kleveng1 Skrevet 16. mars 2009 Del Skrevet 16. mars 2009 (endret) jeg har ett problem, jeg spiller Counter strike og vær gang jeg skal spille en ny bane stopper den å virke så jeg må på oppgavebehandling og stoppe prosessen, og etter jeg har lukket Counter Strike kommer den stygge CID reklamen, jeg har prøvd å scanne med malware scanner men funker ikke , kan noen hjelpe meg?? Endret 16. mars 2009 av kleveng1 Lenke til kommentar
norbat Skrevet 16. mars 2009 Del Skrevet 16. mars 2009 Har du kjørt combofix? Hvis, post loggen. Lenke til kommentar
kleveng1 Skrevet 16. mars 2009 Forfatter Del Skrevet 16. mars 2009 Har du kjørt combofix?Hvis, post loggen. her min Log: ComboFix 09-03-14.02 - Lars Erik 2009-03-16 21:10:34.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3066.1646 [GMT 1:00] Kjører fra: c:\users\Lars Erik\Downloads\ComboFix.exe AV: AVG Anti-Virus *On-access scanning enabled* (Updated) . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-02-16 til 2009-03-16 ))))))))))))))))))))))))))))))))) . 2009-03-16 10:34 . 2009-03-16 10:34 <DIR> d----c--- c:\windows\System32\DRVSTORE 2009-03-16 10:34 . 2009-03-16 10:34 <DIR> d-------- c:\users\Lars Erik\AppData\Roaming\Apple Computer 2009-03-16 10:34 . 2009-03-16 10:34 <DIR> d-------- c:\users\All Users\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-16 10:34 . 2009-03-16 10:34 <DIR> d-------- c:\programdata\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-16 10:34 . 2009-03-16 10:34 <DIR> d-------- c:\program files\iTunes 2009-03-16 10:34 . 2009-03-16 10:34 <DIR> d-------- c:\program files\iPod 2009-03-16 10:34 . 2008-04-17 12:12 107,368 --a------ c:\windows\System32\GEARAspi.dll 2009-03-16 10:34 . 2009-01-15 12:19 23,848 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys 2009-03-16 10:33 . 2009-03-16 10:33 <DIR> d-------- c:\program files\Bonjour 2009-03-16 10:32 . 2009-03-16 10:34 <DIR> d-------- c:\users\All Users\Apple Computer 2009-03-16 10:32 . 2009-03-16 10:34 <DIR> d-------- c:\programdata\Apple Computer 2009-03-16 10:32 . 2009-03-16 10:33 <DIR> d-------- c:\program files\QuickTime 2009-03-16 10:32 . 2009-03-16 10:32 <DIR> d-------- c:\program files\Apple Software Update 2009-03-16 10:31 . 2009-03-16 10:31 <DIR> d-------- c:\users\All Users\Apple 2009-03-16 10:31 . 2009-03-16 10:31 <DIR> d-------- c:\programdata\Apple 2009-03-16 10:31 . 2009-03-16 10:34 <DIR> d-------- c:\program files\Common Files\Apple 2009-03-16 06:09 . 2008-01-21 03:24 333,203 -rahs---- C:\bootmgr 2009-03-16 05:52 . 2009-03-16 06:09 <DIR> d--hs---- C:\Boot 2009-03-15 22:41 . 2009-03-15 22:41 <DIR> d-------- c:\users\Lars Erik\AppData\Roaming\Malwarebytes 2009-03-15 22:41 . 2009-03-15 22:41 <DIR> d-------- c:\users\All Users\Malwarebytes 2009-03-15 22:41 . 2009-03-15 22:41 <DIR> d-------- c:\programdata\Malwarebytes 2009-03-15 22:41 . 2009-03-15 22:41 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-15 22:41 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2009-03-15 22:41 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2009-03-15 22:10 . 2009-03-15 22:12 <DIR> d-------- c:\program files\Counter-Strike 1.6 2009-03-15 00:33 . 2009-03-15 00:33 <DIR> d-------- c:\program files\File Shredder 2009-03-13 22:37 . 2009-03-13 22:38 <DIR> d-------- c:\program files\Windows Live Safety Center 2009-03-11 20:50 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys 2009-03-11 20:50 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll 2009-03-08 17:15 . 2009-03-08 17:15 <DIR> d-------- c:\program files\Microsoft Silverlight 2009-03-08 17:14 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL 2009-03-08 17:14 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll 2009-03-08 17:14 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx 2009-03-08 17:14 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll 2009-03-08 09:21 . 2009-03-08 09:21 <DIR> d-------- c:\users\Lars Erik\AppData\Roaming\Publish Providers 2009-03-08 09:20 . 2009-03-08 09:20 <DIR> d-------- c:\users\All Users\TEMP 2009-03-08 09:20 . 2009-03-08 09:20 <DIR> d-------- c:\programdata\TEMP 2009-03-08 09:01 . 2009-03-08 09:20 <DIR> d-------- c:\users\Lars Erik\AppData\Roaming\Sony 2009-03-08 08:55 . 2009-03-10 22:25 <DIR> d-------- c:\program files\Microsoft SQL Server 2009-03-08 08:46 . 2009-03-08 09:00 <DIR> d-------- c:\users\All Users\Sony 2009-03-08 08:46 . 2009-03-08 09:00 <DIR> d-------- c:\programdata\Sony 2009-03-08 08:46 . 2009-03-08 08:46 <DIR> d-------- c:\program files\Vstplugins 2009-03-08 08:46 . 2009-03-08 08:46 <DIR> d-------- c:\program files\Sony 2009-03-08 08:45 . 2009-03-08 08:54 <DIR> d-------- c:\program files\Sony Setup 2009-03-07 19:41 . 2009-03-07 19:41 <DIR> d-------- c:\program files\Codec Pack Ultimate 2009-03-07 17:22 . 2009-03-07 17:22 <DIR> d-------- c:\program files\PROnetworks 2009-03-06 21:25 . 2009-03-06 21:25 <DIR> d-------- c:\users\Lars Erik\AppData\Roaming\DAEMON Tools Pro 2009-03-06 21:25 . 2009-03-06 21:25 <DIR> d-------- c:\users\Lars Erik\AppData\Roaming\DAEMON Tools 2009-03-04 16:10 . 2009-03-04 16:10 <DIR> d-------- c:\users\All Users\BVRP Software 2009-03-04 16:10 . 2009-03-04 16:10 <DIR> d-------- c:\programdata\BVRP Software 2009-03-04 15:42 . 2009-03-04 15:42 <DIR> d-------- c:\users\All Users\Sony Ericsson 2009-03-04 15:42 . 2009-03-04 15:42 <DIR> d-------- c:\programdata\Sony Ericsson 2009-03-04 15:42 . 2009-03-09 09:43 <DIR> d-------- c:\program files\Sony Ericsson 2009-03-03 23:51 . 2008-09-03 04:59 468,992 --a------ c:\windows\System32\newdev.dll 2009-03-03 23:51 . 2008-09-03 04:58 74,752 --a------ c:\windows\System32\newdev.exe 2009-03-03 23:31 . 2008-05-10 04:35 885,248 --a------ c:\windows\System32\RacEngn.dll 2009-03-03 23:31 . 2008-05-09 23:22 9,127 --a------ c:\windows\System32\RacUR.xml 2009-03-03 23:31 . 2008-05-09 23:22 153 --a------ c:\windows\System32\RacUREx.xml 2009-03-03 23:27 . 2009-03-03 23:27 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2009-03-02 09:11 . 2009-03-02 09:11 <DIR> d-------- c:\program files\WinPcap 2009-03-02 00:49 . 2008-02-29 15:13 1,202,560 --a------ c:\windows\System32\drivers\AGRSM.sys 2009-03-02 00:49 . 2008-03-18 11:36 54,824 --------- c:\windows\System32\agrsmdel.exe 2009-03-02 00:49 . 2008-03-18 11:36 54,824 --a------ c:\windows\agrsmdel.exe 2009-03-02 00:49 . 2008-03-18 11:27 13,312 --a------ c:\windows\System32\agrsmsvc.exe 2009-03-02 00:49 . 2007-12-11 11:40 13,312 --------- c:\windows\System32\agrscoin.dll 2009-03-01 23:08 . 2009-03-01 23:08 <DIR> d-------- c:\users\Lars Erik\AppData\Roaming\ImgBurn 2009-03-01 22:47 . 2009-03-01 22:47 <DIR> d-------- c:\program files\HyCam2 2009-03-01 19:07 . 2009-03-01 19:07 <DIR> d-------- c:\program files\PowerISO 2009-03-01 01:37 . 2006-10-26 19:56 32,592 --a------ c:\windows\System32\msonpmon.dll 2009-03-01 01:35 . 2009-03-01 01:35 <DIR> d-------- c:\program files\Microsoft Works 2009-03-01 01:34 . 2009-03-08 08:56 <DIR> d-------- c:\program files\Microsoft.NET 2009-03-01 01:32 . 2009-03-01 01:32 <DIR> d-------- c:\program files\Microsoft Visual Studio 8 2009-03-01 01:31 . 2009-03-12 07:11 <DIR> d-------- c:\users\All Users\Microsoft Help 2009-03-01 01:31 . 2009-03-12 07:11 <DIR> d-------- c:\programdata\Microsoft Help 2009-03-01 01:29 . 2009-03-01 01:29 <DIR> dr-h----- C:\MSOCache 2009-03-01 00:55 . 2009-03-16 16:37 <DIR> d-------- c:\program files\Cain 2009-02-28 21:31 . 2009-03-15 20:02 <DIR> d-------- c:\users\All Users\Google 2009-02-28 21:31 . 2009-03-15 20:02 <DIR> d-------- c:\program files\Google 2009-02-28 11:21 . 2009-03-16 20:23 32,251 --a------ c:\users\All Users\nvModes.dat 2009-02-28 11:21 . 2009-03-16 20:23 32,251 --a------ c:\programdata\nvModes.dat 2009-02-28 11:13 . 2009-02-28 11:13 <DIR> d-------- c:\users\All Users\NVIDIA 2009-02-28 11:13 . 2009-02-28 11:13 <DIR> d-------- c:\programdata\NVIDIA 2009-02-28 11:10 . 2009-02-28 11:10 <DIR> d-------- c:\windows\System32\AGEIA 2009-02-28 11:10 . 2009-02-28 11:10 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2009-02-28 11:10 . 2009-02-28 11:10 <DIR> d-------- c:\program files\AGEIA Technologies 2009-02-28 11:10 . 2009-02-09 13:18 801,312 --a------ c:\windows\System32\nvcplui.exe 2009-02-28 11:10 . 2009-02-09 13:18 420,384 --a------ c:\windows\System32\nvcpl.cpl 2009-02-28 02:22 . 2009-03-16 06:06 <DIR> d-------- c:\users\All Users\Okay meta anti lite 2009-02-28 02:22 . 2009-03-16 06:06 <DIR> d-------- c:\programdata\Okay meta anti lite 2009-02-28 02:22 . 2009-03-16 12:04 <DIR> d--h----- C:\$AVG8.VAULT$ 2009-02-28 02:21 . 2009-02-28 02:22 <DIR> d-------- c:\users\All Users\Mfcd 1 2009-02-28 02:21 . 2009-02-28 02:22 <DIR> d-------- c:\programdata\Mfcd 1 2009-02-28 02:11 . 2009-02-27 17:18 <DIR> d-------- c:\windows\Panther 2009-02-28 02:05 . 2009-02-28 02:05 <DIR> d-------- c:\program files\Common Files\Adobe 2009-02-28 02:03 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe 2009-02-28 01:54 . 2009-02-28 01:54 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf 2009-02-28 01:53 . 2009-02-28 01:53 <DIR> d-------- c:\program files\Synaptics 2009-02-28 01:53 . 2006-03-09 09:58 1,060,424 --a------ c:\windows\System32\WdfCoInstaller01000.dll 2009-02-28 01:53 . 2008-02-22 11:50 198,064 --a------ c:\windows\System32\drivers\SynTP.sys 2009-02-28 01:53 . 2008-02-22 10:58 196,608 --a------ c:\windows\System32\SynCtrl.dll 2009-02-28 01:53 . 2008-02-22 10:57 163,840 --a------ c:\windows\System32\SynCOM.dll 2009-02-28 01:53 . 2008-02-22 11:11 147,456 --a------ c:\windows\System32\SynTPAPI.dll 2009-02-28 01:53 . 2008-02-22 11:49 110,592 --a------ c:\windows\System32\SynTPCo4.dll 2009-02-28 01:46 . 2008-02-25 16:28 238,080 --a------ c:\windows\System32\ITEIO_64.dll 2009-02-28 01:46 . 2008-02-25 16:29 14,544 --a------ c:\windows\System32\drivers\TVicPort.sys 2009-02-28 01:46 . 2008-02-25 16:29 6,080 --a------ c:\windows\System32\drivers\zntport.sys 2009-02-28 01:41 . 2008-04-23 15:58 204,800 --a------ c:\windows\System32\SysHook.dll 2009-02-28 01:24 . 2009-03-16 17:18 <DIR> d-------- c:\program files\Common Files\InstallShield 2009-02-28 01:17 . 2009-02-28 01:17 <DIR> d-------- c:\program files\Acer 2009-02-28 01:17 . 2008-03-21 13:21 487,424 --a------ c:\windows\System32\INT15.dll 2009-02-28 01:17 . 2008-03-21 10:48 17,952 --a------ c:\windows\System32\drivers\int15_64.sys 2009-02-28 01:17 . 2008-03-21 10:48 15,392 --a------ c:\windows\System32\drivers\int15.sys 2009-02-28 00:56 . 2009-03-16 16:07 <DIR> d-------- c:\users\Lars Erik\Incomplete 2009-02-28 00:54 . 2009-03-15 02:15 <DIR> d-------- c:\users\Lars Erik\AppData\Roaming\FrostWire 2009-02-28 00:53 . 2009-02-28 00:54 <DIR> d-------- c:\program files\FrostWire 2009-02-28 00:48 . 2009-02-28 00:47 410,984 --a------ c:\windows\System32\deploytk.dll 2009-02-28 00:42 . 2009-03-16 16:09 <DIR> d-------- c:\users\Lars Erik\Tracing 2009-02-28 00:41 . 2009-02-28 00:41 <DIR> d-------- c:\users\All Users\DAEMON Tools Lite 2009-02-28 00:41 . 2009-02-28 00:41 <DIR> d-------- c:\programdata\DAEMON Tools Lite 2009-02-28 00:41 . 2009-02-28 20:25 <DIR> d-------- c:\program files\DAEMON Tools Toolbar 2009-02-28 00:41 . 2009-02-28 00:41 <DIR> d-------- c:\program files\DAEMON Tools Lite 2009-02-28 00:31 . 2009-02-28 00:32 <DIR> d-------- c:\program files\Magic Video Converter 2009-02-28 00:31 . 2004-05-26 21:37 719,872 --a------ c:\windows\System32\devil.dll 2009-02-28 00:31 . 2003-03-19 11:03 544,768 --a------ c:\windows\System32\msvcr71d.dll 2009-02-28 00:31 . 2002-01-05 14:37 344,064 --a------ c:\windows\System32\msvcr70.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-12 06:12 --------- d-----w c:\program files\Windows Mail 2009-03-07 22:49 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-03-07 22:49 10,520 ----a-w c:\windows\System32\avgrsstx.dll 2009-03-01 00:34 --------- d-----w c:\program files\MSBuild 2009-02-28 09:43 80,051 ----a-w c:\windows\System32\slmgr.vbs 2009-02-06 17:52 49,504 ----a-w c:\windows\System32\sirenacm.dll 2009-01-30 14:42 1,257 ----a-w C:\silent.bat 2009-01-16 17:24 70,936 ----a-w c:\windows\System32\PhysXLoader.dll 2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll 2008-12-23 15:36 96,784 ----a-w c:\windows\System32\Packet.dll 2008-12-23 15:35 281,104 ----a-w c:\windows\System32\wpcap.dll 2008-12-23 15:33 53,299 ----a-w c:\windows\System32\pthreadVC.dll 2008-12-22 12:47 57,344 ----a-w c:\windows\System32\nvapo32v.dll 2008-12-22 12:47 19,456 ----a-w c:\windows\System32\nvhdap32.dll 2008-12-21 23:31 453,152 ----a-w c:\windows\System32\nvuhda.exe 2008-12-21 23:31 135,168 ----a-w c:\windows\System32\nvcohda.dll 2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dumb scr"="c:\programdata\mapiglobalglobal.1phnt2" [X] "Google Update"="c:\users\Lars Erik\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-02-28 133104] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-03-31 793096] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-07 1601304] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-28 136600] "eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768] "ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-02-22 1037608] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13683232] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 92704] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-11 342312] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-02-28 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= c:\program files\Codec Pack Ultimate\Filters\FFDShow\ff_vfw.dll "vidc.wmv3"= c:\progra~1\CODECP~1\Filters\wmv9vcm.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANTI LITE TITLE DEBUG] c:\programdata\flag soap axis.2qhfh [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dumb scr] c:\programdata\mapiglobalglobal.ocnr32s [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2009-02-06 18:51 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2007-08-07 01:05 200704 c:\program files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] --a------ 2008-07-02 16:16 393216 c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] --a------ 2009-03-04 16:55 281392 c:\program files\uTorrent\uTorrent.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{EF621767-876D-4CA2-8009-60D69BEB6AA0}c:\\program files\\counter-strike 1.6\\hl.exe"= UDP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher "UDP Query User{8D4326F8-B1B8-4560-9B1C-BEDE8271931F}c:\\program files\\counter-strike 1.6\\hl.exe"= TCP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher "{81496330-39EE-4A51-9BFC-F4533F9BE696}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe "{780B164C-BFFF-48F9-9AD8-D57897AEDC31}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{6CF5AB7A-90A0-40A0-B2BF-7956CA9DA9C8}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe "TCP Query User{F4077B27-D307-4066-A830-C166B1BF345F}c:\\program files\\frostwire\\frostwire.exe"= UDP:c:\program files\frostwire\frostwire.exe:FrostWire "UDP Query User{593E9A40-EDE3-4B2E-8C03-984536B957D8}c:\\program files\\frostwire\\frostwire.exe"= TCP:c:\program files\frostwire\frostwire.exe:FrostWire "TCP Query User{4D45FB25-A2DA-46E3-93EB-6E36880A3E63}c:\\program files\\cain\\cain.exe"= UDP:c:\program files\cain\cain.exe:Cain - Password Recovery Utility "UDP Query User{E73B4659-DA76-4BF8-8350-B67D6D0F9689}c:\\program files\\cain\\cain.exe"= TCP:c:\program files\cain\cain.exe:Cain - Password Recovery Utility "{6DDE5593-F833-43A3-90DB-8CC9A5F9F52E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{81B3C39F-6853-40C2-A58A-3B01257C5026}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{2D7A9E23-1319-46A2-8B71-773420915F3C}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{3782EBA6-E5AB-4E08-B3D4-B0D61AB24EF0}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{22A87562-7439-477F-84A0-715842D4B607}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{1111B0DC-F84E-4EC1-ACB2-5086EEA72E6B}c:\\program files\\empire earth\\empire earth.exe"= UDP:c:\program files\empire earth\empire earth.exe:Empire Earth "UDP Query User{4CB2F798-ED6F-4457-8FD5-F733339A2582}c:\\program files\\empire earth\\empire earth.exe"= TCP:c:\program files\empire earth\empire earth.exe:Empire Earth "TCP Query User{105B72AC-AACC-4391-96E5-90C612D38F12}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar "UDP Query User{49F8795B-A530-4DD2-B12E-963737C9376B}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar "TCP Query User{DAF4CD37-EF7A-4AAF-BADE-9A125F89F421}c:\\program files\\frostwire\\frostwire.exe"= UDP:c:\program files\frostwire\frostwire.exe:FrostWire "UDP Query User{C6006AFE-D3F7-4A82-AAC7-CB8110B92DC1}c:\\program files\\frostwire\\frostwire.exe"= TCP:c:\program files\frostwire\frostwire.exe:FrostWire "TCP Query User{C587859E-7EA4-4477-B562-AD146831FF6D}c:\\program files\\cain\\cain.exe"= UDP:c:\program files\cain\cain.exe:Cain - Password Recovery Utility "UDP Query User{4E3DB473-0D86-4BBD-94D4-7552F96F1AFC}c:\\program files\\cain\\cain.exe"= TCP:c:\program files\cain\cain.exe:Cain - Password Recovery Utility "TCP Query User{7938C673-012E-4D5B-A26C-C10B69EAF538}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent "UDP Query User{0606A5DE-6C4C-4F2F-9EF1-E66959BC2013}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent "TCP Query User{85B36ACC-8566-47D5-BE5B-65176ED61972}c:\\program files\\counter-strike 1.6\\hl.exe"= UDP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher "UDP Query User{C0DF35B8-6AA8-4740-AB34-C00B0B19EBF6}c:\\program files\\counter-strike 1.6\\hl.exe"= TCP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher "TCP Query User{FC5D43B6-1C4F-44AE-84E4-41767C12FE2E}c:\\program files\\empire earth\\empire earth.exe"= UDP:c:\program files\empire earth\empire earth.exe:Empire Earth "UDP Query User{3854404A-C67A-4497-9EFA-5C0CD15AF4A0}c:\\program files\\empire earth\\empire earth.exe"= TCP:c:\program files\empire earth\empire earth.exe:Empire Earth "{7740E24B-A025-4A7A-84C0-7E8F7119F094}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{A3F55D4E-369D-47F7-808B-A2630B6F1443}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{D562F644-0B0E-4BFC-B68D-1AEB9A52464A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{0F676479-28B5-4F2B-A015-170F128041D6}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{A49F8A53-416D-4D4A-B318-EFCA01259C7A}c:\\program files\\utorrent\\utorrent.exe"= Disabled:UDP:c:\program files\utorrent\utorrent.exe:µTorrent "UDP Query User{BBCD1EE9-B6B1-488E-B39F-53CE9BD5023C}c:\\program files\\utorrent\\utorrent.exe"= Disabled:TCP:c:\program files\utorrent\utorrent.exe:µTorrent "{0FEA0DFC-A27A-46F7-9DC5-A8257DEE28A6}"= UDP:c:\program files\Counter-Strike 1.6\cstrike.exe:Counter-Strike 1.6 "{A726DC7C-2542-4B4F-A2F3-42BD5F6B5B64}"= TCP:c:\program files\Counter-Strike 1.6\cstrike.exe:Counter-Strike 1.6 R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-02-27 325128] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-02-27 107272] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-07 903960] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-07 298264] R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-02-28 24576] R3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [2008-12-23 50704] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-12-22 51232] S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3541046976-155896138-3030049883-1000.job - c:\users\Lars Erik\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-28 00:03] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.benjaminstrahs.com/start.php uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-16 21:13:04 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'Explorer.exe'(4364) c:\windows\System32\SysHook.dll . Tidspunkt ferdig: 2009-03-16 21:14:50 ComboFix-quarantined-files.txt 2009-03-16 20:14:46 Pre-Run: 44 715 466 752 bytes free Post-Run: 44,423,802,880 bytes free 274 --- E O F --- 2009-03-16 10:19:32 Lenke til kommentar
norbat Skrevet 16. mars 2009 Del Skrevet 16. mars 2009 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. Folder:: c:\users\All Users\Okay meta anti lite c:\programdata\Okay meta anti lite Dirlook:: c:\programdata\Mfcd 1 Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dumb scr"=- [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANTI LITE TITLE DEBUG] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dumb scr] Lenke til kommentar
kleveng1 Skrevet 17. mars 2009 Forfatter Del Skrevet 17. mars 2009 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. Folder:: c:\users\All Users\Okay meta anti lite c:\programdata\Okay meta anti lite Dirlook:: c:\programdata\Mfcd 1 Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Dumb scr"=- [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANTI LITE TITLE DEBUG] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dumb scr] ja, nå har jeg gjort det men hva skal jeg gjøre nå? Lenke til kommentar
norbat Skrevet 17. mars 2009 Del Skrevet 17. mars 2009 Du poster den nye combofix-loggen. Lenke til kommentar
kleveng1 Skrevet 17. mars 2009 Forfatter Del Skrevet 17. mars 2009 Du poster den nye combofix-loggen. hvordan gjør jeg det a? (jeg er ny her skjønner du) Lenke til kommentar
r2d290 Skrevet 17. mars 2009 Del Skrevet 17. mars 2009 Etter at du har lagret cfscriptet, og dradd det over combofix-ikonet, starter combofix å kjøre igjen, sant? Når combofix da er ferdig med å kjøre, så kommer loggen opp automatisk. Du kan evt. finne igjen loggen som ligger i c:/combofix.txt Lenke til kommentar
kleveng1 Skrevet 17. mars 2009 Forfatter Del Skrevet 17. mars 2009 her loggen min: ComboFix.txt Lenke til kommentar
norbat Skrevet 17. mars 2009 Del Skrevet 17. mars 2009 Nesten i mål Lag deg et nytt cfscript med følgende innhold som du slipper ove combofix-iconet: Folder:: c:\users\All Users\Mfcd 1 c:\programdata\Mfcd 1 Post på ny loggen den lager og fortell også hvordan det går med CiD-problemet. Lenke til kommentar
kleveng1 Skrevet 17. mars 2009 Forfatter Del Skrevet 17. mars 2009 her er den neste loggen: log.txt Lenke til kommentar
norbat Skrevet 17. mars 2009 Del Skrevet 17. mars 2009 Loggen ser grei ut. Har du fortsatt noen probl. med CiD? Lenke til kommentar
kleveng1 Skrevet 17. mars 2009 Forfatter Del Skrevet 17. mars 2009 Loggen ser grei ut. Har du fortsatt noen probl. med CiD? har ikke møtt på noe enda , hvertfall. jeg kan si ifra hvis det kommer noe takk! Lenke til kommentar
norbat Skrevet 17. mars 2009 Del Skrevet 17. mars 2009 For å avslutte: Avintaller combofix ved å skrive combofix /u i kjør-feltet (start->kjør) Dette vil også nullstille systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere. Sørg forøvrig at Java, Flash player og Adobe reader er oppdatert i tillegg til Windows. Surt trygt. Lenke til kommentar
kleveng1 Skrevet 17. mars 2009 Forfatter Del Skrevet 17. mars 2009 For å avslutte: Avintaller combofix ved å skrive combofix /u i kjør-feltet (start->kjør) Dette vil også nullstille systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere. Sørg forøvrig at Java, Flash player og Adobe reader er oppdatert i tillegg til Windows. Surt trygt. tuuusen takk! nå funker Counter strike ogsåå takk! Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå