kroghelg Skrevet 25. november 2008 Del Skrevet 25. november 2008 Hadde vært fint om noen kunne sjekket disse. Har ikke mistanke om noe spesielt, men ønsker sjekk. Avira har funnet noe som er slettet og anti malware fant ingenting, men vet den brukes mye på bla msn combo ComboFix 08-11-24.03 - markus 2008-11-25 17:25:55.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1631 [GMT 1:00] Running from: c:\documents and settings\markus\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-10-25 to 2008-11-25 ))))))))))))))))))))))))))))))) . 2008-11-25 17:23 . 2008-11-25 17:23 <DIR> d-------- c:\windows\LastGood 2008-11-25 17:23 . 2008-11-25 17:23 <DIR> d-------- c:\programfiler\ATI Technologies 2008-11-25 17:23 . 2008-07-04 04:00 3,786,144 --a------ c:\windows\system32\OLD43.tmp 2008-11-25 17:23 . 2008-07-04 03:49 2,140,672 --a------ c:\windows\system32\OLD42.tmp 2008-11-25 17:23 . 2008-07-04 03:22 565,248 --a------ c:\windows\system32\OLD44.tmp 2008-11-25 17:23 . 2008-07-04 04:12 561,152 --a------ c:\windows\system32\OLD41.tmp 2008-11-25 17:23 . 2008-07-04 03:30 348,160 --a------ c:\windows\system32\OLD3D.tmp 2008-11-25 17:23 . 2008-07-04 04:23 309,248 --a------ c:\windows\system32\OLD45.tmp 2008-11-25 17:23 . 2008-07-04 04:14 184,320 --a------ c:\windows\system32\OLD3F.tmp 2008-11-25 17:23 . 2008-07-04 04:13 139,264 --a------ c:\windows\system32\OLD40.tmp 2008-11-25 17:23 . 2008-07-04 04:13 43,520 --a------ c:\windows\system32\OLD3E.tmp 2008-11-25 17:21 . 2008-11-25 17:21 <DIR> d-------- c:\programfiler\Trend Micro 2008-11-25 17:10 . 2008-11-25 17:10 107,888 --a------ c:\windows\system32\CmdLineExt.dll 2008-11-25 17:03 . 2008-11-25 17:02 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys 2008-11-25 17:02 . 2008-11-25 17:02 107,832 --a------ c:\windows\system32\PnkBstrB.exe 2008-11-25 17:02 . 2008-11-25 17:02 22,328 --a------ c:\documents and settings\markus\Programdata\PnkBstrK.sys 2008-11-25 17:01 . 2008-11-25 17:01 2,250,024 --a------ c:\windows\system32\pbsvc.exe 2008-11-25 17:01 . 2008-11-25 17:01 66,872 --a------ c:\windows\system32\PnkBstrA.exe 2008-11-25 16:50 . 2008-11-25 16:50 <DIR> d-------- c:\programfiler\Ubisoft 2008-11-21 23:22 . 2008-11-21 23:22 <DIR> d-------- c:\programfiler\rect grid view 2008-11-13 03:00 . 2008-11-13 03:00 1,393 --a------ c:\windows\imsins.BAK 2008-11-12 19:24 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-12 19:24 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-09 16:09 . 2008-11-25 17:23 4,958,588 --a------ c:\windows\{0000000B-00000000-00000009-00001102-00000004-20021102}.BAK 2008-11-09 16:04 . 2008-11-25 17:13 <DIR> dr-h----- c:\documents and settings\markus\Siste 2008-11-09 15:33 . 2008-11-09 15:33 <DIR> d-------- c:\programfiler\Activision 2008-11-09 15:27 . 2008-11-09 15:27 <DIR> d--hs---- c:\windows\ftpcache 2008-11-09 15:26 . 2008-11-09 15:26 <DIR> d-------- c:\programfiler\DAEMON Tools Lite 2008-11-09 15:22 . 2008-11-09 15:22 <DIR> d-------- c:\documents and settings\spillkonto\Programdata\rect grid view 2008-11-09 15:22 . 2008-11-09 15:22 <DIR> d-------- c:\documents and settings\markus\Programdata\DAEMON Tools 2008-11-09 15:22 . 2008-11-09 15:22 717,296 --a------ c:\windows\system32\drivers\sptd.sys 2008-11-09 15:04 . 2008-08-03 02:49 <DIR> dr------- c:\documents and settings\spillkonto\Start-meny 2008-11-09 15:04 . 2008-08-03 02:49 <DIR> d--h----- c:\documents and settings\spillkonto\Skrivere 2008-11-09 15:04 . 2008-08-03 02:49 <DIR> d-------- c:\documents and settings\spillkonto\Skrivebord 2008-11-09 15:04 . 2008-11-09 15:05 <DIR> dr-h----- c:\documents and settings\spillkonto\Siste 2008-11-09 15:04 . 2008-11-25 17:13 <DIR> dr-h----- c:\documents and settings\spillkonto\Programdata 2008-11-09 15:04 . 2008-11-25 17:15 <DIR> dr------- c:\documents and settings\spillkonto\Mine dokumenter 2008-11-09 15:04 . 2008-08-03 00:56 <DIR> d--h----- c:\documents and settings\spillkonto\Maler 2008-11-09 15:04 . 2008-11-25 17:27 <DIR> d--h----- c:\documents and settings\spillkonto\Lokale innstillinger 2008-11-09 15:04 . 2008-11-09 15:05 <DIR> dr------- c:\documents and settings\spillkonto\Favoritter 2008-11-09 15:04 . 2008-08-03 02:49 <DIR> d--h----- c:\documents and settings\spillkonto\AndrMask 2008-11-09 15:04 . 2008-11-09 15:04 <DIR> d-------- c:\documents and settings\spillkonto 2008-10-29 03:22 . 2008-10-29 03:22 314,880 --a------ c:\windows\system32\SETF.tmp 2008-10-29 03:11 . 2008-10-29 03:11 188,416 --a------ c:\windows\system32\SET34.tmp 2008-10-29 03:11 . 2008-10-29 03:11 43,520 --a------ c:\windows\system32\SET3A.tmp 2008-10-29 03:10 . 2008-10-29 03:10 143,360 --a------ c:\windows\system32\SET31.tmp 2008-10-29 03:09 . 2008-10-29 03:09 585,728 --a------ c:\windows\system32\SET2E.tmp 2008-10-29 02:57 . 2008-10-29 02:57 4,041,472 --a------ c:\windows\system32\SET18.tmp 2008-10-29 02:41 . 2008-10-29 02:41 2,472,832 --a------ c:\windows\system32\SET1B.tmp 2008-10-29 02:40 . 2008-10-29 02:40 60,452 --a------ c:\windows\system32\ativvaxx.cap 2008-10-29 02:18 . 2008-10-29 02:18 253,952 --a------ c:\windows\system32\SET7B.tmp 2008-10-29 02:18 . 2008-10-29 02:18 253,952 --a------ c:\windows\system32\SET70.tmp 2008-10-29 02:12 . 2008-10-29 02:12 577,536 --a------ c:\windows\system32\SET12.tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-25 16:23 --------- d--h--w c:\programfiler\InstallShield Installation Information 2008-11-25 16:10 --------- d-----w c:\documents and settings\markus\Programdata\uTorrent 2008-11-21 22:23 --------- d-----w c:\documents and settings\markus\Programdata\rect grid view 2008-11-21 22:22 --------- d-----w c:\documents and settings\All Users\Programdata\grey ante kind mess 2008-11-15 14:59 30 ----a-w c:\documents and settings\markus\jagex_runescape_preferences.dat 2008-10-29 03:10 3,341,824 ----a-w c:\windows\system32\drivers\ati2mtag.sys 2008-10-29 02:23 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll 2008-10-29 02:22 314,880 ----a-w c:\windows\system32\ati2dvag.dll 2008-10-29 02:11 43,520 ----a-w c:\windows\system32\ati2edxx.dll 2008-10-29 02:11 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe 2008-10-29 02:11 188,416 ----a-w c:\windows\system32\atipdlxx.dll 2008-10-29 02:11 147,456 ----a-w c:\windows\system32\Oemdspif.dll 2008-10-29 02:10 143,360 ----a-w c:\windows\system32\ati2evxx.dll 2008-10-29 02:10 10,973,184 ----a-w c:\windows\system32\atioglxx.dll 2008-10-29 02:09 585,728 ----a-w c:\windows\system32\ati2evxx.exe 2008-10-29 02:07 53,248 ----a-w c:\windows\system32\ATIDDC.DLL 2008-10-29 01:57 4,041,472 ----a-w c:\windows\system32\ati3duag.dll 2008-10-29 01:49 307,200 ----a-w c:\windows\system32\atiiiexx.dll 2008-10-29 01:41 2,472,832 ----a-w c:\windows\system32\ativvaxx.dll 2008-10-29 01:25 48,640 ----a-w c:\windows\system32\amdpcom32.dll 2008-10-29 01:21 389,120 ----a-w c:\windows\system32\atikvmag.dll 2008-10-29 01:19 44,032 ----a-w c:\windows\system32\atiadlxx.dll 2008-10-29 01:19 17,408 ----a-w c:\windows\system32\atitvo32.dll 2008-10-29 01:18 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll 2008-10-29 01:12 577,536 ----a-w c:\windows\system32\ati2cqag.dll 2008-10-28 20:05 593,920 ------w c:\windows\system32\ati2sgag.exe 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-22 17:59 --------- d-----w c:\programfiler\Google 2008-10-21 17:51 118,784 ----a-w c:\windows\system32\atibrtmon.exe 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-13 15:13 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-10-13 15:13 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-10-11 17:23 --------- d-----w c:\programfiler\Messenger Plus! Live 2008-09-15 15:29 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-13 11:39 48,396 ----a-w c:\windows\UninstVeetleTVPlayer.exe 2008-09-10 01:16 1,307,648 ------w c:\windows\system32\msxml6.dll 2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2008-08-26 08:30 826,368 ----a-w c:\windows\system32\wininet.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "H/PC Connection Agent"="c:\programfiler\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "showmeal"="c:\docume~1\markus\PROGRA~1\RECTGR~1\SixthHideKind.exe" [2008-11-21 544256] "DAEMON Tools Lite"="c:\programfiler\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "BigDogPath"="c:\windows\VM_STI.EXE" [2006-12-22 40960] "Kind Mess Surf Settings"="c:\documents and settings\All Users\Programdata\grey ante kind mess\bias active.exe" [2008-11-25 3602432] "CTHelper"="CTHELPER.EXE" [2008-06-27 c:\windows\system32\CtHelper.exe] "ATIModeChange"="Ati2mdxx.exe" [2008-10-29 c:\windows\system32\Ati2mdxx.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 15:28 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] --a------ 2008-08-21 02:18 443968 c:\programfiler\Picasa2\PicasaMediaDetector.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\SopCast\\adv\\SopAdver.exe"= "c:\\Programfiler\\SopCast\\SopCast.exe"= "c:\programfiler\Microsoft ActiveSync\rapimgr.exe"= c:\programfiler\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\programfiler\Microsoft ActiveSync\wcescomm.exe"= c:\programfiler\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\programfiler\Microsoft ActiveSync\WCESMgr.exe"= c:\programfiler\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Programfiler\\TVUPlayer\\TVUPlayer.exe"= "c:\\Programfiler\\TVAnts\\Tvants.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\Programfiler\\SmartFTP Client\\SmartFTP.exe"= "c:\\Programfiler\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"= "c:\\Programfiler\\Activision\\Call of Duty - World at War\\CoDWaW.exe"= "c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"= "c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"= "c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet-kort;c:\windows\system32\DRIVERS\AN983.sys [2008-08-03 36224] R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352] R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032] R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296] R3 ZY760_XP;ZyXEL 802.11g XG762 1211 Driver;c:\windows\system32\DRIVERS\WlanUZXP.sys [2008-08-03 402944] S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352] S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032] S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888] S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888] S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-11-25 c:\windows\Tasks\ADB2C58991857919.job - c:\docume~1\markus\progra~1\rectgr~1\amenclockidol.exe [2008-11-21 23:23] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-25 17:28:06 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTHelper = CTHELPER.EXE? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(768) c:\programfiler\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\Ati2evxx.dll . Completion time: 2008-11-25 17:28:44 ComboFix-quarantined-files.txt 2008-11-25 16:28:42 Pre-Run: 20 198 694 912 byte ledig Post-Run: 20,535,865,344 byte ledig 200 --- E O F --- 2008-11-13 02:01:53 HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:37:28, on 25.11.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\VM_STI.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Microsoft ActiveSync\wcescomm.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\DAEMON Tools Lite\daemon.exe C:\PROGRA~1\MICROS~2\rapimgr.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Internet Explorer\iexplore.exe C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\mmc.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vg.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE %;USB\VID_0AC8&PID_0302.DeviceDesc% O4 - HKLM\..\Run: [Kind Mess Surf Settings] C:\Documents and Settings\All Users\Programdata\grey ante kind mess\bias active.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programfiler\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [showmeal] C:\DOCUME~1\markus\PROGRA~1\RECTGR~1\SixthHideKind.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programfiler\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra 'Tools' menuitem: Opprett mobil favoritt... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1217702304421 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 6143 bytes Lenke til kommentar
raWrz Skrevet 25. november 2008 Del Skrevet 25. november 2008 (endret) glem det Xd leste ikke alt Endret 25. november 2008 av Submit Lenke til kommentar
raWrz Skrevet 25. november 2008 Del Skrevet 25. november 2008 last ned Ccleaner her: http://www.ccleaner.com/ og post ny combofix Lenke til kommentar
kroghelg Skrevet 25. november 2008 Forfatter Del Skrevet 25. november 2008 last ned Ccleaner her: http://www.ccleaner.com/ og post ny combofix Har kjørt ccleaner, men i etterkant Lenke til kommentar
raWrz Skrevet 25. november 2008 Del Skrevet 25. november 2008 ny combofix logg da Lenke til kommentar
kroghelg Skrevet 25. november 2008 Forfatter Del Skrevet 25. november 2008 ny combofix logg da ny combo-log Får forresten opp noen reklamesider hvor det står CID ComboFix 08-11-24.03 - markus 2008-11-25 18:07:54.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1646 [GMT 1:00] Running from: c:\documents and settings\markus\Skrivebord\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-10-25 to 2008-11-25 ))))))))))))))))))))))))))))))) . 2008-11-25 18:07 . 2008-11-25 18:07 4,958,588 --a------ c:\windows\{0000000B-00000000-00000009-00001102-00000004-20021102}.BAK 2008-11-25 18:06 . 2008-11-25 18:06 <DIR> dr-h----- c:\documents and settings\markus\Siste 2008-11-25 17:23 . 2008-11-25 17:23 <DIR> d-------- c:\programfiler\ATI Technologies 2008-11-25 17:21 . 2008-11-25 17:21 <DIR> d-------- c:\programfiler\Trend Micro 2008-11-25 17:10 . 2008-11-25 17:10 107,888 --a------ c:\windows\system32\CmdLineExt.dll 2008-11-25 17:03 . 2008-11-25 17:02 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys 2008-11-25 17:02 . 2008-11-25 17:02 107,832 --a------ c:\windows\system32\PnkBstrB.exe 2008-11-25 17:02 . 2008-11-25 17:02 22,328 --a------ c:\documents and settings\markus\Programdata\PnkBstrK.sys 2008-11-25 17:01 . 2008-11-25 17:01 2,250,024 --a------ c:\windows\system32\pbsvc.exe 2008-11-25 17:01 . 2008-11-25 17:01 66,872 --a------ c:\windows\system32\PnkBstrA.exe 2008-11-25 16:50 . 2008-11-25 16:50 <DIR> d-------- c:\programfiler\Ubisoft 2008-11-21 23:22 . 2008-11-21 23:22 <DIR> d-------- c:\programfiler\rect grid view 2008-11-12 19:24 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-12 19:24 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-09 15:33 . 2008-11-09 15:33 <DIR> d-------- c:\programfiler\Activision 2008-11-09 15:27 . 2008-11-09 15:27 <DIR> d--hs---- c:\windows\ftpcache 2008-11-09 15:26 . 2008-11-09 15:26 <DIR> d-------- c:\programfiler\DAEMON Tools Lite 2008-11-09 15:22 . 2008-11-09 15:22 <DIR> d-------- c:\documents and settings\spillkonto\Programdata\rect grid view 2008-11-09 15:22 . 2008-11-09 15:22 <DIR> d-------- c:\documents and settings\markus\Programdata\DAEMON Tools 2008-11-09 15:22 . 2008-11-09 15:22 717,296 --a------ c:\windows\system32\drivers\sptd.sys 2008-11-09 15:04 . 2008-08-03 02:49 <DIR> dr------- c:\documents and settings\spillkonto\Start-meny 2008-11-09 15:04 . 2008-08-03 02:49 <DIR> d--h----- c:\documents and settings\spillkonto\Skrivere 2008-11-09 15:04 . 2008-08-03 02:49 <DIR> d-------- c:\documents and settings\spillkonto\Skrivebord 2008-11-09 15:04 . 2008-11-09 15:05 <DIR> dr-h----- c:\documents and settings\spillkonto\Siste 2008-11-09 15:04 . 2008-11-25 17:13 <DIR> dr-h----- c:\documents and settings\spillkonto\Programdata 2008-11-09 15:04 . 2008-11-25 17:15 <DIR> dr------- c:\documents and settings\spillkonto\Mine dokumenter 2008-11-09 15:04 . 2008-08-03 00:56 <DIR> d--h----- c:\documents and settings\spillkonto\Maler 2008-11-09 15:04 . 2008-11-25 18:09 <DIR> d--h----- c:\documents and settings\spillkonto\Lokale innstillinger 2008-11-09 15:04 . 2008-11-09 15:05 <DIR> dr------- c:\documents and settings\spillkonto\Favoritter 2008-11-09 15:04 . 2008-08-03 02:49 <DIR> d--h----- c:\documents and settings\spillkonto\AndrMask 2008-11-09 15:04 . 2008-11-09 15:04 <DIR> d-------- c:\documents and settings\spillkonto 2008-10-29 03:22 . 2008-10-29 03:22 314,880 --a------ c:\windows\system32\SETF.tmp 2008-10-29 03:11 . 2008-10-29 03:11 188,416 --a------ c:\windows\system32\SET34.tmp 2008-10-29 03:11 . 2008-10-29 03:11 43,520 --a------ c:\windows\system32\SET3A.tmp 2008-10-29 03:10 . 2008-10-29 03:10 143,360 --a------ c:\windows\system32\SET31.tmp 2008-10-29 03:09 . 2008-10-29 03:09 585,728 --a------ c:\windows\system32\SET2E.tmp 2008-10-29 02:57 . 2008-10-29 02:57 4,041,472 --a------ c:\windows\system32\SET18.tmp 2008-10-29 02:41 . 2008-10-29 02:41 2,472,832 --a------ c:\windows\system32\SET1B.tmp 2008-10-29 02:40 . 2008-11-25 17:31 60,452 --a------ c:\windows\system32\ativvaxx.cap 2008-10-29 02:12 . 2008-10-29 02:12 577,536 --a------ c:\windows\system32\SET12.tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-25 16:23 --------- d--h--w c:\programfiler\InstallShield Installation Information 2008-11-25 16:10 --------- d-----w c:\documents and settings\markus\Programdata\uTorrent 2008-11-21 22:23 --------- d-----w c:\documents and settings\markus\Programdata\rect grid view 2008-11-21 22:22 --------- d-----w c:\documents and settings\All Users\Programdata\grey ante kind mess 2008-11-15 14:59 30 ----a-w c:\documents and settings\markus\jagex_runescape_preferences.dat 2008-10-29 03:10 3,341,824 ----a-w c:\windows\system32\drivers\ati2mtag.sys 2008-10-29 02:23 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll 2008-10-29 02:22 314,880 ----a-w c:\windows\system32\ati2dvag.dll 2008-10-29 02:11 43,520 ----a-w c:\windows\system32\ati2edxx.dll 2008-10-29 02:11 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe 2008-10-29 02:11 188,416 ----a-w c:\windows\system32\atipdlxx.dll 2008-10-29 02:11 147,456 ----a-w c:\windows\system32\Oemdspif.dll 2008-10-29 02:10 143,360 ----a-w c:\windows\system32\ati2evxx.dll 2008-10-29 02:10 10,973,184 ----a-w c:\windows\system32\atioglxx.dll 2008-10-29 02:09 585,728 ----a-w c:\windows\system32\ati2evxx.exe 2008-10-29 02:07 53,248 ----a-w c:\windows\system32\ATIDDC.DLL 2008-10-29 01:57 4,041,472 ----a-w c:\windows\system32\ati3duag.dll 2008-10-29 01:49 307,200 ----a-w c:\windows\system32\atiiiexx.dll 2008-10-29 01:41 2,472,832 ----a-w c:\windows\system32\ativvaxx.dll 2008-10-29 01:25 48,640 ----a-w c:\windows\system32\amdpcom32.dll 2008-10-29 01:21 389,120 ----a-w c:\windows\system32\atikvmag.dll 2008-10-29 01:19 44,032 ----a-w c:\windows\system32\atiadlxx.dll 2008-10-29 01:19 17,408 ----a-w c:\windows\system32\atitvo32.dll 2008-10-29 01:18 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll 2008-10-29 01:18 253,952 ----a-w c:\windows\system32\atiok3x2.dll 2008-10-29 01:12 577,536 ----a-w c:\windows\system32\ati2cqag.dll 2008-10-28 20:05 593,920 ------w c:\windows\system32\ati2sgag.exe 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-22 17:59 --------- d-----w c:\programfiler\Google 2008-10-21 17:51 118,784 ----a-w c:\windows\system32\atibrtmon.exe 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-13 15:13 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-10-13 15:13 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-10-11 17:23 --------- d-----w c:\programfiler\Messenger Plus! Live 2008-09-15 15:29 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-13 11:39 48,396 ----a-w c:\windows\UninstVeetleTVPlayer.exe 2008-09-10 01:16 1,307,648 ------w c:\windows\system32\msxml6.dll 2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2008-08-26 08:30 826,368 ----a-w c:\windows\system32\wininet.dll . ((((((((((((((((((((((((((((( snapshot@2008-11-25_17.28.26,29 ))))))))))))))))))))))))))))))))))))))))) . - 2008-11-11 16:51:07 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys + 2008-11-25 16:51:18 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "H/PC Connection Agent"="c:\programfiler\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "showmeal"="c:\docume~1\markus\PROGRA~1\RECTGR~1\SixthHideKind.exe" [2008-11-21 544256] "DAEMON Tools Lite"="c:\programfiler\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "BigDogPath"="c:\windows\VM_STI.EXE" [2006-12-22 40960] "Kind Mess Surf Settings"="c:\documents and settings\All Users\Programdata\grey ante kind mess\bias active.exe" [2008-11-25 3602432] "CTHelper"="CTHELPER.EXE" [2008-06-27 c:\windows\system32\CtHelper.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 15:28 352256 c:\programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector] --a------ 2008-08-21 02:18 443968 c:\programfiler\Picasa2\PicasaMediaDetector.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\SopCast\\adv\\SopAdver.exe"= "c:\\Programfiler\\SopCast\\SopCast.exe"= "c:\programfiler\Microsoft ActiveSync\rapimgr.exe"= c:\programfiler\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\programfiler\Microsoft ActiveSync\wcescomm.exe"= c:\programfiler\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\programfiler\Microsoft ActiveSync\WCESMgr.exe"= c:\programfiler\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Programfiler\\TVUPlayer\\TVUPlayer.exe"= "c:\\Programfiler\\TVAnts\\Tvants.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\Programfiler\\SmartFTP Client\\SmartFTP.exe"= "c:\\Programfiler\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"= "c:\\Programfiler\\Activision\\Call of Duty - World at War\\CoDWaW.exe"= "c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"= "c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"= "c:\\Programfiler\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet-kort;c:\windows\system32\DRIVERS\AN983.sys [2008-08-03 36224] R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352] R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032] R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296] R3 ZY760_XP;ZyXEL 802.11g XG762 1211 Driver;c:\windows\system32\DRIVERS\WlanUZXP.sys [2008-08-03 402944] S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352] S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032] S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888] S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888] S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296] . Contents of the 'Scheduled Tasks' folder 2008-11-25 c:\windows\Tasks\ADB2C58991857919.job - c:\docume~1\markus\progra~1\rectgr~1\amenclockidol.exe [2008-11-21 23:23] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-25 18:09:28 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTHelper = CTHELPER.EXE? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(776) c:\programfiler\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\Ati2evxx.dll . Completion time: 2008-11-25 18:10:07 ComboFix-quarantined-files.txt 2008-11-25 17:10:05 ComboFix2.txt 2008-11-25 16:28:45 Pre-Run: 20 545 515 520 byte ledig Post-Run: 20,533,051,392 byte ledig 190 --- E O F --- 2008-11-13 02:01:53 Lenke til kommentar
raWrz Skrevet 25. november 2008 Del Skrevet 25. november 2008 loggene ser fine ut de Lenke til kommentar
norbat Skrevet 25. november 2008 Del Skrevet 25. november 2008 CiD-problemene dine skyldes at du har installert Messenger Plus! Live. Det medfølger et sponsorprogram som gir disse popupene. Fjern Messenger Plus! Live (evt. bare sponsorprogrammet) fra legg til/fjern programmer. Post deretter en ny combofix-logg, så fjerner vi evt. rester etter dette. Lenke til kommentar
kroghelg Skrevet 25. november 2008 Forfatter Del Skrevet 25. november 2008 CiD-problemene dine skyldes at du har installert Messenger Plus! Live. Det medfølger et sponsorprogram som gir disse popupene. Fjern Messenger Plus! Live (evt. bare sponsorprogrammet) fra legg til/fjern programmer. Post deretter en ny combofix-logg, så fjerner vi evt. rester etter dette. Ok, det blir noe senere, men skal se hva jeg får til. Takker så mye Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå