 2008-11-04 17:00 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Lavasoft 2008-11-04 07:11 . 2008-11-04 07:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems 2008-11-04 07:10 . 2008-11-04 07:10 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared 2008-11-02 23:20 . 2008-11-04 19:28 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2008-11-02 23:12 . 2008-11-04 19:28 <DIR> d-------- c:\program files\DNA 2008-11-02 23:12 . 2008-11-02 23:12 <DIR> d-------- c:\program files\BitTorrent 2008-11-02 23:12 . 2008-11-04 19:28 <DIR> d-------- c:\documents and settings\Administrator\Application Data\DNA 2008-11-02 23:12 . 2008-11-04 19:25 <DIR> d-------- c:\documents and settings\Administrator\Application Data\BitTorrent 2008-11-02 23:09 . 2008-11-04 19:12 69 --a------ c:\windows\NeroDigital.ini 2008-11-02 23:08 . 2008-11-02 23:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fallout3 2008-11-02 23:07 . 2008-11-02 23:07 <DIR> d-------- c:\program files\MSBuild 2008-11-02 23:05 . 2008-11-02 23:05 <DIR> d-------- c:\windows\system32\XPSViewer 2008-11-02 23:05 . 2008-11-02 23:05 <DIR> d-------- c:\program files\Reference Assemblies 2008-11-02 23:04 . 2008-11-02 23:04 <DIR> d-------- c:\windows\system32\xlive 2008-11-02 23:04 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll 2008-11-02 23:02 . 2008-11-02 23:02 107,888 --a------ c:\windows\system32\CmdLineExt.dll 2008-11-02 23:01 . 2008-11-02 23:01 <DIR> d-------- c:\windows\Downloaded Installations 2008-11-02 23:01 . 2008-11-02 23:01 <DIR> d-------- c:\program files\D-Tools 2008-11-02 23:01 . 2004-08-22 16:31 155,136 --a------ c:\windows\system32\drivers\d347bus.sys 2008-11-02 23:01 . 2004-08-22 16:31 5,248 --a------ c:\windows\system32\drivers\d347prt.sys 2008-11-02 22:33 . 2008-11-02 22:33 <DIR> d-------- c:\program files\Alcohol Soft 2008-11-02 22:33 . 2005-07-08 14:44 159,616 --a------ c:\windows\system32\drivers\vax347b.sys 2008-11-02 22:33 . 2004-04-30 09:33 5,248 --a------ c:\windows\system32\drivers\vax347s.sys 2008-11-02 22:08 . 2008-11-02 22:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro 2008-11-02 22:08 . 2008-11-02 22:08 <DIR> d-------- c:\documents and settings\Administrator\Application Data\DAEMON Tools Pro 2008-11-02 22:08 . 2008-11-02 22:08 717,296 --a------ c:\windows\system32\drivers\sptd.sys 2008-11-02 05:45 . 2008-11-02 05:45 <DIR> d-------- c:\documents and settings\Administrator\Application Data\vlc 2008-11-02 05:39 . 2008-11-02 05:39 <DIR> d-------- c:\program files\VideoLAN 2008-11-02 04:49 . 2008-11-02 04:49 <DIR> d-------- c:\program files\Lavalys 2008-11-02 00:49 . 2008-11-02 00:49 <DIR> d-------- c:\program files\MSXML 4.0 2008-11-02 00:36 . 2007-07-30 19:18 34,136 --a------ c:\windows\system32\wucltui.dll.mui 2008-11-02 00:36 . 2007-07-30 19:19 25,944 --a------ c:\windows\system32\wuaucpl.cpl.mui 2008-11-02 00:36 . 2007-07-30 19:19 25,944 --a------ c:\windows\system32\wuapi.dll.mui 2008-11-02 00:36 . 2007-07-30 19:18 20,312 --a------ c:\windows\system32\wuaueng.dll.mui 2008-11-01 23:12 . 2008-11-01 23:12 <DIR> d-------- c:\windows\system32\Futuremark 2008-11-01 23:12 . 2008-11-01 23:12 262,144 --a------ c:\windows\system32\wrap_oal.dll 2008-11-01 23:12 . 2008-11-01 23:12 86,016 --a------ c:\windows\system32\OpenAL32.dll 2008-11-01 23:12 . 2004-10-25 20:02 21,664 --a------ c:\windows\system32\drivers\Entech.sys 2008-11-01 23:12 . 1999-11-02 10:01 6,173 --a------ c:\windows\system32\drivers\Entech.vxd 2008-11-01 23:12 . 2004-06-22 15:44 5,632 --a------ c:\windows\system32\drivers\Entech64.sys 2008-11-01 23:12 . 2001-11-19 19:05 3,972 --a------ c:\windows\system32\drivers\PciBus.sys 2008-11-01 23:11 . 2008-11-01 23:11 <DIR> d-------- c:\program files\Futuremark 2008-11-01 23:11 . 2008-11-01 23:12 <DIR> d-------- C:\Directx 2008-11-01 22:35 . 2008-11-01 22:36 <DIR> d-------- c:\program files\Winamp 2008-11-01 22:35 . 2008-11-01 22:36 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Winamp 2008-11-01 22:34 . 2008-11-01 22:34 45 --a------ c:\windows\system32\initdebug.nfo 2008-11-01 22:32 . 2008-08-14 11:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-11-01 22:32 . 2008-08-14 11:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-11-01 22:32 . 2008-08-14 10:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-11-01 22:32 . 2008-08-14 10:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-11-01 22:32 . 2008-09-15 13:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys 2008-11-01 22:32 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-11-01 22:32 . 2008-06-13 12:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys 2008-11-01 22:32 . 2008-08-14 11:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys 2008-11-01 22:31 . 2008-11-02 00:51 <DIR> d--h----- c:\windows\$hf_mig$ 2008-11-01 22:31 . 2006-12-07 06:29 2,374,472 -----c--- c:\windows\system32\dllcache\wmvcore.dll 2008-11-01 22:31 . 2008-04-11 20:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll 2008-11-01 22:31 . 2008-05-01 15:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll 2008-11-01 22:31 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys 2008-11-01 22:30 . 2008-10-03 18:41 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll 2008-11-01 22:30 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat 2008-11-01 22:30 . 2007-03-08 06:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui 2008-11-01 22:30 . 2008-08-26 08:24 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll 2008-11-01 22:30 . 2008-08-26 08:24 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll 2008-11-01 22:30 . 2008-10-15 17:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-11-01 22:30 . 2008-08-26 08:24 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll 2008-11-01 22:30 . 2008-08-26 08:24 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll 2008-11-01 22:30 . 2008-08-26 08:24 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll 2008-11-01 22:30 . 2008-08-25 09:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe 2008-11-01 22:22 . 2008-11-04 17:47 <DIR> d-------- c:\documents and settings\Administrator\Application Data\skypePM 2008-11-01 22:22 . 2008-11-01 22:22 56 --ah----- c:\windows\system32\ezsidmv.dat 2008-11-01 22:20 . 2008-11-01 22:20 <DIR> d-------- c:\program files\Skype 2008-11-01 22:20 . 2008-11-01 22:20 <DIR> d-------- c:\program files\MSN Messenger 2008-11-01 22:20 . 2008-11-01 22:20 <DIR> d-------- c:\program files\Common Files\Skype 2008-11-01 22:20 . 2008-11-01 22:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype 2008-11-01 22:20 . 2008-11-04 18:45 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Skype 2008-11-01 22:17 . 2008-11-01 22:17 0 --a------ c:\windows\vpc32.INI 2008-11-01 22:10 . 2007-10-11 11:10 30,008 --a------ c:\windows\system32\drivers\ET5Drv.sys 2008-11-01 22:07 . 2008-11-01 22:07 <DIR> d-------- c:\windows\system32\LogFiles 2008-11-01 22:04 . 2008-04-14 05:42 1,306,624 --------- c:\windows\system32\msxml6.dll 2008-11-01 22:04 . 2008-04-14 05:42 1,306,624 -----c--- c:\windows\system32\dllcache\msxml6.dll 2008-11-01 22:04 . 2008-04-14 05:40 102,912 -----c--- c:\windows\system32\dllcache\dpcdll.dll 2008-11-01 22:04 . 2008-04-13 22:57 79,872 --------- c:\windows\system32\msxml6r.dll 2008-11-01 22:04 . 2008-04-13 22:57 79,872 -----c--- c:\windows\system32\dllcache\msxml6r.dll 2008-11-01 22:04 . 2001-08-17 14:59 3,072 --a------ c:\windows\system32\drivers\audstub.sys 2008-11-01 22:02 . 2008-11-01 22:02 <DIR> d-------- c:\windows\ServicePackFiles 2008-11-01 22:02 . 2008-04-14 00:10 57,600 --a------ c:\windows\system32\drivers\redbook.sys 2008-11-01 22:02 . 2001-08-17 14:46 6,400 --a------ c:\windows\system32\drivers\enum1394.sys 2008-11-01 22:00 . 2008-04-13 23:53 1,309,184 --------- c:\windows\system32\drivers\mtlstrm.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-04 18:25 16,608 ----a-w c:\windows\gdrv.sys 2008-11-04 17:40 --------- d-----w c:\program files\Common Files\Symantec Shared 2008-11-04 06:12 --------- d-----w c:\program files\Common Files\Adobe 2008-11-02 22:08 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-01 20:54 --------- d-----w c:\program files\Realtek 2008-11-01 20:53 --------- d-----w c:\documents and settings\Administrator\Application Data\InstallShield 2008-11-01 20:50 315,392 ----a-w c:\windows\HideWin.exe 2008-11-01 20:42 --------- d-----w c:\program files\Intel 2008-11-01 20:41 --------- d-----w c:\program files\GIGABYTE 2008-11-01 20:41 --------- d-----w c:\program files\Common Files\InstallShield 2008-11-01 20:37 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-11-01 20:37 --------- d-----w c:\program files\AGEIA Technologies 2008-11-01 20:36 94,636 ----a-w c:\windows\dropcpyr.dll 2008-11-01 20:36 73,728 ----a-w c:\windows\copyfstq.exe 2008-11-01 20:36 --------- d-----w c:\program files\Opera 2008-11-01 20:34 --------- d-----w c:\program files\RivaTuner v2.11 2008-11-01 20:19 --------- d-----w c:\program files\Symantec Client Security 2008-11-01 20:19 --------- d-----w c:\program files\Symantec 2008-11-01 20:19 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2008-11-01 20:18 --------- d-----w c:\program files\Trillian Pro 2008-11-01 20:18 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-11-01 20:18 --------- d-----w c:\program files\CyberLink 2008-11-01 20:18 --------- d-----w c:\program files\Ahead 2008-11-01 20:18 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-01 20:17 --------- d-----w c:\program files\Common Files\Ahead 2008-11-01 20:17 --------- d-----w c:\program files\7-Zip 2008-11-01 20:16 155,995 ----a-w c:\windows\java\Packages\EZDVV7NX.ZIP 2008-11-01 20:16 --------- d-----w c:\program files\Real Alternative 2008-11-01 20:16 --------- d-----w c:\program files\QuickTime Alternative 2008-11-01 20:16 --------- d-----w c:\program files\Media Player Classic 2008-11-01 20:16 --------- d-----w c:\program files\K-Lite Codec Pack 2008-11-01 20:16 --------- d-----w c:\program files\Java 2008-11-01 20:16 --------- d-----w c:\program files\Common Files\Java 2008-11-01 20:10 --------- d-----w c:\program files\microsoft frontpage 2008-10-02 23:46 81,920 ----a-w c:\windows\system32\frapsvid.dll 2008-10-02 09:07 453,152 ----a-w c:\windows\system32\NVUNINST.EXE 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys 2008-09-04 08:31 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe 2008-08-29 07:57 70,936 ----a-w c:\windows\system32\PhysXLoader.dll 2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll 2008-08-14 10:09 2,145,280 ----a-w c:\windows\system32\ntoskrnl.exe 2008-08-14 09:33 2,023,936 ----a-w c:\windows\system32\ntkrnlpa.exe 2008-04-14 04:42 933,888 --sh--r c:\windows\system32\szehost.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2005-10-13 7086080] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-02 342336] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752] "vptray"="c:\progra~1\SYMANT~1\SYMANT~2\VPTray.exe" [2005-04-17 85184] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "GEST"="c:\program files\GIGABYTE\GEST\RUN.exe" [2007-12-14 236040] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352] "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920] "Resume copy"="copyfstq.exe" [2008-11-01 c:\windows\copyfstq.exe] "nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-09-19 c:\windows\RTHDCPL.exe] "Zend Tech Driver"="szehost.exe" [2008-04-14 c:\windows\system32\szehost.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Zend Tech Driver"="szehost.exe" [2008-04-14 c:\windows\system32\szehost.exe] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.3iv2"= 3ivxVfWCodec.dll "VIDC.VP31"= vp31vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [2007-12-14 47624] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-10-22 38496] S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2008-11-04 42512] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ae48d42-a856-11dd-9eb0-806d6172696f}] \Shell\AutoRun\command - M:\Run.exe . Contents of the 'Scheduled Tasks' folder 2008-11-01 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-03-31 17:32] . . ------- Supplementary Scan ------- . O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-04 19:29:13 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\ccProxy.exe c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe c:\program files\Common Files\Symantec Shared\SNDSrvc.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe c:\windows\system32\nvsvc32.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe c:\program files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe c:\windows\system32\rundll32.exe c:\program files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe c:\program files\GIGABYTE\GEST\gest.exe c:\windows\system32\wdfmgr.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Completion time: 2008-11-04 19:31:28 - machine was rebooted ComboFix-quarantined-files.txt 2008-11-04 18:31:25 ComboFix2.txt 2008-11-04 17:45:11 Pre-Run: 238,443,671,552 bytes free Post-Run: 238,439,071,744 bytes free 260 --- E O F --- 2008-11-01 23:51:34 Lenke til kommentar
Tosha0007 Skrevet 3. november 2008 Del Skrevet 3. november 2008 (endret) Gå til http://virusscan.jotti.org , trykk på Browse, og last opp følgende fil til analyse: c:\windows\java\Packages\EZDVV7NX.ZIP c:\windows\system32\szehost.exe c:\windows\system32\drivers\mtlstrm.sys Deretter trykker du på Submit. Godta at filen blir scannet. Til slutt kopierer du resultatet, og limer det inn i din neste post, så jeg kan se på den, og vurdere hva som må gjøres videre. Endret 3. november 2008 av tosha0007 Lenke til kommentar
Ottesen Skrevet 3. november 2008 Forfatter Del Skrevet 3. november 2008 1.Den første fila var helt ok. 2. A-Squared Found Backdoor.SdBot.DFYR!IK AntiVir Found TR/Dropper.Gen ArcaVir Found nothing Avast Found nothing AVG Antivirus Found BackDoor.RBot.AS BitDefender Found Backdoor.SDBot.DFYR ClamAV Found nothing CPsecure Found nothing Dr.Web Found BackDoor.IRC.Sdbot.4105 F-Prot Antivirus Found nothing F-Secure Anti-Virus Found Backdoor.Win32.SdBot.ifj G DATA Found Backdoor.SDBot.DFYR Ikarus Found Backdoor.SdBot.DFYR Kaspersky Anti-Virus Found Backdoor.Win32.SdBot.ifj NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing 3. Den var ok. Lenke til kommentar
Tosha0007 Skrevet 4. november 2008 Del Skrevet 4. november 2008 (endret) Trykk Start - Alle Programmer - Tilbehør - Notisblokk Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken: File:: c:\windows\system32\szehost.exe Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Zend Tech Driver"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Zend Tech Driver"=- Lagre det som CFScript på Skrivebordet Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser. Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang. Post innholdet til ComboFix.txt inn i ditt neste svar på forumet. liten edit: sjekk nytt CFScript over Endret 4. november 2008 av tosha0007 Lenke til kommentar
Ottesen Skrevet 4. november 2008 Forfatter Del Skrevet 4. november 2008 sånn.... ComboFix 08-11-02.05 - Administrator 2008-11-05 18:32:58.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2916 [GMT 1:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\cfscript.txt * Created a new restore point FILE :: c:\windows\system32\szehost.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\npf.sys c:\windows\system32\packet.dll c:\windows\system32\szehost.exe c:\windows\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-10-05 to 2008-11-05 ))))))))))))))))))))))))))))))) . 2008-11-05 06:22 . 2008-11-05 06:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller 2008-11-04 23:53 . 2008-11-04 23:53 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Red Alert 3 2008-11-04 18:47 . 2008-11-04 18:48 <DIR> d-------- C:\HijackThisplease 2008-11-04 17:29 . 2008-11-04 17:29 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-04 17:29 . 2008-11-04 17:29 <DIR> d-------- c:\program files\CCleaner 2008-11-04 17:29 . 2008-11-04 17:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-04 17:29 . 2008-11-04 17:29 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2008-11-04 17:29 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-04 17:29 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-04 17:00 . 2008-11-04 17:00 <DIR> d-------- c:\program files\Lavasoft 2008-11-04 17:00 . 2008-11-04 17:00 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Lavasoft 2008-11-04 07:11 . 2008-11-04 07:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Adobe Systems 2008-11-04 07:10 . 2008-11-04 07:10 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared 2008-11-02 23:20 . 2008-11-05 18:32 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2008-11-02 23:12 . 2008-11-05 18:40 <DIR> d-------- c:\program files\DNA 2008-11-02 23:12 . 2008-11-02 23:12 <DIR> d-------- c:\program files\BitTorrent 2008-11-02 23:12 . 2008-11-05 18:40 <DIR> d-------- c:\documents and settings\Administrator\Application Data\DNA 2008-11-02 23:12 . 2008-11-05 18:35 <DIR> d-------- c:\documents and settings\Administrator\Application Data\BitTorrent 2008-11-02 23:09 . 2008-11-05 18:27 69 --a------ c:\windows\NeroDigital.ini 2008-11-02 23:08 . 2008-11-02 23:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Fallout3 2008-11-02 23:07 . 2008-11-02 23:07 <DIR> d-------- c:\program files\MSBuild 2008-11-02 23:05 . 2008-11-02 23:05 <DIR> d-------- c:\windows\system32\XPSViewer 2008-11-02 23:05 . 2008-11-02 23:05 <DIR> d-------- c:\program files\Reference Assemblies 2008-11-02 23:04 . 2008-11-02 23:04 <DIR> d-------- c:\windows\system32\xlive 2008-11-02 23:04 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll 2008-11-02 23:02 . 2008-11-02 23:02 107,888 --a------ c:\windows\system32\CmdLineExt.dll 2008-11-02 23:01 . 2008-11-02 23:01 <DIR> d-------- c:\windows\Downloaded Installations 2008-11-02 23:01 . 2008-11-02 23:01 <DIR> d-------- c:\program files\D-Tools 2008-11-02 23:01 . 2004-08-22 16:31 155,136 --a------ c:\windows\system32\drivers\d347bus.sys 2008-11-02 23:01 . 2004-08-22 16:31 5,248 --a------ c:\windows\system32\drivers\d347prt.sys 2008-11-02 22:33 . 2008-11-02 22:33 <DIR> d-------- c:\program files\Alcohol Soft 2008-11-02 22:33 . 2005-07-08 14:44 159,616 --a------ c:\windows\system32\drivers\vax347b.sys 2008-11-02 22:33 . 2004-04-30 09:33 5,248 --a------ c:\windows\system32\drivers\vax347s.sys 2008-11-02 22:08 . 2008-11-02 22:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro 2008-11-02 22:08 . 2008-11-02 22:08 <DIR> d-------- c:\documents and settings\Administrator\Application Data\DAEMON Tools Pro 2008-11-02 22:08 . 2008-11-02 22:08 717,296 --a------ c:\windows\system32\drivers\sptd.sys 2008-11-02 05:45 . 2008-11-02 05:45 <DIR> d-------- c:\documents and settings\Administrator\Application Data\vlc 2008-11-02 05:39 . 2008-11-02 05:39 <DIR> d-------- c:\program files\VideoLAN 2008-11-02 04:49 . 2008-11-02 04:49 <DIR> d-------- c:\program files\Lavalys 2008-11-02 00:49 . 2008-11-02 00:49 <DIR> d-------- c:\program files\MSXML 4.0 2008-11-02 00:36 . 2007-07-30 19:18 34,136 --a------ c:\windows\system32\wucltui.dll.mui 2008-11-02 00:36 . 2007-07-30 19:19 25,944 --a------ c:\windows\system32\wuaucpl.cpl.mui 2008-11-02 00:36 . 2007-07-30 19:19 25,944 --a------ c:\windows\system32\wuapi.dll.mui 2008-11-02 00:36 . 2007-07-30 19:18 20,312 --a------ c:\windows\system32\wuaueng.dll.mui 2008-11-01 23:12 . 2008-11-01 23:12 <DIR> d-------- c:\windows\system32\Futuremark 2008-11-01 23:12 . 2008-11-01 23:12 262,144 --a------ c:\windows\system32\wrap_oal.dll 2008-11-01 23:12 . 2008-11-01 23:12 86,016 --a------ c:\windows\system32\OpenAL32.dll 2008-11-01 23:12 . 2004-10-25 20:02 21,664 --a------ c:\windows\system32\drivers\Entech.sys 2008-11-01 23:12 . 1999-11-02 10:01 6,173 --a------ c:\windows\system32\drivers\Entech.vxd 2008-11-01 23:12 . 2004-06-22 15:44 5,632 --a------ c:\windows\system32\drivers\Entech64.sys 2008-11-01 23:12 . 2001-11-19 19:05 3,972 --a------ c:\windows\system32\drivers\PciBus.sys 2008-11-01 23:11 . 2008-11-01 23:11 <DIR> d-------- c:\program files\Futuremark 2008-11-01 23:11 . 2008-11-01 23:12 <DIR> d-------- C:\Directx 2008-11-01 22:35 . 2008-11-01 22:36 <DIR> d-------- c:\program files\Winamp 2008-11-01 22:35 . 2008-11-01 22:36 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Winamp 2008-11-01 22:34 . 2008-11-01 22:34 45 --a------ c:\windows\system32\initdebug.nfo 2008-11-01 22:32 . 2008-08-14 11:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2008-11-01 22:32 . 2008-08-14 11:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2008-11-01 22:32 . 2008-08-14 10:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2008-11-01 22:32 . 2008-08-14 10:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2008-11-01 22:32 . 2008-09-15 13:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys 2008-11-01 22:32 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-11-01 22:32 . 2008-06-13 12:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys 2008-11-01 22:32 . 2008-08-14 11:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys 2008-11-01 22:31 . 2008-11-02 00:51 <DIR> d--h----- c:\windows\$hf_mig$ 2008-11-01 22:31 . 2006-12-07 06:29 2,374,472 -----c--- c:\windows\system32\dllcache\wmvcore.dll 2008-11-01 22:31 . 2008-04-11 20:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll 2008-11-01 22:31 . 2008-05-01 15:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll 2008-11-01 22:31 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys 2008-11-01 22:30 . 2008-10-03 18:41 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll 2008-11-01 22:30 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat 2008-11-01 22:30 . 2007-03-08 06:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui 2008-11-01 22:30 . 2008-08-26 08:24 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll 2008-11-01 22:30 . 2008-08-26 08:24 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll 2008-11-01 22:30 . 2008-10-15 17:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2008-11-01 22:30 . 2008-08-26 08:24 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll 2008-11-01 22:30 . 2008-08-26 08:24 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll 2008-11-01 22:30 . 2008-08-26 08:24 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll 2008-11-01 22:30 . 2008-08-25 09:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe 2008-11-01 22:22 . 2008-11-05 16:06 <DIR> d-------- c:\documents and settings\Administrator\Application Data\skypePM 2008-11-01 22:22 . 2008-11-01 22:22 56 --ah----- c:\windows\system32\ezsidmv.dat 2008-11-01 22:20 . 2008-11-01 22:20 <DIR> d-------- c:\program files\Skype 2008-11-01 22:20 . 2008-11-01 22:20 <DIR> d-------- c:\program files\MSN Messenger 2008-11-01 22:20 . 2008-11-01 22:20 <DIR> d-------- c:\program files\Common Files\Skype 2008-11-01 22:20 . 2008-11-01 22:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype 2008-11-01 22:20 . 2008-11-05 17:56 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Skype 2008-11-01 22:17 . 2008-11-01 22:17 0 --a------ c:\windows\vpc32.INI 2008-11-01 22:10 . 2007-10-11 11:10 30,008 --a------ c:\windows\system32\drivers\ET5Drv.sys 2008-11-01 22:07 . 2008-11-01 22:07 <DIR> d-------- c:\windows\system32\LogFiles 2008-11-01 22:04 . 2008-04-14 05:42 1,306,624 --------- c:\windows\system32\msxml6.dll 2008-11-01 22:04 . 2008-04-14 05:42 1,306,624 -----c--- c:\windows\system32\dllcache\msxml6.dll 2008-11-01 22:04 . 2008-04-14 05:40 102,912 -----c--- c:\windows\system32\dllcache\dpcdll.dll 2008-11-01 22:04 . 2008-04-13 22:57 79,872 --------- c:\windows\system32\msxml6r.dll 2008-11-01 22:04 . 2008-04-13 22:57 79,872 -----c--- c:\windows\system32\dllcache\msxml6r.dll 2008-11-01 22:04 . 2001-08-17 14:59 3,072 --a------ c:\windows\system32\drivers\audstub.sys 2008-11-01 22:02 . 2008-11-01 22:02 <DIR> d-------- c:\windows\ServicePackFiles 2008-11-01 22:02 . 2008-04-14 00:10 57,600 --a------ c:\windows\system32\drivers\redbook.sys 2008-11-01 22:02 . 2001-08-17 14:46 6,400 --a------ c:\windows\system32\drivers\enum1394.sys 2008-11-01 22:00 . 2008-04-13 23:53 1,309,184 --------- c:\windows\system32\drivers\mtlstrm.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-05 03:56 --------- d-----w c:\program files\Common Files\Symantec Shared 2008-11-05 03:55 16,608 ----a-w c:\windows\gdrv.sys 2008-11-04 06:12 --------- d-----w c:\program files\Common Files\Adobe 2008-11-02 22:08 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-01 20:54 --------- d-----w c:\program files\Realtek 2008-11-01 20:53 --------- d-----w c:\documents and settings\Administrator\Application Data\InstallShield 2008-11-01 20:50 315,392 ----a-w c:\windows\HideWin.exe 2008-11-01 20:42 --------- d-----w c:\program files\Intel 2008-11-01 20:41 --------- d-----w c:\program files\GIGABYTE 2008-11-01 20:41 --------- d-----w c:\program files\Common Files\InstallShield 2008-11-01 20:37 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-11-01 20:37 --------- d-----w c:\program files\AGEIA Technologies 2008-11-01 20:36 94,636 ----a-w c:\windows\dropcpyr.dll 2008-11-01 20:36 73,728 ----a-w c:\windows\copyfstq.exe 2008-11-01 20:36 --------- d-----w c:\program files\Opera 2008-11-01 20:34 --------- d-----w c:\program files\RivaTuner v2.11 2008-11-01 20:19 --------- d-----w c:\program files\Symantec Client Security 2008-11-01 20:19 --------- d-----w c:\program files\Symantec 2008-11-01 20:19 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2008-11-01 20:18 --------- d-----w c:\program files\Trillian Pro 2008-11-01 20:18 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-11-01 20:18 --------- d-----w c:\program files\CyberLink 2008-11-01 20:18 --------- d-----w c:\program files\Ahead 2008-11-01 20:18 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-01 20:17 --------- d-----w c:\program files\Common Files\Ahead 2008-11-01 20:17 --------- d-----w c:\program files\7-Zip 2008-11-01 20:16 155,995 ----a-w c:\windows\java\Packages\EZDVV7NX.ZIP 2008-11-01 20:16 --------- d-----w c:\program files\Real Alternative 2008-11-01 20:16 --------- d-----w c:\program files\QuickTime Alternative 2008-11-01 20:16 --------- d-----w c:\program files\Media Player Classic 2008-11-01 20:16 --------- d-----w c:\program files\K-Lite Codec Pack 2008-11-01 20:16 --------- d-----w c:\program files\Java 2008-11-01 20:16 --------- d-----w c:\program files\Common Files\Java 2008-11-01 20:10 --------- d-----w c:\program files\microsoft frontpage 2008-10-02 23:46 81,920 ----a-w c:\windows\system32\frapsvid.dll 2008-10-02 09:07 453,152 ----a-w c:\windows\system32\NVUNINST.EXE 2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys 2008-09-04 08:31 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe 2008-08-29 07:57 70,936 ----a-w c:\windows\system32\PhysXLoader.dll 2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll 2008-08-14 10:09 2,145,280 ----a-w c:\windows\system32\ntoskrnl.exe 2008-08-14 09:33 2,023,936 ----a-w c:\windows\system32\ntkrnlpa.exe . ((((((((((((((((((((((((((((( snapshot@2008-11-04_18.44.53.37 ))))))))))))))))))))))))))))))))))))))))) . + 2008-11-04 22:37:46 29,310 ----a-r c:\windows\Installer\{296D8550-CB06-48E4-9A8B-E5034FB64715}\ra3.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2005-10-13 7086080] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-11-02 342336] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752] "vptray"="c:\progra~1\SYMANT~1\SYMANT~2\VPTray.exe" [2005-04-17 85184] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "GEST"="c:\program files\GIGABYTE\GEST\RUN.exe" [2007-12-14 236040] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352] "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920] "Resume copy"="copyfstq.exe" [2008-11-01 c:\windows\copyfstq.exe] "nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-09-19 c:\windows\RTHDCPL.exe] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.3iv2"= 3ivxVfWCodec.dll "VIDC.VP31"= vp31vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= S3 EraserUtilDrvI7;EraserUtilDrvI7;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI7.sys [ ] S3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [2007-12-14 47624] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-10-22 38496] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ae48d42-a856-11dd-9eb0-806d6172696f}] \Shell\AutoRun\command - M:\Run.exe . Contents of the 'Scheduled Tasks' folder 2008-11-01 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-03-31 17:32] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-05 18:38:10 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\ccProxy.exe c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe c:\program files\Common Files\Symantec Shared\SNDSrvc.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe c:\windows\system32\nvsvc32.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe c:\program files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\rundll32.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Completion time: 2008-11-05 18:42:24 - machine was rebooted ComboFix-quarantined-files.txt 2008-11-05 17:42:21 ComboFix2.txt 2008-11-04 18:31:28 ComboFix3.txt 2008-11-04 17:45:11 Pre-Run: 238,175,723,520 bytes free Post-Run: 238,334,177,280 bytes free 260 --- E O F --- 2008-11-01 23:51:34 Lenke til kommentar
r2d290 Skrevet 4. november 2008 Del Skrevet 4. november 2008 Da tror jeg det ser greit ut. Hvordan kjører pc-en? Lenke til kommentar
Ottesen Skrevet 4. november 2008 Forfatter Del Skrevet 4. november 2008 Da tror jeg det ser greit ut. Hvordan kjører pc-en? Virker som den fungerer greit sålenge den har kommet seg i windows og fått opp alle programene, men å komme inn i windows tar en evighet. Pleier ikke å skru av pc i heltatt, men i det siste har den stått av pga pumpa til vannkjølinga mi bråker. Takker så mye for hjelpen foressten, koselig at noen tar seg tid til dette Lenke til kommentar
r2d290 Skrevet 5. november 2008 Del Skrevet 5. november 2008 Combofix må avinstalleres. Gå til Start > Kjør Skriv følgende i boksen: combofix /u PS: legg merke til mellomrommet mellom X og /u Trykk Enter. Denne kommandoen vil: Fjerne følgende:ComboFix og dets tilhørende filer og mapper. VundoFix backups, hvis de eksisterer. Mappen C:\Deckard, hvis den eksisterer Mappen C:\OtMoveIt, hvis den eksisterer [*] Nullstille klokke-instillingene. [*] Skjule filetternavn hvis det er nødvendig. [*] Skjule System/Skjulte filer og mapper hvis det er nødvendig. [*] Nullstille systemgjennoprettingspunkter. Lenke til kommentar
Ottesen Skrevet 6. november 2008 Forfatter Del Skrevet 6. november 2008 takk takk Lenke til kommentar
Tosha0007 Skrevet 6. november 2008 Del Skrevet 6. november 2008 Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full endring. Øverst der emnetittelen din er, skriver du: [LØST] foran emnetittelen din. Eks: [LØST] Har fått virus på maskinen Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i. -Surf trygt- Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå