Kerma Skrevet 20. desember 2008 Del Skrevet 20. desember 2008 Hei, lastet ned et program for noen timer siden. Når jeg prøvde og starte .exe filen kom det 5-6 nye filer på skrivebordet, jeg slettet filene og tenkte at alt var ok. Men så prøvde jeg å gå på en fil i C: Men da kommer det: Attention, Some dangerous viruses detected in your system. Microsoft Windows XP files corrupted. Your personal data at the reach of anyone's hand. Internet history records and other personal information (Passwords, chat sessions logs, adult materials) easly reachable. Download protection software now! Click Ok to enable antispyware software. Y/N Uannset hva jeg trykker åpnes det en side i Internet Explorer hxxp://webfreescan.cn/id/4912933/3/1/ Så kommer det en fake virus scan opp som sier at jeg har masse trojanere osv. Også vist jeg prøver og åpne en mappe inni den andre så kommer det en ny Error: You've downloaded blababla, Do you want to continue? Y/N Har prøvd og scanne med AVG, Ad-aware, Spybot Search and Destroy. Det finner noen trojanere og tracking cookies(?) som jeg sletter. Men det funker enda ikke;/ Kan poste Hijackthis log vist det trengs. Noen tips? Sorry vist det var en del skrivefeil osv Lenke til kommentar
norbat Skrevet 20. desember 2008 Del Skrevet 20. desember 2008 Kjør gjennom Veiledningen. Loggene det spørres etter, poster du her i din egen tråd. Lenke til kommentar
Kerma Skrevet 20. desember 2008 Forfatter Del Skrevet 20. desember 2008 Mbam Log: Malwarebytes' Anti-Malware 1.31 Databaseversjon: 1526 Windows 5.1.2600 Service Pack 2 20.12.2008 20:05:03 mbam-log-2008-12-20 (20-05-03).txt Skanntype: Rask Skann Objekter skannet: 52928 Tid tilbakelagt: 2 minute(s), 51 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 4 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 3 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CLASSES_ROOT\Interface\{bf9031f9-a14a-4ff4-a65d-e0501ed6394e} (Rogue.PestPatrol) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e094a482-8627-460f-bcf1-d258d3afb34b} (Rogue.PestPatrol) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{376892ae-1825-4e5f-9f85-23f9640051cc} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{376892ae-1825-4e5f-9f85-23f9640051cc} (Trojan.BHO) -> Quarantined and deleted successfully. Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\WINDOWS\system32\sf.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\m3.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\s.ico (Malware.Trace) -> Quarantined and deleted successfully. Combofix: omboFix 08-12-20.01 - Sim1 2008-12-20 20:06:30.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.3582.2796 [GMT 1:00] Kjører fra: c:\documents and settings\Sim1\Skrivebord\ComboFix.exe * Opprettet nytt gjenopprettingspunkt ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-20 til 2008-12-20 ))))))))))))))))))))))))))))))))) . 2008-12-20 20:01 . 2008-12-20 20:01 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2008-12-20 20:01 . 2008-12-20 20:01 <DIR> d-------- c:\documents and settings\Sim1\Programdata\Malwarebytes 2008-12-20 20:01 . 2008-12-20 20:01 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2008-12-20 20:01 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-20 20:01 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-20 19:39 . 2008-12-20 20:05 <DIR> dr-h----- c:\documents and settings\Sim1\Siste 2008-12-20 18:49 . 2008-12-20 18:49 <DIR> d-------- c:\programfiler\Spybot - Search & Destroy 2008-12-20 18:49 . 2008-12-20 19:11 <DIR> d-------- c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy 2008-12-20 17:53 . 2008-12-20 17:53 <DIR> d-------- c:\programfiler\Lavasoft 2008-12-20 17:53 . 2008-12-20 17:53 <DIR> d-------- c:\documents and settings\All Users\Programdata\Lavasoft 2008-12-20 17:51 . 2008-12-20 19:21 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-12-20 17:46 . 2008-12-20 17:47 <DIR> d-------- c:\windows\system32\drivers\Avg 2008-12-20 17:46 . 2008-12-20 17:46 <DIR> d-------- c:\documents and settings\Sim1\Programdata\AVGTOOLBAR 2008-12-20 17:46 . 2008-12-20 17:46 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys 2008-12-20 17:46 . 2008-12-20 17:46 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys 2008-12-20 17:46 . 2008-12-20 17:46 10,520 --a------ c:\windows\system32\avgrsstx.dll 2008-12-20 17:24 . 2008-12-20 17:24 106,496 --a------ c:\windows\system32\hozr.dll 2008-12-20 17:24 . 2008-12-20 17:24 3,095 --a------ c:\windows\ios.dat 2008-12-20 15:04 . 2008-12-20 15:05 <DIR> d-------- c:\windows\nview 2008-12-20 15:04 . 2008-12-20 15:04 <DIR> d-------- c:\windows\A7E07C2B2220441587E3784D5814BC93.TMP 2008-12-20 15:04 . 2008-10-07 13:33 201,157 --a------ c:\windows\system32\nvapps.nvb 2008-12-20 15:04 . 2008-12-20 15:06 193,319 --a------ c:\windows\system32\nvapps.xml 2008-12-20 12:55 . 2008-12-20 12:55 <DIR> d-------- c:\programfiler\uTorrent 2008-12-20 12:55 . 2008-12-20 13:00 <DIR> d-------- c:\documents and settings\Sim1\Programdata\uTorrent 2008-12-15 23:23 . 2008-12-15 23:24 <DIR> d-------- c:\documents and settings\Sim1\Programdata\U3 2008-12-14 17:42 . 2008-12-20 17:46 <DIR> d-------- c:\documents and settings\All Users\Programdata\Avg8 2008-12-13 13:28 . 2008-12-13 13:28 1,700,352 --a------ c:\windows\system32\gdiplus.dll 2008-12-13 13:28 . 2008-12-13 13:28 1,060,864 --a------ c:\windows\system32\mfc71.dll 2008-12-13 12:06 . 2008-12-13 12:07 <DIR> d-------- c:\windows\system32\drivers\umdf 2008-12-13 12:04 . 2008-12-13 12:04 <DIR> d-------- c:\windows\system32\xlive 2008-12-13 12:04 . 2008-12-13 12:04 <DIR> d-------- c:\programfiler\Microsoft Games for Windows - LIVE 2008-12-13 12:03 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll 2008-12-13 12:03 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll 2008-12-13 12:03 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll 2008-12-13 12:03 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll 2008-12-13 12:03 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll 2008-12-13 12:03 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll 2008-12-13 12:03 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll 2008-12-13 12:02 . 2008-12-13 12:02 <DIR> d-------- c:\windows\Logs 2008-12-03 16:39 . 2008-12-03 16:39 <DIR> d-------- c:\programfiler\LimeWire 2008-12-02 23:11 . 2008-12-02 23:11 1,253,376 --a------ c:\windows\system32\NvPVEnc.ax 2008-11-27 16:44 . 2008-11-27 16:44 279 --a------ C:\Snarvei til Lokal disk ©.lnk 2008-11-26 17:19 . 2006-09-11 16:06 356,352 --a------ c:\windows\system32\nvunrm.exe 2008-11-26 17:19 . 2006-09-11 15:14 3,903 --a------ c:\windows\system32\nvnrm.nvu 2008-11-26 17:19 . 2006-08-14 11:09 1,428 --a------ c:\windows\system32\drivers\nvphy.bin 2008-11-26 16:39 . 2008-11-26 16:39 <DIR> d-------- c:\programfiler\MSI 2008-11-26 16:37 . 2008-11-26 16:37 <DIR> d-------- c:\programfiler\Setup Files 2008-11-26 16:34 . 1998-10-02 19:00 327,168 --a------ c:\windows\IsUninst.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-20 16:54 --------- d-----w c:\programfiler\Steam 2008-12-20 16:52 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard 2008-12-17 17:40 --------- d-----w c:\programfiler\World of Warcraft 2008-12-13 13:23 --------- d-----w c:\programfiler\Fellesfiler\Blizzard Entertainment 2008-12-13 12:14 --------- d-----w c:\programfiler\AGEIA Technologies 2008-12-12 16:19 --------- d--h--w c:\programfiler\InstallShield Installation Information 2008-12-12 16:13 --------- d-----w c:\programfiler\Phun 2008-12-03 15:45 --------- d-----w c:\documents and settings\Sim1\Programdata\LimeWire 2008-12-02 22:11 453,152 ----a-w c:\windows\system32\nvudisp.exe 2008-12-02 09:13 453,152 ----a-w c:\windows\system32\NVUNINST.EXE 2008-11-26 19:57 31 ----a-w c:\documents and settings\Sim1\jagex_runescape_preferences.dat 2008-11-26 15:48 --------- d-----w c:\programfiler\SystemRequirementsLab 2008-11-16 17:00 --------- d-----w c:\documents and settings\Sim1\Programdata\mIRC 2008-11-16 16:56 --------- d-----w c:\programfiler\mIRC 2008-11-13 13:35 --------- d-----w c:\programfiler\MSXML 6.0 2008-11-13 13:34 --------- d-----w c:\programfiler\MSXML 4.0 2008-10-28 16:41 14,303,392 ----a-w c:\windows\system32\xlive.dll 2008-10-28 16:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll 2008-10-24 11:25 455,936 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-23 12:52 284,160 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-16 10:36 667,136 ----a-w c:\windows\system32\wininet.dll 2008-10-13 08:56 70,936 ----a-w c:\windows\system32\PhysXLoader.dll 2008-10-07 08:13 58,648 ----a-w c:\windows\system32\AgCPanelTraditionalChinese.dll 2008-10-07 08:13 58,648 ----a-w c:\windows\system32\AgCPanelSwedish.dll 2008-10-07 08:13 58,648 ----a-w c:\windows\system32\AgCPanelSpanish.dll 2008-10-07 08:13 58,648 ----a-w c:\windows\system32\AgCPanelSimplifiedChinese.dll 2008-10-07 08:13 58,648 ----a-w c:\windows\system32\AgCPanelPortugese.dll 2008-10-07 08:13 58,648 ----a-w c:\windows\system32\AgCPanelKorean.dll 2008-10-07 08:13 58,648 ----a-w c:\windows\system32\AgCPanelJapanese.dll 2008-10-07 08:13 58,648 ----a-w c:\windows\system32\AgCPanelGerman.dll 2008-10-07 08:13 58,648 ----a-w c:\windows\system32\AgCPanelFrench.dll 2008-10-07 08:13 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe 2008-10-07 08:13 288,024 ----a-w c:\windows\system32\PhysXCompatCplUI.exe 2008-10-07 08:13 23,320 ----a-w c:\windows\system32\PhysXDevice.dll 2008-10-03 10:17 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2007-12-24 19:12 22,328 ----a-w c:\documents and settings\Sim1\Programdata\PnkBstrK.sys . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B05D1A1E-9F4C-4CCE-91AD-DB5CFF9796DD}] 2008-12-20 17:24 106496 --a------ c:\windows\system32\hozr.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2007-08-22 1694208] "RGSC"="c:\programfiler\steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe" [2008-12-13 306088] "SpybotSD TeaTimer"="c:\programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\programfiler\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2007-12-11 286720] "amd_dc_opt"="c:\programfiler\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-20 1261336] "nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\Steam\\steamapps\\simen_os\\day of defeat source\\hl2.exe"= "c:\\Programfiler\\Steam\\Steam.exe"= "c:\\Programfiler\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "c:\\Programfiler\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "c:\\Programfiler\\mIRC\\mirc.exe"= "c:\\Programfiler\\Steam\\steamapps\\simen_os\\garrysmod\\hl2.exe"= "c:\\Programfiler\\Steam\\steamapps\\swampzor\\counter-strike\\hl.exe"= "c:\\Programfiler\\Steam\\steamapps\\simenos\\counter-strike\\hl.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\Programfiler\\Steam\\steamapps\\simen_os1\\counter-strike\\hl.exe"= "c:\\Programfiler\\Steam\\steamapps\\simen_os\\counter-strike source\\hl2.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\Steam\\steamapps\\common\\flatout2\\FlatOut2.exe"= "c:\\Programfiler\\Steam\\steamapps\\simen_os\\counter-strike\\hl.exe"= "c:\\Programfiler\\Mozilla Firefox\\firefox.exe"= "c:\\Programfiler\\World of Warcraft\\Wrath of the Lich King Beta\\WoW-3.0.2.8905-to-3.0.2.8926-enGB-downloader.exe"= "c:\\Programfiler\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Programfiler\\World of Warcraft\\Wrath of the Lich King Beta\\WoW-3.0.2.9061-to-3.0.3.9095-enGB-downloader.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Programfiler\\Steam\\steamapps\\danielnygard\\counter-strike\\hl.exe"= "c:\\Programfiler\\Steam\\steamapps\\common\\grand theft auto iv\\RGSC\\RGSCLauncher.exe"= "c:\\Programfiler\\Steam\\steamapps\\common\\grand theft auto iv\\GTAIV\\GTAIV.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgemc.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader "6112:TCP"= 6112:TCP:Blizzard Downloader "6881:TCP"= 6881:TCP:Blizzard Downloader "6999:TCP"= 6999:TCP:Blizzard Downloader R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-20 97928] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-20 875288] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-20 231704] R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-20 76040] R2 BcmSqlStartupSvc;Oppstartstjeneste for Business Contact Manager SQL Server;"c:\programfiler\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-16 30312] S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2008-02-26 29183504] S3 pYMslsbfwxZ;pYMslsbfwxZ;\??\c:\docume~1\Sim1\LOKALE~1\Temp\Rar$EX00.906\XMMRN [] S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2007-12-12 176128] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] \Shell\AutoRun\command - I:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0dae6a10-caf7-11dd-819a-001e8c0eca77}] \Shell\AutoRun\command - I:\LaunchU3.exe -a *Newly Created Service* - AAWSERVICE *Newly Created Service* - AVG8EMC *Newly Created Service* - AVG8WD *Newly Created Service* - AVGLDX86 *Newly Created Service* - AVGMFX86 *Newly Created Service* - PROCEXP90 . . ------- Tilleggsskanning ------- . uInternet Settings,ProxyOverride = *.local FF - ProfilePath - c:\documents and settings\Sim1\Programdata\Mozilla\Firefox\Profiles\2rryytgd.default\ FF - component: c:\programfiler\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\programfiler\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npagent.dll FF - plugin: c:\programfiler\Yahoo!\Common\npyaxmpb.dll ATTENTION: FIREFOX POLICES IS IN FORCE c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-20 20:07:22 Windows 5.1.2600 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\pYMslsbfwxZ] "ImagePath"="\??\c:\docume~1\Sim1\LOKALE~1\Temp\Rar$EX00.906\XMMRN" . Tidspunkt ferdig: 2008-12-20 20:08:03 ComboFix-quarantined-files.txt 2008-12-20 19:07:44 Pre-Run: 215 312 269 312 byte ledig Post-Run: 215,298,326,528 byte ledig 216 --- E O F --- 2008-12-20 11:51:21 Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:10:26, on 20.12.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\nvsvc32.exe c:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\Programfiler\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\explorer.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {376892AE-1825-4E5F-9F85-23F9640051CC} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programfiler\AVG\AVG8\avgtoolbar.dll O2 - BHO: AmskerBar - {B05D1A1E-9F4C-4CCE-91AD-DB5CFF9796DD} - C:\WINDOWS\system32\hozr.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programfiler\AVG\AVG8\avgtoolbar.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [amd_dc_opt] C:\Programfiler\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [RGSC] C:\programfiler\steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe /silent O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1198083822500 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: NMSAccessU - Unknown owner - C:\Documents and Settings\Sim1\Lokale innstillinger\Temp\{33EBC61F-4E00-46E4-8CA0-AB040DF9BF85}\NMSAccessU.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe -- End of file - 6655 bytes Lenke til kommentar
norbat Skrevet 20. desember 2008 Del Skrevet 20. desember 2008 Åpne notisblokk, kopier og lim inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt Dra og slipp fila over combofix-iconet. Combofix vil starte igjen. File:: c:\windows\system32\hozr.dll c:\windows\ios.dat Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B05D1A1E-9F4C-4CCE-91AD-DB5CFF9796DD}] [-HKEY_LOCAL_MACHINE\system\ControlSet003\Services\pYMslsbfwxZ] Post loggen. Hent også mbr.exe. Legg det på skrivebordet. Kjør programmet. Det vil lages en logg (mbr.log) som du også poster. Lenke til kommentar
Kerma Skrevet 20. desember 2008 Forfatter Del Skrevet 20. desember 2008 Mbr: Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK Combofix: ComboFix 08-12-20.01 - Sim1 2008-12-20 20:38:39.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.3582.2792 [GMT 1:00] Kjører fra: c:\documents and settings\Sim1\Skrivebord\ComboFix.exe Command switches brukt :: c:\documents and settings\Sim1\Skrivebord\CFScript.txt * Opprettet nytt gjenopprettingspunkt ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! FILE :: c:\windows\ios.dat c:\windows\system32\hozr.dll . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\ios.dat c:\windows\system32\hozr.dll . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-20 til 2008-12-20 ))))))))))))))))))))))))))))))))) . 2008-12-20 20:01 . 2008-12-20 20:01 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2008-12-20 20:01 . 2008-12-20 20:01 <DIR> d-------- c:\documents and settings\Sim1\Programdata\Malwarebytes 2008-12-20 20:01 . 2008-12-20 20:01 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2008-12-20 20:01 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-20 20:01 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-20 19:39 . 2008-12-20 20:37 <DIR> dr-h----- c:\documents and settings\Sim1\Siste 2008-12-20 18:49 . 2008-12-20 18:49 <DIR> d-------- c:\programfiler\Spybot - Search & Destroy 2008-12-20 18:49 . 2008-12-20 19:11 <DIR> d-------- c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy 2008-12-20 17:53 . 2008-12-20 17:53 <DIR> d-------- c:\programfiler\Lavasoft 2008-12-20 17:53 . 2008-12-20 17:53 <DIR> d-------- c:\documents and settings\All Users\Programdata\Lavasoft 2008-12-20 17:51 . 2008-12-20 19:21 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-12-20 17:46 . 2008-12-20 17:47 <DIR> d-------- c:\windows\system32\drivers\Avg 2008-12-20 17:46 . 2008-12-20 17:46 <DIR> d-------- c:\documents and settings\Sim1\Programdata\AVGTOOLBAR 2008-12-20 17:46 . 2008-12-20 17:46 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys 2008-12-20 17:46 . 2008-12-20 17:46 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys 2008-12-20 17:46 . 2008-12-20 17:46 10,520 --a------ c:\windows\system32\avgrsstx.dll 2008-12-20 15:04 . 2008-12-20 15:05 <DIR> d-------- c:\windows\nview 2008-12-20 15:04 . 2008-12-20 15:04 <DIR> d-------- c:\windows\A7E07C2B2220441587E3784D5814BC93.TMP 2008-12-20 15:04 . 2008-10-07 13:33 201,157 --a------ c:\windows\system32\nvapps.nvb 2008-12-20 15:04 . 2008-12-20 15:06 193,319 --a------ c:\windows\system32\nvapps.xml 2008-12-20 12:55 . 2008-12-20 12:55 <DIR> d-------- c:\programfiler\uTorrent 2008-12-20 12:55 . 2008-12-20 13:00 <DIR> d-------- c:\documents and settings\Sim1\Programdata\uTorrent 2008-12-15 23:23 . 2008-12-15 23:24 <DIR> d-------- c:\documents and settings\Sim1\Programdata\U3 2008-12-14 17:42 . 2008-12-20 17:46 <DIR> d-------- c:\documents and settings\All Users\Programdata\Avg8 2008-12-13 13:28 . 2008-12-13 13:28 1,700,352 --a------ c:\windows\system32\gdiplus.dll 2008-12-13 13:28 . 2008-12-13 13:28 1,060,864 --a------ c:\windows\system32\mfc71.dll 2008-12-13 12:06 . 2008-12-13 12:07 <DIR> d-------- c:\windows\system32\drivers\umdf 2008-12-13 12:04 . 2008-12-13 12:04 <DIR> d-------- c:\windows\system32\xlive 2008-12-13 12:04 . 2008-12-13 12:04 <DIR> d-------- c:\programfiler\Microsoft Games for Windows - LIVE 2008-12-13 12:03 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll 2008-12-13 12:03 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll 2008-12-13 12:03 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll 2008-12-13 12:03 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll 2008-12-13 12:03 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll 2008-12-13 12:03 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll 2008-12-13 12:03 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll 2008-12-13 12:02 . 2008-12-13 12:02 <DIR> d-------- c:\windows\Logs 2008-12-03 16:39 . 2008-12-03 16:39 <DIR> d-------- c:\programfiler\LimeWire 2008-12-02 23:11 . 2008-12-02 23:11 1,253,376 --a------ c:\windows\system32\NvPVEnc.ax 2008-11-27 16:44 . 2008-11-27 16:44 279 --a------ C:\Snarvei til Lokal disk ©.lnk 2008-11-26 17:19 . 2006-09-11 16:06 356,352 --a------ c:\windows\system32\nvunrm.exe 2008-11-26 17:19 . 2006-09-11 15:14 3,903 --a------ c:\windows\system32\nvnrm.nvu 2008-11-26 17:19 . 2006-08-14 11:09 1,428 --a------ c:\windows\system32\drivers\nvphy.bin 2008-11-26 16:39 . 2008-11-26 16:39 <DIR> d-------- c:\programfiler\MSI 2008-11-26 16:37 . 2008-11-26 16:37 <DIR> d-------- c:\programfiler\Setup Files 2008-11-26 16:34 . 1998-10-02 19:00 327,168 --a------ c:\windows\IsUninst.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-20 16:54 --------- d-----w c:\programfiler\Steam 2008-12-20 16:52 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard 2008-12-17 17:40 --------- d-----w c:\programfiler\World of Warcraft 2008-12-13 13:23 --------- d-----w c:\programfiler\Fellesfiler\Blizzard Entertainment 2008-12-13 12:14 --------- d-----w c:\programfiler\AGEIA Technologies 2008-12-12 16:19 --------- d--h--w c:\programfiler\InstallShield Installation Information 2008-12-12 16:13 --------- d-----w c:\programfiler\Phun 2008-12-03 15:45 --------- d-----w c:\documents and settings\Sim1\Programdata\LimeWire 2008-12-02 22:11 453,152 ----a-w c:\windows\system32\nvudisp.exe 2008-12-02 09:13 453,152 ----a-w c:\windows\system32\NVUNINST.EXE 2008-11-26 19:57 31 ----a-w c:\documents and settings\Sim1\jagex_runescape_preferences.dat 2008-11-26 15:48 --------- d-----w c:\programfiler\SystemRequirementsLab 2008-11-16 17:00 --------- d-----w c:\documents and settings\Sim1\Programdata\mIRC 2008-11-16 16:56 --------- d-----w c:\programfiler\mIRC 2008-11-13 13:35 --------- d-----w c:\programfiler\MSXML 6.0 2008-11-13 13:34 --------- d-----w c:\programfiler\MSXML 4.0 2008-10-28 16:41 14,303,392 ----a-w c:\windows\system32\xlive.dll 2008-10-28 16:41 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll 2008-10-24 11:25 455,936 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-23 12:52 284,160 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-16 10:36 667,136 ----a-w c:\windows\system32\wininet.dll 2008-10-13 08:56 70,936 ----a-w c:\windows\system32\PhysXLoader.dll 2008-10-07 08:13 58,648 ----a-w c:\windows\system32\AgCPanelTraditionalChinese.dll 2008-10-07 08:13 58,648 ----a-w c:\windows\system32\AgCPanelSwedish.dll 2008-10-07 08:13 58,648 ----a-w c:\windows\system32\AgCPanelSpanish.dll 2008-10-07 08:13 58,648 ----a-w c:\windows\system32\AgCPanelSimplifiedChinese.dll 2008-10-07 08:13 58,648 ----a-w c:\windows\system32\AgCPanelPortugese.dll 2008-10-07 08:13 58,648 ----a-w c:\windows\system32\AgCPanelKorean.dll 2008-10-07 08:13 58,648 ----a-w c:\windows\system32\AgCPanelJapanese.dll 2008-10-07 08:13 58,648 ----a-w c:\windows\system32\AgCPanelGerman.dll 2008-10-07 08:13 58,648 ----a-w c:\windows\system32\AgCPanelFrench.dll 2008-10-07 08:13 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe 2008-10-07 08:13 288,024 ----a-w c:\windows\system32\PhysXCompatCplUI.exe 2008-10-07 08:13 23,320 ----a-w c:\windows\system32\PhysXDevice.dll 2008-10-03 10:17 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2007-12-24 19:12 22,328 ----a-w c:\documents and settings\Sim1\Programdata\PnkBstrK.sys . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2007-08-22 1694208] "RGSC"="c:\programfiler\steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe" [2008-12-13 306088] "SpybotSD TeaTimer"="c:\programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\programfiler\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2007-12-11 286720] "amd_dc_opt"="c:\programfiler\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-20 1261336] "nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\Steam\\steamapps\\simen_os\\day of defeat source\\hl2.exe"= "c:\\Programfiler\\Steam\\Steam.exe"= "c:\\Programfiler\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "c:\\Programfiler\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "c:\\Programfiler\\mIRC\\mirc.exe"= "c:\\Programfiler\\Steam\\steamapps\\simen_os\\garrysmod\\hl2.exe"= "c:\\Programfiler\\Steam\\steamapps\\swampzor\\counter-strike\\hl.exe"= "c:\\Programfiler\\Steam\\steamapps\\simenos\\counter-strike\\hl.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\Programfiler\\Steam\\steamapps\\simen_os1\\counter-strike\\hl.exe"= "c:\\Programfiler\\Steam\\steamapps\\simen_os\\counter-strike source\\hl2.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\Steam\\steamapps\\common\\flatout2\\FlatOut2.exe"= "c:\\Programfiler\\Steam\\steamapps\\simen_os\\counter-strike\\hl.exe"= "c:\\Programfiler\\Mozilla Firefox\\firefox.exe"= "c:\\Programfiler\\World of Warcraft\\Wrath of the Lich King Beta\\WoW-3.0.2.8905-to-3.0.2.8926-enGB-downloader.exe"= "c:\\Programfiler\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Programfiler\\World of Warcraft\\Wrath of the Lich King Beta\\WoW-3.0.2.9061-to-3.0.3.9095-enGB-downloader.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\Programfiler\\Steam\\steamapps\\danielnygard\\counter-strike\\hl.exe"= "c:\\Programfiler\\Steam\\steamapps\\common\\grand theft auto iv\\RGSC\\RGSCLauncher.exe"= "c:\\Programfiler\\Steam\\steamapps\\common\\grand theft auto iv\\GTAIV\\GTAIV.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgemc.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader "6112:TCP"= 6112:TCP:Blizzard Downloader "6881:TCP"= 6881:TCP:Blizzard Downloader "6999:TCP"= 6999:TCP:Blizzard Downloader R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-20 97928] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-20 875288] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-20 231704] R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-20 76040] R2 BcmSqlStartupSvc;Oppstartstjeneste for Business Contact Manager SQL Server;"c:\programfiler\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-16 30312] S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2008-02-26 29183504] S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2007-12-12 176128] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] \Shell\AutoRun\command - I:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0dae6a10-caf7-11dd-819a-001e8c0eca77}] \Shell\AutoRun\command - I:\LaunchU3.exe -a *Newly Created Service* - AAWSERVICE *Newly Created Service* - AVG8EMC *Newly Created Service* - AVG8WD *Newly Created Service* - AVGLDX86 *Newly Created Service* - AVGMFX86 *Newly Created Service* - CATCHME *Newly Created Service* - MBR *Newly Created Service* - PROCEXP90 . . ------- Tilleggsskanning ------- . uInternet Settings,ProxyOverride = *.local FF - ProfilePath - c:\documents and settings\Sim1\Programdata\Mozilla\Firefox\Profiles\2rryytgd.default\ FF - component: c:\programfiler\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\programfiler\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npagent.dll FF - plugin: c:\programfiler\Yahoo!\Common\npyaxmpb.dll ATTENTION: FIREFOX POLICES IS IN FORCE c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-20 20:39:11 Windows 5.1.2600 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\pYMslsbfwxZ] "ImagePath"="\??\c:\docume~1\Sim1\LOKALE~1\Temp\Rar$EX00.906\XMMRN" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\pYMslsbfwxZ] "ImagePath"="\??\c:\docume~1\Sim1\LOKALE~1\Temp\Rar$EX00.906\XMMRN" . Tidspunkt ferdig: 2008-12-20 20:39:45 ComboFix-quarantined-files.txt 2008-12-20 19:39:33 ComboFix2.txt 2008-12-20 19:08:04 Pre-Run: 215 286 919 168 byte ledig Post-Run: 215,273,521,152 byte ledig 225 --- E O F --- 2008-12-20 11:51:21 Lenke til kommentar
Kerma Skrevet 20. desember 2008 Forfatter Del Skrevet 20. desember 2008 Ser ut som alt funker nå kommer ikke noe error når jeg åpner en mappe:) Takker:) Lenke til kommentar
Zeph Skrevet 20. desember 2008 Del Skrevet 20. desember 2008 Denne tråden var feilpostet og er blitt flyttet til riktig kategori. Lenke til kommentar
norbat Skrevet 20. desember 2008 Del Skrevet 20. desember 2008 (endret) Klikk: Start->Kjør Skriv: regedit Gå til: HKEY_LOCAL_MACHINE\system\ControlSet003\Services Klikk på pYMslsbfwxZ Hvilke opplysninger får du om denne oppføringen (DisplayName, Description, DependOnService) Endret 20. desember 2008 av norbat Lenke til kommentar
Kerma Skrevet 20. desember 2008 Forfatter Del Skrevet 20. desember 2008 Finner ikke en pYMslsbfwxZ :S. Men tror du det er mer jeg må gjøre for og fjerne det? Får ikke erroren mer Lenke til kommentar
norbat Skrevet 20. desember 2008 Del Skrevet 20. desember 2008 Avslutt med å avinstallere combofix. Det gjør du ved å skrive combofix /u i kjør-feltet (start-kjør). Dette vil også nullstille systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere. Sørg forøvrig at Java, Flash player og Adobe reader er oppdatert i tillegg til Windows. Surt trygt. Lenke til kommentar
-Just-Me- Skrevet 24. desember 2008 Del Skrevet 24. desember 2008 Hva med å prøve en systemgjenoppretning? Lenke til kommentar
Bruker-158599 Skrevet 24. desember 2008 Del Skrevet 24. desember 2008 Hva med å prøve en systemgjenoppretning? Tror ikke det er så lurt, Fjern viruset. Hvis det er blitt scannet med combofix så er nok alle systemgjenopprettings datoene slettet Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå