Elefantmesteren Skrevet 21. februar 2009 Del Skrevet 21. februar 2009 jeg har deaktivert norton internet security, men når jeg klikker ok på den "norton internet security blabla må deaktiveres, ellers kan combofix krasje/blabla risiko gjøres på eget ansvar. OK" jeg deaktiverer norton. så kommer det en boks: "kunne ikke døpe om combofix til (ingenting) vennligst... OK" når jeg trykker ok stopper combofix. hvordan får jeg det til å funke? https://www.diskusjon.no/index.php?showtopic=691246 <-- i førstepost klikket jeg på combofix (linken) og trykket "åpne", er det feil å "åpne" ? Lenke til kommentar
norbat Skrevet 21. februar 2009 Del Skrevet 21. februar 2009 (endret) Ja, du skal lagre combofix på skrivebordet og deretter kjøre programmet. - og Norton deaktiverer du før du kjører Combofix. Endret 21. februar 2009 av norbat Lenke til kommentar
Elefantmesteren Skrevet 21. februar 2009 Forfatter Del Skrevet 21. februar 2009 takker har combofix loggen nå: ComboFix 09-02-19.01 - Eier 2009-02-21 17:01:38.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.511.148 [GMT 1:00] Kjører fra: c:\documents and settings\Eier\Skrivebord\ComboFix.exe AV: Norton Internet Security *On-access scanning enabled* (Updated) FW: Norton Internet Security *disabled* FW: Norton Internet Worm Protection *disabled* * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Eier\AUTORUN.INF c:\windows\system32\d3d8caps.dat D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BOONTY_GAMES -------\Service_Boonty Games ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-21 til 2009-02-21 ))))))))))))))))))))))))))))))))) . 2009-02-21 16:02 . 2009-02-21 16:02 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2009-02-21 16:02 . 2009-02-21 16:02 <DIR> d-------- c:\documents and settings\Eier\Programdata\Malwarebytes 2009-02-21 16:02 . 2009-02-21 16:02 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-02-21 16:02 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-21 16:02 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-16 22:19 . 2009-02-16 22:19 <DIR> d-------- C:\Splash 2009-02-16 22:16 . 2009-02-16 22:23 345 --a------ c:\windows\CoDUO.INI 2009-02-16 22:06 . 2009-02-20 14:22 766 --a------ c:\windows\CoD.INI 2009-02-13 17:44 . 2009-02-14 10:34 <DIR> d-------- c:\programfiler\Steam2 2009-02-10 20:29 . 2009-02-10 20:29 <DIR> d-------- c:\documents and settings\NetworkService\Programdata\Xfire 2009-02-05 21:50 . 2009-02-05 21:50 42,320 --a------ c:\windows\system32\xfcodec.dll 2009-02-04 15:39 . 2009-02-04 15:39 <DIR> d-------- c:\programfiler\Slitherine . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-21 15:16 --------- d-----w c:\programfiler\Fellesfiler\Symantec Shared 2009-02-21 10:57 --------- d-----w c:\programfiler\GameSpy Arcade 2009-02-21 10:53 --------- d-----w c:\programfiler\Microsoft Games 2009-02-20 18:09 138,376 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-02-20 17:44 --------- d--h--w c:\programfiler\InstallShield Installation Information 2009-02-20 17:43 --------- d-----w c:\programfiler\Electronic Arts 2009-02-20 17:43 --------- d-----w c:\programfiler\EA GAMES 2009-02-20 14:09 --------- d-----w c:\programfiler\Call of Duty 2009-02-20 09:52 --------- d-----w c:\programfiler\Google 2009-02-17 18:35 --------- d-----w c:\documents and settings\Eier\Programdata\Xfire 2009-02-13 18:20 --------- d-----w c:\programfiler\Norton Internet Security 2009-02-12 07:04 --------- d-s---w c:\programfiler\Xfire 2009-02-04 17:33 --------- d---a-w c:\documents and settings\All Users\Programdata\TEMP 2009-01-31 22:35 --------- d-----w c:\documents and settings\Eier\Programdata\ZoomBrowser EX 2009-01-29 18:22 --------- d-----w c:\programfiler\Opera 2009-01-17 12:29 --------- d-----w c:\programfiler\Levende 2009-01-17 12:17 --------- d-----w c:\programfiler\LEGO Media 2009-01-17 12:17 --------- d-----w c:\programfiler\directx 2009-01-01 20:50 --------- d-----w c:\documents and settings\Eier\Programdata\uTorrent 2008-12-24 19:49 --------- d-----w c:\programfiler\iTunes 2008-12-24 19:49 --------- d-----w c:\documents and settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-24 19:48 --------- d-----w c:\programfiler\iPod 2008-12-24 19:48 --------- d-----w c:\programfiler\Bonjour 2008-12-24 19:48 --------- d-----w c:\documents and settings\All Users\Programdata\Apple Computer 2008-12-24 19:47 --------- d-----w c:\programfiler\QuickTime 2008-12-24 19:45 --------- d-----w c:\programfiler\Apple Software Update 2008-12-24 19:43 --------- d-----w c:\programfiler\Fellesfiler\Apple 2008-12-24 19:43 --------- d-----w c:\documents and settings\All Users\Programdata\Apple 2008-09-01 18:39 30,912 ----a-w c:\documents and settings\Eier\Programdata\GDIPFONTCACHEV1.DAT 2007-10-24 19:50 258 ----a-w c:\documents and settings\Eier\dat.bin . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BackupNotify"="c:\programfiler\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 32768] "swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-09 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "HPHUPD05"="c:\programfiler\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152] "HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328] "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440] "Home Theater SchSvr"="c:\programfiler\Fellesfiler\InterVideo\SchSvr\SchSvr.exe" [2004-03-30 155648] "WINREMOTE"="c:\programfiler\InterVideo\Common\Bin\WinRemote.exe" [2004-05-06 192512] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-02-23 3026944] "CTDVDDET"="c:\programfiler\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "ccApp"="c:\programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-03-01 52840] "SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "ISUSScheduler"="c:\programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-11-20 290088] "CTHelper"="CTHELPER.EXE" [2003-11-14 c:\windows\system32\CTHELPER.EXE] "nwiz"="nwiz.exe" [2004-02-23 c:\windows\system32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "DJSNetCN"="c:\programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe" [2005-11-01 54928] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "StartMS"="c:\programfiler\Creative\Shared Files\Media Sniffer\StartMS.EXE" [2003-03-26 57344] "CMSRegOW.exe"="c:\programfiler\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" [2003-06-16 57344] "SetDefaultMIDI"="MIDIDEF.EXE" [2003-06-21 c:\windows\MIDIDEF.EXE] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ HP Digital Imaging Monitor.lnk - c:\programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 237568] Hurtigstart for Adobe Reader.lnk - c:\programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Logitech Desktop Messenger.lnk - c:\programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-05-06 67128] Logitech SetPoint.lnk - c:\programfiler\Logitech\SetPoint\SetPoint.exe [2008-08-13 805392] Microsoft Office.lnk - c:\programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 c:\programfiler\Fellesfiler\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Nexon\\Common\\NGLC_Nexon.exe"= "c:\\Programfiler\\Nexon\\Common\\NMService.exe"= "c:\\Programfiler\\GameSpy Arcade\\Aphex.exe"= "c:\\Team17\\Worms World Party\\wwp.exe"= "c:\\Programfiler\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\uTorrent\\utorrent.exe"= "c:\\Programfiler\\Opera\\Opera.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2008-03-15 2944] R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;c:\programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe [2006-10-04 100032] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programfiler\Fellesfiler\Symantec Shared\eengine\EraserUtilRebootDrv.sys [2008-09-03 99376] R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2004-01-01 24192] S3 gUSBSTOi;gUSBSTOi;\??\c:\docume~1\Eier\LOKALE~1\Temp\gUSBSTOi.sys --> c:\docume~1\Eier\LOKALE~1\Temp\gUSBSTOi.sys [?] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2008-12-24 32000] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - COMHOST . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-02-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-02-20 c:\windows\Tasks\Norton AntiVirus - Kjør fullstendig systemsøk - Eier.job - c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2007-05-28 11:00] . - - - - TOMME PEKERE FJERNET - - - - HKCU-Run-DisneyCutiesSetup.exe - c:\downlo~1\DISNEY~1.EXE HKLM-Run-PS2 - c:\windows\system32\ps2.exe HKLM-Run-ISUSPM Startup - c:\programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe HKLM-Run-VTTimer - VTTimer.exe Notify-WgaLogon - (no file) . ------- Tilleggsskanning ------- . uStart Page = about:blank uSearch Page = hxxp://www.google.com uDefault_Search_URL = www.overture.com/d/search/p/hp/panel/?mkt=no&Partner=hp_no_pav_desk_panel uSearch Bar = hxxp://www.google.com/ie mSearch Bar = hxxp://www.overture.com/d/search/p/hp/panel/?mkt=no&Partner=hp_no_pav_desk_panel uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-21 17:09:08 Windows 5.1.2600 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(692) c:\programfiler\fellesfiler\logitech\bluetooth\LBTWlgn.dll c:\programfiler\fellesfiler\logitech\bluetooth\LBTServ.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\programfiler\Bonjour\mDNSResponder.exe c:\programfiler\Fellesfiler\Symantec Shared\CCPROXY.EXE c:\programfiler\Fellesfiler\Symantec Shared\CCSETMGR.EXE c:\windows\system32\CTSVCCDA.EXE c:\windows\system32\rundll32.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.exe c:\windows\system32\PnkBstrB.exe c:\programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe c:\programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe c:\programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe c:\windows\system32\MsPMSPSv.exe c:\programfiler\Fellesfiler\Symantec Shared\CCEVTMGR.EXE c:\programfiler\Canon\CAL\CALMAIN.exe c:\programfiler\iPod\bin\iPodService.exe c:\programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE c:\programfiler\Messenger\msmsgs.exe c:\programfiler\Symantec\LiveUpdate\AUPDATE.EXE c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE c:\programfiler\Symantec\LiveUpdate\LuCallbackProxy.exe c:\programfiler\Symantec\LiveUpdate\LuCallbackProxy.exe c:\programfiler\Java\jre1.6.0_05\bin\jucheck.exe c:\programfiler\Symantec\LiveUpdate\LuCallbackProxy.exe c:\programfiler\Symantec\LiveUpdate\LuCallbackProxy.exe c:\programfiler\Symantec\LiveUpdate\LuCallbackProxy.exe c:\programfiler\Symantec\LiveUpdate\LuCallbackProxy.exe c:\programfiler\Symantec\LiveUpdate\LuCallbackProxy.exe c:\programfiler\Symantec\LiveUpdate\LuCallbackProxy.exe . ************************************************************************** . Tidspunkt ferdig: 2009-02-21 17:14:13 - maskinen ble startet på nytt [Eier] ComboFix-quarantined-files.txt 2009-02-21 16:12:53 Pre-Run: 126 510 571 520 byte ledig Post-Run: 133,458,239,488 byte ledig 223 --- E O F --- 2009-02-12 07:21:47 malware loggen: Malwarebytes' Anti-Malware 1.34 Databaseversjon: 1784 Windows 5.1.2600 Service Pack 2 21.02.2009 16:14:33 mbam-log-2009-02-21 (16-14-33).txt Skanntype: Rask Skann Objekter skannet: 73685 Tid tilbakelagt: 10 minute(s), 12 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 3 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully. Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Lenke til kommentar
raWrz Skrevet 21. februar 2009 Del Skrevet 21. februar 2009 Trykk Start - Alle Programmer - Tilbehør - Notisblokk Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken: Driver:: gUSBSTOi Lagre det som CFScript på Skrivebordet Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser. Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang. Post innholdet til ComboFix.txt inn i ditt neste svar på forumet. Lenke til kommentar
Elefantmesteren Skrevet 21. februar 2009 Forfatter Del Skrevet 21. februar 2009 her er det: ComboFix 09-02-19.01 - Eier 2009-02-21 22:42:25.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.511.208 [GMT 1:00] Kjører fra: c:\documents and settings\Eier\Skrivebord\ComboFix.exe Command switches brukt :: c:\documents and settings\Eier\Skrivebord\CFScript.txt AV: Norton Internet Security *On-access scanning enabled* (Updated) FW: Norton Internet Security *enabled* FW: Norton Internet Worm Protection *disabled* * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_GUSBSTOI -------\Service_gUSBSTOi ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-21 til 2009-02-21 ))))))))))))))))))))))))))))))))) . 2009-02-21 16:02 . 2009-02-21 16:02 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2009-02-21 16:02 . 2009-02-21 16:02 <DIR> d-------- c:\documents and settings\Eier\Programdata\Malwarebytes 2009-02-21 16:02 . 2009-02-21 16:02 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-02-21 16:02 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-21 16:02 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-16 22:19 . 2009-02-16 22:19 <DIR> d-------- C:\Splash 2009-02-16 22:16 . 2009-02-16 22:23 345 --a------ c:\windows\CoDUO.INI 2009-02-16 22:06 . 2009-02-20 14:22 766 --a------ c:\windows\CoD.INI 2009-02-13 17:44 . 2009-02-14 10:34 <DIR> d-------- c:\programfiler\Steam2 2009-02-10 20:29 . 2009-02-10 20:29 <DIR> d-------- c:\documents and settings\NetworkService\Programdata\Xfire 2009-02-05 21:50 . 2009-02-05 21:50 42,320 --a------ c:\windows\system32\xfcodec.dll 2009-02-04 15:39 . 2009-02-04 15:39 <DIR> d-------- c:\programfiler\Slitherine . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-21 21:49 --------- d-----w c:\programfiler\Fellesfiler\Symantec Shared 2009-02-21 10:57 --------- d-----w c:\programfiler\GameSpy Arcade 2009-02-21 10:53 --------- d-----w c:\programfiler\Microsoft Games 2009-02-20 18:09 138,376 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-02-20 17:44 --------- d--h--w c:\programfiler\InstallShield Installation Information 2009-02-20 17:43 --------- d-----w c:\programfiler\Electronic Arts 2009-02-20 17:43 --------- d-----w c:\programfiler\EA GAMES 2009-02-20 14:09 --------- d-----w c:\programfiler\Call of Duty 2009-02-20 09:52 --------- d-----w c:\programfiler\Google 2009-02-17 18:35 --------- d-----w c:\documents and settings\Eier\Programdata\Xfire 2009-02-13 18:20 --------- d-----w c:\programfiler\Norton Internet Security 2009-02-12 07:04 --------- d-s---w c:\programfiler\Xfire 2009-02-04 17:33 --------- d---a-w c:\documents and settings\All Users\Programdata\TEMP 2009-01-31 22:35 --------- d-----w c:\documents and settings\Eier\Programdata\ZoomBrowser EX 2009-01-29 18:22 --------- d-----w c:\programfiler\Opera 2009-01-17 12:29 --------- d-----w c:\programfiler\Levende 2009-01-17 12:17 --------- d-----w c:\programfiler\LEGO Media 2009-01-17 12:17 --------- d-----w c:\programfiler\directx 2009-01-01 20:50 --------- d-----w c:\documents and settings\Eier\Programdata\uTorrent 2008-12-24 19:49 --------- d-----w c:\programfiler\iTunes 2008-12-24 19:49 --------- d-----w c:\documents and settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-24 19:48 --------- d-----w c:\programfiler\iPod 2008-12-24 19:48 --------- d-----w c:\programfiler\Bonjour 2008-12-24 19:48 --------- d-----w c:\documents and settings\All Users\Programdata\Apple Computer 2008-12-24 19:47 --------- d-----w c:\programfiler\QuickTime 2008-12-24 19:45 --------- d-----w c:\programfiler\Apple Software Update 2008-12-24 19:43 --------- d-----w c:\programfiler\Fellesfiler\Apple 2008-12-24 19:43 --------- d-----w c:\documents and settings\All Users\Programdata\Apple 2008-09-01 18:39 30,912 ----a-w c:\documents and settings\Eier\Programdata\GDIPFONTCACHEV1.DAT 2007-10-24 19:50 258 ----a-w c:\documents and settings\Eier\dat.bin . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BackupNotify"="c:\programfiler\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 32768] "swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-09 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "HPHUPD05"="c:\programfiler\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152] "HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328] "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440] "Home Theater SchSvr"="c:\programfiler\Fellesfiler\InterVideo\SchSvr\SchSvr.exe" [2004-03-30 155648] "WINREMOTE"="c:\programfiler\InterVideo\Common\Bin\WinRemote.exe" [2004-05-06 192512] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-02-23 3026944] "CTDVDDET"="c:\programfiler\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "ccApp"="c:\programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-03-01 52840] "SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "ISUSScheduler"="c:\programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-11-20 290088] "CTHelper"="CTHELPER.EXE" [2003-11-14 c:\windows\system32\CTHELPER.EXE] "nwiz"="nwiz.exe" [2004-02-23 c:\windows\system32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "DJSNetCN"="c:\programfiler\Fellesfiler\Symantec Shared\DJSNETCN.exe" [2005-11-01 54928] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "StartMS"="c:\programfiler\Creative\Shared Files\Media Sniffer\StartMS.EXE" [2003-03-26 57344] "CMSRegOW.exe"="c:\programfiler\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\CMSRegOW.exe" [2003-06-16 57344] "SetDefaultMIDI"="MIDIDEF.EXE" [2003-06-21 c:\windows\MIDIDEF.EXE] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ HP Digital Imaging Monitor.lnk - c:\programfiler\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 237568] Hurtigstart for Adobe Reader.lnk - c:\programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] Logitech Desktop Messenger.lnk - c:\programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-05-06 67128] Logitech SetPoint.lnk - c:\programfiler\Logitech\SetPoint\SetPoint.exe [2008-08-13 805392] Microsoft Office.lnk - c:\programfiler\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 c:\programfiler\Fellesfiler\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Nexon\\Common\\NGLC_Nexon.exe"= "c:\\Programfiler\\Nexon\\Common\\NMService.exe"= "c:\\Programfiler\\GameSpy Arcade\\Aphex.exe"= "c:\\Team17\\Worms World Party\\wwp.exe"= "c:\\Programfiler\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\uTorrent\\utorrent.exe"= "c:\\Programfiler\\Opera\\Opera.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2008-03-15 2944] R2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;c:\programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe [2006-10-04 100032] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programfiler\Fellesfiler\Symantec Shared\eengine\EraserUtilRebootDrv.sys [2008-09-03 99376] R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2004-01-01 24192] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2008-12-24 32000] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - COMHOST . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-02-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-02-20 c:\windows\Tasks\Norton AntiVirus - Kjør fullstendig systemsøk - Eier.job - c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2007-05-28 11:00] . . ------- Tilleggsskanning ------- . uStart Page = about:blank uSearch Page = hxxp://www.google.com uDefault_Search_URL = www.overture.com/d/search/p/hp/panel/?mkt=no&Partner=hp_no_pav_desk_panel uSearch Bar = hxxp://www.google.com/ie mSearch Bar = hxxp://www.overture.com/d/search/p/hp/panel/?mkt=no&Partner=hp_no_pav_desk_panel uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-21 22:52:49 Windows 5.1.2600 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(692) c:\programfiler\fellesfiler\logitech\bluetooth\LBTWlgn.dll c:\programfiler\fellesfiler\logitech\bluetooth\LBTServ.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\system32\rundll32.exe c:\programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.exe c:\programfiler\Bonjour\mDNSResponder.exe c:\programfiler\Fellesfiler\Symantec Shared\CCPROXY.EXE c:\programfiler\Fellesfiler\Symantec Shared\CCSETMGR.EXE c:\windows\system32\CTSVCCDA.EXE c:\programfiler\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\PnkBstrB.exe c:\programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe c:\programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe c:\programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe c:\windows\system32\MsPMSPSv.exe c:\programfiler\Fellesfiler\Symantec Shared\CCEVTMGR.EXE c:\programfiler\Canon\CAL\CALMAIN.exe c:\programfiler\iPod\bin\iPodService.exe c:\programfiler\Fellesfiler\Symantec Shared\Security Console\NSCSRVCE.EXE c:\programfiler\Java\jre1.6.0_05\bin\jucheck.exe c:\programfiler\Symantec\LiveUpdate\AUPDATE.EXE c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE c:\programfiler\Symantec\LiveUpdate\LuCallbackProxy.exe c:\programfiler\Messenger\msmsgs.exe . ************************************************************************** . Tidspunkt ferdig: 2009-02-21 23:00:44 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-02-21 21:59:34 ComboFix2.txt 2009-02-21 16:14:16 Pre-Run: 133 492 916 224 byte ledig Post-Run: 133,506,113,536 byte ledig 211 --- E O F --- 2009-02-12 07:21:47 Lenke til kommentar
norbat Skrevet 21. februar 2009 Del Skrevet 21. februar 2009 Ser greit ut. Fungerer alt ok eller er det noe som gjør at du mistenker badware? Lenke til kommentar
Elefantmesteren Skrevet 22. februar 2009 Forfatter Del Skrevet 22. februar 2009 tok et nytt norton fullt systemsøk, og den trojanske hesten var der fremdeles, før jeg kjørte combofix med CFScript. men, mens jeg holdt på med combofix den siste gangen kom norton med en pop-up og sa at et virus var oppdaget og fjernet :/ var det muligens trojaneren? får vel bare ta et nytt systemsøk da. Lenke til kommentar
norbat Skrevet 22. februar 2009 Del Skrevet 22. februar 2009 Husker du hva og hvor Norton fant trojaneren? Lenke til kommentar
Elefantmesteren Skrevet 22. februar 2009 Forfatter Del Skrevet 22. februar 2009 (endret) nei, det sto ikke noe sånt :/ Endret 22. februar 2009 av Canon-fotografen Lenke til kommentar
norbat Skrevet 22. februar 2009 Del Skrevet 22. februar 2009 Regner med at probl. er borte, men det skader ikke å kjøre en skann med Norton igjen. Du bør fjerne combofix ved å skrive combofix /u i kjør-feltet (start->kjør). Dette vil også nullstille systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå