Tanner Skrevet 28. januar 2009 Del Skrevet 28. januar 2009 (endret) Trenger litt hjelp til å kjøre en sånn logg søking for virus og feil i windows. Kan noen hjelpe meg med det? Tenker på den logg-tingen med disse programmene: Hijackthis, antimalware, RSIT. Kan ikke å lese av de loggene ^^ Endret 28. januar 2009 av Tanner Lenke til kommentar
Tosha0007 Skrevet 28. januar 2009 Del Skrevet 28. januar 2009 (endret) dersom du slutter å bumpe tråden din, men heller leggje ut logger er det lettare for oss å hjelpe deg Gjer følgande i denne rekkjefølgja dersom det er virus du har problem med: Last ned Malwarebytes' Anti-Malware Her eller Her.''' Lagre den på Skrivebordet. Kjør fila og installer programmet. Velg Norsk språkdrakt. Sett en hake ved siden av Oppdater Malwarebytes' Anti-Malware og Kjør Malwarebytes' Anti-Malware, og trykk Ferdig.La programmet oppdatere seg og velg Utfør hurtig systemskann. Du får en meldingsboks når programmet er ferdigkjørt Klikk deretter på Vis resultat-knappen. Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgt -knappen for å fjerne malwaren som evt. ble funnet. Notis: Hvis MBAM finner en fil som er vanskelig å fjerne, vil du bli spurt om to spørsmål. Trykk OK på begge, og la MBAM gjøre seg ferdig med desinfeksjonen. Hvis du blir spurt om å restarte maskinen, gjør du det med en gang. Når MBAM er ferdig med å fjerne det den har funnet, vil det bli åpnet en logg i notisblokk. Den poster du senere om den fant noe annet enn cookies -------------------------------------- Last ned Combofix (av sUBs), og legg det på Skrivebordet. Kjør combofix.exe, og følg veiledningen. Du vil under oppstart av combofix bli anbefalt å installere gjenopprettingskonsollen (om du ikke har den installert fra før). Det sier du ja til. Du må ikke klikke på vinduet mens programmet kjører. Dette kan føre til at programmet fryser. Hva gjør ComboFix: - ComboFix er et multifix-program som er laget for å fjerne en hel del kjente infeksjoner, samt lager en logg/rapport som viser filer/prosesser/registeroppføringer som ligger på PC-en. Loggen kan avgjøre om det fortsatt ligger noe på PC-en som skal fjernes. Det kreves da at noen med erfaring kan lese loggen og fortelle hvordan man skal gå videre. PS: Combofix vil blant ramse opp alle filer som har blitt opprettet den siste måneden, og kan i enkelte tilfeller også fortelle fullt navn og annen informasjon som kan betraktes som sensitiv. Av den grunn bør du gå gjennom loggen og se om du finner informasjon du ikke vil dele med alle, og sensurere det. Post loggfilen fra Combofix (c:\combofix.txt) Endret 28. januar 2009 av tosha0007 Lenke til kommentar
Tanner Skrevet 28. januar 2009 Forfatter Del Skrevet 28. januar 2009 Ingen mistenkelige filer funnet med Malwarebytes. Lenke til kommentar
Tosha0007 Skrevet 28. januar 2009 Del Skrevet 28. januar 2009 Oki, venter då på Combofix loggen. Har du hatt problemet lenge, eller er det nyleg komen? Er det Vista eller XP du har? Lenke til kommentar
Tanner Skrevet 28. januar 2009 Forfatter Del Skrevet 28. januar 2009 Så ikke dette før nå, så får poste combofix loggen imorgen. Har hatt problemet et liten stund nå. Lenke til kommentar
Zeph Skrevet 28. januar 2009 Del Skrevet 28. januar 2009 Denne tråden var feilpostet og er blitt flyttet til riktig kategori. Lenke til kommentar
Tanner Skrevet 29. januar 2009 Forfatter Del Skrevet 29. januar 2009 combofix loggen. klarte ikke å avslutte avg som e den bad om. håper det ikke ga noe stort utslag. ComboFix 09-01-21.04 - Olav Magne 2009-01-29 9:04:41.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.3062.2575 [GMT 1:00] Kjører fra: c:\documents and settings\Olav Magne\Skrivebord\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) * Opprettet nytt gjenopprettingspunkt ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\_000006_.tmp.dll c:\windows\system32\MPG4c32.dll . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-28 til 2009-01-29 ))))))))))))))))))))))))))))))))) . 2009-01-28 14:48 . 2009-01-28 14:48 <DIR> d-------- c:\programfiler\2K Games 2009-01-28 14:47 . 2009-01-28 14:47 <DIR> d-------- c:\documents and settings\Olav Magne\Programdata\InstallShield 2009-01-28 13:46 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll 2009-01-28 13:46 . 2007-05-16 16:45 1,124,720 --a------ c:\windows\system32\D3DCompiler_34.dll 2009-01-28 13:46 . 2007-05-16 16:45 443,752 --a------ c:\windows\system32\d3dx10_34.dll 2009-01-28 13:46 . 2007-06-20 20:46 266,088 --a------ c:\windows\system32\xactengine2_8.dll 2009-01-28 13:46 . 2007-06-20 20:45 18,280 --a------ c:\windows\system32\x3daudio1_2.dll 2009-01-27 14:24 . 2009-01-28 21:15 <DIR> d-------- C:\Fraps 2009-01-27 13:30 . 2009-01-27 15:34 69 --a------ c:\windows\NeroDigital.ini 2009-01-27 13:24 . 2009-01-27 13:24 <DIR> d-------- c:\windows\system32\QuickTime 2009-01-27 13:24 . 2009-01-27 13:24 <DIR> d-------- c:\programfiler\TechSmith 2009-01-27 13:24 . 2008-07-10 14:56 107,864 --a------ c:\windows\system32\tsccvid.dll 2009-01-26 21:45 . 2009-01-26 21:45 <DIR> d-------- c:\programfiler\Alcohol Soft 2009-01-26 21:35 . 2009-01-26 21:35 <DIR> d-------- c:\programfiler\Fellesfiler\LightScribe 2009-01-26 21:35 . 2009-01-26 21:43 <DIR> d-------- c:\documents and settings\Olav Magne\Programdata\Ahead 2009-01-26 21:32 . 2009-01-28 10:40 <DIR> d-------- c:\programfiler\Nero 2009-01-26 21:32 . 2009-01-28 10:39 <DIR> d-------- c:\programfiler\Fellesfiler\Ahead 2009-01-26 21:32 . 2009-01-26 21:32 <DIR> d-------- c:\documents and settings\All Users\Programdata\Nero 2009-01-26 19:49 . 2009-01-26 19:57 <DIR> d-------- c:\programfiler\Game Cam V2 2009-01-23 10:19 . 2009-01-23 10:19 <DIR> d-------- c:\programfiler\directx 2009-01-21 09:36 . 2009-01-21 09:36 <DIR> d-------- c:\temp\GTAINSTALLER 2009-01-21 09:36 . 2009-01-26 21:30 <DIR> d-------- C:\TEMP 2009-01-21 09:36 . 2009-01-23 10:18 <DIR> d-------- c:\programfiler\Rockstar Games 2009-01-21 09:36 . 2009-01-21 09:36 <DIR> d-------- c:\documents and settings\Olav Magne\WINDOWS 2009-01-21 09:36 . 1997-11-19 14:49 303,616 --a------ c:\windows\IsUninst.exe 2009-01-19 22:09 . 2009-01-21 09:12 <DIR> d-------- c:\documents and settings\All Users\Programdata\NFS Underground 2009-01-19 22:08 . 2009-01-19 22:08 <DIR> d-------- c:\programfiler\Fellesfiler\DirectX 2009-01-19 21:29 . 2009-01-19 21:29 <DIR> d-------- c:\documents and settings\Olav Magne\SystemRequirementsLab 2009-01-15 11:09 . 2009-01-27 14:21 <DIR> d--h----- C:\$AVG8.VAULT$ 2009-01-15 09:37 . 2009-01-15 09:37 42,320 --a------ c:\windows\system32\xfcodec.dll 2009-01-13 15:44 . 2009-01-27 10:54 1,374 --a------ c:\windows\imsins.BAK 2009-01-12 20:59 . 2009-01-28 22:20 <DIR> dr-h----- c:\documents and settings\Olav Magne\Siste 2009-01-03 09:07 . 2009-01-03 09:07 81,920 --a------ c:\windows\system32\frapsvid.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-28 20:55 --------- d-----w c:\documents and settings\Olav Magne\Programdata\Xfire 2009-01-28 20:49 --------- d---a-w c:\documents and settings\All Users\Programdata\TEMP 2009-01-28 16:58 --------- d-----w c:\programfiler\Xfire 2009-01-28 13:48 --------- d--h--w c:\programfiler\InstallShield Installation Information 2009-01-28 12:44 --------- d-----w c:\documents and settings\Olav Magne\Programdata\mIRC 2009-01-28 12:43 --------- d-----w c:\programfiler\mIRC 2009-01-26 15:17 --------- d-----w c:\documents and settings\Olav Magne\Programdata\dvdcss 2009-01-24 23:32 --------- d-----w c:\programfiler\pspvc 2009-01-24 23:27 --------- d-----w c:\programfiler\AviSynth 2.5 2009-01-24 20:00 138,384 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-01-20 16:15 --------- d-----w c:\programfiler\Steam 2009-01-19 20:58 --------- d-----w c:\programfiler\EA Games 2009-01-19 20:47 --------- d-----w c:\documents and settings\Olav Magne\Programdata\U3 2009-01-19 20:32 --------- d-----w c:\programfiler\SystemRequirementsLab 2009-01-14 11:12 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help 2009-01-05 18:48 --------- d-----w c:\documents and settings\Olav Magne\Programdata\Hamachi 2009-01-03 17:21 --------- d-----w c:\programfiler\Sony Ericsson 2008-12-28 16:32 --------- d-----w c:\programfiler\StarCraft 2008-12-27 16:14 --------- d-----w c:\programfiler\Fellesfiler\InstallShield 2008-12-27 12:19 --------- d-----w c:\programfiler\Fellesfiler\Blizzard Entertainment 2008-12-23 20:39 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys 2008-12-20 17:51 --------- d-----w c:\programfiler\Fellesfiler\Adobe 2008-12-20 17:47 --------- d-----w c:\programfiler\Java 2008-12-20 16:37 --------- d-----w c:\programfiler\Microsoft CAPICOM 2.1.0.2 2008-12-20 16:30 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys 2008-12-20 16:30 --------- d-----w c:\documents and settings\All Users\Programdata\Avg8 2008-12-20 16:08 --------- d-----w c:\programfiler\Windows Live 2008-12-20 16:08 --------- d-----w c:\programfiler\Microsoft 2008-12-20 16:07 --------- d-----w c:\programfiler\Windows Live SkyDrive 2008-12-20 15:59 --------- d-----w c:\programfiler\Fellesfiler\Windows Live 2008-12-20 13:24 --------- d-----w c:\programfiler\MSXML 4.0 2008-12-20 12:31 --------- d-----w c:\programfiler\trend micro 2008-12-20 11:48 --------- d-----w c:\programfiler\Malwarebytes' Anti-Malware 2008-12-20 11:46 --------- d-----w c:\documents and settings\Olav Magne\Programdata\Malwarebytes 2008-12-20 11:46 --------- d-----w c:\documents and settings\All Users\Programdata\Malwarebytes 2008-12-20 11:27 --------- d-----w c:\documents and settings\All Users\Programdata\Lavasoft 2008-12-20 11:26 --------- d-----w c:\programfiler\Lavasoft 2008-12-20 11:26 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard 2008-12-19 19:43 --------- d-----w c:\programfiler\Counter-Strike 2008-12-19 18:25 --------- d-----w c:\programfiler\Alwil Software 2008-12-18 16:30 31 ----a-w c:\documents and settings\Olav Magne\jagex_runescape_preferences.dat 2008-12-17 18:26 --------- d-----w c:\programfiler\Savage 2 - A Tortured Soul 2008-12-17 08:50 --------- d-----w c:\programfiler\Sierra 2008-12-16 18:56 --------- d-----w c:\programfiler\Winferno 2008-12-16 18:24 --------- d-----w c:\programfiler\Seekeen 2008-12-12 18:13 --------- d-----w c:\documents and settings\Olav Magne\Programdata\.BitTornado 2008-12-12 18:12 --------- d-----w c:\programfiler\BitTornado 2008-12-11 17:40 --------- d--h--r c:\documents and settings\Olav Magne\Programdata\SecuROM 2008-12-11 13:16 --------- d-----w c:\programfiler\AGEIA Technologies 2008-12-11 13:16 --------- d-----w c:\documents and settings\Olav Magne\Programdata\FarmingSimulator2008 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-10 16:59 --------- d-----w c:\documents and settings\Olav Magne\Programdata\vlc 2008-12-06 19:22 --------- d-----w c:\documents and settings\Olav Magne\Programdata\Publish Providers 2008-12-06 19:21 --------- d-----w c:\documents and settings\Olav Magne\Programdata\Sony 2008-12-06 18:53 --------- d-----w c:\programfiler\Vstplugins 2008-12-06 18:53 --------- d-----w c:\programfiler\Sony 2008-12-06 18:53 --------- d-----w c:\documents and settings\All Users\Programdata\Sony 2008-12-06 18:52 --------- d-----w c:\programfiler\Sony Setup 2008-12-06 13:49 --------- d-----w c:\programfiler\NuGardt Software 2008-12-03 18:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-03 18:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-11-29 20:29 --------- d-----w c:\documents and settings\Olav Magne\Programdata\Ventrilo 2008-11-28 14:49 --------- d-----w c:\programfiler\Microsoft Works 2008-11-28 14:47 --------- d-----w c:\programfiler\Microsoft.NET 2008-11-28 11:02 --------- d-----w c:\programfiler\Valve 2008-11-18 17:12 52,736 ----a-w c:\windows\ipuninst.exe 2008-11-17 20:02 21,393 ----a-w c:\windows\AegisP.sys . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SMSERIAL"="c:\programfiler\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880] "WLSS"="c:\programfiler\Compal\Wireless Select Switch\WLSS.exe" [2007-04-23 190000] "Wow Video&Audio"="c:\programfiler\Compal\Wow Video&Audio\WVAMain.exe" [2007-05-03 951856] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-21 143360] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-21 172032] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-21 143360] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-20 1261336] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "RTHDCPL"="RTHDCPL.EXE" [2008-10-28 c:\windows\RTHDCPL.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^AutoCAD Startup Accelerator.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\AutoCAD Startup Accelerator.lnk backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-08-08 13:11 490952 c:\programfiler\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-14 09:23 1695232 c:\programfiler\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2007-02-20 13:06 741376 c:\programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-12-27 23:40 1410296 c:\programfiler\Steam\Steam.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Xfire\\xfire.exe"= "c:\\Programfiler\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= "c:\\Programfiler\\Ventrilo\\Ventrilo.exe"= "c:\\Programfiler\\Opera\\opera.exe"= "c:\\Programfiler\\EA Games\\Ultima Online Mondain's Legacy\\client.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\Programfiler\\mIRC\\mirc.exe"= "c:\\Programfiler\\BearShare\\BearShare.exe"= "c:\\Programfiler\\Valve\\hl.exe"= "c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Soldat\\Soldat.exe"= "c:\\Programfiler\\BitTornado\\btdownloadgui.exe"= "c:\\Programfiler\\Savage 2 - A Tortured Soul\\savage2.exe"= "c:\\Programfiler\\pspvc\\PSPVC (Server).exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Sierra\\Empire Earth\\Empire Earth.exe"= "c:\\Programfiler\\Java\\jre6\\bin\\javaw.exe"= "c:\\Programfiler\\2K Games\\Firaxis Games\\Sid Meier's Civilization IV Colonization\\Colonization.exe"= R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2008-11-17 9856] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-20 97928] R3 Ktp;Elantech Touchpad;c:\windows\system32\drivers\Ktp.sys [2008-11-17 27776] R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-20 231704] S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-11-17 27904] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d0b3e56-ea59-11dd-8e10-0013e8647fb7}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com f: \Shell\Open\command - f:\resycled\boot.com f: [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{200978c4-c7a9-11dd-8d99-0013e8647fb7}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-01-29 c:\windows\Tasks\PCConfidential.job - c:\programfiler\Winferno\PC Confidential\PCConfidential.exe [] . - - - - TOMME PEKERE FJERNET - - - - MSConfigStartUp-MsnMsgr - c:\programfiler\MSN Messenger\MsnMsgr.Exe . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.no/ IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: microsoft.com\www.update DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-29 09:14:04 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-1708537768-1682526488-725345543-1004\Software\SecuROM\License information*] "datasecu"=hex:07,fe,f4,03,22,e8,24,a1,e5,08,8f,96,83,b5,57,5b,00,0d,1b,78,66, 44,d7,c4,0d,e5,4e,bb,41,90,3d,af,e7,14,27,5e,5e,8a,dc,b1,51,58,67,c7,8b,48,\ "rkeysecu"=hex:98,f5,ec,0e,05,bb,b6,9d,d3,22,4f,ac,59,b7,5e,56 . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\programfiler\Lavasoft\Ad-Aware\aawservice.exe c:\programfiler\Java\jre6\bin\jqs.exe c:\programfiler\Fellesfiler\LightScribe\LSSrvc.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\wdfmgr.exe c:\programfiler\AVG\AVG8\avgrsx.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\igfxsrvc.exe . ************************************************************************** . Tidspunkt ferdig: 2009-01-29 9:16:56 - maskinen ble startet på nytt [Olav Magne] ComboFix-quarantined-files.txt 2009-01-29 08:16:53 Pre-Run: 76,713,254,912 byte ledig Post-Run: 76,761,333,760 byte ledig 233 --- E O F --- 2009-01-27 09:54:59 Lenke til kommentar
norbat Skrevet 29. januar 2009 Del Skrevet 29. januar 2009 Last ned Flash_Disinfector til skrivebordet. Dobbeltklikk på fila for å kjøre programmet Du vil bli bedt om å sette i minnepenna eller annen eksternt lagringsmedium. Gjør det. Når programmet er ferdigkjørt, restart pc'n. Hent ny combofix og kjør programmet. Post loggen. Lenke til kommentar
Tanner Skrevet 29. januar 2009 Forfatter Del Skrevet 29. januar 2009 Fikk ikke lagt ned avg denne gangen eller da =/ Men her er ihvertfall en ny log etter det flash programet ble brukt. ComboFix 09-01-21.04 - Olav Magne 2009-01-29 10:52:12.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.3062.2557 [GMT 1:00] Kjører fra: c:\documents and settings\Olav Magne\Skrivebord\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-28 til 2009-01-29 ))))))))))))))))))))))))))))))))) . 2009-01-28 14:48 . 2009-01-28 14:48 <DIR> d-------- c:\programfiler\2K Games 2009-01-28 14:47 . 2009-01-28 14:47 <DIR> d-------- c:\documents and settings\Olav Magne\Programdata\InstallShield 2009-01-28 13:46 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll 2009-01-28 13:46 . 2007-05-16 16:45 1,124,720 --a------ c:\windows\system32\D3DCompiler_34.dll 2009-01-28 13:46 . 2007-05-16 16:45 443,752 --a------ c:\windows\system32\d3dx10_34.dll 2009-01-28 13:46 . 2007-06-20 20:46 266,088 --a------ c:\windows\system32\xactengine2_8.dll 2009-01-28 13:46 . 2007-06-20 20:45 18,280 --a------ c:\windows\system32\x3daudio1_2.dll 2009-01-27 14:24 . 2009-01-28 21:15 <DIR> d-------- C:\Fraps 2009-01-27 13:30 . 2009-01-27 15:34 69 --a------ c:\windows\NeroDigital.ini 2009-01-27 13:24 . 2009-01-27 13:24 <DIR> d-------- c:\windows\system32\QuickTime 2009-01-27 13:24 . 2009-01-27 13:24 <DIR> d-------- c:\programfiler\TechSmith 2009-01-27 13:24 . 2008-07-10 14:56 107,864 --a------ c:\windows\system32\tsccvid.dll 2009-01-26 21:45 . 2009-01-26 21:45 <DIR> d-------- c:\programfiler\Alcohol Soft 2009-01-26 21:35 . 2009-01-26 21:43 <DIR> d-------- c:\documents and settings\Olav Magne\Programdata\Ahead 2009-01-26 21:32 . 2009-01-28 10:40 <DIR> d-------- c:\programfiler\Nero 2009-01-26 21:32 . 2009-01-28 10:39 <DIR> d-------- c:\programfiler\Fellesfiler\Ahead 2009-01-26 21:32 . 2009-01-26 21:32 <DIR> d-------- c:\documents and settings\All Users\Programdata\Nero 2009-01-26 19:49 . 2009-01-26 19:57 <DIR> d-------- c:\programfiler\Game Cam V2 2009-01-23 10:19 . 2009-01-23 10:19 <DIR> d-------- c:\programfiler\directx 2009-01-21 09:36 . 2009-01-21 09:36 <DIR> d-------- c:\temp\GTAINSTALLER 2009-01-21 09:36 . 2009-01-26 21:30 <DIR> d-------- C:\TEMP 2009-01-21 09:36 . 2009-01-23 10:18 <DIR> d-------- c:\programfiler\Rockstar Games 2009-01-21 09:36 . 2009-01-21 09:36 <DIR> d-------- c:\documents and settings\Olav Magne\WINDOWS 2009-01-21 09:36 . 1997-11-19 14:49 303,616 --a------ c:\windows\IsUninst.exe 2009-01-19 22:09 . 2009-01-21 09:12 <DIR> d-------- c:\documents and settings\All Users\Programdata\NFS Underground 2009-01-19 22:08 . 2009-01-19 22:08 <DIR> d-------- c:\programfiler\Fellesfiler\DirectX 2009-01-19 21:29 . 2009-01-19 21:29 <DIR> d-------- c:\documents and settings\Olav Magne\SystemRequirementsLab 2009-01-15 11:09 . 2009-01-27 14:21 <DIR> d--h----- C:\$AVG8.VAULT$ 2009-01-15 09:37 . 2009-01-15 09:37 42,320 --a------ c:\windows\system32\xfcodec.dll 2009-01-13 15:44 . 2009-01-27 10:54 1,374 --a------ c:\windows\imsins.BAK 2009-01-12 20:59 . 2009-01-29 10:15 <DIR> dr-h----- c:\documents and settings\Olav Magne\Siste 2009-01-03 09:07 . 2009-01-03 09:07 81,920 --a------ c:\windows\system32\frapsvid.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-28 20:55 --------- d-----w c:\documents and settings\Olav Magne\Programdata\Xfire 2009-01-28 20:49 --------- d---a-w c:\documents and settings\All Users\Programdata\TEMP 2009-01-28 16:58 --------- d-----w c:\programfiler\Xfire 2009-01-28 13:48 --------- d--h--w c:\programfiler\InstallShield Installation Information 2009-01-28 12:50 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2009-01-28 12:44 --------- d-----w c:\documents and settings\Olav Magne\Programdata\mIRC 2009-01-28 12:43 --------- d-----w c:\programfiler\mIRC 2009-01-26 15:17 --------- d-----w c:\documents and settings\Olav Magne\Programdata\dvdcss 2009-01-24 23:32 --------- d-----w c:\programfiler\pspvc 2009-01-24 23:27 --------- d-----w c:\programfiler\AviSynth 2.5 2009-01-24 20:00 138,384 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-01-24 19:59 187,536 ----a-w c:\windows\system32\PnkBstrB.exe 2009-01-20 16:15 --------- d-----w c:\programfiler\Steam 2009-01-19 20:58 --------- d-----w c:\programfiler\EA Games 2009-01-19 20:47 --------- d-----w c:\documents and settings\Olav Magne\Programdata\U3 2009-01-19 20:32 --------- d-----w c:\programfiler\SystemRequirementsLab 2009-01-14 11:12 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help 2009-01-05 18:48 --------- d-----w c:\documents and settings\Olav Magne\Programdata\Hamachi 2009-01-03 17:21 --------- d-----w c:\programfiler\Sony Ericsson 2008-12-28 16:32 --------- d-----w c:\programfiler\StarCraft 2008-12-27 16:14 --------- d-----w c:\programfiler\Fellesfiler\InstallShield 2008-12-27 12:19 --------- d-----w c:\programfiler\Fellesfiler\Blizzard Entertainment 2008-12-23 20:39 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys 2008-12-21 21:46 351,744 ----a-w c:\windows\system32\avisynth.dll 2008-12-20 18:21 70,968 ----a-w c:\windows\system32\PnkBstrA.exe 2008-12-20 17:51 --------- d-----w c:\programfiler\Fellesfiler\Adobe 2008-12-20 17:47 --------- d-----w c:\programfiler\Java 2008-12-20 16:37 --------- d-----w c:\programfiler\Microsoft CAPICOM 2.1.0.2 2008-12-20 16:30 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys 2008-12-20 16:30 10,520 ----a-w c:\windows\system32\avgrsstx.dll 2008-12-20 16:30 --------- d-----w c:\documents and settings\All Users\Programdata\Avg8 2008-12-20 16:08 --------- d-----w c:\programfiler\Windows Live 2008-12-20 16:08 --------- d-----w c:\programfiler\Microsoft 2008-12-20 16:07 --------- d-----w c:\programfiler\Windows Live SkyDrive 2008-12-20 15:59 --------- d-----w c:\programfiler\Fellesfiler\Windows Live 2008-12-20 13:24 --------- d-----w c:\programfiler\MSXML 4.0 2008-12-20 12:31 --------- d-----w c:\programfiler\trend micro 2008-12-20 11:48 --------- d-----w c:\programfiler\Malwarebytes' Anti-Malware 2008-12-20 11:46 --------- d-----w c:\documents and settings\Olav Magne\Programdata\Malwarebytes 2008-12-20 11:46 --------- d-----w c:\documents and settings\All Users\Programdata\Malwarebytes 2008-12-20 11:27 --------- d-----w c:\documents and settings\All Users\Programdata\Lavasoft 2008-12-20 11:26 --------- d-----w c:\programfiler\Lavasoft 2008-12-20 11:26 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard 2008-12-19 19:43 --------- d-----w c:\programfiler\Counter-Strike 2008-12-19 18:25 --------- d-----w c:\programfiler\Alwil Software 2008-12-18 16:30 31 ----a-w c:\documents and settings\Olav Magne\jagex_runescape_preferences.dat 2008-12-17 18:26 --------- d-----w c:\programfiler\Savage 2 - A Tortured Soul 2008-12-17 08:50 --------- d-----w c:\programfiler\Sierra 2008-12-16 18:56 --------- d-----w c:\programfiler\Winferno 2008-12-16 18:24 --------- d-----w c:\programfiler\Seekeen 2008-12-12 18:13 --------- d-----w c:\documents and settings\Olav Magne\Programdata\.BitTornado 2008-12-12 18:12 --------- d-----w c:\programfiler\BitTornado 2008-12-11 17:40 --------- d--h--r c:\documents and settings\Olav Magne\Programdata\SecuROM 2008-12-11 13:16 --------- d-----w c:\programfiler\AGEIA Technologies 2008-12-11 13:16 --------- d-----w c:\documents and settings\Olav Magne\Programdata\FarmingSimulator2008 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-10 16:59 --------- d-----w c:\documents and settings\Olav Magne\Programdata\vlc 2008-12-06 19:22 --------- d-----w c:\documents and settings\Olav Magne\Programdata\Publish Providers 2008-12-06 19:21 --------- d-----w c:\documents and settings\Olav Magne\Programdata\Sony 2008-12-06 18:53 --------- d-----w c:\programfiler\Vstplugins 2008-12-06 18:53 --------- d-----w c:\programfiler\Sony 2008-12-06 18:53 --------- d-----w c:\documents and settings\All Users\Programdata\Sony 2008-12-06 18:52 --------- d-----w c:\programfiler\Sony Setup 2008-12-06 13:49 --------- d-----w c:\programfiler\NuGardt Software 2008-12-03 18:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-03 18:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll 2008-11-29 20:29 --------- d-----w c:\documents and settings\Olav Magne\Programdata\Ventrilo 2008-11-28 14:49 --------- d-----w c:\programfiler\Microsoft Works 2008-11-28 14:47 --------- d-----w c:\programfiler\Microsoft.NET 2008-11-28 11:02 --------- d-----w c:\programfiler\Valve 2008-11-18 17:12 52,736 ----a-w c:\windows\ipuninst.exe 2008-11-17 20:02 356,352 ----a-w c:\windows\system32\AegisI5Installer.exe 2008-11-17 20:02 21,393 ----a-w c:\windows\AegisP.sys 2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-11-06 13:46 920,088 ----a-w c:\windows\system32\igxpun.exe . ((((((((((((((((((((((((((((( snapshot@2009-01-29_ 9.16.21.00 ))))))))))))))))))))))))))))))))))))))))) . + 2009-01-29 09:48:54 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_190.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SMSERIAL"="c:\programfiler\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880] "WLSS"="c:\programfiler\Compal\Wireless Select Switch\WLSS.exe" [2007-04-23 190000] "Wow Video&Audio"="c:\programfiler\Compal\Wow Video&Audio\WVAMain.exe" [2007-05-03 951856] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-21 143360] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-21 172032] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-21 143360] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-20 1261336] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "RTHDCPL"="RTHDCPL.EXE" [2008-10-28 c:\windows\RTHDCPL.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^AutoCAD Startup Accelerator.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\AutoCAD Startup Accelerator.lnk backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-08-08 13:11 490952 c:\programfiler\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-14 09:23 1695232 c:\programfiler\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2007-02-20 13:06 741376 c:\programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-12-27 23:40 1410296 c:\programfiler\Steam\Steam.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Xfire\\xfire.exe"= "c:\\Programfiler\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= "c:\\Programfiler\\Ventrilo\\Ventrilo.exe"= "c:\\Programfiler\\Opera\\opera.exe"= "c:\\Programfiler\\EA Games\\Ultima Online Mondain's Legacy\\client.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\Programfiler\\mIRC\\mirc.exe"= "c:\\Programfiler\\BearShare\\BearShare.exe"= "c:\\Programfiler\\Valve\\hl.exe"= "c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Soldat\\Soldat.exe"= "c:\\Programfiler\\BitTornado\\btdownloadgui.exe"= "c:\\Programfiler\\Savage 2 - A Tortured Soul\\savage2.exe"= "c:\\Programfiler\\pspvc\\PSPVC (Server).exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Sierra\\Empire Earth\\Empire Earth.exe"= "c:\\Programfiler\\Java\\jre6\\bin\\javaw.exe"= "c:\\Programfiler\\2K Games\\Firaxis Games\\Sid Meier's Civilization IV Colonization\\Colonization.exe"= R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2008-11-17 9856] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-20 97928] R3 Ktp;Elantech Touchpad;c:\windows\system32\drivers\Ktp.sys [2008-11-17 27776] R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-20 231704] S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-11-17 27904] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d0b3e56-ea59-11dd-8e10-0013e8647fb7}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com f: \Shell\Open\command - f:\resycled\boot.com f: [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{200978c4-c7a9-11dd-8d99-0013e8647fb7}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-01-29 c:\windows\Tasks\PCConfidential.job - c:\programfiler\Winferno\PC Confidential\PCConfidential.exe [] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.no/ IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: microsoft.com\www.update DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-29 10:57:34 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-1708537768-1682526488-725345543-1004\Software\SecuROM\License information*] "datasecu"=hex:07,fe,f4,03,22,e8,24,a1,e5,08,8f,96,83,b5,57,5b,00,0d,1b,78,66, 44,d7,c4,0d,e5,4e,bb,41,90,3d,af,e7,14,27,5e,5e,8a,dc,b1,51,58,67,c7,8b,48,\ "rkeysecu"=hex:98,f5,ec,0e,05,bb,b6,9d,d3,22,4f,ac,59,b7,5e,56 . Tidspunkt ferdig: 2009-01-29 10:59:32 ComboFix-quarantined-files.txt 2009-01-29 09:59:29 ComboFix2.txt 2009-01-29 08:16:57 Pre-Run: 76 962 312 192 byte ledig Post-Run: 76,950,315,008 byte ledig 225 --- E O F --- 2009-01-27 09:54:59 Lenke til kommentar
norbat Skrevet 29. januar 2009 Del Skrevet 29. januar 2009 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Folder:: c:\programfiler\Alwil Software Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d0b3e56-ea59-11dd-8e10-0013e8647fb7}] Post loggen igjen, så tar vi en siste titt. Lenke til kommentar
Tanner Skrevet 29. januar 2009 Forfatter Del Skrevet 29. januar 2009 ComboFix 09-01-21.04 - Olav Magne 2009-01-29 11:35:27.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.3062.2547 [GMT 1:00] Kjører fra: c:\documents and settings\Olav Magne\Skrivebord\ComboFix.exe Command switches brukt :: c:\documents and settings\Olav Magne\Skrivebord\CFScript.txt.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) * Opprettet nytt gjenopprettingspunkt ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programfiler\Alwil Software c:\programfiler\Alwil Software\Avast4\Setup\setup.ini . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-28 til 2009-01-29 ))))))))))))))))))))))))))))))))) . 2009-01-28 14:48 . 2009-01-28 14:48 <DIR> d-------- c:\programfiler\2K Games 2009-01-28 14:47 . 2009-01-28 14:47 <DIR> d-------- c:\documents and settings\Olav Magne\Programdata\InstallShield 2009-01-28 13:46 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll 2009-01-28 13:46 . 2007-05-16 16:45 1,124,720 --a------ c:\windows\system32\D3DCompiler_34.dll 2009-01-28 13:46 . 2007-05-16 16:45 443,752 --a------ c:\windows\system32\d3dx10_34.dll 2009-01-28 13:46 . 2007-06-20 20:46 266,088 --a------ c:\windows\system32\xactengine2_8.dll 2009-01-28 13:46 . 2007-06-20 20:45 18,280 --a------ c:\windows\system32\x3daudio1_2.dll 2009-01-27 14:24 . 2009-01-28 21:15 <DIR> d-------- C:\Fraps 2009-01-27 13:30 . 2009-01-27 15:34 69 --a------ c:\windows\NeroDigital.ini 2009-01-27 13:24 . 2009-01-27 13:24 <DIR> d-------- c:\windows\system32\QuickTime 2009-01-27 13:24 . 2009-01-27 13:24 <DIR> d-------- c:\programfiler\TechSmith 2009-01-27 13:24 . 2008-07-10 14:56 107,864 --a------ c:\windows\system32\tsccvid.dll 2009-01-26 21:45 . 2009-01-26 21:45 <DIR> d-------- c:\programfiler\Alcohol Soft 2009-01-26 21:35 . 2009-01-26 21:43 <DIR> d-------- c:\documents and settings\Olav Magne\Programdata\Ahead 2009-01-26 21:32 . 2009-01-28 10:40 <DIR> d-------- c:\programfiler\Nero 2009-01-26 21:32 . 2009-01-28 10:39 <DIR> d-------- c:\programfiler\Fellesfiler\Ahead 2009-01-26 21:32 . 2009-01-26 21:32 <DIR> d-------- c:\documents and settings\All Users\Programdata\Nero 2009-01-26 19:49 . 2009-01-26 19:57 <DIR> d-------- c:\programfiler\Game Cam V2 2009-01-23 10:19 . 2009-01-23 10:19 <DIR> d-------- c:\programfiler\directx 2009-01-21 09:36 . 2009-01-21 09:36 <DIR> d-------- c:\temp\GTAINSTALLER 2009-01-21 09:36 . 2009-01-26 21:30 <DIR> d-------- C:\TEMP 2009-01-21 09:36 . 2009-01-23 10:18 <DIR> d-------- c:\programfiler\Rockstar Games 2009-01-21 09:36 . 2009-01-21 09:36 <DIR> d-------- c:\documents and settings\Olav Magne\WINDOWS 2009-01-21 09:36 . 1997-11-19 14:49 303,616 --a------ c:\windows\IsUninst.exe 2009-01-19 22:09 . 2009-01-21 09:12 <DIR> d-------- c:\documents and settings\All Users\Programdata\NFS Underground 2009-01-19 22:08 . 2009-01-19 22:08 <DIR> d-------- c:\programfiler\Fellesfiler\DirectX 2009-01-19 21:29 . 2009-01-19 21:29 <DIR> d-------- c:\documents and settings\Olav Magne\SystemRequirementsLab 2009-01-15 11:09 . 2009-01-27 14:21 <DIR> d--h----- C:\$AVG8.VAULT$ 2009-01-15 09:37 . 2009-01-15 09:37 42,320 --a------ c:\windows\system32\xfcodec.dll 2009-01-13 15:44 . 2009-01-27 10:54 1,374 --a------ c:\windows\imsins.BAK 2009-01-12 20:59 . 2009-01-29 11:33 <DIR> dr-h----- c:\documents and settings\Olav Magne\Siste 2009-01-03 09:07 . 2009-01-03 09:07 81,920 --a------ c:\windows\system32\frapsvid.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-28 20:55 --------- d-----w c:\documents and settings\Olav Magne\Programdata\Xfire 2009-01-28 20:49 --------- d---a-w c:\documents and settings\All Users\Programdata\TEMP 2009-01-28 16:58 --------- d-----w c:\programfiler\Xfire 2009-01-28 13:48 --------- d--h--w c:\programfiler\InstallShield Installation Information 2009-01-28 12:50 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2009-01-28 12:44 --------- d-----w c:\documents and settings\Olav Magne\Programdata\mIRC 2009-01-28 12:43 --------- d-----w c:\programfiler\mIRC 2009-01-26 15:17 --------- d-----w c:\documents and settings\Olav Magne\Programdata\dvdcss 2009-01-24 23:32 --------- d-----w c:\programfiler\pspvc 2009-01-24 23:27 --------- d-----w c:\programfiler\AviSynth 2.5 2009-01-24 20:00 138,384 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-01-24 19:59 187,536 ----a-w c:\windows\system32\PnkBstrB.exe 2009-01-20 16:15 --------- d-----w c:\programfiler\Steam 2009-01-19 20:58 --------- d-----w c:\programfiler\EA Games 2009-01-19 20:47 --------- d-----w c:\documents and settings\Olav Magne\Programdata\U3 2009-01-19 20:32 --------- d-----w c:\programfiler\SystemRequirementsLab 2009-01-14 11:12 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help 2009-01-05 18:48 --------- d-----w c:\documents and settings\Olav Magne\Programdata\Hamachi 2009-01-03 17:21 --------- d-----w c:\programfiler\Sony Ericsson 2008-12-28 16:32 --------- d-----w c:\programfiler\StarCraft 2008-12-27 16:14 --------- d-----w c:\programfiler\Fellesfiler\InstallShield 2008-12-27 12:19 --------- d-----w c:\programfiler\Fellesfiler\Blizzard Entertainment 2008-12-23 20:39 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys 2008-12-21 21:46 351,744 ----a-w c:\windows\system32\avisynth.dll 2008-12-20 18:21 70,968 ----a-w c:\windows\system32\PnkBstrA.exe 2008-12-20 17:51 --------- d-----w c:\programfiler\Fellesfiler\Adobe 2008-12-20 17:47 --------- d-----w c:\programfiler\Java 2008-12-20 16:37 --------- d-----w c:\programfiler\Microsoft CAPICOM 2.1.0.2 2008-12-20 16:30 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys 2008-12-20 16:30 10,520 ----a-w c:\windows\system32\avgrsstx.dll 2008-12-20 16:30 --------- d-----w c:\documents and settings\All Users\Programdata\Avg8 2008-12-20 16:08 --------- d-----w c:\programfiler\Windows Live 2008-12-20 16:08 --------- d-----w c:\programfiler\Microsoft 2008-12-20 16:07 --------- d-----w c:\programfiler\Windows Live SkyDrive 2008-12-20 15:59 --------- d-----w c:\programfiler\Fellesfiler\Windows Live 2008-12-20 13:24 --------- d-----w c:\programfiler\MSXML 4.0 2008-12-20 12:31 --------- d-----w c:\programfiler\trend micro 2008-12-20 11:48 --------- d-----w c:\programfiler\Malwarebytes' Anti-Malware 2008-12-20 11:46 --------- d-----w c:\documents and settings\Olav Magne\Programdata\Malwarebytes 2008-12-20 11:46 --------- d-----w c:\documents and settings\All Users\Programdata\Malwarebytes 2008-12-20 11:27 --------- d-----w c:\documents and settings\All Users\Programdata\Lavasoft 2008-12-20 11:26 --------- d-----w c:\programfiler\Lavasoft 2008-12-20 11:26 --------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard 2008-12-19 19:43 --------- d-----w c:\programfiler\Counter-Strike 2008-12-18 16:30 31 ----a-w c:\documents and settings\Olav Magne\jagex_runescape_preferences.dat 2008-12-17 18:26 --------- d-----w c:\programfiler\Savage 2 - A Tortured Soul 2008-12-17 08:50 --------- d-----w c:\programfiler\Sierra 2008-12-16 18:56 --------- d-----w c:\programfiler\Winferno 2008-12-16 18:24 --------- d-----w c:\programfiler\Seekeen 2008-12-12 18:13 --------- d-----w c:\documents and settings\Olav Magne\Programdata\.BitTornado 2008-12-12 18:12 --------- d-----w c:\programfiler\BitTornado 2008-12-11 17:40 --------- d--h--r c:\documents and settings\Olav Magne\Programdata\SecuROM 2008-12-11 13:16 --------- d-----w c:\programfiler\AGEIA Technologies 2008-12-11 13:16 --------- d-----w c:\documents and settings\Olav Magne\Programdata\FarmingSimulator2008 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-10 16:59 --------- d-----w c:\documents and settings\Olav Magne\Programdata\vlc 2008-12-06 19:22 --------- d-----w c:\documents and settings\Olav Magne\Programdata\Publish Providers 2008-12-06 19:21 --------- d-----w c:\documents and settings\Olav Magne\Programdata\Sony 2008-12-06 18:53 --------- d-----w c:\programfiler\Vstplugins 2008-12-06 18:53 --------- d-----w c:\programfiler\Sony 2008-12-06 18:53 --------- d-----w c:\documents and settings\All Users\Programdata\Sony 2008-12-06 18:52 --------- d-----w c:\programfiler\Sony Setup 2008-12-06 13:49 --------- d-----w c:\programfiler\NuGardt Software 2008-12-03 18:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-03 18:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll 2008-11-29 20:29 --------- d-----w c:\documents and settings\Olav Magne\Programdata\Ventrilo 2008-11-28 14:49 --------- d-----w c:\programfiler\Microsoft Works 2008-11-28 14:47 --------- d-----w c:\programfiler\Microsoft.NET 2008-11-28 11:02 --------- d-----w c:\programfiler\Valve 2008-11-18 17:12 52,736 ----a-w c:\windows\ipuninst.exe 2008-11-17 20:02 356,352 ----a-w c:\windows\system32\AegisI5Installer.exe 2008-11-17 20:02 21,393 ----a-w c:\windows\AegisP.sys 2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-11-06 13:46 920,088 ----a-w c:\windows\system32\igxpun.exe . ((((((((((((((((((((((((((((( snapshot@2009-01-29_ 9.16.21.00 ))))))))))))))))))))))))))))))))))))))))) . + 2009-01-29 09:48:54 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_190.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SMSERIAL"="c:\programfiler\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880] "WLSS"="c:\programfiler\Compal\Wireless Select Switch\WLSS.exe" [2007-04-23 190000] "Wow Video&Audio"="c:\programfiler\Compal\Wow Video&Audio\WVAMain.exe" [2007-05-03 951856] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-21 143360] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-21 172032] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-21 143360] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-20 1261336] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "RTHDCPL"="RTHDCPL.EXE" [2008-10-28 c:\windows\RTHDCPL.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^AutoCAD Startup Accelerator.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\AutoCAD Startup Accelerator.lnk backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-08-08 13:11 490952 c:\programfiler\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-14 09:23 1695232 c:\programfiler\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2007-02-20 13:06 741376 c:\programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-12-27 23:40 1410296 c:\programfiler\Steam\Steam.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Xfire\\xfire.exe"= "c:\\Programfiler\\Activision\\Call of Duty 2\\CoD2MP_s.exe"= "c:\\Programfiler\\Ventrilo\\Ventrilo.exe"= "c:\\Programfiler\\Opera\\opera.exe"= "c:\\Programfiler\\EA Games\\Ultima Online Mondain's Legacy\\client.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\Programfiler\\mIRC\\mirc.exe"= "c:\\Programfiler\\BearShare\\BearShare.exe"= "c:\\Programfiler\\Valve\\hl.exe"= "c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Soldat\\Soldat.exe"= "c:\\Programfiler\\BitTornado\\btdownloadgui.exe"= "c:\\Programfiler\\Savage 2 - A Tortured Soul\\savage2.exe"= "c:\\Programfiler\\pspvc\\PSPVC (Server).exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Sierra\\Empire Earth\\Empire Earth.exe"= "c:\\Programfiler\\Java\\jre6\\bin\\javaw.exe"= "c:\\Programfiler\\2K Games\\Firaxis Games\\Sid Meier's Civilization IV Colonization\\Colonization.exe"= R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2008-11-17 9856] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-20 97928] R3 Ktp;Elantech Touchpad;c:\windows\system32\drivers\Ktp.sys [2008-11-17 27776] R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-20 231704] S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-11-17 27904] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{200978c4-c7a9-11dd-8d99-0013e8647fb7}] \Shell\AutoRun\command - F:\LaunchU3.exe -a . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-01-29 c:\windows\Tasks\PCConfidential.job - c:\programfiler\Winferno\PC Confidential\PCConfidential.exe [] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.no/ IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: microsoft.com\www.update DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-29 11:36:13 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-1708537768-1682526488-725345543-1004\Software\SecuROM\License information*] "datasecu"=hex:07,fe,f4,03,22,e8,24,a1,e5,08,8f,96,83,b5,57,5b,00,0d,1b,78,66, 44,d7,c4,0d,e5,4e,bb,41,90,3d,af,e7,14,27,5e,5e,8a,dc,b1,51,58,67,c7,8b,48,\ "rkeysecu"=hex:98,f5,ec,0e,05,bb,b6,9d,d3,22,4f,ac,59,b7,5e,56 . Tidspunkt ferdig: 2009-01-29 11:37:40 ComboFix-quarantined-files.txt 2009-01-29 10:37:37 ComboFix2.txt 2009-01-29 09:59:33 ComboFix3.txt 2009-01-29 08:16:57 Pre-Run: 76 923 199 488 byte ledig Post-Run: 76,909,588,480 byte ledig 229 --- E O F --- 2009-01-27 09:54:59 Lenke til kommentar
norbat Skrevet 29. januar 2009 Del Skrevet 29. januar 2009 Da ser det fint ut. Avintaller combofix ved å skrive combofix /u i kjør-feltet (start->kjør) Dette vil også nullstille systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere. Sørg forøvrig at Java, Flash player og Adobe reader er oppdatert i tillegg til Windows. Surt trygt. Lenke til kommentar
Tanner Skrevet 29. januar 2009 Forfatter Del Skrevet 29. januar 2009 Takk skal du ha =) Lenke til kommentar
Tosha0007 Skrevet 29. januar 2009 Del Skrevet 29. januar 2009 Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på -knappen i førsteposten din. Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i. -Surf trygt- Lenke til kommentar
Tanner Skrevet 29. januar 2009 Forfatter Del Skrevet 29. januar 2009 Kan ikke si pc'en har blitt en racer, men jeg har jo fått noen til å lese loggene. Kan vel kanskje kalle det løst. Viss ikke noen har andre tips jeg kan prøve`? Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå