mbruun Skrevet 20. mars 2009 Del Skrevet 20. mars 2009 Ihvertfall på en stund ;-) Denne gangen er det min datters pc. Klikk for å se/fjerne innholdet nedenfor ComboFix 09-03-19.02 - Vilde 2009-03-21 0:27:06.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.511.238 [GMT 1:00] Kjører fra: c:\documents and settings\Vilde\Skrivebord\ComboFix.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-02-20 til 2009-03-20 ))))))))))))))))))))))))))))))))) . 2009-03-21 00:24 . 2009-03-21 00:24 <DIR> dr-h----- c:\documents and settings\Vilde\Siste 2009-03-20 15:59 . 2009-03-20 17:04 <DIR> d-------- c:\programfiler\SUPERAntiSpyware 2009-03-20 15:59 . 2009-03-20 17:10 <DIR> d-------- c:\documents and settings\Vilde\Programdata\SUPERAntiSpyware.com 2009-03-20 15:59 . 2009-03-20 15:59 <DIR> d-------- c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com 2009-03-20 15:48 . 2009-03-20 15:48 <DIR> d-------- c:\programfiler\CCleaner 2009-03-20 15:39 . 2009-03-20 15:39 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2009-03-20 15:39 . 2009-03-20 15:39 <DIR> d-------- c:\documents and settings\Vilde\Programdata\Malwarebytes 2009-03-20 15:39 . 2009-03-20 15:39 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-03-20 15:39 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-20 15:39 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-20 15:29 . 2009-03-20 15:29 <DIR> d-------- c:\documents and settings\Vilde\Programdata\U3 2009-02-21 19:42 . 2009-02-21 19:42 <DIR> d-------- c:\documents and settings\Vilde\Programdata\Friday's games 2009-02-21 19:40 . 2009-02-21 19:40 <DIR> d-------- c:\programfiler\Oberon Media 2009-02-21 19:40 . 2009-02-21 19:40 <DIR> d-------- c:\programfiler\Fellesfiler\Oberon Media . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-20 23:26 --------- d---a-w c:\documents and settings\All Users\Programdata\TEMP 2009-03-20 14:39 --------- d--h--w c:\programfiler\InstallShield Installation Information 2009-03-20 14:38 --------- d-----w c:\programfiler\Spybot - Search & Destroy 2009-03-20 14:38 --------- d-----w c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy 2009-03-20 14:37 --------- d-----w c:\programfiler\PC-Doctor for Windows 2009-02-21 18:40 --------- d-----w c:\programfiler\Gamenext 2009-02-07 20:55 --------- d-----w c:\programfiler\Windows Media Connect 2 2009-02-07 20:52 --------- d-----w c:\programfiler\Windows Media Connect 2008-11-23 16:54 8,001 ----a-w c:\programfiler\uninstal.log . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="c:\programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "WMPNSCFG"="c:\programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="c:\programfiler\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592] "SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000] "TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 94208] "BMMLREF"="c:\programfiler\ThinkPad\Utilities\BMMLREF.EXE" [2003-01-17 20480] "TPKMAPMN"="c:\programfiler\ThinkPad\Utilities\TpKmapMn.exe" [2003-02-16 32835] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-11-29 243248] "ATIPTA"="c:\programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-11-17 344064] "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2005-09-08 102400] "TVT Scheduler Proxy"="c:\programfiler\Fellesfiler\Lenovo\Scheduler\scheduler_proxy.exe" [2006-12-11 536576] "SoundMAXPnP"="c:\programfiler\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "Malwarebytes' Anti-Malware"="c:\programfiler\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-02-11 399504] "TP4EX"="tp4ex.exe" [2005-10-17 c:\windows\system32\TP4EX.exe] "AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 c:\windows\AGRSMMSG.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify] 2006-12-25 18:29 32768 c:\programfiler\ThinkPad\ConnectUtilities\ACNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2005-07-06 07:45 28672 c:\windows\system32\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2005-12-01 04:16 24576 c:\windows\system32\tphklock.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli ACGina [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "c:\\Programfiler\\MSN Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2007-04-19 11520] R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2007-04-19 6016] R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2007-04-19 15360] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-03-20 15504] S2 MBAMService;MBAMService;c:\programfiler\Malwarebytes' Anti-Malware\mbamservice.exe [2009-03-20 179856] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6759d51f-155b-11de-ab44-0004238e32d2}] \Shell\AutoRun\command - setupSNK.exe . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2007-04-19 c:\windows\Tasks\BMMTask.job - c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2003-01-17 00:32] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.123spill.no/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-21 00:31:35 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(872) c:\programfiler\ThinkPad\ConnectUtilities\ACNotify.dll c:\programfiler\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\programfiler\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\programfiler\ThinkPad\ConnectUtilities\ACHelper.dll c:\windows\system32\Ati2evxx.dll c:\windows\system32\tphklock.dll - - - - - - - > 'lsass.exe'(928) c:\programfiler\ThinkPad\ConnectUtilities\ACGina.dll c:\programfiler\ThinkPad\ConnectUtilities\ACHelper.dll c:\programfiler\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\programfiler\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\programfiler\ThinkPad\ConnectUtilities\ACON.dll c:\programfiler\ThinkPad\ConnectUtilities\AcPrfMgr.dll c:\programfiler\ThinkPad\ConnectUtilities\AcCryptHlpr.dll c:\programfiler\ThinkPad\ConnectUtilities\ACTurinSupport.dll c:\programfiler\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\S24EvMon.exe c:\windows\system32\IPSSVC.EXE c:\programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe c:\windows\system32\RegSrvc.exe c:\programfiler\Analog Devices\SoundMAX\SMAgent.exe c:\programfiler\Lenovo\System Update\SUService.exe c:\programfiler\Fellesfiler\Lenovo\Scheduler\tvtsched.exe c:\programfiler\ThinkPad\ConnectUtilities\AcSvc.exe c:\programfiler\Windows Media Player\wmpnetwk.exe c:\programfiler\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\wscntfy.exe c:\windows\system32\1XConfig.exe c:\programfiler\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe c:\programfiler\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe . ************************************************************************** . Tidspunkt ferdig: 2009-03-21 0:35:15 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-03-20 23:35:12 Pre-Run: 18 881 843 200 byte ledig Post-Run: 18,870,358,016 byte ledig 151 --- E O F --- 2009-03-20 21:20:39 Takker og bukker :-) Lenke til kommentar
raWrz Skrevet 20. mars 2009 Del Skrevet 20. mars 2009 ser bra ut Combofix må avinstalleres. Gå til Start > Kjør Skriv følgende i boksen: ComboFix /u PS: legg merke til mellomrommet mellom X og /u Du skal nå ha noe som tilsvarer bildet nedenfor: Trykk Enter. Denne kommandoen vil: Fjerne følgende:ComboFix og dets tilhørende filer og mapper. VundoFix backups, hvis de eksisterer. Mappen C:\Deckard, hvis den eksisterer Mappen C:\OtMoveIt, hvis den eksisterer [*] Nullstille klokke-instillingene. [*] Skjule filetternavn hvis det er nødvendig. [*] Skjule System/Skjulte filer og mapper hvis det er nødvendig. [*] Nullstille systemgjennoprettingspunkter. Sørg forøvrig for at Java, Flash player og Adobe reader er oppdatert, i tillegg til Windows. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå