HeatSeeKinG Skrevet 22. februar 2009 Del Skrevet 22. februar 2009 Først må jeg starte me å si at dere "antivir_support_guys" gjør en fortreffelig jobb her inne! Uansett, jeg kjører Norton antivir og spybot S&D på familie pc'en vår. Det er lenge siden jeg har vært innpå, men har ikke merket noe til virus/trojaner etc, men uansett er det 6mnd siden sist noen så skikkelig over den, så det er på tide med en ny runde:) dessuten frykter jeg at det var noe dritt med i det siste programmet jeg lastet ned. Post combofix-loggen her: ComboFix 09-02-21.01 - bruker 2009-02-22 22:52:19.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.2014.1158 [GMT 1:00] Kjører fra: c:\documents and settings\bruker\Skrivebord\ComboFix.exe AV: Norton AntiVirus *On-access scanning enabled* (Updated) FW: Norton AntiVirus *enabled* * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-22 til 2009-02-22 ))))))))))))))))))))))))))))))))) . 2009-02-22 22:28 . 2009-02-22 22:28 <DIR> d-------- c:\programfiler\Spybot - Search & Destroy 2009-02-22 22:28 . 2009-02-22 22:46 <DIR> d-------- c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy 2009-02-22 20:18 . 2004-08-18 09:34 442,368 -ra------ c:\windows\system32\vp6vfw.dll 2009-02-22 20:15 . 2009-02-22 20:15 <DIR> d-------- c:\programfiler\MagicDisc 2009-02-22 20:15 . 2008-07-28 17:19 116,736 --a------ c:\windows\system32\drivers\mcdbus.sys 2009-02-22 20:11 . 2009-02-22 20:11 <DIR> d-------- c:\programfiler\MagicISO 2009-02-13 17:44 . 2009-02-13 17:44 244 --ah----- C:\sqmnoopt07.sqm 2009-02-13 17:44 . 2009-02-13 17:44 232 --ah----- C:\sqmdata07.sqm 2009-02-13 00:54 . 2009-02-13 00:54 <DIR> d-------- c:\documents and settings\bruker\Programdata\OpenOffice.org 2009-02-13 00:52 . 2009-02-13 00:52 <DIR> d-------- c:\programfiler\OpenOffice.org 3 2009-02-11 18:01 . 2009-02-11 18:01 <DIR> d-------- c:\windows\SQL9_KB960089_ENU . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-22 21:31 --------- d-----w c:\documents and settings\bruker\Programdata\uTorrent 2009-02-22 20:46 --------- d-----w c:\programfiler\EA GAMES 2009-02-22 07:58 --------- d-----w c:\documents and settings\bruker\Programdata\Spotify 2009-02-21 23:09 --------- d-----w c:\programfiler\Apophysis 2.0 2009-02-21 14:44 --------- d-----w c:\programfiler\Fellesfiler\Symantec Shared 2009-02-20 22:55 --------- d-----w c:\programfiler\Fellesfiler\Adobe 2009-02-15 15:12 --------- d-----w c:\programfiler\Steam 2009-02-11 17:13 --------- d-----w c:\programfiler\Norton AntiVirus 2009-02-11 17:04 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help 2009-02-11 17:02 --------- d-----w c:\programfiler\Microsoft SQL Server 2009-01-29 16:10 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF 2009-01-29 16:10 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS 2009-01-29 16:10 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT 2009-01-29 16:10 --------- d-----w c:\programfiler\Symantec 2009-01-29 16:04 --------- d-----w c:\documents and settings\All Users\Programdata\Symantec 2009-01-21 14:09 --------- d-----w c:\programfiler\Spotify 2009-01-17 11:31 --------- d-----w c:\programfiler\Lenovo 2009-01-17 11:31 --------- d-----w c:\programfiler\Fellesfiler\Lenovo 2008-08-15 11:49 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008081520080816\index.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "WMPNSCFG"="c:\programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-12-06 200704] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-12-06 208896] "SynTPLpr"="c:\programfiler\Synaptics\SynTP\SynTPLpr.exe" [2007-08-11 110592] "SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2007-08-11 512000] "TPFNF7"="c:\programfiler\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-11-29 59168] "TPHOTKEY"="c:\programfiler\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248] "SoundMAXPnP"="c:\programfiler\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-10 8495104] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-10 81920] "TVT Scheduler Proxy"="c:\programfiler\Fellesfiler\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940] "ISUSPM Startup"="c:\progra~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "AwaySch"="c:\programfiler\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688] "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 120368] "AMSG"="c:\programfiler\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376] "DiskeeperSystray"="c:\programfiler\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696] "ACTray"="c:\programfiler\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 413696] "ACWLIcon"="c:\programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 126976] "cssauth"="c:\programfiler\Lenovo\Client Security Solution\cssauth.exe" [2007-08-03 2630968] "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984] "ccApp"="c:\programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2008-10-17 51048] "osCheck"="c:\programfiler\Norton AntiVirus\osCheck.exe" [2007-08-24 714608] "TpShocks"="TpShocks.exe" [2007-11-22 c:\windows\system32\TpShocks.exe] "nwiz"="nwiz.exe" [2007-12-10 c:\windows\system32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 c:\programfiler\Fellesfiler\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2007-03-14 21:17 89600 c:\windows\system32\psqlpwd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2006-09-06 08:37 34344 c:\programfiler\Lenovo\HOTKEY\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2006-12-14 03:06 28672 c:\programfiler\Lenovo\HOTKEY\tphklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify] 2007-07-05 13:52 32768 c:\programfiler\ThinkPad\ConnectUtilities\ACNotify.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli ACGina psqlpwd [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^BTTray.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\BTTray.lnk backup=c:\windows\pss\BTTray.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Hurtigstart for Adobe Reader.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Hurtigstart for Adobe Reader.lnk backup=c:\windows\pss\Hurtigstart for Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Logitech SetPoint.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Windows Search.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^bruker^Start-meny^Programmer^Oppstart^Deer Hunter 2005 Registration.lnk] path=c:\documents and settings\bruker\Start-meny\Programmer\Oppstart\Deer Hunter 2005 Registration.lnk backup=c:\windows\pss\Deer Hunter 2005 Registration.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^bruker^Start-meny^Programmer^Oppstart^MagicDisc.lnk] path=c:\documents and settings\bruker\Start-meny\Programmer\Oppstart\MagicDisc.lnk backup=c:\windows\pss\MagicDisc.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^bruker^Start-meny^Programmer^Oppstart^OpenOffice.org 3.0.lnk] path=c:\documents and settings\bruker\Start-meny\Programmer\Oppstart\OpenOffice.org 3.0.lnk backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 c:\programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] --a------ 2008-07-22 19:42 116040 c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-08-08 13:11 490952 c:\programfiler\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --------- 2004-07-27 15:50 81920 c:\programfiler\Fellesfiler\Installshield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-07-30 09:47 289064 c:\programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2008-04-14 17:23 1695232 c:\programfiler\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 11:54 5674352 c:\programfiler\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-05-27 09:50 413696 c:\programfiler\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2009-01-26 15:31 2144088 c:\programfiler\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-10-17 14:53 1410296 c:\programfiler\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --------- 2005-11-10 12:03 36975 c:\programfiler\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --------- 2006-11-15 09:46 204288 c:\programfiler\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] --a------ 2008-02-29 02:12 76304 c:\windows\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "c:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "c:\\Programfiler\\MSN Messenger\\livecall.exe"= "c:\\Programfiler\\Vuze\\Azureus.exe"= "c:\\Programfiler\\Steam\\steamapps\\fredrikmel\\counter-strike source\\hl2.exe"= "c:\\Programfiler\\Steam\\steamapps\\fredrikmel\\counter-strike\\hl.exe"= "c:\\Programfiler\\Steam\\steamapps\\fredrikmel\\day of defeat source\\hl2.exe"= "c:\\Programfiler\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.0.game"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\Programfiler\\Spotify\\spotify.exe"= "c:\\Programfiler\\Steam\\steamapps\\fredrikmel\\condition zero\\hl.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "52280:TCP"= 52280:TCP:utorrent port R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2007-10-16 103472] R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-10-16 19504] R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2008-08-06 11520] R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2008-08-06 4224] R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2008-08-06 4442] R2 BcmSqlStartupSvc;Oppstartstjeneste for Business Contact Manager SQL Server;c:\programfiler\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312] R2 LiveUpdate Notice;LiveUpdate Notice;c:\programfiler\Fellesfiler\Symantec Shared\CCSVCHST.EXE [2007-08-24 149352] R2 smihlp;SMI Helper Driver (smihlp);c:\programfiler\Fellesfiler\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-03-14 11152] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\programfiler\Lenovo\Rescue and Recovery\rrpservice.exe [2007-02-08 569344] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-27 99376] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-05-22 30336] S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;c:\programfiler\Symantec\LiveUpdate\AluSchedulerSvc.exe [2007-08-23 243064] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-05-29 23888] S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-12-18 29181272] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2008-08-28 32000] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45a3f316-7fe5-11dd-88c6-00215c5143fd}] \Shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{974ee66f-0117-11de-8924-00215c5143fd}] \Shell\AutoRun\command - G:\Setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{974ee670-0117-11de-8924-00215c5143fd}] \Shell\AutoRun\command - H:\RunGame.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{974ee671-0117-11de-8924-00215c5143fd}] \Shell\AutoRun\command - I:\RunGame.exe . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-02-17 c:\windows\Tasks\Norton AntiVirus - Kjør full systemskanning - bruker.job - c:\programfiler\Norton AntiVirus\Navw32.exe [2007-08-26 18:19] 2009-02-22 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-12-06 17:22] 2009-02-22 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job - c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 14:54] . - - - - TOMME PEKERE FJERNET - - - - MSConfigStartUp-AdobeUpdater - c:\programfiler\Fellesfiler\Adobe\Updater5\AdobeUpdater.exe MSConfigStartUp-UnlockerAssistant - c:\programfiler\Unlocker\UnlockerAssistant.exe . ------- Tilleggsskanning ------- . uStart Page = hxxp://lenovo.live.com uInternet Settings,ProxyOverride = *.local IE: &Windows Live Search - c:\programfiler\Windows Live Toolbar\msntb.dll/search.htm IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send til &Bluetooth-enhet... - c:\programfiler\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\bruker\Programdata\Mozilla\Firefox\Profiles\7bz7gsbl.default\ FF - plugin: c:\programfiler\Java\jre1.5.0_06\bin\NPJava11.dll FF - plugin: c:\programfiler\Java\jre1.5.0_06\bin\NPJava12.dll FF - plugin: c:\programfiler\Java\jre1.5.0_06\bin\NPJava13.dll FF - plugin: c:\programfiler\Java\jre1.5.0_06\bin\NPJava14.dll FF - plugin: c:\programfiler\Java\jre1.5.0_06\bin\NPJava32.dll FF - plugin: c:\programfiler\Java\jre1.5.0_06\bin\NPJPI150_06.dll FF - plugin: c:\programfiler\Java\jre1.5.0_06\bin\NPOJI610.dll ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-22 22:58:42 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-469358549-1026899463-3026831977-1008\Software\SecuROM\License information*] "datasecu"=hex:b1,8b,1c,6b,1b,c8,cb,2f,c6,97,f7,4e,be,d9,82,ad,00,11,c8,87,b8, c9,48,ad,25,0b,b3,7c,47,d9,77,de,0e,63,fa,cb,8e,74,ca,3d,33,f3,5d,a2,86,ab,\ "rkeysecu"=hex:0f,bf,08,50,80,88,98,1c,e7,32,37,aa,40,5f,4e,c9 . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(1372) c:\programfiler\ThinkPad\ConnectUtilities\ACNotify.dll c:\programfiler\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\programfiler\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\programfiler\ThinkPad\ConnectUtilities\ACHelper.dll c:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll c:\windows\system32\psqlpwd.dll c:\programfiler\fellesfiler\logishrd\bluetooth\LBTServ.dll c:\programfiler\ThinkVantage Fingerprint Software\homefus2.dll c:\programfiler\ThinkVantage Fingerprint Software\infra.dll c:\programfiler\ThinkVantage Fingerprint Software\homepass.dll c:\programfiler\ThinkVantage Fingerprint Software\bio.dll c:\programfiler\ThinkVantage Fingerprint Software\ps2css.dll c:\programfiler\ThinkVantage Fingerprint Software\pscssint.dll c:\programfiler\ThinkVantage Fingerprint Software\remote.dll c:\programfiler\Lenovo\HOTKEY\tphklock.dll c:\programfiler\ThinkVantage Fingerprint Software\basegui.dll c:\programfiler\ThinkVantage Fingerprint Software\crypto.dll c:\programfiler\ThinkVantage Fingerprint Software\biokmd.dll c:\programfiler\ThinkVantage Fingerprint Software\tpmkey.dll c:\programfiler\ThinkVantage Fingerprint Software\ibmcore.dll c:\programfiler\Bonjour\mdnsNSP.dll - - - - - - - > 'lsass.exe'(1432) c:\programfiler\ThinkPad\ConnectUtilities\ACGina.dll c:\programfiler\ThinkPad\ConnectUtilities\ACHelper.dll c:\programfiler\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\programfiler\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\programfiler\ThinkPad\ConnectUtilities\ACON.dll c:\programfiler\ThinkPad\ConnectUtilities\AcPrfMgr.dll c:\programfiler\ThinkPad\ConnectUtilities\AcCryptHlpr.dll c:\programfiler\ThinkPad\ConnectUtilities\ACTurinSupport.dll c:\programfiler\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll c:\programfiler\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll c:\windows\system32\psqlpwd.dll c:\programfiler\ThinkVantage Fingerprint Software\homefus2.dll c:\programfiler\ThinkVantage Fingerprint Software\infra.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\programfiler\ThinkPad\Bluetooth Software\bin\btwdins.exe c:\programfiler\Intel\Wireless\Bin\S24EvMon.exe c:\windows\system32\IPSSVC.EXE c:\programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\programfiler\Bonjour\mDNSResponder.exe c:\programfiler\Diskeeper Corporation\Diskeeper\DkService.exe c:\programfiler\Intel\Wireless\Bin\EvtEng.exe c:\programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe c:\programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\mdm.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\programfiler\Intel\Wireless\Bin\RegSrvc.exe c:\programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\programfiler\Fellesfiler\Lenovo\tvt_reg_monitor_svc.exe c:\windows\system32\TPHDEXLG.exe c:\programfiler\Lenovo\Client Security Solution\tvttcsd.exe c:\programfiler\Lenovo\Rescue and Recovery\rrservice.exe c:\programfiler\Fellesfiler\Lenovo\Scheduler\tvtsched.exe c:\programfiler\Lenovo\Rescue and Recovery\ADM\IUService.exe c:\windows\system32\searchindexer.exe c:\programfiler\Fellesfiler\Lenovo\Logger\logmon.exe c:\programfiler\ThinkPad\ConnectUtilities\AcSvc.exe c:\programfiler\Lenovo\System Update\SUService.exe c:\programfiler\Windows Media Player\wmpnetwk.exe c:\windows\system32\wbem\wmiapsrv.exe c:\programfiler\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe c:\windows\system32\searchprotocolhost.exe c:\windows\system32\rundll32.exe c:\programfiler\Lenovo\HOTKEY\TPONSCR.exe c:\programfiler\Lenovo\ZOOM\TpScrex.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\programfiler\Intel\Wireless\Bin\Dot1XCfg.exe c:\progra~1\FELLES~1\SYMANT~1\CCPD-LC\symlcsvc.exe c:\windows\system32\searchfilterhost.exe . ************************************************************************** . Tidspunkt ferdig: 2009-02-22 23:02:32 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-02-22 22:02:28 Pre-Run: 4 942 536 704 byte ledig Post-Run: 5,529,219,072 byte ledig WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 338 --- E O F --- 2009-02-11 17:06:41 Takker for all hjelp på forhånd. Jeg har faktisk tenkt meg å lære dette selv, etter som jeg driver litt "pc" på fritiden. Jeg har vel brukt ekstremt lang tid på å lære meg hvordan websider er bygget opp, en del kryptering, og ikke minst sikkerhet på nettet. Har tilbrakt noen timer hos W3schools, hackthissite etc. Har dere noen fornemmelse om hvor lang tid jeg ville brukt på å lære meg å tolke logger? Jeg er ikke så veldig flinkmed software o.l. Nærmeste jeg kommer er msconfig:P Uansett håper noen kan friskmelde pc'en Lenke til kommentar
norbat Skrevet 22. februar 2009 Del Skrevet 22. februar 2009 Ikke noe malware å se i loggen Lenke til kommentar
HeatSeeKinG Skrevet 22. februar 2009 Forfatter Del Skrevet 22. februar 2009 (endret) Ikke noe malware å se i loggen Det var utrolig godt å høre:) Når sant skal sies, så er jeg ikke veldig inni combofix og virus, men hadde den oppdaget trojanere/ormer/virus og resten av driten og? Edit: hvis jeg googler malware finner jeg nok ut av hva det innebærer:) og en stor takk til wikipedia: Malware kommer av de engelske ordene Malicious Software og er en fellesbetegnelse på ondsinnet programvare. Eksempler på malware er datavirus, ormer, trojanere, spyware, adware, backdoors, spam, phishing, pharming, DDoS og keyloggere. Endret 22. februar 2009 av HeatSeeKinG Lenke til kommentar
norbat Skrevet 22. februar 2009 Del Skrevet 22. februar 2009 Combofix er ikke et helt vanlig antimalwareprogram, og bør ikke brukes sånn uten videre. Framfor Spybot, ville jeg heller ha valgt Malwarebytes Anti-Malware. Dette er også et gratisprogram (du må oppdatere og skanne manuelt). Last ned Malwarebytes Anti-Malware til skrivebordet. Kjør og installer programmet. Velg Norsk-språk La programmet oppdatere seg og velg å kjør en 'hurtig systemskann', klikk Skann. Det kommer en meldingsboks om at scannen er ferdig, klikk Ok Klikk på Vis resultat-knappen.Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgte -knappen for å fjerne malwaren som evt. ble funnet. Det vil deretter åpnes en logg i notisblokk som forteller hva den evt. fjernet. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå