^fmj Skrevet 22. april 2009 Del Skrevet 22. april 2009 (endret) Har fjernet en del malware fra en pc, når jeg fikk tilgang til harddiskene igjen, dukket det opp et veldig fargerikt bilde. Det kom blant annet frem når jeg slo pcen av og på, samt at det dukket opp hvis jeg gikk på egenskaper for skjerm og temaer. Det dekket ikke hele skjermen og bestod av fargerike firkanter i forskjellige størrelser. Klikk for å se/fjerne innholdet nedenfor ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))). C:\Autorun.inf c:\windows\search_res.txt c:\windows\system32\mdm.exe c:\windows\system32\stera.log . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_FOPN ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-03-23 til 2009-04-23 ))))))))))))))))))))))))))))))))) . 2009-04-22 23:55 . 2009-04-22 22:15 15688 ----a-w c:\windows\system32\lsdelete.exe 2009-04-22 22:15 . 2009-04-22 22:15 64160 ----a-w c:\windows\system32\drivers\Lbd.sys 2009-04-22 22:14 . 2009-04-22 22:14 -------- dc-h--w c:\documents and settings\All Users\Programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2009-04-22 22:13 . 2009-04-22 22:15 -------- d-----w c:\documents and settings\All Users\Programdata\Lavasoft 2009-04-22 20:23 . 2008-10-16 12:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui 2009-04-22 20:23 . 2008-10-16 12:06 268648 ----a-w c:\windows\system32\mucltui.dll 2009-04-22 13:39 . 2009-04-22 22:11 -------- d--h--r c:\documents and settings\Kurt\Siste 2009-04-22 05:02 . 2009-04-22 23:55 -------- d-----w c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy 2009-04-22 04:40 . 2009-04-22 04:40 -------- d--h--w c:\windows\PIF 2009-04-22 01:49 . 2009-04-22 01:49 603904 ----a-w c:\windows\system32\TUProgSt.exe 2009-04-22 01:48 . 2009-04-22 01:48 -------- d-----w c:\documents and settings\Kurt\Programdata\TuneUp Software 2009-04-22 01:43 . 2009-04-22 01:43 -------- d-----w c:\documents and settings\All Users\Programdata\TuneUp Software 2009-04-22 01:41 . 2009-04-22 01:41 -------- d-----w c:\documents and settings\Kurt\Programdata\Windows Search 2009-04-22 01:41 . 2009-04-22 01:41 -------- d-sh--w c:\documents and settings\All Users\Programdata\{55A29068-F2CE-456C-9148-C869879E2357} 2009-04-22 01:04 . 2009-04-22 01:08 -------- dc-h--w c:\windows\ie8 2009-04-22 00:42 . 2006-06-29 11:07 14048 ------w c:\windows\system32\spmsg2.dll 2009-04-22 00:29 . 2005-09-20 07:36 139264 ----a-w c:\windows\system32\igfxres.dll 2009-04-21 23:50 . 2009-01-09 19:19 1089883 -c----w c:\windows\system32\dllcache\ntprint.cat 2009-04-21 23:35 . 2009-04-21 23:38 -------- d-----w C:\4acd49f3277c8158ec19cd 2009-04-21 22:55 . 2009-04-21 22:55 -------- d-sh--w c:\documents and settings\LocalService\IETldCache 2009-04-21 22:43 . 2009-03-12 08:42 36400 ----a-r c:\windows\system32\drivers\SymIM.sys 2009-04-21 22:31 . 2009-04-21 22:31 -------- d-----w C:\78887635e5de6f6706 2009-04-21 22:25 . 2009-04-22 00:42 -------- d-----w c:\windows\system32\XPSViewer 2009-04-21 22:21 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-04-21 22:21 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll 2009-04-21 22:21 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-04-21 22:21 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll 2009-04-21 22:21 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll 2009-04-21 22:21 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll 2009-04-21 22:21 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll 2009-04-21 22:21 . 2009-04-21 22:23 -------- d-----w C:\fb159139b920a7f04ffca4e3 2009-04-21 21:41 . 2009-04-21 21:41 -------- d-----w c:\documents and settings\Kurt\Programdata\Windows Desktop Search 2009-04-21 21:39 . 2009-04-22 01:25 -------- d--h--w c:\windows\system32\GroupPolicy 2009-04-21 21:33 . 2008-03-07 17:02 98304 -c----w c:\windows\system32\dllcache\nlhtml.dll 2009-04-21 21:33 . 2008-03-07 17:02 29696 -c----w c:\windows\system32\dllcache\mimefilt.dll 2009-04-21 21:33 . 2008-03-07 17:02 192000 -c----w c:\windows\system32\dllcache\offfilt.dll 2009-04-21 21:22 . 2009-04-21 21:28 -------- d-----w c:\windows\system32\URTTemp 2009-04-21 21:11 . 2009-04-21 21:11 -------- d-----w c:\documents and settings\Kurt\Programdata\Malwarebytes 2009-04-21 20:36 . 2009-04-21 20:36 -------- d-----w c:\documents and settings\Administrator.KURT\Programdata\Malwarebytes 2009-04-21 20:36 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-21 20:36 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-21 20:36 . 2009-04-21 20:36 -------- d-----w c:\documents and settings\All Users\Programdata\Malwarebytes 2009-04-21 20:12 . 2009-04-21 20:12 -------- d-sh--w c:\documents and settings\Kurt\IECompatCache 2009-04-21 20:04 . 2009-04-21 20:04 -------- d-----w c:\documents and settings\Kurt\Programdata\Desktopicon 2009-04-21 19:26 . 2009-04-21 19:26 -------- d-sh--w c:\documents and settings\Kurt\PrivacIE 2009-04-21 19:14 . 2009-04-21 19:14 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache 2009-04-21 19:13 . 2009-04-21 19:13 -------- d-sh--w c:\documents and settings\Kurt\IETldCache 2009-04-21 18:42 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-21 18:42 . 2009-03-06 14:24 284160 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-21 18:42 . 2009-02-09 11:27 111104 -c----w c:\windows\system32\dllcache\services.exe 2009-04-21 18:42 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-21 18:42 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-21 18:42 . 2009-02-09 10:56 680448 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-21 18:42 . 2009-02-09 10:56 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-21 18:42 . 2009-02-09 10:56 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-21 18:42 . 2009-02-09 10:56 710656 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-21 18:39 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb 2009-04-21 18:39 . 2008-04-21 21:16 217088 -c----w c:\windows\system32\dllcache\wordpad.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-23 01:45 . 2009-04-23 01:19 444 ----a-w C:\aaw7boot.log 2009-04-22 22:13 . 2009-04-22 22:13 -------- d-----w c:\programfiler\Lavasoft 2009-04-22 22:04 . 2006-01-06 18:34 -------- d-----w c:\documents and settings\Kurt\Programdata\Lavasoft 2009-04-22 20:32 . 2009-04-22 01:43 -------- d-----w c:\programfiler\TuneUp Utilities 2009 2009-04-22 20:20 . 2006-01-02 15:00 26592 ----a-w c:\documents and settings\Kurt\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT 2009-04-22 05:04 . 2009-04-22 05:02 -------- d-----w c:\programfiler\Spybot - Search & Destroy 2009-04-22 01:35 . 2009-04-22 01:35 -------- d-----w c:\programfiler\CDBurnerXP 2009-04-22 01:04 . 2009-04-22 01:04 -------- d-----w c:\programfiler\Microsoft Silverlight 2009-04-22 00:09 . 2003-08-01 18:58 456904 ----a-w c:\windows\system32\perfh014.dat 2009-04-22 00:09 . 2003-08-01 18:58 84058 ----a-w c:\windows\system32\perfc014.dat 2009-04-21 23:51 . 2009-04-21 23:51 -------- d-----w c:\programfiler\Microsoft CAPICOM 2.1.0.2 2009-04-21 22:25 . 2009-04-21 22:25 -------- d-----w c:\programfiler\MSBuild 2009-04-21 22:24 . 2009-04-21 22:24 -------- d-----w c:\programfiler\Reference Assemblies 2009-04-21 21:39 . 2009-04-21 21:39 -------- d-----w c:\programfiler\Windows Desktop Search 2009-04-21 20:36 . 2009-04-21 20:36 -------- d-----w c:\programfiler\Malwarebytes' Anti-Malware 2009-04-21 20:35 . 2009-02-04 22:02 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF 2009-04-21 20:35 . 2009-02-04 22:02 7386 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT 2009-04-21 20:35 . 2009-02-04 22:02 60808 ----a-w c:\windows\system32\S32EVNT1.DLL 2009-04-21 20:35 . 2009-02-04 22:02 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS 2009-04-21 20:35 . 2006-01-06 11:58 -------- d-----w c:\programfiler\Symantec 2009-04-21 20:18 . 2009-04-21 20:18 -------- d-----w c:\programfiler\Burrrn 2009-04-21 20:04 . 2009-04-21 20:04 -------- d-----w c:\programfiler\Unlocker 2009-04-21 18:48 . 2009-04-21 18:48 -------- d-----w c:\programfiler\CCleaner 2009-04-21 18:17 . 2009-03-17 21:42 -------- d-----w c:\programfiler\SUPERAntiSpyware 2009-03-17 22:40 . 2009-03-17 22:40 -------- d-----w c:\documents and settings\Administrator.KURT\Programdata\SUPERAntiSpyware.com 2009-03-17 21:43 . 2009-03-17 21:43 -------- d-----w c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com 2009-03-17 21:42 . 2009-03-17 21:42 -------- d-----w c:\documents and settings\Kurt\Programdata\SUPERAntiSpyware.com 2009-03-17 21:42 . 2009-03-17 21:42 -------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard 2009-03-08 02:34 . 2003-08-01 19:09 914944 ----a-w c:\windows\system32\wininet.dll 2009-03-08 02:34 . 2003-08-01 18:49 43008 ----a-w c:\windows\system32\licmgr10.dll 2009-03-08 02:33 . 2003-08-01 18:43 18944 ----a-w c:\windows\system32\corpol.dll 2009-03-08 02:33 . 2003-08-01 19:07 420352 ----a-w c:\windows\system32\vbscript.dll 2009-03-08 02:32 . 2003-08-01 18:41 72704 ----a-w c:\windows\system32\admparse.dll 2009-03-08 02:32 . 2003-08-01 18:47 71680 ----a-w c:\windows\system32\iesetup.dll 2009-03-08 02:31 . 2003-08-01 18:48 34816 ----a-w c:\windows\system32\imgutil.dll 2009-03-08 02:31 . 2003-08-01 18:53 48128 ----a-w c:\windows\system32\mshtmler.dll 2009-03-08 02:31 . 2003-08-01 18:53 45568 ----a-w c:\windows\system32\mshta.exe 2009-03-08 02:22 . 2003-08-01 18:53 156160 ----a-w c:\windows\system32\msls31.dll 2009-03-06 14:24 . 2003-08-01 18:58 284160 ----a-w c:\windows\system32\pdh.dll 2009-02-09 14:08 . 2003-08-01 19:09 1846784 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:27 . 2002-09-09 14:07 2025984 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-09 11:27 . 2003-08-01 18:57 2147328 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-09 11:27 . 2003-08-01 19:01 111104 ----a-w c:\windows\system32\services.exe 2009-02-09 10:56 . 2003-08-01 19:00 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 10:56 . 2003-08-01 18:50 729088 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 10:56 . 2003-08-01 18:57 710656 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 10:56 . 2003-08-01 18:41 680448 ----a-w c:\windows\system32\advapi32.dll 2009-02-06 10:39 . 2003-08-01 19:01 35328 ----a-w c:\windows\system32\sc.exe 2009-02-03 19:59 . 2003-08-01 19:01 56832 ----a-w c:\windows\system32\secur32.dll 2006-06-01 15:59 . 2006-06-01 15:59 1048678 ----a-w c:\documents and settings\Kurt\Programdata\download.tmp 2008-10-25 09:03 . 2008-10-25 09:03 32768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008102520081026\index.dat . ------- Sigcheck ------- [-] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys [-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys [-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys [7] 2004-11-02 14:40 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys [-] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys [-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys [7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys [-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB951748_0$\tcpip.sys [-] 2008-04-13 19:20 361344 ACCF5A9A1FFAA490F33DBA1C632B95E1 c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\SoftwareDistribution\Download\12ab10b7a663fe2dcf206942c5cd93f4\sp2gdr\tcpip.sys [-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\SoftwareDistribution\Download\12ab10b7a663fe2dcf206942c5cd93f4\sp2qfe\tcpip.sys [-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\drivers\tcpip.sys . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232] "SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-21 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "Ad-Watch"="c:\programfiler\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-22 516440] "AsioReg"="CTASIO.DLL" - c:\windows\system32\CTASIO.DLL [2003-02-20 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] "Nokia.PCSync"="c:\programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Microsoft Office.lnk - c:\programfiler\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] Windows Search.lnk - c:\programfiler\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 10:05 356352 ----a-w c:\programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0stera\0lsdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Telenor\\Telenorhjelpen\\Telenor.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programfiler\Lavasoft\Ad-Aware\AAWService.exe [2009-04-22 953168] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-22 64160] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.087\SYMEFA.SYS [2009-03-12 310320] S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1005000.087\BHDrvx86.sys [2009-03-12 258608] S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1005000.087\ccHPx86.sys [2009-04-21 482352] S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090414.001\IDSxpx86.sys [2009-01-29 276344] S1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-21 9968] S1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.sys [2009-02-17 55024] S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;c:\programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 100032] S2 Norton Internet Security;Norton Internet Security;c:\programfiler\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [2009-03-12 115560] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-04-21 101936] S3 SASENUM;SASENUM;c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com c: \Shell\Open\command - resycled\boot.com c: . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-04-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\programfiler\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 22:15] . - - - - TOMME PEKERE FJERNET - - - - WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file) . ------- Tilleggsskanning ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mWindow Title = Microsoft Internet Explorer uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://www.google.com/search?q=%s TCP: {A315536C-CC14-43FC-861D-D89155378FD2} = 64.86.16.3,64.86.16.99 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-23 03:50 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\programfiler\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\programfiler\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1" . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] @DACL=(02 0000) "Installed"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] @DACL=(02 0000) "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] @DACL=(02 0000) "Installed"="1" . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(984) c:\programfiler\SUPERAntiSpyware\SASWINLO.dll - - - - - - - > 'explorer.exe'(3228) c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\programfiler\Nokia\Nokia PC Suite 6\PhoneBrowser.dll c:\programfiler\Nokia\Nokia PC Suite 6\PCSCM.dll c:\programfiler\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_nor.nlr c:\programfiler\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\system32\brss01a.exe c:\windows\system32\Brmfrmps.exe c:\windows\system32\CTSVCCDA.EXE c:\programfiler\CDBurnerXP\NMSAccessU.exe c:\windows\system32\MsPMSPSv.exe c:\windows\system32\searchindexer.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Tidspunkt ferdig: 2009-04-23 3:55 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-04-23 01:55 Pre-Run: 36 895 936 512 byte ledig Post-Run: 37 263 564 800 byte ledig Endret 23. april 2009 av ^fmj Lenke til kommentar
snippsat Skrevet 23. april 2009 Del Skrevet 23. april 2009 Får se om du har fått fjernet alt. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programmet kjører. post logg C:\combofix.txt Lenke til kommentar
CCola Skrevet 23. april 2009 Del Skrevet 23. april 2009 Det har jeg gjort. (Sorry trådstarter) Hvor kan jeg se om den finner noe eller ikke? LOG: ComboFix 09-04-23.02 - Jon FJ 23.04.2009 2:42.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1133.19.3582.2914 [GMT 2:00] Running from: c:\documents and settings\Jon Fredrik Johansen\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Documents\_desktop.ini c:\documents and settings\All Users\Documents\My Music\_desktop.ini c:\documents and settings\All Users\Documents\My Music\My Playlists\_desktop.ini c:\documents and settings\All Users\Documents\My Music\Sample Music\_desktop.ini c:\documents and settings\All Users\Documents\My Music\Sample Playlists\_desktop.ini c:\documents and settings\All Users\Documents\My Music\Sample Playlists\001055F2\_desktop.ini c:\documents and settings\All Users\Documents\My Pictures\_desktop.ini c:\documents and settings\All Users\Documents\My Pictures\Sample Pictures\_desktop.ini c:\documents and settings\All Users\Documents\My Videos\_desktop.ini c:\documents and settings\All Users\Documents\Sports Interactive\_desktop.ini c:\documents and settings\All Users\Documents\Sports Interactive\Football Manager 2009\_desktop.ini c:\documents and settings\All Users\Documents\Sports Interactive\Football Manager 2009\db\_desktop.ini c:\documents and settings\All Users\Documents\Sports Interactive\Football Manager 2009\skins\_desktop.ini c:\documents and settings\All Users\Documents\Sports Interactive\Football Manager 2009\sounds\_desktop.ini c:\documents and settings\All Users\Documents\Sports Interactive\Football Manager 2009\sounds\default\_desktop.ini . ((((((((((((((((((((((((( Files Created from 2009-03-23 to 2009-04-23 ))))))))))))))))))))))))))))))) . 2009-04-23 00:41 . 2009-04-23 00:41 -------- d-----w C:\32788R22FWJFW 2009-04-22 21:54 . 2009-04-22 21:56 -------- d-----w c:\program files\Max Payne 2009-04-22 14:50 . 2009-04-22 14:50 -------- d-----w c:\documents and settings\All Users\Application Data\ATI 2009-04-22 14:48 . 2009-04-22 21:45 -------- d-----w c:\program files\ATI 2009-04-22 14:46 . 2009-02-04 02:31 106496 ----a-w c:\windows\system32\atinppt2.ax 2009-04-22 14:46 . 2009-02-25 13:15 593920 ------w c:\windows\system32\ati2sgag.exe 2009-04-22 14:46 . 2009-04-22 14:47 -------- d-----w c:\program files\ATI Technologies 2009-04-22 14:44 . 2009-04-22 14:44 -------- d-----w C:\ATI 2009-04-22 14:41 . 2009-04-22 14:41 -------- d-----w c:\program files\Lavalys 2009-04-22 14:21 . 2009-04-22 14:27 -------- d-----w C:\P95 2009-04-21 20:18 . 2009-04-21 20:21 -------- d-----w c:\program files\TVAnts 2009-04-21 14:03 . 2009-04-20 22:43 7337472 ----a-w C:\xernflash.avi 2009-04-20 19:18 . 2009-04-20 19:18 -------- d-----w c:\documents and settings\Jon Fredrik Johansen\Application Data\Uniblue 2009-04-20 19:18 . 2009-04-20 19:18 -------- d-----w c:\program files\Uniblue 2009-04-20 19:18 . 2009-04-20 19:18 -------- dc-h--w c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81} 2009-03-27 02:06 . 2009-03-27 10:11 -------- d-----w c:\documents and settings\Jon Fredrik Johansen\Application Data\LimeWire 2009-03-27 02:06 . 2009-03-27 02:06 -------- d-----w c:\program files\LimeWire 2009-03-27 01:11 . 2009-03-27 01:11 7680 --sha-w c:\windows\Thumbs.db 2009-03-27 01:11 . 2009-03-27 01:11 17920 --sha-w C:\Thumbs.db 2009-03-27 01:07 . 2009-03-27 01:07 445439 ------w C:\IMG_0020.jpg 2009-03-27 01:07 . 2009-03-27 01:07 350462 ------w C:\IMG_0019.jpg 2009-03-27 01:07 . 2009-03-27 01:07 402318 ------w C:\IMG_0018.jpg 2009-03-27 01:06 . 2009-03-27 01:06 465030 ------w C:\IMG_0014.jpg 2009-03-27 00:19 . 2009-03-26 23:43 475726 ----a-w C:\errortest.exe 2009-03-26 01:56 . 2009-04-21 08:13 -------- d-----w C:\GMOD10 2009-03-24 21:46 . 2009-03-25 04:14 -------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles 2009-03-24 21:43 . 2009-03-24 21:43 -------- d-----w C:\NVIDIA 2009-03-24 21:38 . 2009-03-24 21:38 552 ----a-w c:\windows\system32\d3d8caps.dat 2009-03-24 21:38 . 2009-03-24 21:38 -------- d-----w c:\program files\SystemRequirementsLab 2009-03-24 21:37 . 2009-03-24 21:37 -------- d-----w c:\documents and settings\Jon Fredrik Johansen\Application Data\SystemRequirementsLab . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-22 22:33 . 2009-01-09 12:31 -------- d-----w c:\program files\Steam 2009-04-22 22:14 . 2009-01-20 11:13 34 ----a-w c:\documents and settings\Jon Fredrik Johansen\jagex_runescape_preferences.dat 2009-04-22 22:11 . 2009-01-22 06:14 -------- d-----w c:\program files\mIRC 2009-04-22 21:54 . 2009-01-09 20:50 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-22 17:27 . 2009-01-10 06:27 -------- d-----w c:\documents and settings\Jon Fredrik Johansen\Application Data\uTorrent 2009-04-22 14:54 . 2009-01-21 22:12 -------- d-----w c:\documents and settings\Jon Fredrik Johansen\Application Data\Spotify 2009-04-22 14:50 . 2009-01-21 01:20 -------- d-----w c:\documents and settings\Jon Fredrik Johansen\Application Data\ATI 2009-04-22 14:44 . 2009-01-09 21:01 -------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-04-22 14:22 . 2009-03-03 12:57 -------- d-----w c:\program files\SwiftKit 2009-04-21 21:35 . 2009-03-03 13:39 -------- d-----w c:\program files\Championship Manager 01-02 2009-03-26 17:22 . 2009-02-06 04:28 -------- d-----w c:\program files\Common Files\Adobe 2009-03-25 01:17 . 2009-01-09 22:50 -------- d-----w c:\program files\World of Warcraft 2009-03-24 20:44 . 2009-01-09 21:05 68456 ----a-w c:\documents and settings\Jon Fredrik Johansen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-19 18:31 . 2009-03-19 18:23 -------- d-----w c:\documents and settings\Jon Fredrik Johansen\Application Data\Sports Interactive 2009-03-19 18:30 . 2009-03-19 18:23 -------- d-----w c:\documents and settings\All Users\Application Data\Sports Interactive 2009-03-19 18:22 . 2009-03-19 18:20 -------- d--h--w c:\program files\Zero G Registry 2009-03-19 18:20 . 2009-03-19 18:20 -------- d-----w c:\program files\Sports Interactive 2009-03-19 17:55 . 2009-01-24 23:11 -------- d-----w c:\documents and settings\All Users\Application Data\TrackMania 2009-03-13 02:33 . 2009-03-13 02:33 -------- d-----w c:\documents and settings\Jon Fredrik Johansen\Application Data\Stardock 2009-03-13 02:32 . 2009-03-13 02:32 -------- dc-h--w c:\documents and settings\All Users\Application Data\{067CEB81-A49B-4597-9505-A5515881D672} 2009-03-13 02:32 . 2009-03-13 02:32 -------- d-----w c:\program files\Stardock 2009-03-11 16:46 . 2009-03-11 16:41 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-03-11 16:45 . 2009-03-11 16:45 -------- d-----w c:\program files\Microsoft Works 2009-03-11 16:45 . 2009-03-11 16:45 -------- d-----w c:\program files\MSBuild 2009-03-11 16:44 . 2009-03-11 16:44 -------- d-----w c:\program files\Microsoft.NET 2009-03-11 16:43 . 2009-03-11 16:43 -------- d-----w c:\program files\Microsoft Visual Studio 8 2009-03-10 17:55 . 2009-02-07 13:46 -------- d-----w c:\program files\Replay Music 3 2009-03-10 16:30 . 2009-02-07 13:47 323584 ----a-w c:\windows\system32\AUDIOGENIE2.DLL 2009-03-10 12:09 . 2009-03-10 12:09 -------- d-----w c:\program files\Synaptics 2009-03-09 19:19 . 2009-03-09 19:17 -------- d-----w c:\documents and settings\Jon Fredrik Johansen\Application Data\Ahead 2009-03-09 19:16 . 2009-03-09 19:16 -------- d-----w c:\documents and settings\All Users\Application Data\Ahead 2009-03-09 19:16 . 2009-03-09 19:15 -------- d-----w c:\program files\Common Files\Ahead 2009-03-09 19:16 . 2009-03-09 19:15 -------- d-----w c:\documents and settings\All Users\Application Data\Nero 2009-03-09 19:15 . 2009-03-09 19:15 -------- d-----w c:\program files\Nero 2009-03-05 02:00 . 2009-03-05 02:00 -------- d-----w c:\documents and settings\Jon Fredrik Johansen\Application Data\DivX 2009-03-04 23:18 . 2009-03-04 23:18 -------- d-----w c:\program files\DivX 2009-03-04 22:18 . 2009-01-18 08:49 140216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-03-04 22:16 . 2009-01-18 08:47 201352 ----a-w c:\windows\system32\PnkBstrB.exe 2009-03-03 12:57 . 2009-03-03 12:57 -------- d-----w c:\documents and settings\All Users\Application Data\SwiftKit 2009-03-03 01:43 . 2009-03-03 01:43 -------- d-----w c:\program files\CCleaner 2009-02-25 22:58 . 2008-12-01 22:13 3565568 ----a-w c:\windows\system32\drivers\ati2mtag.sys 2009-02-25 21:42 . 2009-02-25 21:42 442368 ----a-w c:\windows\system32\ATIDEMGX.dll 2009-02-25 21:41 . 2008-12-01 20:51 325120 ----a-w c:\windows\system32\ati2dvag.dll 2009-02-25 21:30 . 2009-02-25 21:30 11841536 ----a-w c:\windows\system32\atioglxx.dll 2009-02-25 21:30 . 2009-02-25 21:30 204800 ----a-w c:\windows\system32\atipdlxx.dll 2009-02-25 21:29 . 2009-02-25 21:29 155648 ----a-w c:\windows\system32\Oemdspif.dll 2009-02-25 21:29 . 2009-02-25 21:29 26112 ----a-w c:\windows\system32\Ati2mdxx.exe 2009-02-25 21:29 . 2009-02-25 21:29 43520 ----a-w c:\windows\system32\ati2edxx.dll 2009-02-25 21:29 . 2009-02-25 21:29 155648 ----a-w c:\windows\system32\ati2evxx.dll 2009-02-25 21:27 . 2009-02-25 21:27 602112 ----a-w c:\windows\system32\ati2evxx.exe 2009-02-25 21:26 . 2009-02-25 21:26 53248 ----a-w c:\windows\system32\ATIDDC.DLL 2009-02-25 21:16 . 2008-12-01 20:27 3817984 ----a-w c:\windows\system32\ati3duag.dll 2009-02-25 21:09 . 2009-02-25 21:09 307200 ----a-w c:\windows\system32\atiiiexx.dll 2009-02-25 20:59 . 2008-12-01 20:11 2670080 ----a-w c:\windows\system32\ativvaxx.dll 2009-02-25 20:58 . 2009-02-25 20:58 887724 ----a-w c:\windows\system32\ativva6x.dat 2009-02-25 20:58 . 2009-02-25 20:58 3107788 ----a-w c:\windows\system32\ativva5x.dat 2009-02-25 20:44 . 2008-12-01 19:57 49664 ----a-w c:\windows\system32\amdpcom32.dll 2009-02-25 20:40 . 2009-02-25 20:40 475136 ----a-w c:\windows\system32\atikvmag.dll 2009-02-25 20:38 . 2009-02-25 20:38 126976 ----a-w c:\windows\system32\atiadlxx.dll 2009-02-25 20:38 . 2009-02-25 20:38 17408 ----a-w c:\windows\system32\atitvo32.dll 2009-02-25 20:37 . 2009-02-25 20:37 53248 ----a-w c:\windows\system32\drivers\ati2erec.dll 2009-02-25 20:35 . 2009-02-25 20:35 290816 ----a-w c:\windows\system32\atiok3x2.dll 2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalrt.dll 2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalcl.dll 2009-02-25 20:32 . 2008-12-01 19:45 626688 ----a-w c:\windows\system32\ati2cqag.dll 2009-02-25 20:30 . 2009-02-25 20:30 3227648 ----a-w c:\windows\system32\aticaldd.dll 2009-02-09 11:51 . 2009-02-09 11:51 268 ---ha-w C:\sqmdata04.sqm 2009-02-09 11:51 . 2009-02-09 11:51 244 ---ha-w C:\sqmnoopt04.sqm 2009-01-28 09:13 . 2009-01-28 08:29 10520 ----a-w c:\windows\system32\avgrsstx.dll 2009-01-26 17:55 . 2009-01-26 17:55 182995 ----a-w c:\windows\system32\atiicdxx.dat 2009-01-21 01:20 . 2009-01-21 01:20 143 ----a-w c:\documents and settings\Jon Fredrik Johansen\Local Settings\Application Data\fusioncache.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] "Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-09 136600] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-28 1601304] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-24 16804864] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2008-06-19 77824] "AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2008-06-20 2808832] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Launchy.lnk - c:\program files\Launchy\Launchy.exe [2009-1-9 286720] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{EC654325-1273-C2A9-2B7C-45A29BCE2FBD}"= "c:\program files\Stardock\Fences\DesktopDock.dll" [2009-02-25 517480] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-01-28 09:13 10520 ----a-w c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^Jon Fredrik Johansen^Start Menu^Programs^Startup^hamachi.lnk] path=c:\documents and settings\Jon Fredrik Johansen\Start Menu\Programs\Startup\hamachi.lnk backup=c:\windows\pss\hamachi.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Steam\\steamapps\\furious_89\\counter-strike\\hl.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\Hamachi\\hamachi.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "c:\\WINDOWS\\system32\\dxdiag.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\TVAnts\\Tvants.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-28 903960] R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-06-14 356920] R3 SetupNTGLM7X;SetupNTGLM7X; [x] R3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2008-11-07 32000] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-01-28 325128] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-01-28 107272] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-28 298264] . Contents of the 'Scheduled Tasks' folder 2009-03-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Jon Fredrik Johansen\Application Data\Mozilla\Firefox\Profiles\6mknz3yl.default\ FF - prefs.js: browser.startup.homepage - liverpool.no FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-23 02:43 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(840) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-04-23 2:44 ComboFix-quarantined-files.txt 2009-04-23 00:44 Pre-Run: 230 010 855 424 bytes free Post-Run: 230 011 748 352 bytes free 234 --- E O F --- 2009-03-03 02:00 Lenke til kommentar
^fmj Skrevet 23. april 2009 Forfatter Del Skrevet 23. april 2009 Klikk for å se/fjerne innholdet nedenfor ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))). C:\Autorun.inf c:\windows\search_res.txt c:\windows\system32\mdm.exe c:\windows\system32\stera.log . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_FOPN ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-03-23 til 2009-04-23 ))))))))))))))))))))))))))))))))) . 2009-04-22 23:55 . 2009-04-22 22:15 15688 ----a-w c:\windows\system32\lsdelete.exe 2009-04-22 22:15 . 2009-04-22 22:15 64160 ----a-w c:\windows\system32\drivers\Lbd.sys 2009-04-22 22:14 . 2009-04-22 22:14 -------- dc-h--w c:\documents and settings\All Users\Programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2009-04-22 22:13 . 2009-04-22 22:15 -------- d-----w c:\documents and settings\All Users\Programdata\Lavasoft 2009-04-22 20:23 . 2008-10-16 12:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui 2009-04-22 20:23 . 2008-10-16 12:06 268648 ----a-w c:\windows\system32\mucltui.dll 2009-04-22 13:39 . 2009-04-22 22:11 -------- d--h--r c:\documents and settings\Kurt\Siste 2009-04-22 05:02 . 2009-04-22 23:55 -------- d-----w c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy 2009-04-22 04:40 . 2009-04-22 04:40 -------- d--h--w c:\windows\PIF 2009-04-22 01:49 . 2009-04-22 01:49 603904 ----a-w c:\windows\system32\TUProgSt.exe 2009-04-22 01:48 . 2009-04-22 01:48 -------- d-----w c:\documents and settings\Kurt\Programdata\TuneUp Software 2009-04-22 01:43 . 2009-04-22 01:43 -------- d-----w c:\documents and settings\All Users\Programdata\TuneUp Software 2009-04-22 01:41 . 2009-04-22 01:41 -------- d-----w c:\documents and settings\Kurt\Programdata\Windows Search 2009-04-22 01:41 . 2009-04-22 01:41 -------- d-sh--w c:\documents and settings\All Users\Programdata\{55A29068-F2CE-456C-9148-C869879E2357} 2009-04-22 01:04 . 2009-04-22 01:08 -------- dc-h--w c:\windows\ie8 2009-04-22 00:42 . 2006-06-29 11:07 14048 ------w c:\windows\system32\spmsg2.dll 2009-04-22 00:29 . 2005-09-20 07:36 139264 ----a-w c:\windows\system32\igfxres.dll 2009-04-21 23:50 . 2009-01-09 19:19 1089883 -c----w c:\windows\system32\dllcache\ntprint.cat 2009-04-21 23:35 . 2009-04-21 23:38 -------- d-----w C:\4acd49f3277c8158ec19cd 2009-04-21 22:55 . 2009-04-21 22:55 -------- d-sh--w c:\documents and settings\LocalService\IETldCache 2009-04-21 22:43 . 2009-03-12 08:42 36400 ----a-r c:\windows\system32\drivers\SymIM.sys 2009-04-21 22:31 . 2009-04-21 22:31 -------- d-----w C:\78887635e5de6f6706 2009-04-21 22:25 . 2009-04-22 00:42 -------- d-----w c:\windows\system32\XPSViewer 2009-04-21 22:21 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-04-21 22:21 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll 2009-04-21 22:21 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-04-21 22:21 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll 2009-04-21 22:21 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll 2009-04-21 22:21 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll 2009-04-21 22:21 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll 2009-04-21 22:21 . 2009-04-21 22:23 -------- d-----w C:\fb159139b920a7f04ffca4e3 2009-04-21 21:41 . 2009-04-21 21:41 -------- d-----w c:\documents and settings\Kurt\Programdata\Windows Desktop Search 2009-04-21 21:39 . 2009-04-22 01:25 -------- d--h--w c:\windows\system32\GroupPolicy 2009-04-21 21:33 . 2008-03-07 17:02 98304 -c----w c:\windows\system32\dllcache\nlhtml.dll 2009-04-21 21:33 . 2008-03-07 17:02 29696 -c----w c:\windows\system32\dllcache\mimefilt.dll 2009-04-21 21:33 . 2008-03-07 17:02 192000 -c----w c:\windows\system32\dllcache\offfilt.dll 2009-04-21 21:22 . 2009-04-21 21:28 -------- d-----w c:\windows\system32\URTTemp 2009-04-21 21:11 . 2009-04-21 21:11 -------- d-----w c:\documents and settings\Kurt\Programdata\Malwarebytes 2009-04-21 20:36 . 2009-04-21 20:36 -------- d-----w c:\documents and settings\Administrator.KURT\Programdata\Malwarebytes 2009-04-21 20:36 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-21 20:36 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-21 20:36 . 2009-04-21 20:36 -------- d-----w c:\documents and settings\All Users\Programdata\Malwarebytes 2009-04-21 20:12 . 2009-04-21 20:12 -------- d-sh--w c:\documents and settings\Kurt\IECompatCache 2009-04-21 20:04 . 2009-04-21 20:04 -------- d-----w c:\documents and settings\Kurt\Programdata\Desktopicon 2009-04-21 19:26 . 2009-04-21 19:26 -------- d-sh--w c:\documents and settings\Kurt\PrivacIE 2009-04-21 19:14 . 2009-04-21 19:14 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache 2009-04-21 19:13 . 2009-04-21 19:13 -------- d-sh--w c:\documents and settings\Kurt\IETldCache 2009-04-21 18:42 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-21 18:42 . 2009-03-06 14:24 284160 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-21 18:42 . 2009-02-09 11:27 111104 -c----w c:\windows\system32\dllcache\services.exe 2009-04-21 18:42 . 2009-02-09 10:56 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-21 18:42 . 2009-02-09 10:56 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-21 18:42 . 2009-02-09 10:56 680448 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-21 18:42 . 2009-02-09 10:56 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-21 18:42 . 2009-02-09 10:56 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-21 18:42 . 2009-02-09 10:56 710656 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-21 18:39 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb 2009-04-21 18:39 . 2008-04-21 21:16 217088 -c----w c:\windows\system32\dllcache\wordpad.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-23 01:45 . 2009-04-23 01:19 444 ----a-w C:\aaw7boot.log 2009-04-22 22:13 . 2009-04-22 22:13 -------- d-----w c:\programfiler\Lavasoft 2009-04-22 22:04 . 2006-01-06 18:34 -------- d-----w c:\documents and settings\Kurt\Programdata\Lavasoft 2009-04-22 20:32 . 2009-04-22 01:43 -------- d-----w c:\programfiler\TuneUp Utilities 2009 2009-04-22 20:20 . 2006-01-02 15:00 26592 ----a-w c:\documents and settings\Kurt\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT 2009-04-22 05:04 . 2009-04-22 05:02 -------- d-----w c:\programfiler\Spybot - Search & Destroy 2009-04-22 01:35 . 2009-04-22 01:35 -------- d-----w c:\programfiler\CDBurnerXP 2009-04-22 01:04 . 2009-04-22 01:04 -------- d-----w c:\programfiler\Microsoft Silverlight 2009-04-22 00:09 . 2003-08-01 18:58 456904 ----a-w c:\windows\system32\perfh014.dat 2009-04-22 00:09 . 2003-08-01 18:58 84058 ----a-w c:\windows\system32\perfc014.dat 2009-04-21 23:51 . 2009-04-21 23:51 -------- d-----w c:\programfiler\Microsoft CAPICOM 2.1.0.2 2009-04-21 22:25 . 2009-04-21 22:25 -------- d-----w c:\programfiler\MSBuild 2009-04-21 22:24 . 2009-04-21 22:24 -------- d-----w c:\programfiler\Reference Assemblies 2009-04-21 21:39 . 2009-04-21 21:39 -------- d-----w c:\programfiler\Windows Desktop Search 2009-04-21 20:36 . 2009-04-21 20:36 -------- d-----w c:\programfiler\Malwarebytes' Anti-Malware 2009-04-21 20:35 . 2009-02-04 22:02 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF 2009-04-21 20:35 . 2009-02-04 22:02 7386 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT 2009-04-21 20:35 . 2009-02-04 22:02 60808 ----a-w c:\windows\system32\S32EVNT1.DLL 2009-04-21 20:35 . 2009-02-04 22:02 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS 2009-04-21 20:35 . 2006-01-06 11:58 -------- d-----w c:\programfiler\Symantec 2009-04-21 20:18 . 2009-04-21 20:18 -------- d-----w c:\programfiler\Burrrn 2009-04-21 20:04 . 2009-04-21 20:04 -------- d-----w c:\programfiler\Unlocker 2009-04-21 18:48 . 2009-04-21 18:48 -------- d-----w c:\programfiler\CCleaner 2009-04-21 18:17 . 2009-03-17 21:42 -------- d-----w c:\programfiler\SUPERAntiSpyware 2009-03-17 22:40 . 2009-03-17 22:40 -------- d-----w c:\documents and settings\Administrator.KURT\Programdata\SUPERAntiSpyware.com 2009-03-17 21:43 . 2009-03-17 21:43 -------- d-----w c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com 2009-03-17 21:42 . 2009-03-17 21:42 -------- d-----w c:\documents and settings\Kurt\Programdata\SUPERAntiSpyware.com 2009-03-17 21:42 . 2009-03-17 21:42 -------- d-----w c:\programfiler\Fellesfiler\Wise Installation Wizard 2009-03-08 02:34 . 2003-08-01 19:09 914944 ----a-w c:\windows\system32\wininet.dll 2009-03-08 02:34 . 2003-08-01 18:49 43008 ----a-w c:\windows\system32\licmgr10.dll 2009-03-08 02:33 . 2003-08-01 18:43 18944 ----a-w c:\windows\system32\corpol.dll 2009-03-08 02:33 . 2003-08-01 19:07 420352 ----a-w c:\windows\system32\vbscript.dll 2009-03-08 02:32 . 2003-08-01 18:41 72704 ----a-w c:\windows\system32\admparse.dll 2009-03-08 02:32 . 2003-08-01 18:47 71680 ----a-w c:\windows\system32\iesetup.dll 2009-03-08 02:31 . 2003-08-01 18:48 34816 ----a-w c:\windows\system32\imgutil.dll 2009-03-08 02:31 . 2003-08-01 18:53 48128 ----a-w c:\windows\system32\mshtmler.dll 2009-03-08 02:31 . 2003-08-01 18:53 45568 ----a-w c:\windows\system32\mshta.exe 2009-03-08 02:22 . 2003-08-01 18:53 156160 ----a-w c:\windows\system32\msls31.dll 2009-03-06 14:24 . 2003-08-01 18:58 284160 ----a-w c:\windows\system32\pdh.dll 2009-02-09 14:08 . 2003-08-01 19:09 1846784 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:27 . 2002-09-09 14:07 2025984 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-09 11:27 . 2003-08-01 18:57 2147328 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-09 11:27 . 2003-08-01 19:01 111104 ----a-w c:\windows\system32\services.exe 2009-02-09 10:56 . 2003-08-01 19:00 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 10:56 . 2003-08-01 18:50 729088 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 10:56 . 2003-08-01 18:57 710656 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 10:56 . 2003-08-01 18:41 680448 ----a-w c:\windows\system32\advapi32.dll 2009-02-06 10:39 . 2003-08-01 19:01 35328 ----a-w c:\windows\system32\sc.exe 2009-02-03 19:59 . 2003-08-01 19:01 56832 ----a-w c:\windows\system32\secur32.dll 2006-06-01 15:59 . 2006-06-01 15:59 1048678 ----a-w c:\documents and settings\Kurt\Programdata\download.tmp 2008-10-25 09:03 . 2008-10-25 09:03 32768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008102520081026\index.dat . ------- Sigcheck ------- [-] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys [-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys [-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys [7] 2004-11-02 14:40 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys [-] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys [-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys [7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys [-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB951748_0$\tcpip.sys [-] 2008-04-13 19:20 361344 ACCF5A9A1FFAA490F33DBA1C632B95E1 c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\SoftwareDistribution\Download\12ab10b7a663fe2dcf206942c5cd93f4\sp2gdr\tcpip.sys [-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\SoftwareDistribution\Download\12ab10b7a663fe2dcf206942c5cd93f4\sp2qfe\tcpip.sys [-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\drivers\tcpip.sys . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232] "SUPERAntiSpyware"="c:\programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-21 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "Ad-Watch"="c:\programfiler\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-22 516440] "AsioReg"="CTASIO.DLL" - c:\windows\system32\CTASIO.DLL [2003-02-20 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] "Nokia.PCSync"="c:\programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Microsoft Office.lnk - c:\programfiler\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] Windows Search.lnk - c:\programfiler\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 10:05 356352 ----a-w c:\programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0stera\0lsdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Telenor\\Telenorhjelpen\\Telenor.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programfiler\Lavasoft\Ad-Aware\AAWService.exe [2009-04-22 953168] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-22 64160] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.087\SYMEFA.SYS [2009-03-12 310320] S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1005000.087\BHDrvx86.sys [2009-03-12 258608] S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1005000.087\ccHPx86.sys [2009-04-21 482352] S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090414.001\IDSxpx86.sys [2009-01-29 276344] S1 SASDIFSV;SASDIFSV;c:\programfiler\SUPERAntiSpyware\SASDIFSV.SYS [2009-04-21 9968] S1 SASKUTIL;SASKUTIL;c:\programfiler\SUPERAntiSpyware\SASKUTIL.sys [2009-02-17 55024] S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;c:\programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 100032] S2 Norton Internet Security;Norton Internet Security;c:\programfiler\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [2009-03-12 115560] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-04-21 101936] S3 SASENUM;SASENUM;c:\programfiler\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com c: \Shell\Open\command - resycled\boot.com c: . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-04-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\programfiler\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 22:15] . - - - - TOMME PEKERE FJERNET - - - - WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file) . ------- Tilleggsskanning ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mWindow Title = Microsoft Internet Explorer uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://www.google.com/search?q=%s TCP: {A315536C-CC14-43FC-861D-D89155378FD2} = 64.86.16.3,64.86.16.99 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-23 03:50 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\programfiler\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\programfiler\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1" . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] @DACL=(02 0000) "Installed"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] @DACL=(02 0000) "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] @DACL=(02 0000) "Installed"="1" . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(984) c:\programfiler\SUPERAntiSpyware\SASWINLO.dll - - - - - - - > 'explorer.exe'(3228) c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\programfiler\Nokia\Nokia PC Suite 6\PhoneBrowser.dll c:\programfiler\Nokia\Nokia PC Suite 6\PCSCM.dll c:\programfiler\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_nor.nlr c:\programfiler\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\system32\brss01a.exe c:\windows\system32\Brmfrmps.exe c:\windows\system32\CTSVCCDA.EXE c:\programfiler\CDBurnerXP\NMSAccessU.exe c:\windows\system32\MsPMSPSv.exe c:\windows\system32\searchindexer.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Tidspunkt ferdig: 2009-04-23 3:55 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-04-23 01:55 Pre-Run: 36 895 936 512 byte ledig Post-Run: 37 263 564 800 byte ledig Der er combofix-loggen. Lenke til kommentar
snippsat Skrevet 23. april 2009 Del Skrevet 23. april 2009 (endret) fmj loggen ser bra ut,combofix fjernet litt grums. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Sjekk om software er oppdatert Secunia Surf trygt. Endret 23. april 2009 av SNIPPSAT Lenke til kommentar
^fmj Skrevet 23. april 2009 Forfatter Del Skrevet 23. april 2009 Takker. Windows defender fant faktisk en Trojan Zlob etter at jeg hadde kjørt combofix. Den sletta en exe-fil som lå på skrivebordet. Mener det var en installasjonsfil til et eller annet dvd-program e.l. Lenke til kommentar
snippsat Skrevet 23. april 2009 Del Skrevet 23. april 2009 CCola Kopiere fet tekst under bildet->åpne notisblokk og lim inn. Lagre på skrivebordet som CFScript.txt Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt Driver:: SetupNTGLM7X --- Jeg trenger ikke noe ny logg,du kan sjekke at denne linjen blir borte. R3 SetupNTGLM7X;SetupNTGLM7X; [x] Er den borte følger du post #5 Lenke til kommentar
^fmj Skrevet 23. april 2009 Forfatter Del Skrevet 23. april 2009 Hvis man vil beholde combofix, så gjør vel ikke det noe heller, bare man laster ned siste versjon hvis man kjører det igjen? Lenke til kommentar
snippsat Skrevet 23. april 2009 Del Skrevet 23. april 2009 Du beholder ikke den versjonen du har,det er viktig at du avinstallere den for og få ryddet opp. Får du problemer senere laster du ned på nytt,p.g.a combofix blir oppdatert med jevne mellomrom. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå