Gå til innhold

» Data » IKT-drift og sikkerhet

Merkelige problemer, antivirus finner ikke noe. Logger i tråden.

Powerbeyond

Av Powerbeyond
28. mai 2009 i IKT-drift og sikkerhet

Anbefalte innlegg

Powerbeyond

Powerbeyond

Skrevet 28. mai 2009

- Del

Skrevet 28. mai 2009

Har hatt noen merkelige problemer i det siste med PC'n og antivirus programmet finner ikke noe. Er en rekke merkelige problemer som dukker opp ganske ofte, f.eks at jeg ikke får til å trykke på noe på skjermen. Går som regel bort etter at jeg ctrl+alt delete og starter task manager, men kommer tilbake etter noen minutter.

Setter pris på om noen kunne ha hjulpet meg.

Her er loggene fra combofix og malware greia:

Malwarebytes' Anti-Malware 1.37

Databaseversjon: 2187

Windows 6.0.6001 Service Pack 1

28/05/2009 14:57:55

mbam-log-2009-05-28 (14-57-55).txt

Skanntype: Rask Skann

Objekter skannet: 77474

Tid tilbakelagt: 3 minute(s), 15 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

(Ingen mistenkelige filer funnet)

ComboFix 09-05-26.05 - xBornToLosex 28/05/2009 14:53.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3069.1508 [GMT 2:00]

Running from: c:\users\xBornToLosex\Downloads\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

D:\Desktop.ini

.

((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-28 )))))))))))))))))))))))))))))))

.

2009-05-28 12:29 . 2009-05-28 12:29 -------- d-----w c:\users\xBornToLosex\AppData\Roaming\Malwarebytes

2009-05-28 12:29 . 2009-05-26 11:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-28 12:29 . 2009-05-28 12:29 -------- d-----w c:\programdata\Malwarebytes

2009-05-28 12:29 . 2009-05-28 12:29 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-05-28 12:29 . 2009-05-26 11:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys

2009-05-26 00:12 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{829B22D0-AADC-4536-B29B-750DB3BC03B0}\mpengine.dll

2009-05-21 06:55 . 2009-05-05 13:48 2051864 ----a-w c:\programdata\avg8\update\backup\avgcorex.dll

2009-05-21 06:55 . 2009-05-05 13:48 424472 ----a-w c:\programdata\avg8\update\backup\avgwdwsc.dll

2009-05-21 06:55 . 2009-05-05 13:49 312088 ----a-w c:\programdata\avg8\update\backup\avglngx.dll

2009-05-21 06:55 . 2009-05-05 13:48 486168 ----a-w c:\programdata\avg8\update\backup\avgrsx.exe

2009-05-21 06:55 . 2009-05-05 13:48 177432 ----a-w c:\programdata\avg8\update\backup\avgmail.dll

2009-05-21 06:55 . 2009-05-05 13:47 3288344 ----a-w c:\programdata\avg8\update\backup\setup.exe

2009-05-21 06:54 . 2009-05-05 13:48 1437464 ----a-w c:\programdata\avg8\update\backup\avgupd.dll

2009-05-21 06:54 . 2009-05-05 13:47 755992 ----a-w c:\programdata\avg8\update\backup\avginet.dll

2009-05-20 23:29 . 2009-05-20 23:29 -------- d-----w c:\program files\AutoHotkey

2009-05-17 03:21 . 2009-05-05 13:47 3399960 ----a-w c:\programdata\avg8\update\backup\avgui.exe

2009-05-17 03:21 . 2009-05-05 13:47 2302232 ----a-w c:\programdata\avg8\update\backup\avguiadv.dll

2009-05-12 12:44 . 2008-06-19 15:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys

2009-05-12 12:44 . 2009-05-12 12:44 -------- d-----w c:\program files\Panda Security

2009-05-05 13:45 . 2009-05-05 13:45 -------- d-----w c:\program files\7-Zip

2009-04-30 17:24 . 2009-04-30 17:24 -------- d-----w c:\program files\RVG Software

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-28 12:30 . 2009-01-03 17:00 -------- d-----w c:\users\xBornToLosex\AppData\Roaming\Skype

2009-05-28 12:16 . 2009-01-03 17:01 -------- d-----w c:\users\xBornToLosex\AppData\Roaming\skypePM

2009-05-27 12:23 . 2009-01-06 23:50 -------- d-----w c:\program files\Steam

2009-05-27 12:07 . 2009-01-06 23:50 -------- d-----w c:\program files\Common Files\Steam

2009-05-14 01:04 . 2008-05-21 18:20 -------- d-----w c:\programdata\Microsoft Help

2009-05-14 01:00 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail

2009-05-05 13:49 . 2009-02-27 01:13 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys

2009-05-05 13:49 . 2009-02-27 01:13 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys

2009-05-05 13:49 . 2009-02-27 01:13 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys

2009-05-05 13:47 . 2009-02-27 01:14 11952 ----a-w c:\windows\system32\avgrsstx.dll

2009-05-05 13:46 . 2009-02-27 01:13 -------- d-----w c:\programdata\avg8

2009-04-25 13:14 . 2009-01-07 01:07 -------- d-----w c:\users\xBornToLosex\AppData\Roaming\Azureus

2009-04-24 09:19 . 2008-12-28 01:30 -------- d-----w c:\program files\Full Tilt Poker

2009-04-24 00:43 . 2009-01-02 21:44 -------- d-----w c:\program files\PokerStars

2009-04-18 13:13 . 2009-04-18 13:06 -------- d-----w c:\users\xBornToLosex\AppData\Roaming\dvdcss

2009-04-13 09:36 . 2009-01-07 01:01 -------- d-----w c:\program files\Vuze

2009-03-31 13:35 . 2009-05-05 17:52 17160 ----a-w c:\windows\Help\OEM\scripts\HC_TotalCareAdvisorUpdate.exe

2009-03-30 15:30 . 2009-05-05 17:52 17160 ----a-w c:\windows\Help\OEM\scripts\HC_DanzkaDubraBIOSUpdate.exe

2009-03-17 03:38 . 2009-04-17 06:50 13824 ----a-w c:\windows\system32\apilogen.dll

2009-03-17 03:38 . 2009-04-17 06:50 24064 ----a-w c:\windows\system32\amxread.dll

2009-03-06 16:12 . 2008-04-16 21:25 21256 ----a-w c:\windows\Help\OEM\scripts\HPScript.exe

2009-03-05 11:29 . 2009-03-24 18:37 16648 ----a-w c:\windows\Help\OEM\scripts\HC_ProtectSmartPatch.exe

2009-03-03 04:46 . 2009-04-17 06:51 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-03-03 04:46 . 2009-04-17 06:51 3547632 ----a-w c:\windows\system32\ntoskrnl.exe

2009-03-03 04:40 . 2009-04-17 06:50 827392 ----a-w c:\windows\system32\wininet.dll

2009-03-03 04:39 . 2009-04-17 06:51 183296 ----a-w c:\windows\system32\sdohlp.dll

2009-03-03 04:39 . 2009-04-17 06:51 551424 ----a-w c:\windows\system32\rpcss.dll

2009-03-03 04:39 . 2009-04-17 06:51 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll

2009-03-03 04:37 . 2009-04-17 06:50 78336 ----a-w c:\windows\system32\ieencode.dll

2009-03-03 04:37 . 2009-04-17 06:51 98304 ----a-w c:\windows\system32\iasrecst.dll

2009-03-03 04:37 . 2009-04-17 06:51 54784 ----a-w c:\windows\system32\iasads.dll

2009-03-03 04:37 . 2009-04-17 06:51 44032 ----a-w c:\windows\system32\iasdatastore.dll

2009-03-03 03:04 . 2009-04-17 06:51 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe

2009-03-03 02:38 . 2009-04-17 06:51 17408 ----a-w c:\windows\system32\iashost.exe

2009-03-03 02:28 . 2009-04-17 06:50 26624 ----a-w c:\windows\system32\ieUnatt.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"Steam"="c:\program files\Steam\Steam.exe" [2009-05-20 1217784]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]

"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-17 1033512]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-16 442433]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-05-15 468264]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]

"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-02 554288]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-11 136600]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-05 1947928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{55482F75-03EC-460F-8C26-275DA9848696}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play

"{674ED21E-0063-4DD2-B887-DD5FDE92DBC1}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"{F114D74C-51BB-4DBD-BCB2-98BCE3F5B4B6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{7E02B96C-E4BF-4C63-87FE-5FE71CDF8388}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{7F155EA3-F419-4B1D-B90C-DE2763817FE0}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{E5C28D8B-9875-40CA-B1FD-DB427D80D4AE}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{1A4AAEF0-0A75-493F-AF77-3263F549E2B7}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{C5A301D4-853A-415C-92CC-85D46D93F1D2}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{28808D58-FD4D-40F4-AC2D-9FB9A644258A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{EEB64222-060C-41FD-BD96-1413494B2880}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"{AEA5FC36-22F8-47A9-AE83-E659740FD4FC}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe

"{73BD5CD8-2F3E-4F5E-9336-A5E03D3E3538}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

"{1D5CCC63-D6BA-4E8F-8D39-E5F630AB8921}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

"{F682C1F3-8EB1-47E0-8B21-5D15BC519C01}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1

"{A06E19FA-9764-4C4D-AB81-92863A81B2BE}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1

"TCP Query User{5676D07F-CFBE-4E9B-BCB0-21F984CA01E0}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus

"UDP Query User{87BAFEC6-E97B-4264-8DC3-F606C5CE3B50}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus

"{36747406-18EC-432A-8D4A-757EBD438B45}"= c:\program files\Skype\Phone\Skype.exe:Skype

R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\System32\drivers\Amddfltr.sys [27/09/2008 11:48 15416]

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [12/05/2009 14:44 28544]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [27/02/2009 03:13 325896]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [27/02/2009 03:13 108552]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\AEstSrv.exe [27/09/2008 11:43 73728]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [27/02/2009 03:13 908568]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [27/02/2009 03:13 298776]

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 04:23 21504]

R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [19/03/2008 01:24 19456]

R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [19/09/2008 04:03 65536]

R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [21/05/2008 20:40 341328]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [21/05/2008 19:28 193840]

R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [23/01/2008 23:23 52736]

R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [01/04/2008 13:14 81296]

S3 B-Service;B-Service;c:\users\xBornToLosex\AppData\Roaming\Mikogo\B-Service.exe [07/01/2009 01:38 185640]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys

.

------- Supplementary Scan -------

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_mt&c=83&bd=Pavilion&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_mt&c=83&bd=Pavilion&pf=cnnb

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\xBornToLosex\AppData\Roaming\Mozilla\Firefox\Profiles\1l3hp8ug.default\

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-28 14:57

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

Completion time: 2009-05-28 14:59

ComboFix-quarantined-files.txt 2009-05-28 12:58

Pre-Run: 102,454,341,632 bytes free

Post-Run: 102,836,805,632 bytes free

190 --- E O F --- 2009-05-18 18:30

Lenke til kommentar

Videoannonse

Annonse

Powerbeyond

Powerbeyond

Skrevet 30. mai 2009

Forfatter

- Del

Skrevet 30. mai 2009

Ingen som finner noe?

Lenke til kommentar

snippsat

snippsat

Skrevet 30. mai 2009

- Del

Skrevet 30. mai 2009

Det ser bra ut.

Prøv og rydde litt.

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

Last ned kjør CCleaner

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør register-renser "svar ja til og reparere" --> backup svar ja når du blir spørt.

Kjør register-renser et par ganger til alle feil er borte.

Auslogics Disk Defrag(gratis)

http://www.auslogics.com/en/software/disk-defrag

Se om dette hjelper.

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå

Gå til emneliste

Populær nå
- Marius Borg Høiby og vold 1 2 3 4 61
  
  Av Gargantua, 15. august i Media
  - 1 210 svar
  - 61 168 visninger
Hvem er aktive 0 medlemmer
- Ingen innloggede medlemmer aktive

×

×

Opprett ny...