Gå til innhold

» Data » IKT-drift og sikkerhet

[Løst]cid problemer. har kjørt mbam og combofix. please hjælp

holenjr

Av holenjr
27. januar 2009 i IKT-drift og sikkerhet

Anbefalte innlegg

holenjr

holenjr

Skrevet 27. januar 2009

- Del

Skrevet 27. januar 2009

mbam logg:

Malwarebytes' Anti-Malware 1.33

Databaseversjon: 1696

Windows 5.1.2600 Service Pack 3

26.01.2009 19:45:48

mbam-log-2009-01-26 (19-45-48).txt

Skanntype: Rask Skann

Objekter skannet: 52066

Tid tilbakelagt: 3 minute(s), 7 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 1

Mapper infisert: 0

Filer infisert: 0

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

Registerfiler infisert:

HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

(Ingen mistenkelige filer funnet)

combofix logg:

ComboFix 09-01-21.04 - Holen 2009-01-26 20:33:11.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.1279.793 [GMT 1:00]

Kjører fra: c:\documents and settings\Holen\Skrivebord\ComboFix.exe

AV: Panda Antivirus Pro 2009 *On-access scanning disabled* (Updated)

* Opprettet nytt gjenopprettingspunkt

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

D:\Autorun.inf

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-26 til 2009-01-26 )))))))))))))))))))))))))))))))))

.

2009-01-26 19:39 . 2009-01-26 19:39 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware

2009-01-26 19:39 . 2009-01-26 19:39 <DIR> d-------- c:\documents and settings\Holen\Programdata\Malwarebytes

2009-01-26 19:39 . 2009-01-26 19:39 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes

2009-01-26 19:39 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-26 19:39 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-25 23:54 . 2009-01-25 23:55 <DIR> d-------- c:\documents and settings\Holen\Programdata\Media Player Classic

2009-01-25 23:09 . 2009-01-25 23:09 <DIR> d-------- c:\documents and settings\Holen\Programdata\GRETECH

2009-01-25 22:03 . 2009-01-25 22:03 <DIR> d-------- c:\programfiler\K-Lite Codec Pack

2009-01-25 21:49 . 2009-01-25 21:49 <DIR> d-------- c:\programfiler\uTorrent

2009-01-25 21:49 . 2009-01-25 22:01 <DIR> d-------- c:\documents and settings\Holen\Programdata\uTorrent

2009-01-25 21:13 . 2009-01-25 21:49 <DIR> dr------- c:\documents and settings\Holen\Start-meny

2009-01-25 21:13 . 2008-04-06 12:10 <DIR> d--h----- c:\documents and settings\Holen\Skrivere

2009-01-25 21:13 . 2009-01-26 20:31 <DIR> d-------- c:\documents and settings\Holen\Skrivebord

2009-01-25 21:13 . 2009-01-26 12:31 <DIR> dr-h----- c:\documents and settings\Holen\Siste

2009-01-25 21:13 . 2009-01-26 19:39 <DIR> dr-h----- c:\documents and settings\Holen\Programdata

2009-01-25 21:13 . 2009-01-26 20:29 <DIR> dr------- c:\documents and settings\Holen\Mine dokumenter

2009-01-25 21:13 . 2008-04-06 10:17 <DIR> d--h----- c:\documents and settings\Holen\Maler

2009-01-25 21:13 . 2009-01-26 20:34 <DIR> d--h----- c:\documents and settings\Holen\Lokale innstillinger

2009-01-25 21:13 . 2009-01-26 19:37 <DIR> dr------- c:\documents and settings\Holen\Favoritter

2009-01-25 21:13 . 2008-04-06 12:10 <DIR> d--h----- c:\documents and settings\Holen\AndrMask

2009-01-25 21:13 . 2009-01-26 19:59 <DIR> d-------- c:\documents and settings\Holen

2009-01-25 20:46 . 2008-04-06 12:10 <DIR> dr------- c:\documents and settings\Administrator\Start-meny

2009-01-25 20:46 . 2008-04-06 12:10 <DIR> d--h----- c:\documents and settings\Administrator\Skrivere

2009-01-25 20:46 . 2008-04-06 12:10 <DIR> d-------- c:\documents and settings\Administrator\Skrivebord

2009-01-25 20:46 . 2008-04-06 12:10 <DIR> d--h----- c:\documents and settings\Administrator\Siste

2009-01-25 20:46 . 2008-04-06 12:10 <DIR> dr-h----- c:\documents and settings\Administrator\Programdata

2009-01-25 20:46 . 2008-04-06 10:17 <DIR> d--h----- c:\documents and settings\Administrator\Maler

2009-01-25 20:46 . 2009-01-26 20:34 <DIR> d--h----- c:\documents and settings\Administrator\Lokale innstillinger

2009-01-25 20:46 . 2008-04-06 12:10 <DIR> d-------- c:\documents and settings\Administrator\Favoritter

2009-01-25 20:46 . 2008-04-06 12:10 <DIR> d--h----- c:\documents and settings\Administrator\AndrMask

2009-01-25 20:46 . 2009-01-25 21:39 <DIR> d-------- c:\documents and settings\Administrator

2009-01-25 20:24 . 2008-10-16 21:33 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll

2009-01-25 20:24 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat

2009-01-25 20:24 . 2007-03-08 06:11 1,007,616 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui

2009-01-25 20:24 . 2008-10-16 21:33 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll

2009-01-25 20:24 . 2008-10-16 21:33 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll

2009-01-25 20:24 . 2008-10-16 21:33 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll

2009-01-25 20:24 . 2008-10-16 21:33 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll

2009-01-25 20:24 . 2008-10-16 21:33 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll

2009-01-25 20:24 . 2008-10-16 14:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe

2009-01-25 19:38 . 2009-01-25 19:38 <DIR> d-------- c:\windows\system32\no

2009-01-25 19:38 . 2009-01-25 20:25 <DIR> d-------- c:\windows\system32\nb-no

2009-01-25 19:38 . 2009-01-25 19:38 <DIR> d-------- c:\windows\system32\bits

2009-01-25 19:38 . 2009-01-25 19:38 <DIR> d-------- c:\windows\l2schemas

2009-01-25 19:36 . 2009-01-25 19:38 <DIR> d-------- c:\windows\ServicePackFiles

2009-01-25 19:28 . 2009-01-25 19:28 <DIR> d-------- c:\windows\EHome

2009-01-25 19:18 . 2009-01-25 19:18 410,984 --a------ c:\windows\system32\deploytk.dll

2009-01-25 18:25 . 2009-01-25 10:27 15,688 --a------ c:\windows\system32\lsdelete.exe

2009-01-25 10:27 . 2009-01-25 10:27 64,160 --a------ c:\windows\system32\drivers\Lbd.sys

2009-01-25 10:25 . 2009-01-25 10:25 <DIR> d-------- c:\programfiler\Lavasoft

2009-01-25 10:25 . 2009-01-25 10:27 <DIR> d-------- c:\documents and settings\All Users\Programdata\Lavasoft

2009-01-25 10:25 . 2009-01-25 10:25 <DIR> d--h-c--- c:\documents and settings\All Users\Programdata\{83C91755-2546-441D-AC40-9A6B4B860800}

2009-01-25 00:23 . 2009-01-25 00:23 <DIR> d-------- c:\programfiler\Windows Media Connect 2

2009-01-25 00:23 . 2004-08-04 13:00 221,184 --a------ c:\windows\system32\wmpns.dll

2009-01-25 00:21 . 2009-01-25 00:21 <DIR> d-------- c:\windows\system32\LogFiles

2009-01-25 00:21 . 2009-01-25 00:22 <DIR> d-------- c:\windows\system32\drivers\UMDF

2009-01-25 00:21 . 2009-01-25 00:22 <DIR> d-------- C:\bdc8a1113866e809eab1809f55b2

2009-01-24 23:40 . 2009-01-24 23:40 <DIR> d-------- c:\programfiler\GNU

2009-01-24 23:38 . 2009-01-24 23:38 <DIR> d-------- c:\programfiler\GRETECH

2009-01-24 22:54 . 2009-01-24 22:54 0 --a------ c:\windows\PowerReg.dat

2009-01-24 22:44 . 2009-01-24 22:44 <DIR> d-------- c:\programfiler\Infogrames

2009-01-24 22:41 . 2009-01-24 22:41 <DIR> d-------- c:\programfiler\DAEMON Tools Lite

2009-01-24 22:41 . 2009-01-24 22:41 <DIR> d-------- c:\documents and settings\All Users\Programdata\DAEMON Tools Lite

2009-01-24 22:38 . 2009-01-24 22:38 717,296 --a------ c:\windows\system32\drivers\sptd.sys

2009-01-24 18:42 . 2009-01-24 18:42 236 --a------ C:\sqmdata02.sqm

2009-01-24 18:42 . 2009-01-24 18:42 200 --a------ C:\sqmnoopt02.sqm

2009-01-24 16:13 . 2009-01-25 18:33 8,627 --a------ c:\windows\system32\PAV_FOG.OPC

2009-01-24 16:13 . 2009-01-24 16:13 236 --a------ C:\sqmdata01.sqm

2009-01-24 16:13 . 2009-01-24 16:13 200 --a------ C:\sqmnoopt01.sqm

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-26 19:05 13,880 ----a-w c:\windows\system32\drivers\COMFiltr.sys

2009-01-25 19:14 --------- d-----w c:\programfiler\Azureus

2009-01-25 18:17 --------- d-----w c:\programfiler\Java

2009-01-24 21:55 --------- d--h--w c:\programfiler\InstallShield Installation Information

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-08 11:53 57,344 ----a-w c:\windows\system32\ff_vfw.dll

2008-12-07 18:08 795,648 ----a-w c:\windows\system32\xvidcore.dll

2008-12-07 18:08 130,048 ----a-w c:\windows\system32\xvidvfw.dll

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ANIWZCS2Service"="c:\programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]

"QlbCtrl.exe"="c:\programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 202032]

"SynTPStart"="c:\programfiler\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]

"hpWirelessAssistant"="c:\programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]

"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-01-25 136600]

"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2008-03-28 413696]

"HP Software Update"="c:\programfiler\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]

"close surf mail dupe"="c:\documents and settings\All Users\Programdata\Tick Find Close Surf\Bend Once.exe" [2009-01-26 765952]

"APVXDWIN"="c:\programfiler\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" [2008-12-03 869632]

"SCANINICIO"="c:\programfiler\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" [2008-07-07 50432]

"Ad-Watch"="c:\programfiler\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-25 507224]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

"nwiz"="nwiz.exe" [2006-07-20 c:\windows\system32\nwiz.exe]

"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-07-26 c:\windows\system32\CHDAudPropShortcut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\

HP Digital Imaging Monitor.lnk - c:\programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

2008-03-18 16:58 58672 c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programfiler\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"554:TCP"= 554:TCP:cdon.com

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-25 64160]

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2006-01-01 28544]

R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2006-01-01 41144]

R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]

R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2006-01-01 13880]

R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]

R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]

R4 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]

R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programfiler\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 942416]

R4 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2006-01-01 179640]

R4 PskSvcRetail;Panda PSK service;c:\programfiler\Panda Security\Panda Antivirus Pro 2009\psksvc.exe [2006-01-01 28928]

--- Andre tjenester/drivere lastet i minnet ---

*NewlyCreated* - MESSENGER

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

panda REG_MULTI_SZ Gwmsrv

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2009-01-26 c:\windows\Tasks\A8965B189185CD40.job

- c:\docume~1\atle\progra~1\bashsc~1\armydatathe.exe []

2009-01-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\programfiler\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-25 10:26]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.google.no/

DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-26 20:34:27

Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket

skjulte filer: 0

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(724)

c:\windows\system32\avldr.dll

.

Tidspunkt ferdig: 2009-01-26 20:35:32

ComboFix-quarantined-files.txt 2009-01-26 19:35:29

Pre-Run: 51 974 553 600 byte ledig

Post-Run: 51,986,857,984 byte ledig

187 --- E O F --- 2009-01-26 19:02:46

Håper noen kan hjelpe da jeg drittlei disse pop upsene. har akkurat tatt over en pc'n etter en kompis og jeg har ikke lyst til og slette hele maskina da det ligger en mye inne som jeg må ha

Lenke til kommentar

Videoannonse

Annonse

norbat

norbat

Skrevet 27. januar 2009

- Del

Skrevet 27. januar 2009

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen.

File::

c:\windows\Tasks\A8965B189185CD40.job

Folder::

c:\documents and settings\All Users\Programdata\Tick Find Close Surf

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"close surf mail dupe"=-

Lenke til kommentar

holenjr

holenjr

Skrevet 27. januar 2009

Forfatter

- Del

Skrevet 27. januar 2009

hei

her den nye loggen:

ComboFix 09-01-21.04 - Holen 2009-01-27 19:21:41.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.1279.824 [GMT 1:00]

Kjører fra: c:\documents and settings\Holen\Skrivebord\ComboFix.exe

Command switches brukt :: c:\documents and settings\Holen\Skrivebord\CFScript.txt.lnk

AV: Panda Antivirus Pro 2009 *On-access scanning disabled* (Updated)

* Opprettet nytt gjenopprettingspunkt

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-27 til 2009-01-27 )))))))))))))))))))))))))))))))))

.

2009-01-27 11:38 . 2009-01-27 13:07 <DIR> d-------- c:\programfiler\Browser Hijack Recover

2009-01-27 11:38 . 2009-01-27 11:38 0 --a------ c:\windows\system32\8104297.jun

2009-01-26 19:39 . 2009-01-26 19:39 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware

2009-01-26 19:39 . 2009-01-26 19:39 <DIR> d-------- c:\documents and settings\Holen\Programdata\Malwarebytes

2009-01-26 19:39 . 2009-01-26 19:39 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes

2009-01-26 19:39 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-26 19:39 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-25 23:54 . 2009-01-25 23:55 <DIR> d-------- c:\documents and settings\Holen\Programdata\Media Player Classic

2009-01-25 23:09 . 2009-01-25 23:09 <DIR> d-------- c:\documents and settings\Holen\Programdata\GRETECH

2009-01-25 22:03 . 2009-01-25 22:03 <DIR> d-------- c:\programfiler\K-Lite Codec Pack

2009-01-25 21:49 . 2009-01-25 21:49 <DIR> d-------- c:\programfiler\uTorrent

2009-01-25 21:49 . 2009-01-25 22:01 <DIR> d-------- c:\documents and settings\Holen\Programdata\uTorrent

2009-01-25 21:13 . 2009-01-25 21:49 <DIR> dr------- c:\documents and settings\Holen\Start-meny

2009-01-25 21:13 . 2008-04-06 12:10 <DIR> d--h----- c:\documents and settings\Holen\Skrivere

2009-01-25 21:13 . 2009-01-27 19:21 <DIR> d-------- c:\documents and settings\Holen\Skrivebord

2009-01-25 21:13 . 2009-01-27 19:15 <DIR> dr-h----- c:\documents and settings\Holen\Siste

2009-01-25 21:13 . 2009-01-26 19:39 <DIR> dr-h----- c:\documents and settings\Holen\Programdata

2009-01-25 21:13 . 2009-01-27 19:19 <DIR> dr------- c:\documents and settings\Holen\Mine dokumenter

2009-01-25 21:13 . 2008-04-06 10:17 <DIR> d--h----- c:\documents and settings\Holen\Maler

2009-01-25 21:13 . 2009-01-27 19:22 <DIR> d--h----- c:\documents and settings\Holen\Lokale innstillinger

2009-01-25 21:13 . 2009-01-26 19:37 <DIR> dr------- c:\documents and settings\Holen\Favoritter

2009-01-25 21:13 . 2008-04-06 12:10 <DIR> d--h----- c:\documents and settings\Holen\AndrMask

2009-01-25 21:13 . 2009-01-26 19:59 <DIR> d-------- c:\documents and settings\Holen

2009-01-25 20:46 . 2008-04-06 12:10 <DIR> dr------- c:\documents and settings\Administrator\Start-meny

2009-01-25 20:46 . 2008-04-06 12:10 <DIR> d--h----- c:\documents and settings\Administrator\Skrivere

2009-01-25 20:46 . 2008-04-06 12:10 <DIR> d-------- c:\documents and settings\Administrator\Skrivebord

2009-01-25 20:46 . 2008-04-06 12:10 <DIR> d--h----- c:\documents and settings\Administrator\Siste

2009-01-25 20:46 . 2008-04-06 12:10 <DIR> dr-h----- c:\documents and settings\Administrator\Programdata

2009-01-25 20:46 . 2008-04-06 10:17 <DIR> d--h----- c:\documents and settings\Administrator\Maler

2009-01-25 20:46 . 2009-01-27 19:22 <DIR> d--h----- c:\documents and settings\Administrator\Lokale innstillinger

2009-01-25 20:46 . 2008-04-06 12:10 <DIR> d-------- c:\documents and settings\Administrator\Favoritter

2009-01-25 20:46 . 2008-04-06 12:10 <DIR> d--h----- c:\documents and settings\Administrator\AndrMask

2009-01-25 20:46 . 2009-01-25 21:39 <DIR> d-------- c:\documents and settings\Administrator

2009-01-25 20:24 . 2008-10-16 21:33 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll

2009-01-25 20:24 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat

2009-01-25 20:24 . 2007-03-08 06:11 1,007,616 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui

2009-01-25 20:24 . 2008-10-16 21:33 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll

2009-01-25 20:24 . 2008-10-16 21:33 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll

2009-01-25 20:24 . 2008-10-16 21:33 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll

2009-01-25 20:24 . 2008-10-16 21:33 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll

2009-01-25 20:24 . 2008-10-16 21:33 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll

2009-01-25 20:24 . 2008-10-16 14:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe

2009-01-25 19:38 . 2009-01-25 19:38 <DIR> d-------- c:\windows\system32\no

2009-01-25 19:38 . 2009-01-25 20:25 <DIR> d-------- c:\windows\system32\nb-no

2009-01-25 19:38 . 2009-01-25 19:38 <DIR> d-------- c:\windows\system32\bits

2009-01-25 19:38 . 2009-01-25 19:38 <DIR> d-------- c:\windows\l2schemas

2009-01-25 19:36 . 2009-01-25 19:38 <DIR> d-------- c:\windows\ServicePackFiles

2009-01-25 19:28 . 2009-01-25 19:28 <DIR> d-------- c:\windows\EHome

2009-01-25 19:18 . 2009-01-25 19:18 410,984 --a------ c:\windows\system32\deploytk.dll

2009-01-25 18:25 . 2009-01-25 10:27 15,688 --a------ c:\windows\system32\lsdelete.exe

2009-01-25 10:27 . 2009-01-25 10:27 64,160 --a------ c:\windows\system32\drivers\Lbd.sys

2009-01-25 10:25 . 2009-01-25 10:25 <DIR> d-------- c:\programfiler\Lavasoft

2009-01-25 10:25 . 2009-01-25 10:27 <DIR> d-------- c:\documents and settings\All Users\Programdata\Lavasoft

2009-01-25 10:25 . 2009-01-25 10:25 <DIR> d--h-c--- c:\documents and settings\All Users\Programdata\{83C91755-2546-441D-AC40-9A6B4B860800}

2009-01-25 00:23 . 2009-01-25 00:23 <DIR> d-------- c:\programfiler\Windows Media Connect 2

2009-01-25 00:23 . 2004-08-04 13:00 221,184 --a------ c:\windows\system32\wmpns.dll

2009-01-25 00:21 . 2009-01-25 00:21 <DIR> d-------- c:\windows\system32\LogFiles

2009-01-25 00:21 . 2009-01-25 00:22 <DIR> d-------- c:\windows\system32\drivers\UMDF

2009-01-25 00:21 . 2009-01-25 00:22 <DIR> d-------- C:\bdc8a1113866e809eab1809f55b2

2009-01-24 23:40 . 2009-01-27 13:10 <DIR> d-------- c:\programfiler\GNU

2009-01-24 23:38 . 2009-01-24 23:38 <DIR> d-------- c:\programfiler\GRETECH

2009-01-24 22:54 . 2009-01-24 22:54 0 --a------ c:\windows\PowerReg.dat

2009-01-24 22:44 . 2009-01-24 22:44 <DIR> d-------- c:\programfiler\Infogrames

2009-01-24 22:41 . 2009-01-24 22:41 <DIR> d-------- c:\programfiler\DAEMON Tools Lite

2009-01-24 22:41 . 2009-01-24 22:41 <DIR> d-------- c:\documents and settings\All Users\Programdata\DAEMON Tools Lite

2009-01-24 22:38 . 2009-01-24 22:38 717,296 --a------ c:\windows\system32\drivers\sptd.sys

2009-01-24 18:42 . 2009-01-24 18:42 236 --a------ C:\sqmdata02.sqm

2009-01-24 18:42 . 2009-01-24 18:42 200 --a------ C:\sqmnoopt02.sqm

2009-01-24 16:13 . 2009-01-26 22:47 8,627 --a------ c:\windows\system32\PAV_FOG.OPC

2009-01-24 16:13 . 2009-01-24 16:13 236 --a------ C:\sqmdata01.sqm

2009-01-24 16:13 . 2009-01-24 16:13 200 --a------ C:\sqmnoopt01.sqm

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-27 18:07 13,880 ----a-w c:\windows\system32\drivers\COMFiltr.sys

2009-01-25 19:14 --------- d-----w c:\programfiler\Azureus

2009-01-25 18:17 --------- d-----w c:\programfiler\Java

2009-01-24 21:55 --------- d--h--w c:\programfiler\InstallShield Installation Information

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-08 11:53 57,344 ----a-w c:\windows\system32\ff_vfw.dll

2008-12-07 18:08 795,648 ----a-w c:\windows\system32\xvidcore.dll

2008-12-07 18:08 130,048 ----a-w c:\windows\system32\xvidvfw.dll

.

((((((((((((((((((((((((((((( snapshot@2009-01-26_20.34.54,73 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-01-27 18:07:03 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_71c.dat

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]

"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-01-25 136600]

"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2008-03-28 413696]

"HP Software Update"="c:\programfiler\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]

"APVXDWIN"="c:\programfiler\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" [2008-12-03 869632]

"SCANINICIO"="c:\programfiler\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" [2008-07-07 50432]

"nwiz"="nwiz.exe" [2006-07-20 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

2008-03-18 16:58 58672 c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programfiler\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programfiler\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"554:TCP"= 554:TCP:cdon.com

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-25 64160]

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2006-01-01 28544]

R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2006-01-01 41144]

R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]

R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2006-01-01 13880]

R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]

R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]

R4 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]

R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programfiler\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 942416]

R4 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2006-01-01 179640]

R4 PskSvcRetail;Panda PSK service;c:\programfiler\Panda Security\Panda Antivirus Pro 2009\psksvc.exe [2006-01-01 28928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

panda REG_MULTI_SZ Gwmsrv

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2009-01-27 c:\windows\Tasks\A8965B189185CD40.job

- c:\docume~1\atle\progra~1\bashsc~1\armydatathe.exe []

2009-01-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\programfiler\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-25 10:26]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.google.no/

mWindow Title =

DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-27 19:23:12

Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket

skjulte filer: 0

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(724)

c:\windows\system32\avldr.dll

.

Tidspunkt ferdig: 2009-01-27 19:24:15

ComboFix-quarantined-files.txt 2009-01-27 18:24:13

Pre-Run: 51 907 031 040 byte ledig

Post-Run: 51,947,548,672 byte ledig

179 --- E O F --- 2009-01-26 19:02:46

Lenke til kommentar

norbat

norbat

Skrevet 27. januar 2009

- Del

Skrevet 27. januar 2009

Slett fila:

c:\windows\Tasks\A8965B189185CD40.job

Fortell hvordan det går med CiD-popups.

Lenke til kommentar

holenjr

holenjr

Skrevet 27. januar 2009

Forfatter

- Del

Skrevet 27. januar 2009

da har jeg rotet rundt på nettet en halvtime og ingen pop ups :thumbup:

Takker så meget for hjelpen.

Lenke til kommentar

norbat

norbat

Skrevet 27. januar 2009

- Del

Skrevet 27. januar 2009

Avintaller combofix ved å skrive combofix /u i kjør-feltet (start->kjør)

Dette vil også nullstille systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere.

Sørg forøvrig at Java, Flash player og Adobe reader er oppdatert i tillegg til Windows.

Surt trygt.

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå

Gå til emneliste

Populær nå
- Overrasket? Nei, det er FrP på gang igjen
  
  Av Boing_80, 29 minutter siden i Politikk og samfunn
  - 8 svar
  - 71 visninger
- Skal man selv avbryte sykemelding om man blir bedre under sykemelding? Selv om arbeidsgiver er grunnen
  
  Av Gjest b7a66...cc2, 1 time siden i Jobb og karriere
  - 16 svar
  - 180 visninger
  - Gjest
  - 4 minutter siden
Hvem er aktive 0 medlemmer
- Ingen innloggede medlemmer aktive

×

×

Opprett ny...