raWrz Skrevet 29. november 2008 Del Skrevet 29. november 2008 (endret) har fått et veldig kjett virus på dataen som ikke lar combofix starte i normal modus, får kjørt mbam og den finner noe men når mbam sletter de da låser programmet seg og hele windows. får ikke tilkobling til internett i vanelig modus bare i sikkerhets m nett, fikk oppdater mbam og fant noen virus som ikke blir slette selv om det står. combofix fikk jeg kjørt i sikkerhets modus. og norton som vi bruker på datan starter ikke. logg: (combofix i sikkermodus) ComboFix 08-11-28.03 - Administrator 2008-11-29 11:54:36.1 - NTFSx86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.809 [GMT 1:00] Kjører fra: c:\documents and settings\Administrator\Skrivebord\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programfiler\SAV c:\windows\system32\ttvwa.bak1 c:\windows\system32\ttvwa.bak2 c:\windows\system32\ttvwa.ini c:\windows\system32\ttvwa.ini2 c:\windows\system32\ttvwa.tmp d:\mine dokumenter\My Documents.url . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-10-28 til 2008-11-29 ))))))))))))))))))))))))))))))))) . 2008-11-29 11:24 . 2008-11-29 11:24 <DIR> d-------- c:\documents and settings\Administrator\Programdata\Malwarebytes 2008-11-29 11:23 . 2004-01-01 17:06 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS 2008-11-29 11:23 . 2004-06-02 11:50 <DIR> d---s---- c:\documents and settings\Administrator\UserData 2008-11-29 11:23 . 2004-04-08 00:18 <DIR> dr------- c:\documents and settings\Administrator\Start-meny 2008-11-29 11:23 . 2004-01-01 15:10 <DIR> d--h----- c:\documents and settings\Administrator\Skrivere 2008-11-29 11:23 . 2008-11-29 11:28 <DIR> d-------- c:\documents and settings\Administrator\Skrivebord 2008-11-29 11:23 . 2004-06-02 14:15 <DIR> dr-h----- c:\documents and settings\Administrator\Siste 2008-11-29 11:23 . 2004-01-01 16:26 <DIR> d-------- c:\documents and settings\Administrator\Programdata\Symantec 2008-11-29 11:23 . 2004-01-01 17:01 <DIR> d-------- c:\documents and settings\Administrator\Programdata\Sonic 2008-11-29 11:23 . 2004-01-01 17:49 <DIR> d-------- c:\documents and settings\Administrator\Programdata\SampleView 2008-11-29 11:23 . 2004-01-01 17:04 <DIR> d-------- c:\documents and settings\Administrator\Programdata\InterTrust 2008-11-29 11:23 . 2008-11-29 11:24 <DIR> dr-h----- c:\documents and settings\Administrator\Programdata 2008-11-29 11:23 . 2004-04-08 00:18 <DIR> d--h----- c:\documents and settings\Administrator\Maler 2008-11-29 11:23 . 2008-11-29 11:57 <DIR> d--h----- c:\documents and settings\Administrator\Lokale innstillinger 2008-11-29 11:23 . 2004-04-08 00:18 <DIR> dr------- c:\documents and settings\Administrator\Favoritter 2008-11-29 11:23 . 2004-01-01 15:10 <DIR> d--h----- c:\documents and settings\Administrator\AndrMask 2008-11-29 11:23 . 2008-11-29 11:23 <DIR> d-------- c:\documents and settings\Administrator 2008-11-12 20:40 . 2008-11-12 20:41 1,393 --a------ c:\windows\imsins.BAK 2008-11-12 17:53 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-12 17:52 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-07 23:55 . 2008-11-07 23:55 <DIR> d-------- c:\programfiler\NCH Software 2008-11-07 23:48 . 2008-11-07 23:48 <DIR> d-------- c:\programfiler\NCH Swift Sound 2008-11-07 23:48 . 2008-11-07 23:48 <DIR> d-------- c:\documents and settings\All Users\Programdata\NCH Swift Sound 2008-11-01 11:21 . 2008-11-01 11:21 <DIR> d-------- c:\documents and settings\trine\Programdata\Windows Desktop Search . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-28 07:53 --------- d-----w c:\programfiler\Fellesfiler\Symantec Shared 2008-11-28 07:51 --------- d-----w c:\documents and settings\All Users\Programdata\Symantec 2008-11-17 13:57 --------- d-----w c:\programfiler\LimeWire 2008-11-17 13:51 --------- d-----w c:\programfiler\Incomplete 2008-11-04 16:03 --------- d---a-w c:\documents and settings\All Users\Programdata\TEMP 2008-10-28 17:05 --------- d-----w c:\programfiler\Windows Desktop Search 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-22 15:59 --------- d--h--r c:\documents and settings\trine\Programdata\SecuROM 2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-10-21 11:11 --------- d-----w c:\programfiler\BearShare Applications 2008-10-21 10:47 --------- d-----w c:\programfiler\Microsoft Silverlight 2008-10-17 20:45 --------- d-----w c:\documents and settings\trine\Programdata\Malwarebytes 2008-10-17 13:53 --------- d-----w c:\documents and settings\trine\Programdata\LimeWire 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-07 22:40 --------- d-----w c:\documents and settings\All Users\Programdata\NexonUS 2008-10-06 13:18 7,168 -csha-w c:\programfiler\Thumbs.db 2008-10-06 11:19 --------- d--h--w c:\programfiler\InstallShield Installation Information 2008-10-06 11:18 --------- d-----w c:\programfiler\Google 2008-10-04 09:56 --------- d-----w c:\programfiler\Kaneva 2008-10-04 09:52 --------- d-----w c:\programfiler\Free Screen Recorder 2008-10-04 09:51 --------- d-----w c:\programfiler\BlueVoda Website Builder 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-28 16:01 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2008-09-17 13:42 737,280 ----a-w c:\windows\iun6002.exe 2008-09-15 15:29 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-10 01:16 1,307,648 ------w c:\windows\system32\msxml6.dll 2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2005-06-28 19:27 13,582 ----a-w c:\documents and settings\Incomplete\downloads.dat 2008-06-03 21:14 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008060320080604\index.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}] 2008-07-07 10:27 398776 --a------ c:\programfiler\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440] "UpdateManager"="c:\programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "Home Theater SchSvr"="c:\programfiler\Fellesfiler\InterVideo\SchSvr\SchSvr.exe" [2003-11-24 155648] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2003-11-03 221184] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144] "Sunkist2k"="c:\programfiler\Multimedia Card Reader\shwicon2k.exe" [2003-10-29 135168] "CTDVDDET"="c:\programfiler\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2000-03-08 36864] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2006-02-24 155648] "PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920] "ccApp"="c:\programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2008-10-17 51048] "osCheck"="c:\programfiler\Norton Internet Security\osCheck.exe" [2007-08-25 714608] "TkBellExe"="c:\programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2008-03-16 185896] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016] "Malwarebytes Anti-Malware (reboot)"="d:\malwarebytes' anti-malware\mbam.exe" [2008-10-22 1261200] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe] "CTHelper"="CTHELPER.EXE" [2003-11-13 c:\windows\system32\CTHELPER.EXE] "nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "StartMS"="c:\programfiler\Creative\Shared Files\Media Sniffer\StartMS.EXE" [2003-03-26 57344] "CMSRegOW.exe"="c:\programfiler\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" [2003-06-16 57344] "SetDefaultMIDI"="MIDIDEF.EXE" [2003-06-20 c:\windows\MIDIDEF.EXE] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Reader Speed Launch.lnk - c:\programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] Windows Search.lnk - c:\programfiler\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-20 22:34 24576 d:\programfiler\ventrillo\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=wbsys.dll [HKLM\~\startupfolder\C:^Documents and Settings^Eier^Start-meny^Programmer^Oppstart^IMVU.lnk] path=c:\documents and settings\Eier\Start-meny\Programmer\Oppstart\IMVU.lnk backup=c:\windows\pss\IMVU.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-05-01 19:56 68856 c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\StubInstaller.exe"= "c:\\Programfiler\\Teamspeak2_RC2\\server_windows.exe"= "d:\\World of Warcraft\\WoW-2.0.3-enGB-downloader.exe"= "d:\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.12.6546-enGB-downloader.exe"= "d:\\World of Warcraft\\BackgroundDownloader.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"= "c:\\Documents and Settings\\All Users\\Programdata\\NexonUS\\NGM\\NGM.exe"= "d:\\uTorrent\\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 S2 D76114A21274A4B0;D76114A21274A4B0;\??\c:\documents and settings\Eier\Skrivebord\D76114A21274A4B0\D76114A21274A4B0 [] S2 LiveUpdate Notice;LiveUpdate Notice;"c:\programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon [2007-08-25 149352] S3 Cap7134;ASUS TV7134 WDM Video Capture;c:\windows\system32\DRIVERS\Cap7134.sys [2004-01-01 331392] S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2007-05-29 23888] S3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\DRIVERS\PhTVTune.sys [2004-01-01 24192] S3 PRISM_A00;Intersil PRISM 802.11a/g Driver;c:\windows\system32\DRIVERS\PRISMA00.sys [2004-01-01 377888] *Newly Created Service* - COMHOST *Newly Created Service* - PROCEXP90 . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-11-24 c:\windows\Tasks\Norton Internet Security Online - Kjør full systemskanning - Eier.job - c:\programfiler\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-27 02:19] . - - - - TOMME PEKERE FJERNET - - - - HKCU-Run-RecordNow! - (no file) HKLM-Run-VTTimer - VTTimer.exe SharedTaskScheduler-{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} - (no file) SSODL-E404Helper-{157ec46a-4f90-47ba-b10a-e9fddd646546} - e404d.dll Notify-awvtt - c:\windows\system32\awvtt.dll . ------- Tilleggsskanning ------- . mWindow Title = Microsoft Internet Explorer IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Eier\Start-meny\Programmer\IMVU\Run IMVU.lnk IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Eier\Start-meny\Programmer\IMVU\Run IMVU.lnk - c:\windows\Downloaded Program Files\sysreqlab3.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab c:\windows\Downloaded Program Files\SysReqLab3.osd . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-29 11:59:58 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\D76114A21274A4B0] "ImagePath"="\??\c:\documents and settings\Eier\Skrivebord\D76114A21274A4B0\D76114A21274A4B0" . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(228) c:\windows\system32\Ati2evxx.dll d:\programfiler\ventrillo\AlienGUIse\fastload.dll . Tidspunkt ferdig: 2008-11-29 12:01:02 ComboFix-quarantined-files.txt 2008-11-29 11:01:01 Pre-Run: 3 404 963 840 byte ledig Post-Run: 6,722,215,936 byte ledig 212 --- E O F --- 2008-11-12 19:43:51 finner egentlig ikke noen spesielt i combofix skal se om jeg finner mbam logg på datan og sjekke om jeg får kjørt HJT edit: kjørte roguefix uten at det hjalp noe serlig Endret 29. november 2008 av Submit Lenke til kommentar
norbat Skrevet 29. november 2008 Del Skrevet 29. november 2008 Du har en tjeneste som som heter D76114A21274A4B0, ligger på skrivebordet. Vet du hva dette er? Hvis ikke, så gjør du følgende: Start->kjør Skriv: cmd Skriv følgende, klikk Enter etter hver linje: sc stop D76114A21274A4B0 sc delete D76114A21274A4B0 exit Kjør MBAM igjen. Lenke til kommentar
raWrz Skrevet 29. november 2008 Forfatter Del Skrevet 29. november 2008 (endret) det funka gitt Malwarebytes' Anti-Malware 1.30 Database versjon: 1433 Windows 5.1.2600 Service Pack 3 29.11.2008 20:15:15 mbam-log-2008-11-29 (20-15-15).txt Skanntype: Rask Skann Objekter skannet: 65211 Tid tilbakelagt: 5 minute(s), 23 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 3 Registerverdier infisert: 4 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64466b8e-20a7-4a4a-aff4-aad9ca68b52c} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2eef94df-75f6-42e9-b7fb-af5a170a6e2e} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3b8fb116-d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2eef94df-75f6-42e9-b7fb-af5a170a6e2e} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) mappa er der fremdeles og kan ikke slette/gå inn på den :s kjørste Mbam rett på mappa og da kom det 2 til: Malwarebytes' Anti-Malware 1.30 Database versjon: 1433 Windows 5.1.2600 Service Pack 3 29.11.2008 20:19:08 mbam-log-2008-11-29 (20-19-08).txt Skanntype: Rask Skann Objekter skannet: 2 Tid tilbakelagt: 3 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 2 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: c:\documents and settings\Eier\skrivebord\d76114a21274a4b0\D76114A21274A4B0 (Rootkit.Agent) -> Quarantined and deleted successfully. c:\documents and settings\Eier\skrivebord\d76114a21274a4b0\D76114A21274A4B0.x86 (Rootkit.Agent) -> Quarantined and deleted successfully. og nå starta norton og internette funker Endret 29. november 2008 av Submit Lenke til kommentar
norbat Skrevet 29. november 2008 Del Skrevet 29. november 2008 Lag deg en cfscript-fil med følgende innhold som du bruker sammen med combofix: Folder:: c:\documents and settings\Eier\skrivebord\d76114a21274a4b0 Lenke til kommentar
raWrz Skrevet 29. november 2008 Forfatter Del Skrevet 29. november 2008 funka og slette etter den siste skannen burde vel ikke gjøre noen forskjeld? Lenke til kommentar
norbat Skrevet 29. november 2008 Del Skrevet 29. november 2008 Neida, tenkte bare å ta en titt på en ny combofix-logg i samme slengen. Lenke til kommentar
raWrz Skrevet 29. november 2008 Forfatter Del Skrevet 29. november 2008 det skal bli Lenke til kommentar
raWrz Skrevet 29. november 2008 Forfatter Del Skrevet 29. november 2008 var littt rart: når combofix var ferdig så kom det opp MANGE error om at symantec norton hadde fårr error og stoppet + andre prosesser? Klikk for å se/fjerne innholdet nedenfor ComboFix 08-11-29.02 - Eier 2008-11-29 20:39:28.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.487 [GMT 1:00] Kjører fra: c:\documents and settings\Administrator\Skrivebord\ComboFix.exe * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Eier\Programdata\FunWebProducts c:\documents and settings\Eier\Programdata\FunWebProducts\Data\Eier\avatar.dat c:\documents and settings\Eier\Programdata\Zango . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-10-28 til 2008-11-29 ))))))))))))))))))))))))))))))))) . 2008-11-29 11:24 . 2008-11-29 11:24 <DIR> d-------- c:\documents and settings\Administrator\Programdata\Malwarebytes 2008-11-29 11:23 . 2004-01-01 17:06 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS 2008-11-29 11:23 . 2004-06-02 11:50 <DIR> d---s---- c:\documents and settings\Administrator\UserData 2008-11-29 11:23 . 2004-04-08 00:18 <DIR> dr------- c:\documents and settings\Administrator\Start-meny 2008-11-29 11:23 . 2004-01-01 15:10 <DIR> d--h----- c:\documents and settings\Administrator\Skrivere 2008-11-29 11:23 . 2008-11-29 20:38 <DIR> d-------- c:\documents and settings\Administrator\Skrivebord 2008-11-29 11:23 . 2004-06-02 14:15 <DIR> dr-h----- c:\documents and settings\Administrator\Siste 2008-11-29 11:23 . 2004-01-01 16:26 <DIR> d-------- c:\documents and settings\Administrator\Programdata\Symantec 2008-11-29 11:23 . 2004-01-01 17:01 <DIR> d-------- c:\documents and settings\Administrator\Programdata\Sonic 2008-11-29 11:23 . 2004-01-01 17:49 <DIR> d-------- c:\documents and settings\Administrator\Programdata\SampleView 2008-11-29 11:23 . 2004-01-01 17:04 <DIR> d-------- c:\documents and settings\Administrator\Programdata\InterTrust 2008-11-29 11:23 . 2008-11-29 11:24 <DIR> dr-h----- c:\documents and settings\Administrator\Programdata 2008-11-29 11:23 . 2004-04-08 00:18 <DIR> d--h----- c:\documents and settings\Administrator\Maler 2008-11-29 11:23 . 2008-11-29 20:42 <DIR> d--h----- c:\documents and settings\Administrator\Lokale innstillinger 2008-11-29 11:23 . 2004-04-08 00:18 <DIR> dr------- c:\documents and settings\Administrator\Favoritter 2008-11-29 11:23 . 2004-01-01 15:10 <DIR> d--h----- c:\documents and settings\Administrator\AndrMask 2008-11-29 11:23 . 2008-11-29 11:23 <DIR> d-------- c:\documents and settings\Administrator 2008-11-12 20:40 . 2008-11-12 20:41 1,393 --a------ c:\windows\imsins.BAK 2008-11-12 17:53 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-12 17:52 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-07 23:55 . 2008-11-07 23:55 <DIR> d-------- c:\programfiler\NCH Software 2008-11-07 23:48 . 2008-11-07 23:48 <DIR> d-------- c:\programfiler\NCH Swift Sound 2008-11-07 23:48 . 2008-11-07 23:48 <DIR> d-------- c:\documents and settings\All Users\Programdata\NCH Swift Sound 2008-11-07 21:57 . 2008-11-07 21:57 <DIR> d-------- c:\documents and settings\Eier\Programdata\Windows Search 2008-11-05 14:45 . 2008-11-29 20:19 <DIR> dr-h----- c:\documents and settings\Eier\Siste 2008-11-01 11:21 . 2008-11-01 11:21 <DIR> d-------- c:\documents and settings\trine\Programdata\Windows Desktop Search . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-29 19:42 --------- d-----w c:\programfiler\Fellesfiler\Symantec Shared 2008-11-29 19:23 --------- d-----w c:\documents and settings\All Users\Programdata\Symantec 2008-11-17 14:42 --------- d-----w c:\documents and settings\Eier\Programdata\BearShare 2008-11-17 13:57 --------- d-----w c:\programfiler\LimeWire 2008-11-17 13:51 --------- d-----w c:\programfiler\Incomplete 2008-11-07 22:48 --------- d-----w c:\documents and settings\Eier\Programdata\NCH Swift Sound 2008-11-07 22:47 --------- d-----w c:\documents and settings\Eier\Programdata\uTorrent 2008-11-04 16:03 --------- d---a-w c:\documents and settings\All Users\Programdata\TEMP 2008-10-28 17:05 --------- d-----w c:\programfiler\Windows Desktop Search 2008-10-28 17:05 --------- d-----w c:\documents and settings\Eier\Programdata\Windows Desktop Search 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-22 15:59 --------- d--h--r c:\documents and settings\trine\Programdata\SecuROM 2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-10-21 11:11 --------- d-----w c:\programfiler\BearShare Applications 2008-10-21 10:47 --------- d-----w c:\programfiler\Microsoft Silverlight 2008-10-17 20:45 --------- d-----w c:\documents and settings\trine\Programdata\Malwarebytes 2008-10-17 13:53 --------- d-----w c:\documents and settings\trine\Programdata\LimeWire 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-07 22:40 --------- d-----w c:\documents and settings\All Users\Programdata\NexonUS 2008-10-06 13:18 7,168 -csha-w c:\programfiler\Thumbs.db 2008-10-06 11:19 --------- d--h--w c:\programfiler\InstallShield Installation Information 2008-10-06 11:18 --------- d-----w c:\programfiler\Google 2008-10-06 11:16 --------- d-----w c:\documents and settings\Eier\Programdata\iMesh 2008-10-04 10:34 --------- d-----w c:\documents and settings\Eier\Programdata\WeGame 2008-10-04 09:56 --------- d-----w c:\programfiler\Kaneva 2008-10-04 09:52 --------- d-----w c:\programfiler\Free Screen Recorder 2008-10-04 09:51 --------- d-----w c:\programfiler\BlueVoda Website Builder 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-28 16:01 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2008-09-15 15:29 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-13 08:52 0 ----a-w c:\documents and settings\Eier\jagex_runescape_preferences.dat 2008-09-10 01:16 1,307,648 ------w c:\windows\system32\msxml6.dll 2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2005-06-28 19:27 13,582 ----a-w c:\documents and settings\Incomplete\downloads.dat 2008-06-03 21:14 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008060320080604\index.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}] 2008-07-07 10:27 398776 --a------ c:\programfiler\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Creative Detector"="c:\programfiler\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400] "BackupNotify"="c:\programfiler\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 32768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440] "UpdateManager"="c:\programfiler\Fellesfiler\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "Home Theater SchSvr"="c:\programfiler\Fellesfiler\InterVideo\SchSvr\SchSvr.exe" [2003-11-24 155648] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2003-11-03 221184] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144] "Sunkist2k"="c:\programfiler\Multimedia Card Reader\shwicon2k.exe" [2003-10-29 135168] "CTDVDDET"="c:\programfiler\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2000-03-08 36864] "PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920] "ccApp"="c:\programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2008-10-17 51048] "osCheck"="c:\programfiler\Norton Internet Security\osCheck.exe" [2007-08-25 714608] "TkBellExe"="c:\programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2008-03-16 185896] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe] "CTHelper"="CTHELPER.EXE" [2003-11-13 c:\windows\system32\CTHELPER.EXE] "nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "StartMS"="c:\programfiler\Creative\Shared Files\Media Sniffer\StartMS.EXE" [2003-03-26 57344] "CMSRegOW.exe"="c:\programfiler\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" [2003-06-16 57344] "SetDefaultMIDI"="MIDIDEF.EXE" [2003-06-20 c:\windows\MIDIDEF.EXE] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Reader Speed Launch.lnk - c:\programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] Windows Search.lnk - c:\programfiler\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-20 22:34 24576 d:\programfiler\ventrillo\AlienGUIse\fastload.dll [HKLM\~\startupfolder\C:^Documents and Settings^Eier^Start-meny^Programmer^Oppstart^IMVU.lnk] path=c:\documents and settings\Eier\Start-meny\Programmer\Oppstart\IMVU.lnk backup=c:\windows\pss\IMVU.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-05-01 19:56 68856 c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\StubInstaller.exe"= "c:\\Programfiler\\Teamspeak2_RC2\\server_windows.exe"= "d:\\World of Warcraft\\WoW-2.0.3-enGB-downloader.exe"= "d:\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.12.6546-enGB-downloader.exe"= "d:\\World of Warcraft\\BackgroundDownloader.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"= "c:\\Documents and Settings\\All Users\\Programdata\\NexonUS\\NGM\\NGM.exe"= "d:\\uTorrent\\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R2 LiveUpdate Notice;LiveUpdate Notice;"c:\programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe" /h ccCommon [2007-08-25 149352] R3 Cap7134;ASUS TV7134 WDM Video Capture;c:\windows\system32\DRIVERS\Cap7134.sys [2004-01-01 331392] R3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2007-05-29 23888] R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\DRIVERS\PhTVTune.sys [2004-01-01 24192] S3 PRISM_A00;Intersil PRISM 802.11a/g Driver;c:\windows\system32\DRIVERS\PRISMA00.sys [2004-01-01 377888] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7602849a-616e-11dd-a24b-000ea6ca2e51}] \Shell\AutoRun\command - E:\LaunchU3.exe -a *Newly Created Service* - COMHOST . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-11-24 c:\windows\Tasks\Norton Internet Security Online - Kjør full systemskanning - Eier.job - c:\programfiler\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-27 02:19] . . ------- Tilleggsskanning ------- . FireFox -: Profile - c:\documents and settings\Eier\Programdata\Mozilla\Firefox\Profiles\j243pdsu.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-29 20:42:36 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(772) c:\windows\system32\Ati2evxx.dll d:\programfiler\ventrillo\AlienGUIse\fastload.dll . Tidspunkt ferdig: 2008-11-29 20:44:40 ComboFix-quarantined-files.txt 2008-11-29 19:43:45 Pre-Run: 5 551 374 336 byte ledig Post-Run: 5,583,532,032 byte ledig 202 --- E O F --- 2008-11-12 19:43:51 Lenke til kommentar
norbat Skrevet 29. november 2008 Del Skrevet 29. november 2008 Restart pc'n og se om den kjører normalt (uten errormeldinger etc.) Loggen ser grei ut. Lenke til kommentar
raWrz Skrevet 29. november 2008 Forfatter Del Skrevet 29. november 2008 null error alt ser greit ut takk forresten hvet du hav xmnt 2002 er? kommer xmnt2002 mangler skipping AUTOCHECK hver gang vi starter maskina i snart... over et år kansje Xd Lenke til kommentar
norbat Skrevet 29. november 2008 Del Skrevet 29. november 2008 Partition Magic? Hvis du er kjent med regedit, så kan du fyre opp dette og gå til følgende streng: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager I høyrefelt, dobbeltklikker du på: BootExecute Hva står det som verdidata? Lenke til kommentar
raWrz Skrevet 29. november 2008 Forfatter Del Skrevet 29. november 2008 dette står der: autocheck xmnt2002 /bat="C:\WINDOWS\TEMP\PQ_BATCH.PQB" /win="C:\WINDOWS" /dbg="C:\WINDOWS\TEMP\PQ_DEBUG.TXT" /ver=262144 /prd="PartitionMagic" autocheck autochk * pfdnnt c:\programfiler\security toolbar\security toolbar.dll pfdnnt c:\programfiler\security toolbar\24f.tmp pfdnnt c:\programfiler\security toolbar pfdnnt c:\programfiler\security toolbar\security toolbar.dll pfdnnt c:\programfiler\security toolbar\27f.tmp pfdnnt c:\programfiler\security toolbar pfdnnt c:\programfiler\security toolbar\security toolbar.dll pfdnnt c:\programfiler\security toolbar\2b4.tmp pfdnnt c:\programfiler\security toolbar pfdnnt c:\windows\system32\awvtt.dll pfdnnt c:\programfiler\imediacodec\iesplugin.dll pfdnnt c:\programfiler\imediacodec\isaddon.dll pfdnnt c:\programfiler\imediacodec\iesplugin.dll pfdnnt c:\programfiler\imediacodec\isaddon.dll pfdnnt c:\windows\system32\httge.dll Lenke til kommentar
norbat Skrevet 29. november 2008 Del Skrevet 29. november 2008 Fjern alt unntatt autocheck autochk * Restart pc'n. Lenke til kommentar
raWrz Skrevet 29. november 2008 Forfatter Del Skrevet 29. november 2008 og der ble den borte takker og bukker ) Lenke til kommentar
Tosha0007 Skrevet 29. november 2008 Del Skrevet 29. november 2008 Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på -knappen i førsteposten din. Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i. -Surf trygt- Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå