holenjr Skrevet 27. januar 2009 Del Skrevet 27. januar 2009 mbam logg: Malwarebytes' Anti-Malware 1.33 Databaseversjon: 1696 Windows 5.1.2600 Service Pack 3 26.01.2009 19:45:48 mbam-log-2009-01-26 (19-45-48).txt Skanntype: Rask Skann Objekter skannet: 52066 Tid tilbakelagt: 3 minute(s), 7 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 1 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) combofix logg: ComboFix 09-01-21.04 - Holen 2009-01-26 20:33:11.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.1279.793 [GMT 1:00] Kjører fra: c:\documents and settings\Holen\Skrivebord\ComboFix.exe AV: Panda Antivirus Pro 2009 *On-access scanning disabled* (Updated) * Opprettet nytt gjenopprettingspunkt ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\Autorun.inf . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-26 til 2009-01-26 ))))))))))))))))))))))))))))))))) . 2009-01-26 19:39 . 2009-01-26 19:39 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2009-01-26 19:39 . 2009-01-26 19:39 <DIR> d-------- c:\documents and settings\Holen\Programdata\Malwarebytes 2009-01-26 19:39 . 2009-01-26 19:39 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-01-26 19:39 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-26 19:39 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-25 23:54 . 2009-01-25 23:55 <DIR> d-------- c:\documents and settings\Holen\Programdata\Media Player Classic 2009-01-25 23:09 . 2009-01-25 23:09 <DIR> d-------- c:\documents and settings\Holen\Programdata\GRETECH 2009-01-25 22:03 . 2009-01-25 22:03 <DIR> d-------- c:\programfiler\K-Lite Codec Pack 2009-01-25 21:49 . 2009-01-25 21:49 <DIR> d-------- c:\programfiler\uTorrent 2009-01-25 21:49 . 2009-01-25 22:01 <DIR> d-------- c:\documents and settings\Holen\Programdata\uTorrent 2009-01-25 21:13 . 2009-01-25 21:49 <DIR> dr------- c:\documents and settings\Holen\Start-meny 2009-01-25 21:13 . 2008-04-06 12:10 <DIR> d--h----- c:\documents and settings\Holen\Skrivere 2009-01-25 21:13 . 2009-01-26 20:31 <DIR> d-------- c:\documents and settings\Holen\Skrivebord 2009-01-25 21:13 . 2009-01-26 12:31 <DIR> dr-h----- c:\documents and settings\Holen\Siste 2009-01-25 21:13 . 2009-01-26 19:39 <DIR> dr-h----- c:\documents and settings\Holen\Programdata 2009-01-25 21:13 . 2009-01-26 20:29 <DIR> dr------- c:\documents and settings\Holen\Mine dokumenter 2009-01-25 21:13 . 2008-04-06 10:17 <DIR> d--h----- c:\documents and settings\Holen\Maler 2009-01-25 21:13 . 2009-01-26 20:34 <DIR> d--h----- c:\documents and settings\Holen\Lokale innstillinger 2009-01-25 21:13 . 2009-01-26 19:37 <DIR> dr------- c:\documents and settings\Holen\Favoritter 2009-01-25 21:13 . 2008-04-06 12:10 <DIR> d--h----- c:\documents and settings\Holen\AndrMask 2009-01-25 21:13 . 2009-01-26 19:59 <DIR> d-------- c:\documents and settings\Holen 2009-01-25 20:46 . 2008-04-06 12:10 <DIR> dr------- c:\documents and settings\Administrator\Start-meny 2009-01-25 20:46 . 2008-04-06 12:10 <DIR> d--h----- c:\documents and settings\Administrator\Skrivere 2009-01-25 20:46 . 2008-04-06 12:10 <DIR> d-------- c:\documents and settings\Administrator\Skrivebord 2009-01-25 20:46 . 2008-04-06 12:10 <DIR> d--h----- c:\documents and settings\Administrator\Siste 2009-01-25 20:46 . 2008-04-06 12:10 <DIR> dr-h----- c:\documents and settings\Administrator\Programdata 2009-01-25 20:46 . 2008-04-06 10:17 <DIR> d--h----- c:\documents and settings\Administrator\Maler 2009-01-25 20:46 . 2009-01-26 20:34 <DIR> d--h----- c:\documents and settings\Administrator\Lokale innstillinger 2009-01-25 20:46 . 2008-04-06 12:10 <DIR> d-------- c:\documents and settings\Administrator\Favoritter 2009-01-25 20:46 . 2008-04-06 12:10 <DIR> d--h----- c:\documents and settings\Administrator\AndrMask 2009-01-25 20:46 . 2009-01-25 21:39 <DIR> d-------- c:\documents and settings\Administrator 2009-01-25 20:24 . 2008-10-16 21:33 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll 2009-01-25 20:24 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat 2009-01-25 20:24 . 2007-03-08 06:11 1,007,616 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui 2009-01-25 20:24 . 2008-10-16 21:33 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll 2009-01-25 20:24 . 2008-10-16 21:33 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll 2009-01-25 20:24 . 2008-10-16 21:33 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll 2009-01-25 20:24 . 2008-10-16 21:33 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll 2009-01-25 20:24 . 2008-10-16 21:33 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll 2009-01-25 20:24 . 2008-10-16 14:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe 2009-01-25 19:38 . 2009-01-25 19:38 <DIR> d-------- c:\windows\system32\no 2009-01-25 19:38 . 2009-01-25 20:25 <DIR> d-------- c:\windows\system32\nb-no 2009-01-25 19:38 . 2009-01-25 19:38 <DIR> d-------- c:\windows\system32\bits 2009-01-25 19:38 . 2009-01-25 19:38 <DIR> d-------- c:\windows\l2schemas 2009-01-25 19:36 . 2009-01-25 19:38 <DIR> d-------- c:\windows\ServicePackFiles 2009-01-25 19:28 . 2009-01-25 19:28 <DIR> d-------- c:\windows\EHome 2009-01-25 19:18 . 2009-01-25 19:18 410,984 --a------ c:\windows\system32\deploytk.dll 2009-01-25 18:25 . 2009-01-25 10:27 15,688 --a------ c:\windows\system32\lsdelete.exe 2009-01-25 10:27 . 2009-01-25 10:27 64,160 --a------ c:\windows\system32\drivers\Lbd.sys 2009-01-25 10:25 . 2009-01-25 10:25 <DIR> d-------- c:\programfiler\Lavasoft 2009-01-25 10:25 . 2009-01-25 10:27 <DIR> d-------- c:\documents and settings\All Users\Programdata\Lavasoft 2009-01-25 10:25 . 2009-01-25 10:25 <DIR> d--h-c--- c:\documents and settings\All Users\Programdata\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-01-25 00:23 . 2009-01-25 00:23 <DIR> d-------- c:\programfiler\Windows Media Connect 2 2009-01-25 00:23 . 2004-08-04 13:00 221,184 --a------ c:\windows\system32\wmpns.dll 2009-01-25 00:21 . 2009-01-25 00:21 <DIR> d-------- c:\windows\system32\LogFiles 2009-01-25 00:21 . 2009-01-25 00:22 <DIR> d-------- c:\windows\system32\drivers\UMDF 2009-01-25 00:21 . 2009-01-25 00:22 <DIR> d-------- C:\bdc8a1113866e809eab1809f55b2 2009-01-24 23:40 . 2009-01-24 23:40 <DIR> d-------- c:\programfiler\GNU 2009-01-24 23:38 . 2009-01-24 23:38 <DIR> d-------- c:\programfiler\GRETECH 2009-01-24 22:54 . 2009-01-24 22:54 0 --a------ c:\windows\PowerReg.dat 2009-01-24 22:44 . 2009-01-24 22:44 <DIR> d-------- c:\programfiler\Infogrames 2009-01-24 22:41 . 2009-01-24 22:41 <DIR> d-------- c:\programfiler\DAEMON Tools Lite 2009-01-24 22:41 . 2009-01-24 22:41 <DIR> d-------- c:\documents and settings\All Users\Programdata\DAEMON Tools Lite 2009-01-24 22:38 . 2009-01-24 22:38 717,296 --a------ c:\windows\system32\drivers\sptd.sys 2009-01-24 18:42 . 2009-01-24 18:42 236 --a------ C:\sqmdata02.sqm 2009-01-24 18:42 . 2009-01-24 18:42 200 --a------ C:\sqmnoopt02.sqm 2009-01-24 16:13 . 2009-01-25 18:33 8,627 --a------ c:\windows\system32\PAV_FOG.OPC 2009-01-24 16:13 . 2009-01-24 16:13 236 --a------ C:\sqmdata01.sqm 2009-01-24 16:13 . 2009-01-24 16:13 200 --a------ C:\sqmnoopt01.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-26 19:05 13,880 ----a-w c:\windows\system32\drivers\COMFiltr.sys 2009-01-25 19:14 --------- d-----w c:\programfiler\Azureus 2009-01-25 18:17 --------- d-----w c:\programfiler\Java 2009-01-24 21:55 --------- d--h--w c:\programfiler\InstallShield Installation Information 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-08 11:53 57,344 ----a-w c:\windows\system32\ff_vfw.dll 2008-12-07 18:08 795,648 ----a-w c:\windows\system32\xvidcore.dll 2008-12-07 18:08 130,048 ----a-w c:\windows\system32\xvidvfw.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ANIWZCS2Service"="c:\programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016] "QlbCtrl.exe"="c:\programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 202032] "SynTPStart"="c:\programfiler\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400] "hpWirelessAssistant"="c:\programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-01-25 136600] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2008-03-28 413696] "HP Software Update"="c:\programfiler\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152] "close surf mail dupe"="c:\documents and settings\All Users\Programdata\Tick Find Close Surf\Bend Once.exe" [2009-01-26 765952] "APVXDWIN"="c:\programfiler\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" [2008-12-03 869632] "SCANINICIO"="c:\programfiler\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" [2008-07-07 50432] "Ad-Watch"="c:\programfiler\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-25 507224] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl] "nwiz"="nwiz.exe" [2006-07-20 c:\windows\system32\nwiz.exe] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-26 c:\windows\system32\CHDAudPropShortcut.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ HP Digital Imaging Monitor.lnk - c:\programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] 2008-03-18 16:58 58672 c:\windows\system32\avldr.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "554:TCP"= 554:TCP:cdon.com R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-25 64160] R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2006-01-01 28544] R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2006-01-01 41144] R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?] R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2006-01-01 13880] R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?] R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?] R4 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?] R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programfiler\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 942416] R4 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2006-01-01 179640] R4 PskSvcRetail;Panda PSK service;c:\programfiler\Panda Security\Panda Antivirus Pro 2009\psksvc.exe [2006-01-01 28928] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - MESSENGER [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] panda REG_MULTI_SZ Gwmsrv . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-01-26 c:\windows\Tasks\A8965B189185CD40.job - c:\docume~1\atle\progra~1\bashsc~1\armydatathe.exe [] 2009-01-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\programfiler\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-25 10:26] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.no/ DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-26 20:34:27 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(724) c:\windows\system32\avldr.dll . Tidspunkt ferdig: 2009-01-26 20:35:32 ComboFix-quarantined-files.txt 2009-01-26 19:35:29 Pre-Run: 51 974 553 600 byte ledig Post-Run: 51,986,857,984 byte ledig 187 --- E O F --- 2009-01-26 19:02:46 Håper noen kan hjelpe da jeg drittlei disse pop upsene. har akkurat tatt over en pc'n etter en kompis og jeg har ikke lyst til og slette hele maskina da det ligger en mye inne som jeg må ha Lenke til kommentar
norbat Skrevet 27. januar 2009 Del Skrevet 27. januar 2009 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. File:: c:\windows\Tasks\A8965B189185CD40.job Folder:: c:\documents and settings\All Users\Programdata\Tick Find Close Surf Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "close surf mail dupe"=- Lenke til kommentar
holenjr Skrevet 27. januar 2009 Forfatter Del Skrevet 27. januar 2009 hei her den nye loggen: ComboFix 09-01-21.04 - Holen 2009-01-27 19:21:41.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.1279.824 [GMT 1:00] Kjører fra: c:\documents and settings\Holen\Skrivebord\ComboFix.exe Command switches brukt :: c:\documents and settings\Holen\Skrivebord\CFScript.txt.lnk AV: Panda Antivirus Pro 2009 *On-access scanning disabled* (Updated) * Opprettet nytt gjenopprettingspunkt ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-27 til 2009-01-27 ))))))))))))))))))))))))))))))))) . 2009-01-27 11:38 . 2009-01-27 13:07 <DIR> d-------- c:\programfiler\Browser Hijack Recover 2009-01-27 11:38 . 2009-01-27 11:38 0 --a------ c:\windows\system32\8104297.jun 2009-01-26 19:39 . 2009-01-26 19:39 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2009-01-26 19:39 . 2009-01-26 19:39 <DIR> d-------- c:\documents and settings\Holen\Programdata\Malwarebytes 2009-01-26 19:39 . 2009-01-26 19:39 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-01-26 19:39 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-26 19:39 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-25 23:54 . 2009-01-25 23:55 <DIR> d-------- c:\documents and settings\Holen\Programdata\Media Player Classic 2009-01-25 23:09 . 2009-01-25 23:09 <DIR> d-------- c:\documents and settings\Holen\Programdata\GRETECH 2009-01-25 22:03 . 2009-01-25 22:03 <DIR> d-------- c:\programfiler\K-Lite Codec Pack 2009-01-25 21:49 . 2009-01-25 21:49 <DIR> d-------- c:\programfiler\uTorrent 2009-01-25 21:49 . 2009-01-25 22:01 <DIR> d-------- c:\documents and settings\Holen\Programdata\uTorrent 2009-01-25 21:13 . 2009-01-25 21:49 <DIR> dr------- c:\documents and settings\Holen\Start-meny 2009-01-25 21:13 . 2008-04-06 12:10 <DIR> d--h----- c:\documents and settings\Holen\Skrivere 2009-01-25 21:13 . 2009-01-27 19:21 <DIR> d-------- c:\documents and settings\Holen\Skrivebord 2009-01-25 21:13 . 2009-01-27 19:15 <DIR> dr-h----- c:\documents and settings\Holen\Siste 2009-01-25 21:13 . 2009-01-26 19:39 <DIR> dr-h----- c:\documents and settings\Holen\Programdata 2009-01-25 21:13 . 2009-01-27 19:19 <DIR> dr------- c:\documents and settings\Holen\Mine dokumenter 2009-01-25 21:13 . 2008-04-06 10:17 <DIR> d--h----- c:\documents and settings\Holen\Maler 2009-01-25 21:13 . 2009-01-27 19:22 <DIR> d--h----- c:\documents and settings\Holen\Lokale innstillinger 2009-01-25 21:13 . 2009-01-26 19:37 <DIR> dr------- c:\documents and settings\Holen\Favoritter 2009-01-25 21:13 . 2008-04-06 12:10 <DIR> d--h----- c:\documents and settings\Holen\AndrMask 2009-01-25 21:13 . 2009-01-26 19:59 <DIR> d-------- c:\documents and settings\Holen 2009-01-25 20:46 . 2008-04-06 12:10 <DIR> dr------- c:\documents and settings\Administrator\Start-meny 2009-01-25 20:46 . 2008-04-06 12:10 <DIR> d--h----- c:\documents and settings\Administrator\Skrivere 2009-01-25 20:46 . 2008-04-06 12:10 <DIR> d-------- c:\documents and settings\Administrator\Skrivebord 2009-01-25 20:46 . 2008-04-06 12:10 <DIR> d--h----- c:\documents and settings\Administrator\Siste 2009-01-25 20:46 . 2008-04-06 12:10 <DIR> dr-h----- c:\documents and settings\Administrator\Programdata 2009-01-25 20:46 . 2008-04-06 10:17 <DIR> d--h----- c:\documents and settings\Administrator\Maler 2009-01-25 20:46 . 2009-01-27 19:22 <DIR> d--h----- c:\documents and settings\Administrator\Lokale innstillinger 2009-01-25 20:46 . 2008-04-06 12:10 <DIR> d-------- c:\documents and settings\Administrator\Favoritter 2009-01-25 20:46 . 2008-04-06 12:10 <DIR> d--h----- c:\documents and settings\Administrator\AndrMask 2009-01-25 20:46 . 2009-01-25 21:39 <DIR> d-------- c:\documents and settings\Administrator 2009-01-25 20:24 . 2008-10-16 21:33 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll 2009-01-25 20:24 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat 2009-01-25 20:24 . 2007-03-08 06:11 1,007,616 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui 2009-01-25 20:24 . 2008-10-16 21:33 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll 2009-01-25 20:24 . 2008-10-16 21:33 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll 2009-01-25 20:24 . 2008-10-16 21:33 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll 2009-01-25 20:24 . 2008-10-16 21:33 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll 2009-01-25 20:24 . 2008-10-16 21:33 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll 2009-01-25 20:24 . 2008-10-16 14:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe 2009-01-25 19:38 . 2009-01-25 19:38 <DIR> d-------- c:\windows\system32\no 2009-01-25 19:38 . 2009-01-25 20:25 <DIR> d-------- c:\windows\system32\nb-no 2009-01-25 19:38 . 2009-01-25 19:38 <DIR> d-------- c:\windows\system32\bits 2009-01-25 19:38 . 2009-01-25 19:38 <DIR> d-------- c:\windows\l2schemas 2009-01-25 19:36 . 2009-01-25 19:38 <DIR> d-------- c:\windows\ServicePackFiles 2009-01-25 19:28 . 2009-01-25 19:28 <DIR> d-------- c:\windows\EHome 2009-01-25 19:18 . 2009-01-25 19:18 410,984 --a------ c:\windows\system32\deploytk.dll 2009-01-25 18:25 . 2009-01-25 10:27 15,688 --a------ c:\windows\system32\lsdelete.exe 2009-01-25 10:27 . 2009-01-25 10:27 64,160 --a------ c:\windows\system32\drivers\Lbd.sys 2009-01-25 10:25 . 2009-01-25 10:25 <DIR> d-------- c:\programfiler\Lavasoft 2009-01-25 10:25 . 2009-01-25 10:27 <DIR> d-------- c:\documents and settings\All Users\Programdata\Lavasoft 2009-01-25 10:25 . 2009-01-25 10:25 <DIR> d--h-c--- c:\documents and settings\All Users\Programdata\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-01-25 00:23 . 2009-01-25 00:23 <DIR> d-------- c:\programfiler\Windows Media Connect 2 2009-01-25 00:23 . 2004-08-04 13:00 221,184 --a------ c:\windows\system32\wmpns.dll 2009-01-25 00:21 . 2009-01-25 00:21 <DIR> d-------- c:\windows\system32\LogFiles 2009-01-25 00:21 . 2009-01-25 00:22 <DIR> d-------- c:\windows\system32\drivers\UMDF 2009-01-25 00:21 . 2009-01-25 00:22 <DIR> d-------- C:\bdc8a1113866e809eab1809f55b2 2009-01-24 23:40 . 2009-01-27 13:10 <DIR> d-------- c:\programfiler\GNU 2009-01-24 23:38 . 2009-01-24 23:38 <DIR> d-------- c:\programfiler\GRETECH 2009-01-24 22:54 . 2009-01-24 22:54 0 --a------ c:\windows\PowerReg.dat 2009-01-24 22:44 . 2009-01-24 22:44 <DIR> d-------- c:\programfiler\Infogrames 2009-01-24 22:41 . 2009-01-24 22:41 <DIR> d-------- c:\programfiler\DAEMON Tools Lite 2009-01-24 22:41 . 2009-01-24 22:41 <DIR> d-------- c:\documents and settings\All Users\Programdata\DAEMON Tools Lite 2009-01-24 22:38 . 2009-01-24 22:38 717,296 --a------ c:\windows\system32\drivers\sptd.sys 2009-01-24 18:42 . 2009-01-24 18:42 236 --a------ C:\sqmdata02.sqm 2009-01-24 18:42 . 2009-01-24 18:42 200 --a------ C:\sqmnoopt02.sqm 2009-01-24 16:13 . 2009-01-26 22:47 8,627 --a------ c:\windows\system32\PAV_FOG.OPC 2009-01-24 16:13 . 2009-01-24 16:13 236 --a------ C:\sqmdata01.sqm 2009-01-24 16:13 . 2009-01-24 16:13 200 --a------ C:\sqmnoopt01.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-27 18:07 13,880 ----a-w c:\windows\system32\drivers\COMFiltr.sys 2009-01-25 19:14 --------- d-----w c:\programfiler\Azureus 2009-01-25 18:17 --------- d-----w c:\programfiler\Java 2009-01-24 21:55 --------- d--h--w c:\programfiler\InstallShield Installation Information 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-08 11:53 57,344 ----a-w c:\windows\system32\ff_vfw.dll 2008-12-07 18:08 795,648 ----a-w c:\windows\system32\xvidcore.dll 2008-12-07 18:08 130,048 ----a-w c:\windows\system32\xvidvfw.dll . ((((((((((((((((((((((((((((( snapshot@2009-01-26_20.34.54,73 ))))))))))))))))))))))))))))))))))))))))) . + 2009-01-27 18:07:03 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_71c.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-01-25 136600] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2008-03-28 413696] "HP Software Update"="c:\programfiler\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152] "APVXDWIN"="c:\programfiler\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" [2008-12-03 869632] "SCANINICIO"="c:\programfiler\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" [2008-07-07 50432] "nwiz"="nwiz.exe" [2006-07-20 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] 2008-03-18 16:58 58672 c:\windows\system32\avldr.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "554:TCP"= 554:TCP:cdon.com R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-25 64160] R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2006-01-01 28544] R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2006-01-01 41144] R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?] R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2006-01-01 13880] R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?] R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?] R4 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?] R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programfiler\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 942416] R4 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2006-01-01 179640] R4 PskSvcRetail;Panda PSK service;c:\programfiler\Panda Security\Panda Antivirus Pro 2009\psksvc.exe [2006-01-01 28928] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] panda REG_MULTI_SZ Gwmsrv . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-01-27 c:\windows\Tasks\A8965B189185CD40.job - c:\docume~1\atle\progra~1\bashsc~1\armydatathe.exe [] 2009-01-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\programfiler\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-25 10:26] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.no/ mWindow Title = DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-27 19:23:12 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(724) c:\windows\system32\avldr.dll . Tidspunkt ferdig: 2009-01-27 19:24:15 ComboFix-quarantined-files.txt 2009-01-27 18:24:13 Pre-Run: 51 907 031 040 byte ledig Post-Run: 51,947,548,672 byte ledig 179 --- E O F --- 2009-01-26 19:02:46 Lenke til kommentar
norbat Skrevet 27. januar 2009 Del Skrevet 27. januar 2009 Slett fila: c:\windows\Tasks\A8965B189185CD40.job Fortell hvordan det går med CiD-popups. Lenke til kommentar
holenjr Skrevet 27. januar 2009 Forfatter Del Skrevet 27. januar 2009 da har jeg rotet rundt på nettet en halvtime og ingen pop ups Takker så meget for hjelpen. Lenke til kommentar
norbat Skrevet 27. januar 2009 Del Skrevet 27. januar 2009 Avintaller combofix ved å skrive combofix /u i kjør-feltet (start->kjør) Dette vil også nullstille systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere. Sørg forøvrig at Java, Flash player og Adobe reader er oppdatert i tillegg til Windows. Surt trygt. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå