knut_25 Skrevet 30. desember 2008 Del Skrevet 30. desember 2008 Jeg har også det samme problemet med CiD pop ups! Kan noen hjelpe? Har brukt HJT og SAS. Her er loggene: Logfile of HijackThis v1.99.1 Scan saved at 16:46:29, on 30.12.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Broadcom\ASFIPMon\AsfIpMon.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe C:\Programfiler\SigmaTel\C-dur-lyd\DellXPM_5515v131\WDM\StacSV.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe C:\WINDOWS\TEMP\BT5D1B.EXE C:\Programfiler\Trend Micro\OfficeScan Client\TmPfw.exe C:\Programfiler\Trend Micro\OfficeScan Client\CNTAoSMgr.exe C:\WINDOWS\system32\WLTRAY.exe C:\Programfiler\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe C:\Programfiler\Dell\QuickSet\Quickset.exe C:\Programfiler\Microsoft Xbox 360 Accessories\XboxStat.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Cisco Systems\Clean Access Agent\CCAAgent.exe C:\Programfiler\OpenOffice.org 3\program\soffice.exe C:\Programfiler\OpenOffice.org 3\program\soffice.bin C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wisptis.exe C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Internet Explorer\IEXPLORE.EXE C:\Programfiler\Mozilla Firefox\firefox.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Programfiler\Windows Live\Contacts\wlcomm.exe C:\WINDOWS\system32\msiexec.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.online.no R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fronter.com/opplandvgs R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1044 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programfiler\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\Quickset.exe O4 - HKLM\..\Run: [Telenorhjelpen] "C:\Programfiler\Telenor\Telenorhjelpen\Telenor.exe" O4 - HKLM\..\Run: [XboxStat] "C:\Programfiler\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe O4 - HKLM\..\Run: [Ford mpeg road draw] C:\Documents and Settings\All Users\Programdata\way rdr ford mpeg\License plus.exe O4 - HKLM\..\RunOnce: [innoSetupRegFile.0000000001] "C:\WINDOWS\is-U1PAT.exe" /REG O4 - HKCU\..\Run: [DeskSpace] C:\Programfiler\DeskSpace\deskspace.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [chinbarb] C:\DOCUME~1\Elev\PROGRA~1\DRAWTI~1\HEART AMOK.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programfiler\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: Clean Access Agent.lnk = C:\Programfiler\Cisco Systems\Clean Access Agent\CCAAgent.exe O4 - Global Startup: WirelessLogon.vbs O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programfiler\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\programfiler\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1218181723038 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} (CCAWebLogin Control) - https://casinband2.opplandvgs.no/auth/CCALogin.CAB O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = opplandvgs.local O17 - HKLM\Software\..\Telephony: DomainName = valdres.opplandvgs.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = opplandvgs.local O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programfiler\Windows Live\Mail\mailcomm.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Programfiler\Broadcom\ASFIPMon\AsfIpMon.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: Creative PD0630 RunApp Service (PD0630Srv) - Creative Technology Ltd. - C:\WINDOWS\system32\P0630Srv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Programfiler\SigmaTel\C-dur-lyd\DellXPM_5515v131\WDM\StacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programfiler\Fellesfiler\SureThing Shared\stllssvr.exe O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\TmPfw.exe O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Programfiler\Trend Micro\OfficeScan Client\TmProxy.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Programfiler\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 12/30/2008 at 05:54 PM Application Version : 4.24.1004 Core Rules Database Version : 3689 Trace Rules Database Version: 1665 Scan type : Quick Scan Total Scan Time : 00:13:55 Memory items scanned : 547 Memory threats detected : 0 Registry items scanned : 451 Registry threats detected : 0 File items scanned : 8509 File threats detected : 1 Adware.Tracking Cookie C:\Documents and Settings\Elev\Cookies\elev@atdmt[2].txt Lenke til kommentar
raWrz Skrevet 30. desember 2008 Del Skrevet 30. desember 2008 Last ned Malwarebytes' Anti-Malware Her eller Her.''' Lagre den på Skrivebordet. Kjør fila og installer programmet. Velg Norsk språkdrakt. Sett en hake ved siden av Oppdater Malwarebytes' Anti-Malware og Kjør Malwarebytes' Anti-Malware, og trykk Ferdig.La programmet oppdatere seg og velg Utfør hurtig systemskann. Du får en meldingsboks når programmet er ferdigkjørt Klikk deretter på Vis resultat-knappen. Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgt -knappen for å fjerne malwaren som evt. ble funnet. Notis: Hvis MBAM finner en fil som er vanskelig å fjerne, vil du bli spurt om to spørsmål. Trykk OK på begge, og la MBAM gjøre seg ferdig med desinfeksjonen. Hvis du blir spurt om å restarte maskinen, gjør du det med en gang. Når MBAM er ferdig med å fjerne det den har funnet, vil det bli åpnet en logg i notisblokk. Den poster du senere om den fant noe annet enn cookies Last ned Combofix (av sUBs), og legg det på Skrivebordet. Kjør combofix.exe, og følg veiledningen. Du vil under oppstart av combofix bli anbefalt å installere gjenopprettingskonsollen (om du ikke har den installert fra før). Det sier du ja til. Du må ikke klikke på vinduet mens programmet kjører. Dette kan føre til at programmet fryser. Hva gjør ComboFix: - ComboFix er et multifix-program som er laget for å fjerne en hel del kjente infeksjoner, samt lager en logg/rapport som viser filer/prosesser/registeroppføringer som ligger på PC-en. Loggen kan avgjøre om det fortsatt ligger noe på PC-en som skal fjernes. Det kreves da at noen med erfaring kan lese loggen og fortelle hvordan man skal gå videre. PS: Combofix vil blant ramse opp alle filer som har blitt opprettet den siste måneden, og kan i enkelte tilfeller også fortelle fullt navn og annen informasjon som kan betraktes som sensitiv. Av den grunn bør du gå gjennom loggen og se om du finner informasjon du ikke vil dele med alle, og sensurere det. Post loggfilen fra Combofix (c:\combofix.txt) Lenke til kommentar
knut_25 Skrevet 31. desember 2008 Forfatter Del Skrevet 31. desember 2008 Last ned Malwarebytes' Anti-Malware Her eller Her.''' Lagre den på Skrivebordet. Kjør fila og installer programmet. Velg Norsk språkdrakt. Sett en hake ved siden av Oppdater Malwarebytes' Anti-Malware og Kjør Malwarebytes' Anti-Malware, og trykk Ferdig.La programmet oppdatere seg og velg Utfør hurtig systemskann. Du får en meldingsboks når programmet er ferdigkjørt Klikk deretter på Vis resultat-knappen. Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgt -knappen for å fjerne malwaren som evt. ble funnet. Notis: Hvis MBAM finner en fil som er vanskelig å fjerne, vil du bli spurt om to spørsmål. Trykk OK på begge, og la MBAM gjøre seg ferdig med desinfeksjonen. Hvis du blir spurt om å restarte maskinen, gjør du det med en gang. Når MBAM er ferdig med å fjerne det den har funnet, vil det bli åpnet en logg i notisblokk. Den poster du senere om den fant noe annet enn cookies Last ned Combofix (av sUBs), og legg det på Skrivebordet. Kjør combofix.exe, og følg veiledningen. Du vil under oppstart av combofix bli anbefalt å installere gjenopprettingskonsollen (om du ikke har den installert fra før). Det sier du ja til. Du må ikke klikke på vinduet mens programmet kjører. Dette kan føre til at programmet fryser. Hva gjør ComboFix: - ComboFix er et multifix-program som er laget for å fjerne en hel del kjente infeksjoner, samt lager en logg/rapport som viser filer/prosesser/registeroppføringer som ligger på PC-en. Loggen kan avgjøre om det fortsatt ligger noe på PC-en som skal fjernes. Det kreves da at noen med erfaring kan lese loggen og fortelle hvordan man skal gå videre. PS: Combofix vil blant ramse opp alle filer som har blitt opprettet den siste måneden, og kan i enkelte tilfeller også fortelle fullt navn og annen informasjon som kan betraktes som sensitiv. Av den grunn bør du gå gjennom loggen og se om du finner informasjon du ikke vil dele med alle, og sensurere det. Post loggfilen fra Combofix (c:\combofix.txt) ComboFix 08-12-30.01 - Elev 2008-12-31 2:31:31.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1918.1016 [GMT 1:00] Kjører fra: c:\documents and settings\Elev\Skrivebord\ComboFix.exe * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-28 til 2008-12-31 ))))))))))))))))))))))))))))))))) . 2008-12-31 02:23 . 2008-12-31 02:23 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2008-12-31 02:23 . 2008-12-31 02:23 <DIR> d-------- c:\documents and settings\Elev\Programdata\Malwarebytes 2008-12-31 02:23 . 2008-12-31 02:23 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2008-12-31 02:23 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-31 02:23 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-30 16:40 . 2008-12-30 16:40 <DIR> d-------- c:\programfiler\SUPERAntiSpyware 2008-12-30 16:40 . 2008-12-30 16:40 <DIR> d-------- c:\documents and settings\Elev\Programdata\SUPERAntiSpyware.com 2008-12-30 16:40 . 2008-12-30 16:40 <DIR> d-------- c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com 2008-12-30 16:36 . 2008-12-30 16:36 <DIR> d-------- C:\Program Files 2008-12-30 16:26 . 2008-12-31 02:20 <DIR> d-------- c:\documents and settings\Elev\Tracing 2008-12-30 16:18 . 2008-12-30 16:18 <DIR> d-------- c:\programfiler\Microsoft SQL Server Compact Edition 2008-12-30 16:08 . 2008-12-30 16:08 <DIR> d-------- c:\programfiler\Microsoft 2008-12-30 16:07 . 2008-12-30 16:07 <DIR> d-------- c:\programfiler\Windows Live SkyDrive 2008-12-30 15:53 . 2008-12-30 15:53 <DIR> d-------- c:\programfiler\Fellesfiler\Windows Live 2008-12-30 14:34 . 2008-12-30 14:34 <DIR> d-------- c:\programfiler\Mozilla Thunderbird 2008-12-30 14:34 . 2008-12-30 14:34 <DIR> d-------- c:\documents and settings\Elev\Programdata\Thunderbird 2008-12-26 17:54 . 2008-12-26 17:54 <DIR> d-------- c:\programfiler\Draw time aim 2008-12-24 13:58 . 2008-12-24 13:58 552 --a------ c:\windows\system32\d3d8caps.dat 2008-12-23 16:53 . 2008-12-23 16:53 <DIR> d-------- c:\programfiler\NCH Software 2008-12-23 16:52 . 2008-12-23 16:52 <DIR> d-------- c:\programfiler\NCH Swift Sound 2008-12-23 16:52 . 2008-12-23 16:52 <DIR> d-------- c:\programfiler\Free Audio Pack 2008-12-23 16:52 . 2008-12-23 16:52 <DIR> d-------- c:\documents and settings\Elev\Programdata\NCH Swift Sound 2008-12-23 16:52 . 2008-12-23 16:52 <DIR> d-------- c:\documents and settings\All Users\Programdata\NCH Swift Sound 2008-12-21 23:01 . 2008-12-21 23:01 <DIR> d-------- c:\programfiler\Gabest 2008-12-19 22:56 . 2008-12-19 22:56 <DIR> d-------- C:\Ny mappe(2) 2008-12-19 22:56 . 2008-12-19 22:56 <DIR> d-------- C:\Ny mappe 2008-12-15 19:24 . 2008-12-15 19:24 <DIR> d-------- c:\windows\system32\Futuremark 2008-12-15 19:24 . 2008-12-15 19:24 <DIR> d-------- c:\programfiler\Fellesfiler\Futuremark Shared 2008-12-15 19:24 . 2008-05-29 12:33 27,672 -ra------ c:\windows\system32\drivers\Entech.sys 2008-12-14 16:44 . 2008-12-14 16:44 <DIR> d-------- c:\programfiler\Hewlett-Packard 2008-12-14 16:42 . 2008-12-14 16:43 <DIR> d-------- c:\programfiler\HP 2008-12-14 16:36 . 2008-10-13 19:33 71,405 --a------ c:\windows\hpdj6800.hi2 2008-12-14 16:36 . 2008-10-13 19:33 9,221 --a------ c:\windows\hpdj6800.bu2 2008-12-14 16:35 . 2008-10-13 19:42 5,411 --a------ c:\windows\hpf6800m.hi2 2008-12-14 16:35 . 2008-10-13 19:42 3,297 --a------ c:\windows\hpf6800m.bu2 2008-12-10 14:55 . 2008-12-10 14:55 <DIR> d-------- c:\documents and settings\All Users\Programdata\FLEXnet 2008-12-10 14:42 . 2008-12-10 14:42 <DIR> d-------- c:\programfiler\Bonjour 2008-12-10 14:30 . 2008-12-10 14:30 <DIR> d-------- c:\programfiler\Fellesfiler\Macrovision Shared 2008-12-09 17:29 . 2008-12-09 17:29 <DIR> d-------- c:\documents and settings\Elev\Programdata\Roxio 2008-12-08 19:30 . 2008-12-08 19:30 98,304 --a------ c:\windows\system32\CmdLineExt.dll 2008-12-04 22:55 . 2008-12-04 22:55 307,560 --a------ c:\windows\WLXPGSS.SCR 2008-12-03 10:34 . 2008-12-03 10:34 <DIR> d-------- c:\windows\system32\AGEIA 2008-12-03 10:34 . 2008-12-03 10:35 <DIR> d-------- c:\programfiler\AGEIA Technologies 2008-12-03 10:33 . 2008-12-30 16:39 <DIR> d-------- c:\programfiler\Fellesfiler\Wise Installation Wizard 2008-12-02 22:37 . 2008-12-02 22:37 49,480 --a------ c:\windows\system32\sirenacm.dll 2008-11-30 20:04 . 2008-12-26 17:56 <DIR> d-------- c:\documents and settings\All Users\Programdata\way rdr ford mpeg 2008-11-27 10:28 . 2007-02-26 18:15 1,421,216 --a------ c:\windows\system32\WdfCoInstaller01001.dll 2008-11-27 10:28 . 2007-02-26 18:15 61,984 --a------ c:\windows\system32\drivers\xusb21.sys 2008-11-27 10:28 . 2008-11-27 10:28 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf 2008-11-27 10:27 . 2008-11-27 10:27 <DIR> d-------- c:\programfiler\Microsoft Xbox 360 Accessories 2008-11-25 12:07 . 2008-11-25 12:07 <DIR> d-------- c:\programfiler\Fellesfiler\DirectX 2008-11-17 12:27 . 2008-11-17 12:30 <DIR> d-------- c:\documents and settings\Elev\Programdata\Sports Interactive 2008-11-17 12:27 . 2008-11-17 12:27 <DIR> d-------- c:\documents and settings\All Users\Programdata\Sports Interactive 2008-11-17 12:26 . 2008-11-17 12:26 <DIR> d-------- c:\windows\Logs 2008-11-17 12:21 . 2008-11-17 12:21 <DIR> d-------- c:\programfiler\Sports Interactive 2008-11-11 23:17 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-11 23:17 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-11 12:49 . 2008-11-11 12:52 <DIR> d-------- c:\windows\system32\Adobe 2008-11-11 12:49 . 2008-11-04 09:35 499,712 --a------ c:\windows\system32\msvcp71.dll 2008-11-02 21:50 . 2008-11-02 21:50 <DIR> d-------- c:\programfiler\Creative 2008-11-02 21:50 . 2005-10-24 01:01 24,576 --------- c:\windows\system32\CTWEBFUN.DLL . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-30 15:19 --------- d-----w c:\programfiler\Windows Live 2008-12-26 16:56 --------- d-----w c:\documents and settings\Elev\Programdata\Draw time aim 2008-12-23 15:52 680,960 ----a-w c:\windows\isRS-000.tmp 2008-12-15 18:24 --------- d--h--w c:\programfiler\InstallShield Installation Information 2008-12-11 15:45 --------- d-----w c:\programfiler\Advanced System Optimizer 2008-12-10 13:42 --------- d-----w c:\programfiler\Fellesfiler\Adobe 2008-12-09 16:27 --------- d-----w c:\documents and settings\All Users\Programdata\Sonic 2008-12-02 07:56 --------- d-----w c:\documents and settings\Elev\Programdata\U3 2008-11-30 19:03 --------- d-----w c:\documents and settings\All Users\Programdata\Gpl ooze view load 2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-24 19:33 484,352 ----a-w c:\windows\system32\lame_enc.dll 2008-09-21 18:38 8,192 ----a-w c:\windows\system32\RBK6520.tmp 2008-09-21 18:38 229,376 ----a-w c:\windows\system32\RBK651B.tmp 2008-09-21 18:37 8,192 ----a-w c:\windows\system32\RBK6518.tmp 2008-09-21 18:37 61,440 ----a-w c:\windows\system32\RBK64FB.tmp 2008-09-21 18:37 229,376 ----a-w c:\windows\system32\RBK6513.tmp 2008-09-15 15:29 1,846,400 ----a-w c:\windows\system32\win32k.sys 2008-09-10 01:16 1,307,648 ------w c:\windows\system32\msxml6.dll 2008-09-04 17:17 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2008-09-01 17:02 1,419,232 ----a-w c:\windows\system32\wdfcoinstaller01005.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "chinbarb"="c:\docume~1\Elev\PROGRA~1\DRAWTI~1\HEART AMOK.exe" [2008-12-26 610304] "WMPNSCFG"="c:\programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168] "ITSecMng"="c:\programfiler\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136] "SigmatelSysTrayApp"="c:\programfiler\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "OfficeScanNT Monitor"="c:\programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" [2008-08-28 714024] "Dell QuickSet"="c:\programfiler\Dell\QuickSet\Quickset.exe" [2008-02-22 1245184] "XboxStat"="c:\programfiler\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2006-01-14 172032] "Ford mpeg road draw"="c:\documents and settings\All Users\Programdata\way rdr ford mpeg\License plus.exe" [2008-12-31 782336] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Elev\Start-meny\Programmer\Oppstart\ OpenOffice.org 3.0.lnk - c:\programfiler\OpenOffice.org 3\program\quickstart.exe [2008-10-04 393216] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Clean Access Agent.lnk - c:\programfiler\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007-04-27 2048074] WirelessLogon.vbs [2007-10-22 1083] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 c:\programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1892195801-570826991-4266837986-14751120\Scripts\Logon\0\0] "Script"=\\opplandvgs\netlogon\logonquota.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1892195801-570826991-4266837986-14751120\Scripts\Logon\1\0] "Script"=\\opplandvgs\netlogon\logonquota.vbs [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Kunnskapsforlaget\\Ordnett Pluss\\lib\\IeEmbed.exe"= "c:\\Programfiler\\Sony Ericsson\\Update Service\\Update Service.exe"= "c:\\Programfiler\\EA GAMES\\Kampen om Midgard\\game.dat"= "c:\\Programfiler\\BitLord\\BitLord.exe"= "c:\\Programfiler\\Electronic Arts\\Kampen om Midgard II\\game.dat"= "c:\\WINDOWS\\system32\\msiexec.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Programfiler\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "12345:TCP"= 12345:TCP:Trend Micro OfficeScan Listener R1 SASDIFSV;SASDIFSV;\??\c:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-22 8944] R1 SASKUTIL;SASKUTIL;\??\c:\programfiler\SUPERAntiSpyware\SASKUTIL.sys [2008-12-22 55024] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\programfiler\Broadcom\ASFIPMon\AsfIpMon.exe -service [] R2 TmFilter;Trend Micro Filter;\??\c:\programfiler\Trend Micro\OfficeScan Client\TmXPFlt.sys [2007-09-17 205328] R2 TmPreFilter;Trend Micro PreFilter;\??\c:\programfiler\Trend Micro\OfficeScan Client\TmPreFlt.sys [2007-09-17 36368] R3 SASENUM;SASENUM;\??\c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408] R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys [2007-08-27 335888] R3 TmPfw;OfficeScan NT Firewall;"c:\programfiler\Trend Micro\OfficeScan Client\TmPfw.exe" [2007-04-04 488768] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-09-01 13352] S3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2008-10-19 67968] S3 PD0630Srv;Creative PD0630 RunApp Service;c:\windows\system32\P0630Srv.exe [2008-10-19 24576] S3 TmProxy;OfficeScan NT Proxy Service;"c:\programfiler\Trend Micro\OfficeScan Client\TmProxy.exe" [2007-04-27 652552] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{102a41b2-7055-11dd-b4f6-002186417b1f}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ec3ca19-71d6-11dd-b4f8-001fe195d769}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ca22753-ba83-11dd-b523-001d09db3e80}] \Shell\AutoRun\command - F:\LaunchU3.exe -a *Newly Created Service* - PROCEXP90 . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-12-30 c:\windows\Tasks\9E6E4E28B8D5FE48.job - c:\docume~1\elev\progra~1\drawti~1\hold lite burn.exe [2008-12-26 17:56] 2008-12-25 c:\windows\Tasks\Oppdater Ordnett Pluss.job - c:\programfiler\Kunnskapsforlaget\Ordnett Pluss\updater.exe [2007-08-28 13:29] . - - - - TOMME PEKERE FJERNET - - - - HKCU-Run-DeskSpace - c:\programfiler\DeskSpace\deskspace.exe HKLM-Run-Telenorhjelpen - c:\programfiler\Telenor\Telenorhjelpen\Telenor.exe . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.online.no uInternet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1044 c:\windows\system32\CCAWebLogin.ocx - O16 -: {C9D7D239-B502-48B3-BA25-9DF8C7264073} hxxps://casinband2.opplandvgs.no/auth/CCALogin.CAB c:\windows\Downloaded Program Files\CCAWebLogin.inf FF - ProfilePath - c:\documents and settings\Elev\Programdata\Mozilla\Firefox\Profiles\krfjfkkv.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: network.proxy.type - 2 FF - plugin: c:\programfiler\Microsoft Silverlight\2.0.31005.0\npctrl.dll FF - plugin: c:\programfiler\Windows Live\Photo Gallery\NPWLPG.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-31 02:34:10 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MBAMSwissArmy] "ImagePath"="\??\c:\windows\system32\drivers\mbamswissarmy.sys" . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(1420) c:\programfiler\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\Ati2evxx.dll . Tidspunkt ferdig: 2008-12-31 2:35:02 ComboFix-quarantined-files.txt 2008-12-31 01:34:54 Pre-Run: 3 135 897 600 byte ledig Post-Run: 3,514,855,424 byte ledig WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer 233 --- E O F --- 2008-12-18 15:26:13 Lenke til kommentar
raWrz Skrevet 31. desember 2008 Del Skrevet 31. desember 2008 kjørte du Mbam? hvis du gjorde det kan jeg få se loggen ? Lenke til kommentar
knut_25 Skrevet 31. desember 2008 Forfatter Del Skrevet 31. desember 2008 kjørte du Mbam?hvis du gjorde det kan jeg få se loggen ? Kjørte det, men den fant ingenting Lenke til kommentar
norbat Skrevet 31. desember 2008 Del Skrevet 31. desember 2008 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. File:: c:\windows\isRS-000.tmp c:\windows\Tasks\9E6E4E28B8D5FE48.job Folder:: c:\programfiler\Draw time aim c:\documents and settings\All Users\Programdata\way rdr ford mpeg c:\documents and settings\Elev\Programdata\Draw time aim c:\documents and settings\All Users\Programdata\Gpl ooze view load Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "chinbarb"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Ford mpeg road draw"=- Lenke til kommentar
knut_25 Skrevet 1. januar 2009 Forfatter Del Skrevet 1. januar 2009 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. File:: c:\windows\isRS-000.tmp c:\windows\Tasks\9E6E4E28B8D5FE48.job Folder:: c:\programfiler\Draw time aim c:\documents and settings\All Users\Programdata\way rdr ford mpeg c:\documents and settings\Elev\Programdata\Draw time aim c:\documents and settings\All Users\Programdata\Gpl ooze view load Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "chinbarb"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Ford mpeg road draw"=- ComboFix 08-12-31.01 - Elev 2009-01-01 15:10:39.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1918.1182 [GMT 1:00] Kjører fra: c:\documents and settings\Elev\Skrivebord\ComboFix.exe Command switches brukt :: c:\documents and settings\Elev\Skrivebord\CFScript.txt..txt * Opprettet nytt gjenopprettingspunkt FILE :: c:\windows\isRS-000.tmp c:\windows\Tasks\9E6E4E28B8D5FE48.job . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Programdata\Gpl ooze view load c:\documents and settings\All Users\Programdata\way rdr ford mpeg c:\documents and settings\All Users\Programdata\way rdr ford mpeg\License plus.dat c:\documents and settings\All Users\Programdata\way rdr ford mpeg\License plus.exe c:\documents and settings\Elev\Programdata\Draw time aim c:\documents and settings\Elev\Programdata\Draw time aim\0 c:\documents and settings\Elev\Programdata\Draw time aim\AxisBagsMetaBait.exe c:\documents and settings\Elev\Programdata\Draw time aim\eoxyvluf.exe c:\documents and settings\Elev\Programdata\Draw time aim\HEART AMOK.exe c:\documents and settings\Elev\Programdata\Draw time aim\hold lite burn.exe c:\documents and settings\Elev\Programdata\Draw time aim\jbwbsskn.exe c:\documents and settings\Elev\Programdata\Draw time aim\jgarlgea.exe c:\documents and settings\Elev\Programdata\Draw time aim\wzoscngz.exe c:\programfiler\Draw time aim c:\windows\Tasks\9E6E4E28B8D5FE48.job . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-01 til 2009-01-01 ))))))))))))))))))))))))))))))))) . 2008-12-31 02:23 . 2008-12-31 02:23 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2008-12-31 02:23 . 2008-12-31 02:23 <DIR> d-------- c:\documents and settings\Elev\Programdata\Malwarebytes 2008-12-31 02:23 . 2008-12-31 02:23 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2008-12-31 02:23 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-31 02:23 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-30 16:40 . 2008-12-30 16:40 <DIR> d-------- c:\programfiler\SUPERAntiSpyware 2008-12-30 16:40 . 2008-12-30 16:40 <DIR> d-------- c:\documents and settings\Elev\Programdata\SUPERAntiSpyware.com 2008-12-30 16:40 . 2008-12-30 16:40 <DIR> d-------- c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com 2008-12-30 16:36 . 2008-12-30 16:36 <DIR> d-------- C:\Program Files 2008-12-30 16:26 . 2008-12-31 21:02 <DIR> d-------- c:\documents and settings\Elev\Tracing 2008-12-30 16:18 . 2008-12-30 16:18 <DIR> d-------- c:\programfiler\Microsoft SQL Server Compact Edition 2008-12-30 16:08 . 2008-12-30 16:08 <DIR> d-------- c:\programfiler\Microsoft 2008-12-30 16:07 . 2008-12-30 16:07 <DIR> d-------- c:\programfiler\Windows Live SkyDrive 2008-12-30 15:53 . 2008-12-30 15:53 <DIR> d-------- c:\programfiler\Fellesfiler\Windows Live 2008-12-30 14:34 . 2008-12-30 14:34 <DIR> d-------- c:\programfiler\Mozilla Thunderbird 2008-12-30 14:34 . 2008-12-30 14:34 <DIR> d-------- c:\documents and settings\Elev\Programdata\Thunderbird 2008-12-24 13:58 . 2008-12-24 13:58 552 --a------ c:\windows\system32\d3d8caps.dat 2008-12-23 16:53 . 2008-12-23 16:53 <DIR> d-------- c:\programfiler\NCH Software 2008-12-23 16:52 . 2008-12-23 16:52 <DIR> d-------- c:\programfiler\NCH Swift Sound 2008-12-23 16:52 . 2008-12-23 16:52 <DIR> d-------- c:\programfiler\Free Audio Pack 2008-12-23 16:52 . 2008-12-23 16:52 <DIR> d-------- c:\documents and settings\Elev\Programdata\NCH Swift Sound 2008-12-23 16:52 . 2008-12-23 16:52 <DIR> d-------- c:\documents and settings\All Users\Programdata\NCH Swift Sound 2008-12-21 23:01 . 2008-12-21 23:01 <DIR> d-------- c:\programfiler\Gabest 2008-12-19 22:56 . 2008-12-19 22:56 <DIR> d-------- C:\Ny mappe(2) 2008-12-19 22:56 . 2008-12-19 22:56 <DIR> d-------- C:\Ny mappe 2008-12-15 19:24 . 2008-12-15 19:24 <DIR> d-------- c:\windows\system32\Futuremark 2008-12-15 19:24 . 2008-12-15 19:24 <DIR> d-------- c:\programfiler\Fellesfiler\Futuremark Shared 2008-12-15 19:24 . 2008-05-29 12:33 27,672 -ra------ c:\windows\system32\drivers\Entech.sys 2008-12-14 16:44 . 2008-12-14 16:44 <DIR> d-------- c:\programfiler\Hewlett-Packard 2008-12-14 16:42 . 2008-12-14 16:43 <DIR> d-------- c:\programfiler\HP 2008-12-14 16:36 . 2008-10-13 19:33 71,405 --a------ c:\windows\hpdj6800.hi2 2008-12-14 16:36 . 2008-10-13 19:33 9,221 --a------ c:\windows\hpdj6800.bu2 2008-12-14 16:35 . 2008-10-13 19:42 5,411 --a------ c:\windows\hpf6800m.hi2 2008-12-14 16:35 . 2008-10-13 19:42 3,297 --a------ c:\windows\hpf6800m.bu2 2008-12-10 14:55 . 2008-12-10 14:55 <DIR> d-------- c:\documents and settings\All Users\Programdata\FLEXnet 2008-12-10 14:42 . 2008-12-10 14:42 <DIR> d-------- c:\programfiler\Bonjour 2008-12-10 14:30 . 2008-12-10 14:30 <DIR> d-------- c:\programfiler\Fellesfiler\Macrovision Shared 2008-12-09 17:29 . 2008-12-09 17:29 <DIR> d-------- c:\documents and settings\Elev\Programdata\Roxio 2008-12-08 19:30 . 2008-12-08 19:30 98,304 --a------ c:\windows\system32\CmdLineExt.dll 2008-12-04 22:55 . 2008-12-04 22:55 307,560 --a------ c:\windows\WLXPGSS.SCR 2008-12-03 10:34 . 2008-12-03 10:34 <DIR> d-------- c:\windows\system32\AGEIA 2008-12-03 10:34 . 2008-12-03 10:35 <DIR> d-------- c:\programfiler\AGEIA Technologies 2008-12-03 10:33 . 2008-12-30 16:39 <DIR> d-------- c:\programfiler\Fellesfiler\Wise Installation Wizard 2008-12-02 22:37 . 2008-12-02 22:37 49,480 --a------ c:\windows\system32\sirenacm.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-30 15:19 --------- d-----w c:\programfiler\Windows Live 2008-12-15 18:24 --------- d--h--w c:\programfiler\InstallShield Installation Information 2008-12-11 15:45 --------- d-----w c:\programfiler\Advanced System Optimizer 2008-12-10 13:42 --------- d-----w c:\programfiler\Fellesfiler\Adobe 2008-12-09 16:27 --------- d-----w c:\documents and settings\All Users\Programdata\Sonic 2008-12-02 07:56 --------- d-----w c:\documents and settings\Elev\Programdata\U3 2008-11-27 09:28 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf 2008-11-27 09:27 --------- d-----w c:\programfiler\Microsoft Xbox 360 Accessories 2008-11-25 11:07 --------- d-----w c:\programfiler\Fellesfiler\DirectX 2008-11-17 11:30 --------- d-----w c:\documents and settings\Elev\Programdata\Sports Interactive 2008-11-17 11:27 --------- d-----w c:\documents and settings\All Users\Programdata\Sports Interactive 2008-11-17 11:21 --------- d-----w c:\programfiler\Sports Interactive 2008-11-04 08:35 499,712 ----a-w c:\windows\system32\msvcp71.dll 2008-11-02 20:50 --------- d-----w c:\programfiler\Creative 2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "WMPNSCFG"="c:\programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168] "ITSecMng"="c:\programfiler\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136] "SigmatelSysTrayApp"="c:\programfiler\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "OfficeScanNT Monitor"="c:\programfiler\Trend Micro\OfficeScan Client\pccntmon.exe" [2008-08-28 714024] "Dell QuickSet"="c:\programfiler\Dell\QuickSet\Quickset.exe" [2008-02-22 1245184] "XboxStat"="c:\programfiler\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2006-01-14 172032] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Elev\Start-meny\Programmer\Oppstart\ OpenOffice.org 3.0.lnk - c:\programfiler\OpenOffice.org 3\program\quickstart.exe [2008-10-04 393216] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Clean Access Agent.lnk - c:\programfiler\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007-04-27 2048074] WirelessLogon.vbs [2007-10-22 1083] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 11:05 356352 c:\programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1892195801-570826991-4266837986-14751120\Scripts\Logon\0\0] "Script"=\\opplandvgs\netlogon\logonquota.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1892195801-570826991-4266837986-14751120\Scripts\Logon\1\0] "Script"=\\opplandvgs\netlogon\logonquota.vbs [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Kunnskapsforlaget\\Ordnett Pluss\\lib\\IeEmbed.exe"= "c:\\Programfiler\\Sony Ericsson\\Update Service\\Update Service.exe"= "c:\\Programfiler\\EA GAMES\\Kampen om Midgard\\game.dat"= "c:\\Programfiler\\BitLord\\BitLord.exe"= "c:\\Programfiler\\Electronic Arts\\Kampen om Midgard II\\game.dat"= "c:\\WINDOWS\\system32\\msiexec.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Programfiler\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "12345:TCP"= 12345:TCP:Trend Micro OfficeScan Listener R1 SASDIFSV;SASDIFSV;\??\c:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-22 8944] R1 SASKUTIL;SASKUTIL;\??\c:\programfiler\SUPERAntiSpyware\SASKUTIL.sys [2008-12-22 55024] R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\programfiler\Broadcom\ASFIPMon\AsfIpMon.exe -service [] R2 TmFilter;Trend Micro Filter;\??\c:\programfiler\Trend Micro\OfficeScan Client\TmXPFlt.sys [2007-09-17 205328] R2 TmPreFilter;Trend Micro PreFilter;\??\c:\programfiler\Trend Micro\OfficeScan Client\TmPreFlt.sys [2007-09-17 36368] R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys [2007-08-27 335888] R3 TmPfw;OfficeScan NT Firewall;"c:\programfiler\Trend Micro\OfficeScan Client\TmPfw.exe" [2007-04-04 488768] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-09-01 13352] S3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2008-10-19 67968] S3 PD0630Srv;Creative PD0630 RunApp Service;c:\windows\system32\P0630Srv.exe [2008-10-19 24576] S3 SASENUM;SASENUM;\??\c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408] S3 TmProxy;OfficeScan NT Proxy Service;"c:\programfiler\Trend Micro\OfficeScan Client\TmProxy.exe" [2007-04-27 652552] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{102a41b2-7055-11dd-b4f6-002186417b1f}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ec3ca19-71d6-11dd-b4f8-001fe195d769}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ca22753-ba83-11dd-b523-001d09db3e80}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-12-25 c:\windows\Tasks\Oppdater Ordnett Pluss.job - c:\programfiler\Kunnskapsforlaget\Ordnett Pluss\updater.exe [2007-08-28 13:29] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.online.no uInternet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1044 c:\windows\system32\CCAWebLogin.ocx - O16 -: {C9D7D239-B502-48B3-BA25-9DF8C7264073} hxxps://casinband2.opplandvgs.no/auth/CCALogin.CAB c:\windows\Downloaded Program Files\CCAWebLogin.inf FF - ProfilePath - c:\documents and settings\Elev\Programdata\Mozilla\Firefox\Profiles\krfjfkkv.default\ FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: network.proxy.type - 2 FF - plugin: c:\programfiler\Microsoft Silverlight\2.0.31005.0\npctrl.dll FF - plugin: c:\programfiler\Windows Live\Photo Gallery\NPWLPG.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-01 15:12:30 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(1420) c:\programfiler\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\Ati2evxx.dll . Tidspunkt ferdig: 2009-01-01 15:13:22 ComboFix-quarantined-files.txt 2009-01-01 14:13:17 ComboFix2.txt 2008-12-31 01:35:03 Pre-Run: 1 704 980 480 byte ledig Post-Run: 3,586,428,928 byte ledig 216 --- E O F --- 2008-12-18 15:26:13 Lenke til kommentar
norbat Skrevet 1. januar 2009 Del Skrevet 1. januar 2009 Hvordan går det med popups nå? Lenke til kommentar
knut_25 Skrevet 1. januar 2009 Forfatter Del Skrevet 1. januar 2009 Hvordan går det med popups nå? Har ikke fått noen på en stund nå, så tror de er borte. Takk for hjelpen Lenke til kommentar
norbat Skrevet 1. januar 2009 Del Skrevet 1. januar 2009 Du kan fjerne combofix ved å skrive combofix /u i kjør-feltet (start->kjør). Dette vil også nullstille systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere. Lenke til kommentar
r2d290 Skrevet 1. januar 2009 Del Skrevet 1. januar 2009 Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på -knappen i førsteposten din. Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i. -Surf trygt- Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå