raWrz Skrevet 23. november 2008 Del Skrevet 23. november 2008 Trykk Start - Alle Programmer - Tilbehør - Notisblokk Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken: Klikk for å se/fjerne innholdet nedenfor File:: C:\ytex.exe C:\ossgjds.exe c:\windows\85it.exe c:\windows\system32\usykln.exe c:\windows\system32\fygtsi.exe c:\windows\system32\cgjkgh.exe c:\windows\system32\snxvib.exe c:\windows\system32\nmksgp.exe c:\windows\system32\genzpq.exe c:\windows\system32\wimjtm.exe c:\windows\system32\bzdnsc.exe c:\windows\system32\wkeprn.exe c:\windows\system32\qwxdht.exe c:\windows\system32\cxsmdo.exe c:\windows\system32\ljnqyi.exe C:\rawbotzz.exe c:\windows\wswc.exe C:\ojd.exe C:\newver.exe C:\nigggggz.exe C:\blazzzzzer.exe C:\odfhss.exe C:\rrrr.exe C:\ddd.exe c:\windows\system32\bsnotz.exe c:\windows\tomanders94Picture25675480163.JPG-imageshack.scr.zip c:\windows\vikke_1994Picture86516684388.JPG-imageshack.scr.zip c:\windows\renate.144Picture11486233133.JPG-imageshack.scr.zip c:\windows\martine.tnPicture86860316168.JPG-imageshack.scr.zip c:\windows\kristin_94Picture82130148248.JPG-imageshack.scr.zip c:\windows\iselin496Picture20682140412.JPG-imageshack.scr.zip c:\windows\helgasonPicture51162053824.JPG-imageshack.scr.zip c:\windows\c_fugloePicture62404454568.JPG-imageshack.scr.zip c:\windows\alex-b94Picture37365051676.JPG-imageshack.scr.zip c:\windows\solfrid_pus_94Picture35005412663.JPG-imageshack.scr.zip c:\windows\marthegogstadPicture77281870885.JPG-imageshack.scr.zip c:\windows\siriogsandraPicture66110014781.JPG-imageshack.scr.zip c:\windows\lineline_93Picture61255678865.JPG-imageshack.scr.zip c:\windows\lauraPicture00416408478.JPG-imageshack.scr.zip c:\windows\kristin_94Picture73823430437.JPG-imageshack.scr.zip c:\windows\frieda-94Picture42713372273.JPG-imageshack.scr.zip c:\windows\tutta.94Picture38547300858.JPG-imageshack.scr.zip c:\windows\c_fugloePicture65310315223.JPG-imageshack.scr.zip c:\windows\hlsolbjorg_crysisPicture85061702308.JPG-imageshack.scr.zip c:\windows\brudevold_rogerPicture32386622513.JPG-imageshack.scr.zip c:\windows\alpin_jenta123Picture67388782135.JPG-imageshack.scr.zip c:\windows\marthegogstadPicture80853733542.JPG-imageshack.scr.zip c:\windows\siriogsandraPicture05480345407.JPG-imageshack.scr.zip c:\windows\tomanders94Picture60407158800.JPG-imageshack.scr.zip c:\windows\lineline_93Picture48361240337.JPG-imageshack.scr.zip c:\windows\k.h.s_94Picture04082236534.JPG-imageshack.scr.zip c:\windows\helgasonPicture30685464611.JPG-imageshack.scr.zip c:\windows\kristin_94Picture18764180401.JPG-imageshack.scr.zip c:\windows\frieda-94Picture66663043146.JPG-imageshack.scr.zip c:\windows\tutta.94Picture23610445353.JPG-imageshack.scr.zip c:\windows\helgasonPicture61718027345.JPG-imageshack.scr.zip c:\windows\c_fugloePicture62330278162.JPG-imageshack.scr.zip c:\windows\hlsolbjorg_crysisPicture50405385530.JPG-imageshack.scr.zip c:\windows\marthegogstadPicture37406685562.JPG-imageshack.scr.zip c:\windows\siriogsandraPicture31561760652.JPG-imageshack.scr.zip c:\windows\tomanders94Picture48738327277.JPG-imageshack.scr.zip c:\windows\lineline_93Picture25732741030.JPG-imageshack.scr.zip c:\windows\hlsolbjorg_crysisPicture41003718824.JPG-imageshack.scr.zip c:\windows\veronicajenta96Picture15378147512.JPG-imageshack.scr.zip c:\windows\heidithg_94_Picture17031311132.JPG-imageshack.scr.zip c:\windows\tomanders94Picture60664386002.JPG-imageshack.scr.zip c:\windows\kristin_94Picture25357602113.JPG-imageshack.scr.zip c:\windows\frieda-94Picture70643051601.JPG-imageshack.scr.zip c:\windows\tutta.94Picture05882047270.JPG-imageshack.scr.zip c:\windows\helgasonPicture62326440631.JPG-imageshack.scr.zip c:\windows\c_fugloePicture48533703346.JPG-imageshack.scr.zip c:\windows\marthegogstadPicture52882485837.JPG-imageshack.scr.zip c:\windows\hanna_smil94Picture67812672704.JPG-imageshack.scr.zip c:\windows\lineline_93Picture70187206115.JPG-imageshack.scr.zip c:\windows\juliermaPicture76580328066.JPG-imageshack.scr.zip c:\windows\hlsolbjorg_crysisPicture7525435.JPG-imageshack.com.zip c:\windows\renate.144Picture7525435.JPG-imageshack.com.zip c:\windows\c_fugloePicture7525435.JPG-imageshack.com.zip c:\windows\balder-love-94Picture7525435.JPG-imageshack.com.zip c:\windows\maddesnuppaPicture7525435.JPG-imageshack.com.zip c:\windows\juliermaPicture7525435.JPG-imageshack.com.zip c:\windows\kristin_94Picture07243347623.JPG-imageshack.scr.zip c:\windows\tutta.94Picture15440885311.JPG-imageshack.scr.zip c:\windows\c_fugloePicture35660762703.JPG-imageshack.scr.zip c:\windows\hlsolbjorg_crysisPicture67547444025.JPG-imageshack.scr.zip c:\windows\veronicajenta96Picture31774543851.JPG-imageshack.scr.zip c:\windows\sofiemyklebostPicture35188314800.JPG-imageshack.scr.zip c:\windows\tomanders94Picture47503641483.JPG-imageshack.scr.zip c:\windows\maddesnuppaPicture40237434837.JPG-imageshack.scr.zip c:\windows\lineline_93Picture73405838070.JPG-imageshack.scr.zip c:\windows\frk.dammenPicture75303665282.JPG-imageshack.scr.zip c:\windows\juliermaPicture63751225064.JPG-imageshack.scr.zip c:\windows\helgasonPicture17087751648.JPG-imageshack.scr.zip c:\windows\cathrineliiciousx3Picture7525435.JPG-imageshack.com.zip c:\windows\heltsykt_henrikPicture7525435.JPG-imageshack.com.zip c:\windows\brudevold_rogerPicture7525435.JPG-imageshack.com.zip c:\windows\alpin_jenta123Picture7525435.JPG-imageshack.com.zip c:\windows\hanne94_rbkPicture7525435.JPG-imageshack.com.zip c:\windows\elinor94-Picture7525435.JPG-imageshack.com.zip c:\windows\veronicajenta96Picture7525435.JPG-imageshack.com.zip c:\windows\trinelise94Picture7525435.JPG-imageshack.com.zip c:\windows\sissi_dansePicture7525435.JPG-imageshack.com.zip c:\windows\reber127Picture7525435.JPG-imageshack.com.zip c:\windows\system32\helper.xml Lagre det som CFScript på Skrivebordet Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser. Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang. Post innholdet til ComboFix.txt inn i ditt neste svar på forumet. Lenke til kommentar
HLSolbjorg Skrevet 23. november 2008 Del Skrevet 23. november 2008 ComboFix 08-11-22.02 - Administrator 2008-11-23 17:33:34.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.176 [GMT 1:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt * Created a new restore point FILE :: C:\blazzzzzer.exe C:\ddd.exe C:\newver.exe C:\nigggggz.exe C:\odfhss.exe C:\ojd.exe C:\ossgjds.exe C:\rawbotzz.exe C:\rrrr.exe c:\windows\85it.exe c:\windows\alex-b94Picture37365051676.JPG-imageshack.scr.zip c:\windows\alpin_jenta123Picture67388782135.JPG-imageshack.scr.zip c:\windows\alpin_jenta123Picture7525435.JPG-imageshack.com.zip c:\windows\balder-love-94Picture7525435.JPG-imageshack.com.zip c:\windows\brudevold_rogerPicture32386622513.JPG-imageshack.scr.zip c:\windows\brudevold_rogerPicture7525435.JPG-imageshack.com.zip c:\windows\c_fugloePicture35660762703.JPG-imageshack.scr.zip c:\windows\c_fugloePicture48533703346.JPG-imageshack.scr.zip c:\windows\c_fugloePicture62330278162.JPG-imageshack.scr.zip c:\windows\c_fugloePicture62404454568.JPG-imageshack.scr.zip c:\windows\c_fugloePicture65310315223.JPG-imageshack.scr.zip c:\windows\c_fugloePicture7525435.JPG-imageshack.com.zip c:\windows\cathrineliiciousx3Picture7525435.JPG-imageshack.com.zip c:\windows\elinor94-Picture7525435.JPG-imageshack.com.zip c:\windows\frieda-94Picture42713372273.JPG-imageshack.scr.zip c:\windows\frieda-94Picture66663043146.JPG-imageshack.scr.zip c:\windows\frieda-94Picture70643051601.JPG-imageshack.scr.zip c:\windows\frk.dammenPicture75303665282.JPG-imageshack.scr.zip c:\windows\hanna_smil94Picture67812672704.JPG-imageshack.scr.zip c:\windows\hanne94_rbkPicture7525435.JPG-imageshack.com.zip c:\windows\heidithg_94_Picture17031311132.JPG-imageshack.scr.zip c:\windows\helgasonPicture17087751648.JPG-imageshack.scr.zip c:\windows\helgasonPicture30685464611.JPG-imageshack.scr.zip c:\windows\helgasonPicture51162053824.JPG-imageshack.scr.zip c:\windows\helgasonPicture61718027345.JPG-imageshack.scr.zip c:\windows\helgasonPicture62326440631.JPG-imageshack.scr.zip c:\windows\heltsykt_henrikPicture7525435.JPG-imageshack.com.zip c:\windows\hlsolbjorg_crysisPicture41003718824.JPG-imageshack.scr.zip c:\windows\hlsolbjorg_crysisPicture50405385530.JPG-imageshack.scr.zip c:\windows\hlsolbjorg_crysisPicture67547444025.JPG-imageshack.scr.zip c:\windows\hlsolbjorg_crysisPicture7525435.JPG-imageshack.com.zip c:\windows\hlsolbjorg_crysisPicture85061702308.JPG-imageshack.scr.zip c:\windows\iselin496Picture20682140412.JPG-imageshack.scr.zip c:\windows\juliermaPicture63751225064.JPG-imageshack.scr.zip c:\windows\juliermaPicture7525435.JPG-imageshack.com.zip c:\windows\juliermaPicture76580328066.JPG-imageshack.scr.zip c:\windows\k.h.s_94Picture04082236534.JPG-imageshack.scr.zip c:\windows\kristin_94Picture07243347623.JPG-imageshack.scr.zip c:\windows\kristin_94Picture18764180401.JPG-imageshack.scr.zip c:\windows\kristin_94Picture25357602113.JPG-imageshack.scr.zip c:\windows\kristin_94Picture73823430437.JPG-imageshack.scr.zip c:\windows\kristin_94Picture82130148248.JPG-imageshack.scr.zip c:\windows\lauraPicture00416408478.JPG-imageshack.scr.zip c:\windows\lineline_93Picture25732741030.JPG-imageshack.scr.zip c:\windows\lineline_93Picture48361240337.JPG-imageshack.scr.zip c:\windows\lineline_93Picture61255678865.JPG-imageshack.scr.zip c:\windows\lineline_93Picture70187206115.JPG-imageshack.scr.zip c:\windows\lineline_93Picture73405838070.JPG-imageshack.scr.zip c:\windows\maddesnuppaPicture40237434837.JPG-imageshack.scr.zip c:\windows\maddesnuppaPicture7525435.JPG-imageshack.com.zip c:\windows\marthegogstadPicture37406685562.JPG-imageshack.scr.zip c:\windows\marthegogstadPicture52882485837.JPG-imageshack.scr.zip c:\windows\marthegogstadPicture77281870885.JPG-imageshack.scr.zip c:\windows\marthegogstadPicture80853733542.JPG-imageshack.scr.zip c:\windows\martine.tnPicture86860316168.JPG-imageshack.scr.zip c:\windows\reber127Picture7525435.JPG-imageshack.com.zip c:\windows\renate.144Picture11486233133.JPG-imageshack.scr.zip c:\windows\renate.144Picture7525435.JPG-imageshack.com.zip c:\windows\siriogsandraPicture05480345407.JPG-imageshack.scr.zip c:\windows\siriogsandraPicture31561760652.JPG-imageshack.scr.zip c:\windows\siriogsandraPicture66110014781.JPG-imageshack.scr.zip c:\windows\sissi_dansePicture7525435.JPG-imageshack.com.zip c:\windows\sofiemyklebostPicture35188314800.JPG-imageshack.scr.zip c:\windows\solfrid_pus_94Picture35005412663.JPG-imageshack.scr.zip c:\windows\system32\bsnotz.exe c:\windows\system32\bzdnsc.exe c:\windows\system32\cgjkgh.exe c:\windows\system32\cxsmdo.exe c:\windows\system32\fygtsi.exe c:\windows\system32\genzpq.exe c:\windows\system32\helper.xml c:\windows\system32\ljnqyi.exe c:\windows\system32\nmksgp.exe c:\windows\system32\qwxdht.exe c:\windows\system32\snxvib.exe c:\windows\system32\usykln.exe c:\windows\system32\wimjtm.exe c:\windows\system32\wkeprn.exe c:\windows\tomanders94Picture25675480163.JPG-imageshack.scr.zip c:\windows\tomanders94Picture47503641483.JPG-imageshack.scr.zip c:\windows\tomanders94Picture48738327277.JPG-imageshack.scr.zip c:\windows\tomanders94Picture60407158800.JPG-imageshack.scr.zip c:\windows\tomanders94Picture60664386002.JPG-imageshack.scr.zip c:\windows\trinelise94Picture7525435.JPG-imageshack.com.zip c:\windows\tutta.94Picture05882047270.JPG-imageshack.scr.zip c:\windows\tutta.94Picture15440885311.JPG-imageshack.scr.zip c:\windows\tutta.94Picture23610445353.JPG-imageshack.scr.zip c:\windows\tutta.94Picture38547300858.JPG-imageshack.scr.zip c:\windows\veronicajenta96Picture15378147512.JPG-imageshack.scr.zip c:\windows\veronicajenta96Picture31774543851.JPG-imageshack.scr.zip c:\windows\veronicajenta96Picture7525435.JPG-imageshack.com.zip c:\windows\vikke_1994Picture86516684388.JPG-imageshack.scr.zip c:\windows\wswc.exe C:\ytex.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\blazer233.txt C:\newver.exe C:\nigggggz.exe C:\odfhss.exe C:\ojd.exe C:\ossgjds.exe C:\rawbotzz.exe C:\rrrr.exe c:\windows\85it.exe c:\windows\alex-b94Picture37365051676.JPG-imageshack.scr.zip c:\windows\alpin_jenta123Picture67388782135.JPG-imageshack.scr.zip c:\windows\alpin_jenta123Picture7525435.JPG-imageshack.com.zip c:\windows\balder-love-94Picture7525435.JPG-imageshack.com.zip c:\windows\brudevold_rogerPicture32386622513.JPG-imageshack.scr.zip c:\windows\brudevold_rogerPicture7525435.JPG-imageshack.com.zip c:\windows\c_fugloePicture35660762703.JPG-imageshack.scr.zip c:\windows\c_fugloePicture48533703346.JPG-imageshack.scr.zip c:\windows\c_fugloePicture62330278162.JPG-imageshack.scr.zip c:\windows\c_fugloePicture62404454568.JPG-imageshack.scr.zip c:\windows\c_fugloePicture65310315223.JPG-imageshack.scr.zip c:\windows\c_fugloePicture7525435.JPG-imageshack.com.zip c:\windows\cathrineliiciousx3Picture7525435.JPG-imageshack.com.zip c:\windows\elinor94-Picture7525435.JPG-imageshack.com.zip c:\windows\frieda-94Picture42713372273.JPG-imageshack.scr.zip c:\windows\frieda-94Picture66663043146.JPG-imageshack.scr.zip c:\windows\frieda-94Picture70643051601.JPG-imageshack.scr.zip c:\windows\frk.dammenPicture75303665282.JPG-imageshack.scr.zip c:\windows\fxstaller.exe c:\windows\hanna_smil94Picture67812672704.JPG-imageshack.scr.zip c:\windows\hanne94_rbkPicture7525435.JPG-imageshack.com.zip c:\windows\heidithg_94_Picture17031311132.JPG-imageshack.scr.zip c:\windows\helgasonPicture17087751648.JPG-imageshack.scr.zip c:\windows\helgasonPicture30685464611.JPG-imageshack.scr.zip c:\windows\helgasonPicture51162053824.JPG-imageshack.scr.zip c:\windows\helgasonPicture61718027345.JPG-imageshack.scr.zip c:\windows\helgasonPicture62326440631.JPG-imageshack.scr.zip c:\windows\heltsykt_henrikPicture7525435.JPG-imageshack.com.zip c:\windows\hlsolbjorg_crysisPicture41003718824.JPG-imageshack.scr.zip c:\windows\hlsolbjorg_crysisPicture50405385530.JPG-imageshack.scr.zip c:\windows\hlsolbjorg_crysisPicture67547444025.JPG-imageshack.scr.zip c:\windows\hlsolbjorg_crysisPicture7525435.JPG-imageshack.com.zip c:\windows\hlsolbjorg_crysisPicture85061702308.JPG-imageshack.scr.zip c:\windows\iselin496Picture20682140412.JPG-imageshack.scr.zip c:\windows\juliermaPicture63751225064.JPG-imageshack.scr.zip c:\windows\juliermaPicture7525435.JPG-imageshack.com.zip c:\windows\juliermaPicture76580328066.JPG-imageshack.scr.zip c:\windows\k.h.s_94Picture04082236534.JPG-imageshack.scr.zip c:\windows\kristin_94Picture07243347623.JPG-imageshack.scr.zip c:\windows\kristin_94Picture18764180401.JPG-imageshack.scr.zip c:\windows\kristin_94Picture25357602113.JPG-imageshack.scr.zip c:\windows\kristin_94Picture73823430437.JPG-imageshack.scr.zip c:\windows\kristin_94Picture82130148248.JPG-imageshack.scr.zip c:\windows\lauraPicture00416408478.JPG-imageshack.scr.zip c:\windows\lineline_93Picture25732741030.JPG-imageshack.scr.zip c:\windows\lineline_93Picture48361240337.JPG-imageshack.scr.zip c:\windows\lineline_93Picture61255678865.JPG-imageshack.scr.zip c:\windows\lineline_93Picture70187206115.JPG-imageshack.scr.zip c:\windows\lineline_93Picture73405838070.JPG-imageshack.scr.zip c:\windows\maddesnuppaPicture40237434837.JPG-imageshack.scr.zip c:\windows\maddesnuppaPicture7525435.JPG-imageshack.com.zip c:\windows\marthegogstadPicture37406685562.JPG-imageshack.scr.zip c:\windows\marthegogstadPicture52882485837.JPG-imageshack.scr.zip c:\windows\marthegogstadPicture77281870885.JPG-imageshack.scr.zip c:\windows\marthegogstadPicture80853733542.JPG-imageshack.scr.zip c:\windows\martine.tnPicture86860316168.JPG-imageshack.scr.zip c:\windows\reber127Picture7525435.JPG-imageshack.com.zip c:\windows\renate.144Picture11486233133.JPG-imageshack.scr.zip c:\windows\renate.144Picture7525435.JPG-imageshack.com.zip c:\windows\siriogsandraPicture05480345407.JPG-imageshack.scr.zip c:\windows\siriogsandraPicture31561760652.JPG-imageshack.scr.zip c:\windows\siriogsandraPicture66110014781.JPG-imageshack.scr.zip c:\windows\sissi_dansePicture7525435.JPG-imageshack.com.zip c:\windows\sofiemyklebostPicture35188314800.JPG-imageshack.scr.zip c:\windows\solfrid_pus_94Picture35005412663.JPG-imageshack.scr.zip c:\windows\system32\bsnotz.exe c:\windows\system32\bzdnsc.exe c:\windows\system32\cgjkgh.exe c:\windows\system32\cxsmdo.exe c:\windows\system32\fygtsi.exe c:\windows\system32\genzpq.exe c:\windows\system32\helper.xml c:\windows\system32\ljnqyi.exe c:\windows\system32\nmksgp.exe c:\windows\system32\qwxdht.exe c:\windows\system32\snxvib.exe c:\windows\system32\usykln.exe c:\windows\system32\wimjtm.exe c:\windows\system32\wkeprn.exe c:\windows\tomanders94Picture25675480163.JPG-imageshack.scr.zip c:\windows\tomanders94Picture47503641483.JPG-imageshack.scr.zip c:\windows\tomanders94Picture48738327277.JPG-imageshack.scr.zip c:\windows\tomanders94Picture60407158800.JPG-imageshack.scr.zip c:\windows\tomanders94Picture60664386002.JPG-imageshack.scr.zip c:\windows\trinelise94Picture7525435.JPG-imageshack.com.zip c:\windows\tutta.94Picture05882047270.JPG-imageshack.scr.zip c:\windows\tutta.94Picture15440885311.JPG-imageshack.scr.zip c:\windows\tutta.94Picture23610445353.JPG-imageshack.scr.zip c:\windows\tutta.94Picture38547300858.JPG-imageshack.scr.zip c:\windows\veronicajenta96Picture15378147512.JPG-imageshack.scr.zip c:\windows\veronicajenta96Picture31774543851.JPG-imageshack.scr.zip c:\windows\veronicajenta96Picture7525435.JPG-imageshack.com.zip c:\windows\vikke_1994Picture86516684388.JPG-imageshack.scr.zip c:\windows\wswc.exe C:\ytex.exe . ((((((((((((((((((((((((( Files Created from 2008-10-23 to 2008-11-23 ))))))))))))))))))))))))))))))) . 2008-11-23 16:10 . 2008-11-23 16:54 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-11-23 16:05 . 2008-11-23 16:05 <DIR> d-------- c:\windows\system32\xircom 2008-11-23 16:05 . 2008-11-23 16:05 <DIR> d-------- c:\windows\system32\oobe 2008-11-23 16:05 . 2008-11-23 16:05 <DIR> d-------- c:\windows\srchasst 2008-11-23 16:05 . 2008-11-23 16:05 <DIR> d-------- c:\program files\microsoft frontpage 2008-11-23 16:02 . 2008-11-23 16:02 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys 2008-11-23 16:02 . 2008-11-23 16:02 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys 2008-11-23 16:02 . 2008-11-23 16:02 10,520 --a------ c:\windows\system32\avgrsstx.dll 2008-11-23 16:01 . 2008-11-23 16:08 <DIR> d-------- c:\windows\system32\drivers\Avg 2008-11-23 16:01 . 2008-11-23 16:01 <DIR> d-------- c:\program files\AVG 2008-11-23 16:01 . 2008-11-23 16:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2008-11-23 15:27 . 2008-11-23 15:27 <DIR> d-------- c:\program files\Trend Micro 2008-11-23 15:04 . 2008-11-23 15:04 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-23 15:04 . 2008-11-23 15:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-23 15:04 . 2008-11-23 15:04 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2008-11-23 15:04 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-23 15:04 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-22 23:11 . 2008-11-22 23:19 358,504 --a------ C:\gavens.exe 2008-11-22 22:58 . 2008-11-22 23:00 <DIR> d-------- c:\program files\LimeWire 2008-11-22 21:23 . 2008-11-22 21:23 50,226 --a------ C:\blaowz.exe 2008-11-22 20:46 . 2008-11-23 17:07 52,786 --a------ C:\burimi.exe 2008-11-22 18:32 . 2008-11-22 18:32 31,744 ---h----- c:\windows\system32\dzzqcc.exe 2008-11-17 15:02 . 2008-11-17 15:02 4,139 --a------ C:\blazersp.exe 2008-11-17 14:57 . 2008-11-17 15:00 5,081 --a------ C:\ragorzz.exe 2008-11-17 14:53 . 2008-11-23 13:34 114,688 --a------ C:\lol.exe 2008-11-17 05:36 . 2008-11-17 05:36 <DIR> dr-hs---- C:\CONFIG 2008-11-17 02:05 . 2008-11-17 02:05 28,160 --a------ C:\pa-packer.exe 2008-11-16 22:10 . 2008-11-16 22:10 50,416 --a------ c:\windows\marthegogstadPicture7525435.JPG-imageshack.com.zip 2008-11-16 22:10 . 2008-11-16 22:10 50,416 --a------ c:\windows\hilde_iversenPicture7525435.JPG-imageshack.com.zip 2008-11-16 22:10 . 2008-11-22 19:38 50,414 --a------ c:\windows\heidithg_94_Picture7525435.JPG-imageshack.com.zip 2008-11-16 22:10 . 2008-11-16 22:10 50,410 --a------ c:\windows\vikke_1994Picture7525435.JPG-imageshack.com.zip 2008-11-16 22:10 . 2008-11-16 22:10 50,410 --a------ c:\windows\miss-filthPicture7525435.JPG-imageshack.com.zip 2008-11-16 22:10 . 2008-11-17 00:56 50,410 --a------ c:\windows\frk.dammenPicture7525435.JPG-imageshack.com.zip 2008-11-16 22:10 . 2008-11-22 19:38 50,408 --a------ c:\windows\frieda-94Picture7525435.JPG-imageshack.com.zip 2008-11-16 22:10 . 2008-11-18 17:25 50,406 --a------ c:\windows\tutta.94Picture7525435.JPG-imageshack.com.zip 2008-11-16 22:10 . 2008-11-16 22:10 50,402 --a------ c:\windows\tseiffPicture7525435.JPG-imageshack.com.zip 2008-11-16 22:10 . 2008-11-18 21:51 50,400 --a------ c:\windows\lauraPicture7525435.JPG-imageshack.com.zip 2008-11-16 20:05 . 2008-11-18 17:25 50,406 --a------ c:\windows\alex-b94Picture7525435.JPG-imageshack.com.zip 2008-11-16 20:04 . 2008-11-22 23:27 109,806 --a------ c:\windows\pic0382.zip 2008-11-16 20:04 . 2008-11-16 22:10 50,420 --a------ c:\windows\chris_kvistnes4Picture7525435.JPG-imageshack.com.zip 2008-11-16 20:04 . 2008-11-22 19:37 50,412 --a------ c:\windows\tomanders94Picture7525435.JPG-imageshack.com.zip 2008-11-16 20:04 . 2008-11-22 19:37 50,412 --a------ c:\windows\lineline_93Picture7525435.JPG-imageshack.com.zip 2008-11-16 20:04 . 2008-11-22 19:38 50,410 --a------ c:\windows\kristin_94Picture7525435.JPG-imageshack.com.zip 2008-11-16 20:04 . 2008-11-18 21:51 50,408 --a------ c:\windows\ninam_340Picture7525435.JPG-imageshack.com.zip 2008-11-16 20:04 . 2008-11-18 21:51 50,406 --a------ c:\windows\masphaugPicture7525435.JPG-imageshack.com.zip 2008-11-16 20:04 . 2008-11-16 20:04 50,406 --a------ c:\windows\k.h.s_94Picture7525435.JPG-imageshack.com.zip 2008-11-16 20:04 . 2008-11-22 19:38 50,406 --a------ c:\windows\helgasonPicture7525435.JPG-imageshack.com.zip 2008-11-15 13:45 . 2008-11-15 13:45 5,465 --a------ C:\ragerz2k.exe 2008-11-15 13:44 . 2008-11-15 13:44 50,226 -r-hs---- c:\windows\MDM32.exe 2008-11-15 13:43 . 2008-11-22 20:44 39,986 --a------ C:\rage.exe 2008-11-12 21:50 . 2008-11-12 21:50 <DIR> d-------- c:\documents and settings\Daglig_bruk\Application Data\Creative 2008-11-08 22:27 . 2008-11-08 22:27 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Apple Computer 2008-11-08 22:24 . 2008-11-08 22:24 <DIR> d-------- c:\program files\Apple Software Update 2008-11-08 22:24 . 2008-11-08 22:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple 2008-11-07 23:31 . 2008-11-23 14:57 <DIR> d-------- c:\documents and settings\Administrator\Application Data\skypePM 2008-11-07 23:31 . 2008-11-07 23:31 56 --ah----- c:\windows\system32\ezsidmv.dat 2008-11-07 23:27 . 2008-11-23 14:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype 2008-11-05 15:07 . 2008-11-05 15:07 <DIR> d---s---- c:\documents and settings\Admin\UserData 2008-10-29 19:58 . 2008-10-29 21:18 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Creative 2008-10-29 19:57 . 2008-04-13 23:16 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys 2008-10-29 19:57 . 2008-10-29 19:57 191 --a------ c:\windows\setuplog 2008-10-29 19:55 . 2008-10-29 19:55 <DIR> d-------- c:\program files\SightSpeed 2008-10-29 19:54 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe 2008-10-29 19:53 . 2005-04-19 08:11 36,864 -ra------ c:\windows\system32\CtCamMgr.dll 2008-10-29 19:53 . 2005-03-14 18:00 24,576 --------- c:\windows\system32\CTWEBFUN.DLL 2008-10-29 19:52 . 2008-10-29 19:53 <DIR> d-------- c:\program files\Creative 2008-10-29 19:51 . 2008-10-29 19:57 <DIR> d--h----- c:\program files\InstallShield Installation Information 2008-10-29 19:51 . 2008-10-29 19:54 <DIR> d-------- c:\program files\Common Files\InstallShield 2008-10-26 16:58 . 2008-11-05 14:24 <DIR> d-------- c:\program files\Counter-Strike 2008-10-24 18:42 . 2008-10-24 18:42 268 --ah----- C:\sqmdata02.sqm 2008-10-24 18:42 . 2008-10-24 18:42 244 --ah----- C:\sqmnoopt02.sqm 2008-10-24 17:37 . 2008-10-24 17:37 268 --ah----- C:\sqmdata01.sqm 2008-10-24 17:37 . 2008-10-24 17:37 244 --ah----- C:\sqmnoopt01.sqm 2008-10-24 13:35 . 2008-04-13 22:15 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys 2008-10-24 13:35 . 2008-04-13 22:15 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys 2008-10-23 23:02 . 2008-10-23 23:03 <DIR> d-------- c:\documents and settings\Admin\Application Data\OpenOffice.org2 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-23 16:00 --------- d-----w c:\program files\Steam 2008-11-23 15:07 --------- d-----w c:\documents and settings\Administrator\Application Data\OpenOffice.org2 2008-11-23 14:00 --------- d-----w c:\program files\Windows Live 2008-11-22 22:37 --------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent 2008-11-22 22:03 --------- d-----w c:\documents and settings\Administrator\Application Data\LimeWire 2008-11-19 20:47 --------- d-----w c:\documents and settings\Daglig_bruk\Application Data\OpenOffice.org2 2008-11-14 22:28 --------- d-----w c:\documents and settings\Administrator\Application Data\dvdcss 2008-10-19 21:25 --------- d-----w c:\documents and settings\Admin\Application Data\Talkback 2008-10-13 18:31 --------- d-----w c:\documents and settings\Daglig_bruk\Application Data\dvdcss 2008-09-25 05:39 --------- d-----w c:\program files\Real 2008-09-25 05:39 --------- d-----w c:\program files\Common Files\Real 2008-09-24 21:31 --------- d-----w c:\documents and settings\Administrator\Application Data\vlc 2008-09-24 21:25 --------- d-----w c:\program files\Java 2008-09-24 21:24 --------- d-----w c:\program files\Common Files\Java 2008-09-15 20:37 499,712 ----a-w c:\windows\system32\msvcp71.dll 2008-09-15 20:37 348,160 ----a-w c:\windows\system32\msvcr71.dll 2008-05-05 20:14 34,048 ----a-w c:\program files\opera\program\plugins\upd62i9x.dll 2008-05-05 20:14 45,056 ----a-w c:\program files\opera\program\plugins\upd62int.dll . ((((((((((((((((((((((((((((( snapshot@2008-11-23_15.24.25,48 ))))))))))))))))))))))))))))))))))))))))) . + 2008-11-23 15:02:01 26,824 ----a-w c:\windows\system32\drivers\avgmfx86.sys + 2006-12-01 21:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll + 2006-12-01 21:54:32 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll + 2006-12-01 21:54:34 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll + 2006-12-01 21:54:32 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll + 2006-12-01 23:25:52 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll + 2006-12-01 23:25:56 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll + 2006-12-01 23:25:58 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll + 2006-12-01 23:26:00 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll + 2006-12-01 23:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll + 2006-12-01 23:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll + 2006-12-01 23:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll + 2006-12-01 23:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll + 2006-12-01 23:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll + 2006-12-01 23:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll + 2006-12-01 23:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll + 2006-12-01 23:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll + 2006-12-01 23:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll + 2006-12-01 23:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\steam\steam.exe" [2008-10-26 1410296] "Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-03-29 258048] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-23 1234712] "PD0620 STISvc"="P0620Pin.dll" [2005-05-10 c:\windows\system32\P0620Pin.dll] "Microsoft Debug Manager"="MDM32.exe" [2008-11-15 c:\windows\MDM32.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2008-05-06 c:\windows\system32\advpack.dll] c:\documents and settings\Daglig_bruk\Start Menu\Programs\Startup\ OpenOffice.org 2.1.lnk - c:\program files\OpenOffice.org 2.1\program\quickstart.exe [12/1/2006 11:32:46 PM 393216] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ OpenOffice.org 2.1.lnk - c:\program files\OpenOffice.org 2.1\program\quickstart.exe [12/1/2006 11:32:46 PM 393216] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"= 1 (0x1) "DisableStatusMessages"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "StartMenuFavorites"= 0 (0x0) "Start_ShowMyComputer"= 1 (0x1) "Start_ShowMyDocs"= 1 (0x1) "Start_ShowMyMusic"= 0 (0x0) "Start_ShowRun"= 1 (0x1) "Start_ShowSearch"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoResolveSearch"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoResolveSearch"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=mryzbx.dll,avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\Steam\\steamapps\\csk10\\counter-strike\\hl.exe"= "c:\\Program Files\\Counter-Strike\\hlds.exe"= "c:\\Program Files\\SightSpeed\\SightSpeed.exe"= "c:\\Program Files\\Steam\\steamapps\\magsko540\\counter-strike\\hl.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Counter-Strike\\hl.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Opera\\Opera.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Documents and Settings\\Administrator\\Desktop\\utorrent.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [11/23/2008 4:02:01 PM 97928] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [11/23/2008 4:01:52 PM 875288] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/23/2008 4:01:51 PM 231704] R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [11/23/2008 4:02:01 PM 76040] *Newly Created Service* - AVG8EMC *Newly Created Service* - AVG8WD *Newly Created Service* - AVGLDX86 *Newly Created Service* - AVGMFX86 *Newly Created Service* - AVGTDIX *Newly Created Service* - HELPSVC [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX5C574571}] c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{577DAE08-3B78-540C-DB3A-040FFCAB45FE}] c:\windows\Wind.exe . Contents of the 'Scheduled Tasks' folder 2008-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . - - - - ORPHANS REMOVED - - - - HKLM-Run-Windows UDP's Control Service - wswc.exe ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-23 17:35:31 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(828) c:\windows\system32\avgrsstx.dll - - - - - - - > 'lsass.exe'(892) c:\windows\system32\avgrsstx.dll . Completion time: 2008-11-23 17:36:37 ComboFix-quarantined-files.txt 2008-11-23 16:36:15 ComboFix2.txt 2008-11-23 15:12:22 ComboFix3.txt 2008-11-23 14:25:22 Pre-Run: 36 165 750 784 bytes free Post-Run: 36,157,120,512 bytes free 454 Lenke til kommentar
r2d290 Skrevet 23. november 2008 Del Skrevet 23. november 2008 (endret) HL.Solbjorg: P2P Advarsel! Viktig Loggene viser at det finnes ett eller fler P2P (Person to Person) fildelingsprogram på maskinen din. LimeWire Vær klar over at så lenge du bruker noen form for Peer-to-Peer nettverk for å laste ned filer fra en "uoffisiell" kilde, må du gå ut ifra at maskinen din kan bli infisert.Før i tiden ble P2P fildeling regnet som ganske trygt. Dette er ikke lenger tilfelle. Du kan fortsette å bruke P2P på din egen risiko, men husk at dette kan være kilden til din nåværende eller neste infeksjon. Referanser om risikoen for disse programmene, kan du finne i disse linkene: http://www.microsoft.com/windows/ie/commun...protection.mspxhttp://www.techweb.com/wire/160500554http://www.internetworldstats.com/articles/art053.htm Se en liste over rene/risikable P2P-programmer her: http://p2p.malwareremoval.com/ Jeg anbefaler at du avinstallerer de nevnte programmene, men valget er ditt. Hvis du velger å fjerne disse programmene, kan du gjøre det fra Kontrollpanel->Legg til/fjern programmer. Hvis du ønsker å beholde programmet, ber jeg deg om å ikke bruke det før maskinen er ren for malware. Endret 23. november 2008 av r2d290 Lenke til kommentar
raWrz Skrevet 23. november 2008 Del Skrevet 23. november 2008 r2d290 du glemte hva som skulle stå der han mener limewire tipper jeg Trykk Start - Alle Programmer - Tilbehør - Notisblokk Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken: File:: C:\gavens.exe C:\blaowz.exe C:\burimi.exe c:\windows\system32\dzzqcc.exe C:\blazersp.exe C:\ragorzz.exe C:\lol.exe C:\pa-packer.exe c:\windows\marthegogstadPicture7525435.JPG-imageshack.com.zip c:\windows\hilde_iversenPicture7525435.JPG-imageshack.com.zip c:\windows\heidithg_94_Picture7525435.JPG-imageshack.com.zip c:\windows\vikke_1994Picture7525435.JPG-imageshack.com.zip c:\windows\miss-filthPicture7525435.JPG-imageshack.com.zip c:\windows\frk.dammenPicture7525435.JPG-imageshack.com.zip c:\windows\frieda-94Picture7525435.JPG-imageshack.com.zip c:\windows\tutta.94Picture7525435.JPG-imageshack.com.zip c:\windows\tseiffPicture7525435.JPG-imageshack.com.zip c:\windows\lauraPicture7525435.JPG-imageshack.com.zip c:\windows\alex-b94Picture7525435.JPG-imageshack.com.zip c:\windows\pic0382.zip c:\windows\chris_kvistnes4Picture7525435.JPG-imageshack.com.zip c:\windows\tomanders94Picture7525435.JPG-imageshack.com.zip c:\windows\lineline_93Picture7525435.JPG-imageshack.com.zip c:\windows\kristin_94Picture7525435.JPG-imageshack.com.zip c:\windows\ninam_340Picture7525435.JPG-imageshack.com.zip c:\windows\masphaugPicture7525435.JPG-imageshack.com.zip c:\windows\k.h.s_94Picture7525435.JPG-imageshack.com.zip c:\windows\helgasonPicture7525435.JPG-imageshack.com.zip C:\ragerz2k.exe c:\windows\MDM32.exe C:\rage.exe Lagre det som CFScript på Skrivebordet Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser. Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang. Post innholdet til ComboFix.txt inn i ditt neste svar på forumet. Lenke til kommentar
HLSolbjorg Skrevet 23. november 2008 Del Skrevet 23. november 2008 (endret) Dette er jo ikke min pc men; Fjernet LimeWire, men fant ikke utorrent i legg til/remove programs... Men ikonet er på skrivebordet :S EDIIIT: ComboFix ComboFix 08-11-22.02 - Administrator 2008-11-23 18:13:15.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.143 [GMT 1:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt * Created a new restore point FILE :: C:\blaowz.exe C:\blazersp.exe C:\burimi.exe C:\gavens.exe C:\lol.exe C:\pa-packer.exe C:\rage.exe C:\ragerz2k.exe C:\ragorzz.exe c:\windows\alex-b94Picture7525435.JPG-imageshack.com.zip c:\windows\chris_kvistnes4Picture7525435.JPG-imageshack.com.zip c:\windows\frieda-94Picture7525435.JPG-imageshack.com.zip c:\windows\frk.dammenPicture7525435.JPG-imageshack.com.zip c:\windows\heidithg_94_Picture7525435.JPG-imageshack.com.zip c:\windows\helgasonPicture7525435.JPG-imageshack.com.zip c:\windows\hilde_iversenPicture7525435.JPG-imageshack.com.zip c:\windows\k.h.s_94Picture7525435.JPG-imageshack.com.zip c:\windows\kristin_94Picture7525435.JPG-imageshack.com.zip c:\windows\lauraPicture7525435.JPG-imageshack.com.zip c:\windows\lineline_93Picture7525435.JPG-imageshack.com.zip c:\windows\marthegogstadPicture7525435.JPG-imageshack.com.zip c:\windows\masphaugPicture7525435.JPG-imageshack.com.zip c:\windows\MDM32.exe c:\windows\miss-filthPicture7525435.JPG-imageshack.com.zip c:\windows\ninam_340Picture7525435.JPG-imageshack.com.zip c:\windows\pic0382.zip c:\windows\system32\dzzqcc.exe c:\windows\tomanders94Picture7525435.JPG-imageshack.com.zip c:\windows\tseiffPicture7525435.JPG-imageshack.com.zip c:\windows\tutta.94Picture7525435.JPG-imageshack.com.zip c:\windows\vikke_1994Picture7525435.JPG-imageshack.com.zip . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\blaowz.exe C:\blazersp.exe C:\burimi.exe c:\documents and settings\Administrator\blazer233.txt C:\gavens.exe C:\lol.exe C:\pa-packer.exe C:\rage.exe C:\ragerz2k.exe C:\ragorzz.exe c:\windows\alex-b94Picture7525435.JPG-imageshack.com.zip c:\windows\chris_kvistnes4Picture7525435.JPG-imageshack.com.zip c:\windows\frieda-94Picture7525435.JPG-imageshack.com.zip c:\windows\frk.dammenPicture7525435.JPG-imageshack.com.zip c:\windows\heidithg_94_Picture7525435.JPG-imageshack.com.zip c:\windows\helgasonPicture7525435.JPG-imageshack.com.zip c:\windows\hilde_iversenPicture7525435.JPG-imageshack.com.zip c:\windows\k.h.s_94Picture7525435.JPG-imageshack.com.zip c:\windows\kristin_94Picture7525435.JPG-imageshack.com.zip c:\windows\lauraPicture7525435.JPG-imageshack.com.zip c:\windows\lineline_93Picture7525435.JPG-imageshack.com.zip c:\windows\marthegogstadPicture7525435.JPG-imageshack.com.zip c:\windows\masphaugPicture7525435.JPG-imageshack.com.zip c:\windows\MDM32.exe c:\windows\miss-filthPicture7525435.JPG-imageshack.com.zip c:\windows\ninam_340Picture7525435.JPG-imageshack.com.zip c:\windows\pic0382.zip c:\windows\system32\dzzqcc.exe c:\windows\tomanders94Picture7525435.JPG-imageshack.com.zip c:\windows\tseiffPicture7525435.JPG-imageshack.com.zip c:\windows\tutta.94Picture7525435.JPG-imageshack.com.zip c:\windows\vikke_1994Picture7525435.JPG-imageshack.com.zip . ((((((((((((((((((((((((( Files Created from 2008-10-23 to 2008-11-23 ))))))))))))))))))))))))))))))) . 2008-11-23 16:10 . 2008-11-23 16:54 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-11-23 16:05 . 2008-11-23 16:05 <DIR> d-------- c:\windows\system32\xircom 2008-11-23 16:05 . 2008-11-23 16:05 <DIR> d-------- c:\windows\system32\oobe 2008-11-23 16:05 . 2008-11-23 16:05 <DIR> d-------- c:\windows\srchasst 2008-11-23 16:05 . 2008-11-23 16:05 <DIR> d-------- c:\program files\microsoft frontpage 2008-11-23 16:02 . 2008-11-23 16:02 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys 2008-11-23 16:02 . 2008-11-23 16:02 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys 2008-11-23 16:02 . 2008-11-23 16:02 10,520 --a------ c:\windows\system32\avgrsstx.dll 2008-11-23 16:01 . 2008-11-23 16:08 <DIR> d-------- c:\windows\system32\drivers\Avg 2008-11-23 16:01 . 2008-11-23 16:01 <DIR> d-------- c:\program files\AVG 2008-11-23 16:01 . 2008-11-23 16:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2008-11-23 15:27 . 2008-11-23 15:27 <DIR> d-------- c:\program files\Trend Micro 2008-11-23 15:04 . 2008-11-23 15:04 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-23 15:04 . 2008-11-23 15:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-23 15:04 . 2008-11-23 15:04 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2008-11-23 15:04 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-23 15:04 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-17 05:36 . 2008-11-17 05:36 <DIR> dr-hs---- C:\CONFIG 2008-11-12 21:50 . 2008-11-12 21:50 <DIR> d-------- c:\documents and settings\Daglig_bruk\Application Data\Creative 2008-11-08 22:27 . 2008-11-08 22:27 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Apple Computer 2008-11-08 22:24 . 2008-11-08 22:24 <DIR> d-------- c:\program files\Apple Software Update 2008-11-08 22:24 . 2008-11-08 22:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple 2008-11-07 23:31 . 2008-11-23 14:57 <DIR> d-------- c:\documents and settings\Administrator\Application Data\skypePM 2008-11-07 23:31 . 2008-11-07 23:31 56 --ah----- c:\windows\system32\ezsidmv.dat 2008-11-07 23:27 . 2008-11-23 14:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype 2008-11-05 15:07 . 2008-11-05 15:07 <DIR> d---s---- c:\documents and settings\Admin\UserData 2008-10-29 19:58 . 2008-10-29 21:18 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Creative 2008-10-29 19:57 . 2008-04-13 23:16 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys 2008-10-29 19:57 . 2008-10-29 19:57 191 --a------ c:\windows\setuplog 2008-10-29 19:55 . 2008-10-29 19:55 <DIR> d-------- c:\program files\SightSpeed 2008-10-29 19:54 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe 2008-10-29 19:53 . 2005-04-19 08:11 36,864 -ra------ c:\windows\system32\CtCamMgr.dll 2008-10-29 19:53 . 2005-03-14 18:00 24,576 --------- c:\windows\system32\CTWEBFUN.DLL 2008-10-29 19:52 . 2008-10-29 19:53 <DIR> d-------- c:\program files\Creative 2008-10-29 19:51 . 2008-10-29 19:57 <DIR> d--h----- c:\program files\InstallShield Installation Information 2008-10-29 19:51 . 2008-10-29 19:54 <DIR> d-------- c:\program files\Common Files\InstallShield 2008-10-26 16:58 . 2008-11-05 14:24 <DIR> d-------- c:\program files\Counter-Strike 2008-10-24 18:42 . 2008-10-24 18:42 268 --ah----- C:\sqmdata02.sqm 2008-10-24 18:42 . 2008-10-24 18:42 244 --ah----- C:\sqmnoopt02.sqm 2008-10-24 17:37 . 2008-10-24 17:37 268 --ah----- C:\sqmdata01.sqm 2008-10-24 17:37 . 2008-10-24 17:37 244 --ah----- C:\sqmnoopt01.sqm 2008-10-24 13:35 . 2008-04-13 22:15 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys 2008-10-24 13:35 . 2008-04-13 22:15 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys 2008-10-23 23:02 . 2008-10-23 23:03 <DIR> d-------- c:\documents and settings\Admin\Application Data\OpenOffice.org2 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-23 16:00 --------- d-----w c:\program files\Steam 2008-11-23 15:07 --------- d-----w c:\documents and settings\Administrator\Application Data\OpenOffice.org2 2008-11-23 14:00 --------- d-----w c:\program files\Windows Live 2008-11-22 22:37 --------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent 2008-11-22 22:03 --------- d-----w c:\documents and settings\Administrator\Application Data\LimeWire 2008-11-19 20:47 --------- d-----w c:\documents and settings\Daglig_bruk\Application Data\OpenOffice.org2 2008-11-14 22:28 --------- d-----w c:\documents and settings\Administrator\Application Data\dvdcss 2008-10-19 21:25 --------- d-----w c:\documents and settings\Admin\Application Data\Talkback 2008-10-13 18:31 --------- d-----w c:\documents and settings\Daglig_bruk\Application Data\dvdcss 2008-09-25 05:39 --------- d-----w c:\program files\Real 2008-09-25 05:39 --------- d-----w c:\program files\Common Files\Real 2008-09-24 21:31 --------- d-----w c:\documents and settings\Administrator\Application Data\vlc 2008-09-24 21:25 --------- d-----w c:\program files\Java 2008-09-24 21:24 --------- d-----w c:\program files\Common Files\Java 2008-09-15 20:37 499,712 ----a-w c:\windows\system32\msvcp71.dll 2008-09-15 20:37 348,160 ----a-w c:\windows\system32\msvcr71.dll 2008-05-05 20:14 34,048 ----a-w c:\program files\opera\program\plugins\upd62i9x.dll 2008-05-05 20:14 45,056 ----a-w c:\program files\opera\program\plugins\upd62int.dll . ((((((((((((((((((((((((((((( snapshot@2008-11-23_15.24.25,48 ))))))))))))))))))))))))))))))))))))))))) . + 2008-11-23 15:02:01 26,824 ----a-w c:\windows\system32\drivers\avgmfx86.sys + 2006-12-01 21:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll + 2006-12-01 21:54:32 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll + 2006-12-01 21:54:34 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll + 2006-12-01 21:54:32 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll + 2006-12-01 23:25:52 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll + 2006-12-01 23:25:56 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll + 2006-12-01 23:25:58 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll + 2006-12-01 23:26:00 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll + 2006-12-01 23:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll + 2006-12-01 23:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll + 2006-12-01 23:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll + 2006-12-01 23:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll + 2006-12-01 23:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll + 2006-12-01 23:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll + 2006-12-01 23:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll + 2006-12-01 23:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll + 2006-12-01 23:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll + 2006-12-01 23:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files\steam\steam.exe" [2008-10-26 1410296] "Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-03-29 258048] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-23 1234712] "PD0620 STISvc"="P0620Pin.dll" [2005-05-10 c:\windows\system32\P0620Pin.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2008-05-06 c:\windows\system32\advpack.dll] c:\documents and settings\Daglig_bruk\Start Menu\Programs\Startup\ OpenOffice.org 2.1.lnk - c:\program files\OpenOffice.org 2.1\program\quickstart.exe [12/1/2006 11:32:46 PM 393216] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ OpenOffice.org 2.1.lnk - c:\program files\OpenOffice.org 2.1\program\quickstart.exe [12/1/2006 11:32:46 PM 393216] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"= 1 (0x1) "DisableStatusMessages"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "StartMenuFavorites"= 0 (0x0) "Start_ShowMyComputer"= 1 (0x1) "Start_ShowMyDocs"= 1 (0x1) "Start_ShowMyMusic"= 0 (0x0) "Start_ShowRun"= 1 (0x1) "Start_ShowSearch"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoResolveSearch"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoResolveSearch"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=mryzbx.dll,avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\Steam\\steamapps\\csk10\\counter-strike\\hl.exe"= "c:\\Program Files\\Counter-Strike\\hlds.exe"= "c:\\Program Files\\SightSpeed\\SightSpeed.exe"= "c:\\Program Files\\Steam\\steamapps\\magsko540\\counter-strike\\hl.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Counter-Strike\\hl.exe"= "c:\\Program Files\\Opera\\Opera.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [11/23/2008 4:02:01 PM 97928] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [11/23/2008 4:01:52 PM 875288] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/23/2008 4:01:51 PM 231704] R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [11/23/2008 4:02:01 PM 76040] *Newly Created Service* - AVG8EMC *Newly Created Service* - AVG8WD *Newly Created Service* - AVGLDX86 *Newly Created Service* - AVGMFX86 *Newly Created Service* - AVGTDIX *Newly Created Service* - HELPSVC [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-21CX5C574571}] c:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{577DAE08-3B78-540C-DB3A-040FFCAB45FE}] c:\windows\Wind.exe . Contents of the 'Scheduled Tasks' folder 2008-11-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . - - - - ORPHANS REMOVED - - - - HKLM-Run-Microsoft Debug Manager - MDM32.exe ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-23 18:14:50 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(828) c:\windows\system32\avgrsstx.dll - - - - - - - > 'lsass.exe'(892) c:\windows\system32\avgrsstx.dll . Completion time: 2008-11-23 18:15:48 ComboFix-quarantined-files.txt 2008-11-23 17:15:29 ComboFix2.txt 2008-11-23 16:36:38 ComboFix3.txt 2008-11-23 15:12:22 ComboFix4.txt 2008-11-23 14:25:22 Pre-Run: 36 166 852 608 bytes free Post-Run: 36,158,693,376 bytes free 275 Endret 23. november 2008 av HLSolbjorg Lenke til kommentar
raWrz Skrevet 23. november 2008 Del Skrevet 23. november 2008 (endret) hvordan er dataen ? så ikke at du hadde tatt en edit derfor tok det så lang tid Endret 23. november 2008 av Submit Lenke til kommentar
HLSolbjorg Skrevet 23. november 2008 Del Skrevet 23. november 2008 takk for hjelpa Nå kan du gå ut en tur :p Lenke til kommentar
2ball_ Skrevet 23. november 2008 Del Skrevet 23. november 2008 takk for hjelpa Nå kan du gå ut en tur :p not so fast... nettopp gjennoplivet en gammel røver.. vil finne ut om den er i form.. Lenke til kommentar
raWrz Skrevet 23. november 2008 Del Skrevet 23. november 2008 oppdater mbam igjen og ny HJT logg Lenke til kommentar
2ball_ Skrevet 23. november 2008 Del Skrevet 23. november 2008 oppdater mbam igjen og ny HJT logg hehe.. det ordnet seg nå.. jeg opdaget nettop at jeg har fått ubuntu i posten. du får fri og jeg blir glad.. lykkerus til alle Lenke til kommentar
raWrz Skrevet 23. november 2008 Del Skrevet 23. november 2008 oppdater mbam igjen og ny HJT logg hehe.. det ordnet seg nå.. jeg opdaget nettop at jeg har fått ubuntu i posten. du får fri og jeg blir glad.. lykkerus til alle Lenke til kommentar
Steamed Skrevet 24. november 2008 Del Skrevet 24. november 2008 ser ut som om han har piratkopier windows og den eneste utveien er og betale en lisens Jeg har i hele tatt ikke piratkopiert noe .. Går det ikke an og installere på nytt, vis jeg finner cd-key`en ? Lenke til kommentar
r2d290 Skrevet 24. november 2008 Del Skrevet 24. november 2008 Har du brukt en CD-key som du ikke har funnet på et orginalt cover? Lenke til kommentar
Horten94 Skrevet 25. november 2008 Del Skrevet 25. november 2008 hei jeg har leste guiden til. Den hadde sikkert virket veldig bra. men et problem. anti-malware tingen vil ikke opne, jeg dobbelklikker og ingenting skjer ! hatt virus lenge nå og det er faen meg irriterende. Det som irriterer meg mest server virus. den blokker mange at internettsidene ! please! hjelpe meg!! Lenke til kommentar
raWrz Skrevet 25. november 2008 Del Skrevet 25. november 2008 venligst lag en ny post på forumet da blir det mye lettere og hjelpe deg Lenke til kommentar
HLSolbjorg Skrevet 27. november 2008 Del Skrevet 27. november 2008 Kunne like så godt scanne min pc også, i samma slengen BTW; Scanner den både xp, vista og lagringsdisken? (2 HDDS, 3 partisjoner, 2 OS) MBAM Malwarebytes' Anti-Malware 1.30 Database versjon: 1428 Windows 6.0.6001 Service Pack 1 27.11.2008 15:19:05 mbam-log-2008-11-27 (15-19-05).txt Skanntype: Rask Skann Objekter skannet: 41136 Tid tilbakelagt: 2 minute(s), 30 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 1 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) ComboFix (VIRKER IKKE!!!!!![Vista....]) HJT: Går ikke noe videre før jeg vet om jeg kan/bør scanne med HJT, eller om ejg MÅ ha CF.. Lenke til kommentar
r2d290 Skrevet 27. november 2008 Del Skrevet 27. november 2008 Du kan gå videre til HijackThis dersom du har Vista 64-bit. Hvis du har Vista 32-bit så skal combofix fungere. Lenke til kommentar
HLSolbjorg Skrevet 27. november 2008 Del Skrevet 27. november 2008 HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:25:33, on 27.11.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Defraggler\Defraggler.exe C:\Program Files (x86)\AVG\AVG8\avgtray.exe C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe C:\Windows\SysWOW64\conime.exe C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\revouninstaller.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~2\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~2\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - Startup: Mozilla Thunderbird.lnk = C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgfws8.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files (x86)\NOS\bin\getPlus_HelperSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8301 bytes Noen som finner noe galt her? BTW, vet at jeg har uTorrent, så.. Lenke til kommentar
r2d290 Skrevet 27. november 2008 Del Skrevet 27. november 2008 Jeg kan ikke se noe i loggen din som tilsier at du har Malware. Hvordan fungerer pc-en nå? Lenke til kommentar
HLSolbjorg Skrevet 27. november 2008 Del Skrevet 27. november 2008 Fungerer helt greit, treg oppstart i både vista og xp, men kan være pga mange oppstartsprog... Xp bruker utroooolig lang tid på wlnotify.dll fila -.- Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå