norbat Skrevet 12. januar 2009 Forfatter Del Skrevet 12. januar 2009 Kazaksan: Opprett en ny tråd der du legger loggene (klikk på Nytt Emne-knappen), så vil noen se på loggene dine Lenke til kommentar
fortborte Skrevet 13. januar 2009 Del Skrevet 13. januar 2009 ok, før jeg oppretter et nytt emne har jeg et spørsmål eller to som kanskje er dumme, men jeg vet ikke, derfor spør jeg. min stasjonære pc har fått besøk av en trojaner. (første gang )disse programmene det henvises til i supportrådene her (mbam, combofix, hjt) - trenger man å være tilkoblet nettet når de kjøres? (oppdateringer etc) jeg har de siste dagene før jeg forstod noe var riktig galt ikke fått opp noen http-sider, kun https, så å koble meg til steder tror jeg blir vanskelig. jeg har en bærbar jeg kan bruke til å laste programmene ned med, men jeg kan bare ha en maskin tilkoblet om gangen, har ikke trådløst internett. og når jeg kjører disse programmene, bør alt foregå i sikkermodus? veldig grønn, setter pris på -all- hjelp Lenke til kommentar
norbat Skrevet 13. januar 2009 Forfatter Del Skrevet 13. januar 2009 fortborte: Du kan godt laste ned MBAM på en annen pc og laste den over til den infiserte pc'n, og kjøre en rask skann uten oppdatering. De andre programmene trenger ingen oppdatering. Du kan først forsøke å kjøre MBAM og se om ikke det ordner 'hovedproblemet'. Loggene poster du i en egen tråd som du oppretter ved å klikke på Nytt Emne-knappen. Lenke til kommentar
Akky Skrevet 17. januar 2009 Del Skrevet 17. januar 2009 Fantastisk guide. Fulgte den til punkt og prikke etter tips fra deg i en anen post, endelig fikk jeg kontroll på maskinen igjen. Tusen takk skal du ha Lenke til kommentar
norbat Skrevet 17. januar 2009 Forfatter Del Skrevet 17. januar 2009 Flott at du fikk løst problemet ditt. Du bør imidlertid poste loggene da det fortsatt kan ligge malwarefiler igjen. Post loggene i tråden som du har opprettet Lenke til kommentar
lknight Skrevet 18. januar 2009 Del Skrevet 18. januar 2009 (endret) noe galt med denne loggen?: Klikk for å se/fjerne innholdet nedenfor ComboFix 09-01-17.04 - lknight 2009-01-18 21:11:48.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.2047.1590 [GMT 1:00] Kjører fra: c:\documents and settings\shoo\Skrivebord\ComboFix.exe * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-18 til 2009-01-18 ))))))))))))))))))))))))))))))))) . 2009-01-18 01:34 . 2009-01-18 01:34 <DIR> d-------- c:\programfiler\Fellesfiler\Borland Shared 2009-01-18 01:33 . 2009-01-18 01:33 <DIR> d-------- c:\windows\Downloaded Installations 2009-01-16 02:53 . 2009-01-16 02:53 461 --a------ c:\windows\EAGRAPH.INI 2009-01-16 02:08 . 2009-01-16 02:08 249,856 --------- c:\windows\Setup1.exe 2009-01-16 02:08 . 2009-01-16 02:08 73,216 --a------ c:\windows\ST6UNST.EXE 2009-01-16 02:02 . 2009-01-16 02:02 <DIR> d-------- c:\programfiler\Fellesfiler\Wise Installation Wizard 2009-01-15 17:47 . 2001-01-02 21:53 19,677 -ra------ c:\windows\system32\drivers\xlink.sys 2009-01-14 09:30 . 2009-01-14 09:30 716,272 --a------ c:\windows\system32\drivers\sptd.sys 2009-01-13 12:25 . 2009-01-13 12:26 54 --a------ c:\windows\ScreenHunter.INI 2009-01-12 23:06 . 2009-01-12 23:06 <DIR> d-------- c:\documents and settings\shoo\Programdata\Malwarebytes 2009-01-12 23:05 . 2009-01-12 23:05 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-01-12 23:05 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-12 23:05 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-11 21:39 . 2009-01-11 21:39 <DIR> d-------- C:\MP3s 2009-01-10 02:45 . 2009-01-10 02:45 <DIR> d-------- c:\programfiler\WinPcap 2009-01-09 00:29 . 2009-01-10 23:23 1,014 --a------ c:\windows\kaillera.ini 2009-01-07 03:18 . 2008-04-13 19:45 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys 2009-01-07 03:02 . 2009-01-07 03:32 <DIR> d-------- C:\PI30EUW1 2009-01-07 03:00 . 2009-01-07 03:00 <DIR> d-------- c:\programfiler\Microsoft CAPICOM 2.1.0.2 2009-01-07 02:57 . 2009-01-07 03:00 <DIR> d-------- c:\documents and settings\shoo\Programdata\RipIt4Me 2009-01-06 21:05 . 2008-10-16 21:33 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll 2009-01-06 21:05 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat 2009-01-06 21:05 . 2007-03-08 06:11 1,007,616 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui 2009-01-06 21:05 . 2008-10-16 21:33 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll 2009-01-06 21:05 . 2008-10-16 21:33 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll 2009-01-06 21:05 . 2008-10-16 21:33 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll 2009-01-06 21:05 . 2008-10-16 21:33 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll 2009-01-06 21:05 . 2008-10-16 21:33 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll 2009-01-06 21:05 . 2008-10-16 14:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe 2009-01-06 21:02 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2009-01-06 21:02 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll 2009-01-06 21:02 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2009-01-06 20:15 . 2009-01-13 05:03 <DIR> d-------- c:\documents and settings\shoo\Tracing 2009-01-06 20:14 . 2009-01-06 20:14 <DIR> d-------- c:\programfiler\Windows Live 2009-01-06 20:14 . 2009-01-06 20:14 <DIR> d-------- c:\programfiler\Microsoft 2009-01-06 20:12 . 2009-01-06 20:12 <DIR> d-------- c:\programfiler\Fellesfiler\Windows Live 2009-01-06 15:25 . 2009-01-06 15:25 <DIR> d-------- c:\documents and settings\All Users\Programdata\NVIDIA 2009-01-06 12:55 . 2009-01-06 12:55 <DIR> d-------- c:\windows\Sun 2009-01-06 12:54 . 2009-01-06 12:54 <DIR> d-------- c:\programfiler\Java 2009-01-06 12:54 . 2009-01-06 12:54 410,984 --a------ c:\windows\system32\deploytk.dll 2009-01-06 12:54 . 2009-01-06 12:54 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-01-06 01:39 . 2004-12-16 16:34 405,504 --a------ c:\windows\system32\CapabilityTable.exe 2009-01-06 01:39 . 2004-10-29 14:25 176,128 --a------ c:\windows\system32\nvuide.exe 2009-01-06 01:39 . 2004-09-25 01:21 750 --a------ c:\windows\system32\nvide.nvu 2009-01-06 01:38 . 2004-12-07 16:15 295,424 --a------ c:\windows\system32\idecoi.dll 2009-01-06 01:38 . 2004-11-24 17:42 275,584 --a------ c:\windows\system32\drivers\nvnrm.sys 2009-01-06 01:38 . 2004-11-24 17:42 208,256 --a------ c:\windows\system32\drivers\nvsnpu.sys 2009-01-06 01:38 . 2004-12-16 16:32 176,128 --a------ c:\windows\system32\nvusmb.exe 2009-01-06 01:38 . 2004-10-29 14:25 176,128 --a------ c:\windows\system32\nvunrm.exe 2009-01-06 01:38 . 2004-12-07 16:15 87,936 --a------ c:\windows\system32\drivers\nvatabus.sys 2009-01-06 01:38 . 2004-10-29 14:26 32,256 --a------ c:\windows\system32\nvconrm.dll 2009-01-06 01:38 . 2004-11-24 17:42 12,928 --a------ c:\windows\system32\drivers\nvnetbus.sys 2009-01-06 01:38 . 2004-11-24 17:38 9,728 --a------ c:\windows\system32\bdco1ins.dll 2009-01-06 01:38 . 2004-11-24 17:38 9,728 --a------ c:\windows\system32\bdco1.dll 2009-01-06 01:38 . 2004-10-19 02:25 3,048 --a------ c:\windows\system32\nvnrm.nvu 2009-01-06 01:38 . 2004-11-10 10:35 1,231 --a------ c:\windows\system32\nvsmb.nvu 2009-01-06 01:32 . 2009-01-10 03:01 <DIR> d-------- c:\programfiler\Fellesfiler\LogiShrd 2009-01-06 01:32 . 2008-07-26 16:22 2,570,520 --a------ c:\windows\system32\drivers\LV302V32.SYS 2009-01-06 01:32 . 2008-07-26 16:25 627,864 --a------ c:\windows\system32\drivers\lvrs.sys 2009-01-06 01:32 . 2008-07-26 16:26 490,008 --a------ c:\windows\system32\LVUI2.dll 2009-01-06 01:32 . 2008-07-26 16:26 465,432 --a------ c:\windows\system32\LVUI2RC.dll 2009-01-06 01:32 . 2008-07-26 16:23 416,280 --a------ c:\windows\system32\lvcodec2.dll 2009-01-06 01:32 . 2008-07-26 16:23 195,096 --a------ c:\windows\system32\lvci11801048.dll 2009-01-06 01:32 . 2008-07-26 15:42 66,482 --a------ c:\windows\system32\lvcoinst.ini 2009-01-06 01:32 . 2008-07-26 16:26 41,752 --a------ c:\windows\system32\drivers\LVUSBSta.sys 2009-01-06 01:32 . 2008-07-26 15:46 25,974 --a------ c:\windows\system32\Repository.reg 2009-01-06 01:32 . 2008-07-26 16:22 13,848 --a------ c:\windows\system32\drivers\lv302af.sys 2009-01-06 01:29 . 2009-01-18 21:12 <DIR> d-------- c:\documents and settings\shoo\Programdata\uTorrent 2009-01-06 01:27 . 2008-04-13 19:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys 2009-01-06 01:27 . 2008-04-13 19:45 60,032 --a--c--- c:\windows\system32\dllcache\usbaudio.sys 2009-01-06 01:24 . 2009-01-18 06:59 <DIR> d-------- c:\documents and settings\shoo\amsn 2009-01-06 01:07 . 2009-01-06 01:07 <DIR> d-------- c:\documents and settings\shoo\Programdata\FlashFXP 2009-01-06 00:32 . 2008-04-14 17:22 159,232 --a------ c:\windows\system32\ptpusd.dll 2009-01-06 00:32 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2009-01-06 00:32 . 2008-04-13 19:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys 2009-01-06 00:32 . 2001-10-06 14:02 5,632 --a------ c:\windows\system32\ptpusb.dll 2009-01-06 00:00 . 2009-01-06 00:00 <DIR> d-------- c:\documents and settings\All Users\Programdata\NVIDIA Corporation 2009-01-06 00:00 . 2006-03-29 08:51 1,060,864 --a------ c:\windows\system32\MFC71.dll 2009-01-06 00:00 . 2006-03-29 08:50 671,744 --a------ c:\windows\system32\DolbyHph.dll 2009-01-06 00:00 . 2006-03-29 08:51 499,712 --a------ c:\windows\system32\msvcp71.dll 2009-01-06 00:00 . 2006-03-29 08:51 348,160 --a------ c:\windows\system32\msvcr71.dll 2009-01-06 00:00 . 2006-03-29 08:51 89,088 --a------ c:\windows\system32\atl71.dll 2009-01-06 00:00 . 2006-03-29 08:51 60,416 --a------ c:\windows\system32\DSETUP.dll 2009-01-06 00:00 . 2006-03-29 08:49 9,856 --a------ c:\windows\system32\drivers\pfc.sys 2009-01-06 00:00 . 2006-05-05 19:21 4,608 --a------ c:\windows\system32\drivers\nvport.sys 2009-01-05 23:45 . 2009-01-05 23:45 <DIR> d-------- c:\windows\system32\no 2009-01-05 23:45 . 2009-01-07 03:00 <DIR> d-------- c:\windows\system32\nb-no 2009-01-05 23:45 . 2009-01-05 23:45 <DIR> d-------- c:\windows\l2schemas 2009-01-05 23:35 . 2008-06-14 18:36 272,256 -----c--- c:\windows\system32\dllcache\bthport.sys 2009-01-05 23:34 . 2008-10-16 02:02 1,499,136 -----c--- c:\windows\system32\dllcache\shdocvw.dll 2009-01-05 23:34 . 2008-10-16 21:33 1,160,192 --a--c--- c:\windows\system32\dllcache\urlmon.dll 2009-01-05 23:34 . 2008-10-16 21:33 826,368 --a--c--- c:\windows\system32\dllcache\wininet.dll 2009-01-05 23:34 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys 2009-01-05 23:34 . 2008-08-14 11:04 138,496 -----c--- c:\windows\system32\dllcache\afd.sys 2009-01-05 23:33 . 2009-01-05 23:33 <DIR> d-------- c:\windows\system32\Lang 2009-01-05 23:33 . 2009-01-05 23:33 940,794 --a------ c:\windows\system32\LoopyMusic.wav 2009-01-05 23:33 . 2009-01-05 23:33 146,650 --a------ c:\windows\system32\BuzzingBee.wav 2009-01-05 23:33 . 2009-01-13 06:27 60,416 --a------ c:\windows\ALCFDRTM.VER 2009-01-05 23:33 . 2009-01-05 23:33 60,416 --a------ c:\windows\ALCFDRTM.EXE 2009-01-05 23:31 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2009-01-05 23:31 . 2008-05-01 15:38 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll 2009-01-05 23:31 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys 2009-01-05 23:31 . 2008-04-14 17:21 136,192 --------- c:\windows\system32\aaclient.dll 2009-01-05 23:30 . 2009-01-05 23:30 <DIR> d-------- c:\windows\system32\drivers\umdf 2009-01-05 23:29 . 2008-04-11 20:06 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll 2009-01-05 23:29 . 2008-10-03 11:04 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll 2009-01-05 23:26 . 2008-10-15 17:38 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2009-01-05 23:25 . 2008-09-04 18:17 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2009-01-05 23:23 . 2009-01-05 23:23 <DIR> d-------- c:\documents and settings\LocalService\Start-meny 2009-01-05 22:39 . 2009-01-05 22:39 <DIR> d-------- c:\documents and settings\shoo\Programdata\Media Player Classic 2009-01-05 22:35 . 2009-01-05 23:24 316,640 --a------ c:\windows\WMSysPr9.prx 2009-01-05 22:34 . 2009-01-05 22:34 <DIR> d-------- c:\windows\provisioning 2009-01-05 22:34 . 2009-01-05 23:45 <DIR> d-------- c:\windows\peernet 2009-01-05 22:33 . 2009-01-05 22:33 <DIR> d-------- c:\windows\ServicePackFiles 2009-01-05 22:31 . 2009-01-05 23:45 <DIR> d-------- c:\windows\EHome 2009-01-05 22:28 . 2002-04-15 21:11 67,866 --------- c:\windows\system32\drivers\netwlan5.img 2009-01-05 22:28 . 2008-04-14 09:23 11,264 --------- c:\windows\system32\spnpinst.exe 2009-01-05 22:28 . 2004-08-02 14:20 7,208 --------- c:\windows\system32\secupd.sig 2009-01-05 22:28 . 2004-08-02 14:20 4,569 --------- c:\windows\system32\secupd.dat 2009-01-05 22:19 . 2009-01-05 22:19 <DIR> d-------- c:\documents and settings\All Users\Programdata\Office Genuine Advantage . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-18 08:36 --------- d-----w c:\documents and settings\shoo\Programdata\foobar2000 2009-01-05 23:00 --------- d--h--w c:\programfiler\InstallShield Installation Information 2009-01-05 20:51 --------- d-----w c:\documents and settings\All Users\Programdata\nView_Profiles 2009-01-05 20:35 --------- d-----w c:\programfiler\Fellesfiler\InstallShield 2009-01-05 20:19 23,600 ----a-w c:\windows\system32\drivers\TVICHW32.SYS 2009-01-05 19:45 --------- d-----w c:\programfiler\microsoft frontpage 2009-01-05 19:44 --------- d-----w c:\programfiler\Fellesfiler\Tjenester 2009-01-05 19:43 --------- d-----w c:\programfiler\Elektroniske tjenester 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll 2008-10-23 12:43 286,720 ----a-w c:\windows\system32\gdi32.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "AlcoholAutomount"="f:\programmer\Alcohol 120\axcmd.exe" [2008-02-22 217544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-04-25 455168] "PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-04-25 455168] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-10-31 7634944] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-01-06 136600] "SoundMan"="SOUNDMAN.EXE" [2005-07-26 c:\windows\SOUNDMAN.EXE] "nwiz"="nwiz.exe" [2006-10-31 c:\windows\system32\nwiz.exe] "NvMediaCenter"="NvMCTray.dll" [2006-10-31 c:\windows\system32\nvmctray.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WUAppSetup"="c:\programfiler\Fellesfiler\logishrd\WUApp32.exe" [2008-07-26 439568] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= f:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "f:\\Programmer\\Miranda IM\\miranda32.exe"= "f:\\Programmer\\uTorrent\\utorrent.exe"= "f:\\Programmer\\aMSN\\bin\\wish.exe"= "f:\\mirc\\DAmirc.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Documents and Settings\\shoo\\Skrivebord\\utorrent.exe"= R3 xlink;XLink Driver (xlink.sys);c:\windows\system32\drivers\xlink.sys [2009-01-15 19677] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064] . . ------- Tilleggsskanning ------- . uStart Page = about:blank TCP: {5CFFA3C1-0DC6-4E32-9E07-479D20B291AC} = 193.75.75.75,193.75.75.193 FF - ProfilePath - c:\documents and settings\shoo\Programdata\Mozilla\Firefox\Profiles\03pcpchg.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= ---- FIREFOX POLICIES ---- f:\programmer\Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-18 21:12:54 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . Tidspunkt ferdig: 2009-01-18 21:13:37 ComboFix-quarantined-files.txt 2009-01-18 20:13:35 Pre-Run: 17 839 423 488 byte ledig Post-Run: 17,864,318,976 byte ledig WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn 215 --- E O F --- 2009-01-14 10:35:02 Endret 18. januar 2009 av lknight Lenke til kommentar
Tosha0007 Skrevet 18. januar 2009 Del Skrevet 18. januar 2009 (endret) Opprett eit nytt emne ved å trykke "NYTT EMNE" øvst eller nedst i denne tråden. Her poster du logger frå Malwarebyte's, Combofix og HijackThis. Køyr dei i nemd rekkjefølgje. -------------------------------------------------------------- Last ned Malwarebytes' Anti-Malware Her eller Her.''' Lagre den på Skrivebordet. Kjør fila og installer programmet. Velg Norsk språkdrakt. Sett en hake ved siden av Oppdater Malwarebytes' Anti-Malware og Kjør Malwarebytes' Anti-Malware, og trykk Ferdig.La programmet oppdatere seg og velg Utfør hurtig systemskann. Du får en meldingsboks når programmet er ferdigkjørt Klikk deretter på Vis resultat-knappen. Hvis det er funnet malware, vil du nå se hva som er funnet. Klikk så på Fjern valgt -knappen for å fjerne malwaren som evt. ble funnet. Notis: Hvis MBAM finner en fil som er vanskelig å fjerne, vil du bli spurt om to spørsmål. Trykk OK på begge, og la MBAM gjøre seg ferdig med desinfeksjonen. Hvis du blir spurt om å restarte maskinen, gjør du det med en gang. Når MBAM er ferdig med å fjerne det den har funnet, vil det bli åpnet en logg i notisblokk. Den poster du senere om den fant noe annet enn cookies. -------------------------------------- Gjør følgende: Last ned 'HijackThis'. Lagre den i en permanent mappe, f.eks i C:\HJT\, dobbelklikk på HijackThis.exe, og trykk Do a system scan and save a logfile. Når Notisblokk-vinduet åpnes, trykker du Ctrl-A for å markere hele teksten, kopierer det Ctrl-C og limer det inn i din neste post på forumet Ctrl-V. Mesteparten av innholdet i lista er trygt. Ikke fiks noe enda. Du vil da få en logg tilsvarende den i spoiler nedenfor: Logfile of HijackThis v1.99.1 Scan saved at 17:06:11, on 08.09.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Programfiler\Logitech\Video\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Java\jre1.5.0_07\bin\jusched.exe C:\Programfiler\Ahead\InCD\InCD.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Kenneth\Skrivebord\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://stealthy.foolishgames.net/news.php R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_07\bin\ssv.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programfiler\Logitech\Video\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programfiler\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Programfiler\RivaTuner v2.0 RC 16\RivaTuner.exe" /S O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programfiler\Sygate\SPF\smc.exe[/code] Legg loggfilene i Spoiler ved å legge [*spoiler] foran og [*/spoiler] etter. Fjern * for at det skal kome i spoiler. Når du har gjort dette er det bare å vente på svar... Endret 18. januar 2009 av tosha0007 Lenke til kommentar
NOwar Skrevet 21. januar 2009 Del Skrevet 21. januar 2009 Klikk for å se/fjerne innholdet nedenfor ComboFix 09-01-20.05 - hannyg1 2009-01-21 10:36:15.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.119 [GMT 1:00] Running from: c:\documents and settings\hannyg1\skrivebord\ComboFix.exe AV: Norman Virus Control ver. 5.99 *On-access scanning enabled* (Updated) FW: Norman Personal Firewall v. 1.4 *enabled* * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ----- BITS: Possible infected sites ----- hxxp://ped-01wsus . ((((((((((((((((((((((((( Files Created from 2008-12-21 to 2009-01-21 ))))))))))))))))))))))))))))))) . 2009-01-21 09:58 . 2009-01-21 09:58 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-21 09:58 . 2009-01-21 09:58 <DIR> d-------- c:\documents and settings\hannyg1\Application Data\Malwarebytes 2009-01-21 09:58 . 2009-01-21 09:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-21 09:58 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-21 09:58 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-09 17:46 . 2001-09-30 19:10 246,784 --a------ c:\windows\system32\ActiveSkin.ocx 2009-01-09 17:46 . 2001-05-24 12:59 162,304 --a------ C:\UNWISE.EXE 2009-01-09 17:46 . 2002-01-18 18:12 112 --a------ c:\windows\ActiveSkin.INI 2009-01-07 12:05 . 2009-01-20 11:31 <DIR> d-------- c:\documents and settings\hannyg1\Application Data\U3 2009-01-06 11:00 . 2009-01-06 11:00 <DIR> d-------- c:\program files\Bonjour 2009-01-06 10:44 . 2009-01-06 10:44 <DIR> d-------- c:\program files\Common Files\Macrovision Shared 2009-01-06 09:56 . 2009-01-06 09:56 <DIR> d-------- c:\documents and settings\Hansi\Application Data\Hamachi 2009-01-03 18:01 . 2009-01-03 18:01 <DIR> d-------- c:\program files\Bytescout XLS Viewer 2008-12-27 16:53 . 2008-12-27 16:52 410,984 --a------ c:\windows\system32\deploytk.dll 2008-12-25 01:19 . 2008-12-25 01:19 0 --a------ c:\windows\tosOBEX.INI 2008-12-25 01:15 . 2008-12-25 01:15 <DIR> d-------- c:\program files\Toshiba 2008-12-25 01:10 . 2004-08-03 22:58 100,992 --a------ c:\windows\system32\drivers\bthpan.sys 2008-12-25 01:10 . 2004-08-03 22:58 100,992 --a--c--- c:\windows\system32\dllcache\bthpan.sys 2008-12-25 01:10 . 2004-08-03 23:10 59,648 --a------ c:\windows\system32\drivers\rfcomm.sys 2008-12-25 01:10 . 2004-08-03 23:10 59,648 --a--c--- c:\windows\system32\dllcache\rfcomm.sys 2008-12-25 01:10 . 2004-08-03 23:10 17,024 --a------ c:\windows\system32\drivers\BthEnum.sys 2008-12-25 01:10 . 2004-08-03 23:10 17,024 --a--c--- c:\windows\system32\dllcache\bthenum.sys 2008-12-25 01:09 . 2004-08-03 23:10 18,944 --a------ c:\windows\system32\drivers\BTHUSB.SYS 2008-12-25 01:09 . 2004-08-03 23:10 18,944 --a--c--- c:\windows\system32\dllcache\bthusb.sys 2008-12-25 01:09 . 2009-01-21 10:23 836 --a------ c:\windows\bthservsdp.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-21 09:30 --------- d-----w c:\documents and settings\All Users\Application Data\NPF 2009-01-21 09:28 5 ----a-w C:\NPF_USER.DAT 2009-01-21 09:24 --------- d-----w c:\program files\Norman 2009-01-21 08:32 --------- d-----w c:\program files\LogMeIn 2009-01-20 09:58 --------- d-----w c:\documents and settings\hannyg1\Application Data\Hamachi 2009-01-06 10:03 --------- d-----w c:\program files\Opera 2009-01-06 10:00 --------- d-----w c:\program files\Common Files\Adobe 2008-12-27 15:52 --------- d-----w c:\program files\Java 2008-12-27 12:44 --------- d-----w c:\documents and settings\Marta.H-OYG-BB-HANSI\Application Data\Hamachi 2008-12-11 15:18 --------- d-----w c:\documents and settings\hannyg1\Application Data\Ahead 2008-12-02 11:25 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet 2008-12-02 09:47 --------- d-----w c:\program files\Adobe Media Player 2008-12-02 09:42 --------- d-----w c:\program files\Common Files\Adobe AIR 2008-12-02 09:07 --------- d-----w c:\documents and settings\hannyg1\Application Data\Download Manager 2008-11-28 10:10 --------- d-----w c:\documents and settings\hannyg1\Application Data\uTorrent 2008-11-24 08:27 --------- d-----w c:\program files\Google 2008-11-17 20:04 2,306,113 ----a-w c:\windows\system32\GPhotos.scr 2008-10-24 11:14 109,568 ------w c:\windows\system32\pxinsi64.exe 2008-10-24 11:14 108,544 ------w c:\windows\system32\pxcpyi64.exe 2008-10-22 07:44 87,352 ----a-w c:\windows\system32\LMIinit.dll 2008-10-22 07:44 83,288 ----a-w c:\windows\system32\LMIRfsClientNP.dll 2008-10-22 07:44 28,984 ----a-w c:\windows\system32\LMIport.dll 2008-10-22 07:44 23,736 ----a-w c:\windows\system32\lmimirr.dll 2008-10-22 07:44 10,040 ----a-w c:\windows\system32\lmimirr2.dll 2007-08-09 12:08 8,784 ----a-w c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll 2007-08-09 12:10 245,408 ----a-w c:\program files\mozilla firefox\plugins\unicows.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696] "SpeedswitchXP"="c:\program files\SpeedswitchXP\SpeedswitchXP.exe" [2006-07-14 626688] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-10 868352] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-06-24 126976] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-06-24 561152] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 63048] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-27 136600] "Norman ZANDA"="c:\program files\Norman\Npm\bin\ZLH.EXE" [2008-06-02 273520] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-03 143360] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "AtiPTA"="atiptaxx.exe" [2006-02-22 c:\windows\system32\atiptaxx.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 c:\windows\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2006-11-07 12451] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-05-06 483328] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-05-12 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "HideShutdownScripts"= 1 (0x1) "MaxGPOScriptWait"= 32000 (0x7d00) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableLockWorkstation"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "DisablePersonalDirChange"= 1 (0x1) "ForceStartMenuLogOff"= 1 (0x1) "NoPublishingWizard"= 0 (0x0) "NoWebServices"= 0 (0x0) "NoOnlinePrintsWizard"= 0 (0x0) "ForceClassicControlPanel"= 1 (0x1) "DisallowCpl"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-22 08:44 87352 c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup] "Script"=lokadm.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1] "Script"=pcbb.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-489248529-1699838375-1845911597-228722\Scripts\Logon] "Script"=Sym2Server.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-489248529-1699838375-1845911597-228722\Scripts\Logon\1] "Script"=OYG_elev.bat [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^Hansi^Start Menu^Programs^Startup^CCC.lnk] path=c:\documents and settings\Hansi\Start Menu\Programs\Startup\CCC.lnk backup=c:\windows\pss\CCC.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2006-11-16 19:04 139264 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] --a------ 2006-11-10 16:19 1051648 c:\program files\Nero\Nero 7\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2006-10-16 01:41 1694208 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2006-01-12 15:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] --a------ 2006-11-10 20:35 90112 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] --a------ 2008-02-29 02:12 76304 c:\windows\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 NDIS_RD;Firewall Engine Type-R2;c:\windows\system32\drivers\Ndis_rd.sys [2008-03-27 53320] R1 TDI_RD;Firewall Engine Type-R;c:\windows\system32\drivers\Tdi_rd.sys [2008-03-27 32176] R3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\Nsesvc.exe [2008-06-28 322616] R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2008-03-27 19512] R3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\NVC\bin\Nvcoas.exe [2008-03-27 183352] R3 NVCScheduler;Norman Virus Control Scheduler;c:\program files\Norman\NVC\bin\Nvcsched.exe [2008-03-27 146488] R4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-11-13 47640] R4 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\Ndiskio.sys [2008-03-27 20448] S3 PVUSB;CESG502 USB Driver;c:\windows\system32\drivers\CESG502.SYS [2008-09-12 40672] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2008-08-27 32000] S4 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2007-09-12 12856] S4 LMIRfsClientNP;LMIRfsClientNP; [x] --- Other Services/Drivers In Memory --- *Deregistered* - mchInjDrv . Contents of the 'Scheduled Tasks' folder 2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57] . - - - - ORPHANS REMOVED - - - - HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://oyg.hfk.no uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksporter til Microsoft Excel - c:\program files\Microsoft Office\OFFICE11\EXCEL.EXE/3000 TCP: {1CD2079E-9E20-4468-8E20-BBA3800E7B3C} = 192.168.100.1 DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab FF - ProfilePath - c:\documents and settings\hannyg1\Application Data\Mozilla\Firefox\Profiles\u18sfigo.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.no/webhp?hl=nn&btnG=Google-s%C3%B8k FF - prefs.js: network.proxy.type - 2 FF - plugin: c:\documents and settings\hannyg1\Application Data\Mozilla\Firefox\Profiles\u18sfigo.default\extensions\[email protected]\plugins\npRACtrl.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-21 10:43:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(780) c:\windows\system32\Ati2evxx.dll c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\windows\system32\LMIinit.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll c:\windows\system32\LMIRfsClientNP.dll - - - - - - - > 'lsass.exe'(836) c:\program files\Bonjour\mdnsNSP.dll . Completion time: 2009-01-21 10:46:32 ComboFix-quarantined-files.txt 2009-01-21 09:46:28 Pre-Run: 10 139 168 768 bytes free Post-Run: 12,619,489,280 bytes free 232 --- E O F --- 2009-01-05 07:53:19 Malwarebytes' Anti-Malware 1.33 Databaseversjon: 1673 Windows 5.1.2600 Service Pack 2 21.01.2009 10:21:38 mbam-log-2009-01-21 (10-21-38).txt Skanntype: Rask Skann Objekter skannet: 87250 Tid tilbakelagt: 18 minute(s), 3 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 6 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispAppearancePage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn (Hijack.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Lenke til kommentar
r2d290 Skrevet 21. januar 2009 Del Skrevet 21. januar 2009 NOwar: vi fortsetter i den andre tråden din. Lenke til kommentar
Kuuket Skrevet 22. januar 2009 Del Skrevet 22. januar 2009 Klikk for å se/fjerne innholdet nedenfor ComboFix 09-01-21.04 - Stefan 2009-01-22 22:26:01.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.2046.1604 [GMT 1:00] Kjører fra: c:\documents and settings\Stefan\Skrivebord\ComboFix.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-22 til 2009-01-22 ))))))))))))))))))))))))))))))))) . 2009-01-22 22:08 . 2009-01-22 22:08 <DIR> d-------- c:\programfiler\Trend Micro 2009-01-22 22:00 . 2009-01-22 22:00 0 --a------ c:\windows\LCDMedia.INI 2009-01-22 21:59 . 2009-01-22 21:59 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2009-01-22 21:59 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-22 21:59 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-21 00:06 . 2009-01-21 00:06 <DIR> d-------- c:\documents and settings\Stefan\Programdata\Malwarebytes 2009-01-21 00:06 . 2009-01-21 00:06 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-01-17 16:19 . 2009-01-22 22:23 54,760 --a------ c:\windows\system32\BMXState-{00000002-00000000-00000006-00001102-00000005-00311102}.rfx 2009-01-17 16:19 . 2009-01-17 16:19 1,080 --a------ c:\windows\system32\settingsbkup.sfm 2009-01-17 16:19 . 2009-01-17 16:19 1,080 --a------ c:\windows\system32\settings.sfm 2009-01-17 16:19 . 2009-01-22 22:23 788 --a------ c:\windows\system32\DVCState-{00000002-00000000-00000006-00001102-00000005-00311102}.rfx 2009-01-17 13:39 . 2009-01-17 13:39 0 --a------ c:\windows\nsreg.dat 2009-01-07 23:26 . 2009-01-07 23:26 <DIR> d-------- c:\programfiler\YouTube Downloader 2009-01-06 04:10 . 2009-01-06 04:10 <DIR> d-------- c:\programfiler\mIRC 2009-01-06 04:10 . 2009-01-06 04:43 <DIR> d-------- c:\documents and settings\Stefan\Programdata\mIRC 2009-01-05 03:15 . 2009-01-05 03:15 <DIR> d-------- c:\programfiler\Ventrilo 2009-01-05 03:15 . 2009-01-05 03:15 <DIR> d-------- c:\programfiler\Fellesfiler\Wise Installation Wizard 2009-01-05 03:15 . 2009-01-05 03:15 261 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini 2009-01-05 00:16 . 2009-01-09 21:05 <DIR> d-------- c:\documents and settings\Stefan\Programdata\BitTorrent 2009-01-05 00:15 . 2009-01-22 21:34 <DIR> d-------- c:\programfiler\DNA 2009-01-05 00:15 . 2009-01-05 00:15 <DIR> d-------- c:\programfiler\BitTorrent 2009-01-05 00:15 . 2009-01-22 22:04 <DIR> d-------- c:\documents and settings\Stefan\Programdata\DNA 2009-01-04 00:20 . 2009-01-04 00:20 <DIR> d-------- c:\programfiler\Opera 2009-01-03 18:13 . 2009-01-03 18:13 17,801 --a------ c:\windows\system32\drivers\AegisP.sys 2009-01-03 18:13 . 2009-01-03 18:13 28 --a------ c:\windows\bcmwl.DMR 2009-01-03 18:12 . 2009-01-03 18:12 <DIR> d-------- c:\programfiler\Belkin 2009-01-03 18:04 . 2003-07-24 12:10 94,208 --a------ c:\windows\system32\DNIN50.DLL 2009-01-03 18:04 . 2003-07-24 12:10 17,149 --a------ c:\windows\system32\DNINDIS5.SYS 2009-01-03 02:41 . 2009-01-22 22:23 54,760 --a------ c:\windows\system32\BMXStateBkp-{00000002-00000000-00000006-00001102-00000005-00311102}.rfx 2009-01-01 04:50 . 2007-10-29 13:00 221,184 --a------ c:\windows\system32\wmpns.dll 2009-01-01 04:10 . 2009-01-05 03:30 <DIR> d-------- c:\documents and settings\Stefan\Programdata\Ventrilo 2009-01-01 03:37 . 2009-01-01 03:38 <DIR> d-------- c:\programfiler\Winamp 2009-01-01 03:37 . 2009-01-01 03:38 <DIR> d-------- c:\documents and settings\Stefan\Programdata\Winamp 2009-01-01 03:08 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2009-01-01 03:08 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll 2009-01-01 03:08 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2008-12-31 04:40 . 2008-12-31 04:54 <DIR> d-------- c:\documents and settings\All Users\Programdata\FLEXnet 2008-12-31 04:33 . 2008-12-31 04:33 <DIR> d-------- c:\programfiler\Bonjour 2008-12-31 04:28 . 2008-12-31 04:28 <DIR> d-------- c:\programfiler\Fellesfiler\Macrovision Shared 2008-12-31 00:57 . 2008-12-31 00:57 <DIR> d-------- c:\programfiler\Fellesfiler\Creative Labs Shared 2008-12-31 00:57 . 2008-02-04 10:27 102,400 --a------ c:\windows\system32\cttele32.dll 2008-12-31 00:46 . 2008-09-25 15:40 20,888,640 --a------ c:\windows\system32\AppSetup.exe 2008-12-31 00:38 . 1999-12-12 18:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE 2008-12-31 00:38 . 1999-11-17 18:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE 2008-12-30 23:11 . 2009-01-21 13:42 <DIR> d-------- c:\documents and settings\Stefan\Programdata\LimeWire 2008-12-30 23:02 . 2008-12-31 03:55 <DIR> d-------- c:\documents and settings\Stefan\Programdata\vlc 2008-12-30 22:59 . 2008-12-30 22:59 <DIR> d-------- c:\programfiler\VideoLAN 2008-12-30 22:32 . 2008-12-30 22:32 <DIR> d-------- c:\documents and settings\All Users\Programdata\Logitech 2008-12-30 22:31 . 2008-12-30 22:31 <DIR> d-------- c:\programfiler\Logitech 2008-12-30 22:19 . 2008-12-30 22:19 29 --a------ c:\windows\sfbm.INI 2008-12-30 22:00 . 2008-12-30 22:00 <DIR> d---s---- c:\documents and settings\Stefan\UserData . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-17 15:16 --------- d--h--w c:\programfiler\InstallShield Installation Information 2009-01-03 17:04 --------- d-----w c:\programfiler\Fellesfiler\InstallShield 2008-12-31 03:38 --------- d-----w c:\programfiler\Fellesfiler\Adobe 2008-12-30 23:39 --------- d--h--w c:\programfiler\Creative Installation Information 2008-12-30 23:37 --------- d-----w c:\programfiler\Creative 2008-12-30 23:34 --------- d-----w c:\documents and settings\All Users\Programdata\Creative 2008-12-30 20:54 --------- d-----w c:\programfiler\Windows Live 2008-12-30 20:54 --------- d-----w c:\programfiler\NVIDIA Corporation 2008-12-30 20:42 --------- d-----w c:\programfiler\Windows Live SkyDrive 2008-12-30 20:42 --------- d-----w c:\programfiler\Microsoft 2008-12-30 20:40 --------- d-----w c:\documents and settings\All Users\Programdata\NVIDIA 2008-12-30 20:39 --------- d-----w c:\programfiler\Fellesfiler\Windows Live 2008-12-30 20:20 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-12-30 20:20 --------- d-----w c:\programfiler\Java 2008-12-30 20:14 --------- d-----w c:\documents and settings\Stefan\Programdata\Creative 2008-12-30 20:14 --------- d-----w c:\documents and settings\All Users\Programdata\nView_Profiles 2008-12-30 20:11 --------- d-----w c:\programfiler\Fellesfiler\Creative 2008-12-30 19:49 --------- d-----w c:\documents and settings\All Users\Programdata\muvee Technologies 2008-12-30 19:40 --------- d-----w c:\programfiler\microsoft frontpage 2008-12-30 19:39 --------- d-----w c:\programfiler\Fellesfiler\Tjenester 2008-12-30 19:39 --------- d-----w c:\programfiler\Elektroniske tjenester 2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll 2007-10-29 12:00 164,746 --sha-r c:\windows\system32\qhxegmwf.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIDIA nTune"="c:\programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-08-18 106496] "MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "Creative MediaSource Go"="c:\programfiler\Creative\MediaSource5\Go\CTCMSGoU.exe" [2005-12-12 143360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gainward"="c:\windows\TBPanel.exe" [2007-03-23 2173744] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-23 7774208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-23 81920] "AudioDrvEmulator"="c:\programfiler\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-12-30 136600] "Launch LGDCore"="c:\programfiler\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304] "Launch LCDMon"="c:\programfiler\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152] "VolPanel"="c:\programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 122880] "WinampAgent"="c:\programfiler\Winamp\winampa.exe" [2008-08-04 36352] "wltray.exe"="c:\windows\system32\wltray.exe" [2005-06-08 778318] "nwiz"="nwiz.exe" [2007-02-23 c:\windows\system32\nwiz.exe] "CTHelper"="CTHELPER.EXE" [2006-05-24 c:\windows\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [2008-10-07 c:\windows\system32\Ctxfihlp.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-10-29 15360] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Reader Speed Launch.lnk - c:\programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "f:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\DNA\\btdna.exe"= "c:\\Programfiler\\BitTorrent\\bittorrent.exe"= "c:\\Programfiler\\Ventrilo\\Ventrilo.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4127:TCP"= 4127:TCP:eunkzvep R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2008-10-08 171032] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-08 1324056] R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-08 72728] S3 bbbxzesm;bbbxzesm;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\programfiler\Fellesfiler\Creative Labs Shared\Service\CTAELicensing.exe [2008-12-31 79360] S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2008-10-08 171032] S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-08 1324056] S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-08 72728] S4 detypkv;Security Network;c:\windows\system32\svchost.exe -k netsvcs [2007-10-29 14336] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs detypkv [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cabdafc3-d6b0-11dd-a51f-806d6172696f}] \Shell\AutoRun\command - D:\CDSETUP.EXE . . ------- Tilleggsskanning ------- . uStart Page = hxxp://hardware.no/ uInternet Settings,ProxyOverride = *.local LSP: %SYSTEMROOT%\system32\nvappfilter.dll FF - ProfilePath - c:\documents and settings\Stefan\Programdata\Mozilla\Firefox\Profiles\dwlx51ya.default\ FF - prefs.js: network.proxy.type - 2 ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-22 22:28:47 Windows 5.1.2600 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTxfiHlp = CTXFIHLP.EXE? skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bbbxzesm] "ImagePath"="\??\c:\windows\system32\01.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\detypkv] "ServiceDll"="c:\windows\system32\qhxegmwf.dll" . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'lsass.exe'(1116) c:\windows\system32\nvappfilter.dll . Tidspunkt ferdig: 2009-01-22 22:29:26 ComboFix-quarantined-files.txt 2009-01-22 21:29:25 Pre-Run: 229,712,113,664 byte ledig Post-Run: 230,856,007,680 byte ledig 175 --- E O F --- 2009-01-03 17:11:29 Lenke til kommentar
Gjest Skrevet 22. januar 2009 Del Skrevet 22. januar 2009 Klikk for å se/fjerne innholdet nedenfor ComboFix 09-01-21.04 - Stefan 2009-01-22 22:26:01.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.2046.1604 [GMT 1:00] Kjører fra: c:\documents and settings\Stefan\Skrivebord\ComboFix.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-22 til 2009-01-22 ))))))))))))))))))))))))))))))))) . 2009-01-22 22:08 . 2009-01-22 22:08 <DIR> d-------- c:\programfiler\Trend Micro 2009-01-22 22:00 . 2009-01-22 22:00 0 --a------ c:\windows\LCDMedia.INI 2009-01-22 21:59 . 2009-01-22 21:59 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2009-01-22 21:59 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-22 21:59 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-21 00:06 . 2009-01-21 00:06 <DIR> d-------- c:\documents and settings\Stefan\Programdata\Malwarebytes 2009-01-21 00:06 . 2009-01-21 00:06 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-01-17 16:19 . 2009-01-22 22:23 54,760 --a------ c:\windows\system32\BMXState-{00000002-00000000-00000006-00001102-00000005-00311102}.rfx 2009-01-17 16:19 . 2009-01-17 16:19 1,080 --a------ c:\windows\system32\settingsbkup.sfm 2009-01-17 16:19 . 2009-01-17 16:19 1,080 --a------ c:\windows\system32\settings.sfm 2009-01-17 16:19 . 2009-01-22 22:23 788 --a------ c:\windows\system32\DVCState-{00000002-00000000-00000006-00001102-00000005-00311102}.rfx 2009-01-17 13:39 . 2009-01-17 13:39 0 --a------ c:\windows\nsreg.dat 2009-01-07 23:26 . 2009-01-07 23:26 <DIR> d-------- c:\programfiler\YouTube Downloader 2009-01-06 04:10 . 2009-01-06 04:10 <DIR> d-------- c:\programfiler\mIRC 2009-01-06 04:10 . 2009-01-06 04:43 <DIR> d-------- c:\documents and settings\Stefan\Programdata\mIRC 2009-01-05 03:15 . 2009-01-05 03:15 <DIR> d-------- c:\programfiler\Ventrilo 2009-01-05 03:15 . 2009-01-05 03:15 <DIR> d-------- c:\programfiler\Fellesfiler\Wise Installation Wizard 2009-01-05 03:15 . 2009-01-05 03:15 261 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini 2009-01-05 00:16 . 2009-01-09 21:05 <DIR> d-------- c:\documents and settings\Stefan\Programdata\BitTorrent 2009-01-05 00:15 . 2009-01-22 21:34 <DIR> d-------- c:\programfiler\DNA 2009-01-05 00:15 . 2009-01-05 00:15 <DIR> d-------- c:\programfiler\BitTorrent 2009-01-05 00:15 . 2009-01-22 22:04 <DIR> d-------- c:\documents and settings\Stefan\Programdata\DNA 2009-01-04 00:20 . 2009-01-04 00:20 <DIR> d-------- c:\programfiler\Opera 2009-01-03 18:13 . 2009-01-03 18:13 17,801 --a------ c:\windows\system32\drivers\AegisP.sys 2009-01-03 18:13 . 2009-01-03 18:13 28 --a------ c:\windows\bcmwl.DMR 2009-01-03 18:12 . 2009-01-03 18:12 <DIR> d-------- c:\programfiler\Belkin 2009-01-03 18:04 . 2003-07-24 12:10 94,208 --a------ c:\windows\system32\DNIN50.DLL 2009-01-03 18:04 . 2003-07-24 12:10 17,149 --a------ c:\windows\system32\DNINDIS5.SYS 2009-01-03 02:41 . 2009-01-22 22:23 54,760 --a------ c:\windows\system32\BMXStateBkp-{00000002-00000000-00000006-00001102-00000005-00311102}.rfx 2009-01-01 04:50 . 2007-10-29 13:00 221,184 --a------ c:\windows\system32\wmpns.dll 2009-01-01 04:10 . 2009-01-05 03:30 <DIR> d-------- c:\documents and settings\Stefan\Programdata\Ventrilo 2009-01-01 03:37 . 2009-01-01 03:38 <DIR> d-------- c:\programfiler\Winamp 2009-01-01 03:37 . 2009-01-01 03:38 <DIR> d-------- c:\documents and settings\Stefan\Programdata\Winamp 2009-01-01 03:08 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2009-01-01 03:08 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll 2009-01-01 03:08 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2008-12-31 04:40 . 2008-12-31 04:54 <DIR> d-------- c:\documents and settings\All Users\Programdata\FLEXnet 2008-12-31 04:33 . 2008-12-31 04:33 <DIR> d-------- c:\programfiler\Bonjour 2008-12-31 04:28 . 2008-12-31 04:28 <DIR> d-------- c:\programfiler\Fellesfiler\Macrovision Shared 2008-12-31 00:57 . 2008-12-31 00:57 <DIR> d-------- c:\programfiler\Fellesfiler\Creative Labs Shared 2008-12-31 00:57 . 2008-02-04 10:27 102,400 --a------ c:\windows\system32\cttele32.dll 2008-12-31 00:46 . 2008-09-25 15:40 20,888,640 --a------ c:\windows\system32\AppSetup.exe 2008-12-31 00:38 . 1999-12-12 18:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE 2008-12-31 00:38 . 1999-11-17 18:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE 2008-12-30 23:11 . 2009-01-21 13:42 <DIR> d-------- c:\documents and settings\Stefan\Programdata\LimeWire 2008-12-30 23:02 . 2008-12-31 03:55 <DIR> d-------- c:\documents and settings\Stefan\Programdata\vlc 2008-12-30 22:59 . 2008-12-30 22:59 <DIR> d-------- c:\programfiler\VideoLAN 2008-12-30 22:32 . 2008-12-30 22:32 <DIR> d-------- c:\documents and settings\All Users\Programdata\Logitech 2008-12-30 22:31 . 2008-12-30 22:31 <DIR> d-------- c:\programfiler\Logitech 2008-12-30 22:19 . 2008-12-30 22:19 29 --a------ c:\windows\sfbm.INI 2008-12-30 22:00 . 2008-12-30 22:00 <DIR> d---s---- c:\documents and settings\Stefan\UserData . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-17 15:16 --------- d--h--w c:\programfiler\InstallShield Installation Information 2009-01-03 17:04 --------- d-----w c:\programfiler\Fellesfiler\InstallShield 2008-12-31 03:38 --------- d-----w c:\programfiler\Fellesfiler\Adobe 2008-12-30 23:39 --------- d--h--w c:\programfiler\Creative Installation Information 2008-12-30 23:37 --------- d-----w c:\programfiler\Creative 2008-12-30 23:34 --------- d-----w c:\documents and settings\All Users\Programdata\Creative 2008-12-30 20:54 --------- d-----w c:\programfiler\Windows Live 2008-12-30 20:54 --------- d-----w c:\programfiler\NVIDIA Corporation 2008-12-30 20:42 --------- d-----w c:\programfiler\Windows Live SkyDrive 2008-12-30 20:42 --------- d-----w c:\programfiler\Microsoft 2008-12-30 20:40 --------- d-----w c:\documents and settings\All Users\Programdata\NVIDIA 2008-12-30 20:39 --------- d-----w c:\programfiler\Fellesfiler\Windows Live 2008-12-30 20:20 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-12-30 20:20 --------- d-----w c:\programfiler\Java 2008-12-30 20:14 --------- d-----w c:\documents and settings\Stefan\Programdata\Creative 2008-12-30 20:14 --------- d-----w c:\documents and settings\All Users\Programdata\nView_Profiles 2008-12-30 20:11 --------- d-----w c:\programfiler\Fellesfiler\Creative 2008-12-30 19:49 --------- d-----w c:\documents and settings\All Users\Programdata\muvee Technologies 2008-12-30 19:40 --------- d-----w c:\programfiler\microsoft frontpage 2008-12-30 19:39 --------- d-----w c:\programfiler\Fellesfiler\Tjenester 2008-12-30 19:39 --------- d-----w c:\programfiler\Elektroniske tjenester 2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll 2007-10-29 12:00 164,746 --sha-r c:\windows\system32\qhxegmwf.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIDIA nTune"="c:\programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-08-18 106496] "MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "Creative MediaSource Go"="c:\programfiler\Creative\MediaSource5\Go\CTCMSGoU.exe" [2005-12-12 143360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gainward"="c:\windows\TBPanel.exe" [2007-03-23 2173744] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-23 7774208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-23 81920] "AudioDrvEmulator"="c:\programfiler\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-12-30 136600] "Launch LGDCore"="c:\programfiler\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304] "Launch LCDMon"="c:\programfiler\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152] "VolPanel"="c:\programfiler\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 122880] "WinampAgent"="c:\programfiler\Winamp\winampa.exe" [2008-08-04 36352] "wltray.exe"="c:\windows\system32\wltray.exe" [2005-06-08 778318] "nwiz"="nwiz.exe" [2007-02-23 c:\windows\system32\nwiz.exe] "CTHelper"="CTHELPER.EXE" [2006-05-24 c:\windows\CTHELPER.EXE] "CTxfiHlp"="CTXFIHLP.EXE" [2008-10-07 c:\windows\system32\Ctxfihlp.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-10-29 15360] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Adobe Reader Speed Launch.lnk - c:\programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "f:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\DNA\\btdna.exe"= "c:\\Programfiler\\BitTorrent\\bittorrent.exe"= "c:\\Programfiler\\Ventrilo\\Ventrilo.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4127:TCP"= 4127:TCP:eunkzvep R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2008-10-08 171032] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-08 1324056] R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-08 72728] S3 bbbxzesm;bbbxzesm;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\programfiler\Fellesfiler\Creative Labs Shared\Service\CTAELicensing.exe [2008-12-31 79360] S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2008-10-08 171032] S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-08 1324056] S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-08 72728] S4 detypkv;Security Network;c:\windows\system32\svchost.exe -k netsvcs [2007-10-29 14336] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs detypkv [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cabdafc3-d6b0-11dd-a51f-806d6172696f}] \Shell\AutoRun\command - D:\CDSETUP.EXE . . ------- Tilleggsskanning ------- . uStart Page = hxxp://hardware.no/ uInternet Settings,ProxyOverride = *.local LSP: %SYSTEMROOT%\system32\nvappfilter.dll FF - ProfilePath - c:\documents and settings\Stefan\Programdata\Mozilla\Firefox\Profiles\dwlx51ya.default\ FF - prefs.js: network.proxy.type - 2 ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-22 22:28:47 Windows 5.1.2600 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTxfiHlp = CTXFIHLP.EXE? skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bbbxzesm] "ImagePath"="\??\c:\windows\system32\01.tmp" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\detypkv] "ServiceDll"="c:\windows\system32\qhxegmwf.dll" . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'lsass.exe'(1116) c:\windows\system32\nvappfilter.dll . Tidspunkt ferdig: 2009-01-22 22:29:26 ComboFix-quarantined-files.txt 2009-01-22 21:29:25 Pre-Run: 229,712,113,664 byte ledig Post-Run: 230,856,007,680 byte ledig 175 --- E O F --- 2009-01-03 17:11:29 Opprett en ny tråd Lenke til kommentar
Arne M Skrevet 23. januar 2009 Del Skrevet 23. januar 2009 Mulig det står et annet sted i tråden, men jeg spør allikevel. Bruker adblock og Mozilla. Det som plager meg mer og mer er reklame med flash player. Greier ikke å blokkere disse. Noen som har et råd å gi på hvordan jeg får blokkert disse ? Arne M Lenke til kommentar
Gavekort Skrevet 23. januar 2009 Del Skrevet 23. januar 2009 Kva skal eg gjøre med de O2-filene som ikkje vil si kva dei heter? Lenke til kommentar
Arne M Skrevet 23. januar 2009 Del Skrevet 23. januar 2009 Se her. Takk, nå ble alt så meget bedre. Arne M Lenke til kommentar
H1rik1 Skrevet 23. januar 2009 Del Skrevet 23. januar 2009 Hvor dan er denne? Avg free sa jeg hadde en trojansk hest, men fikk ikke slettet den via AVG. Hva skal jeg gjøre? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:02:39, on 23.01.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\System32\wpcumi.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Windows\ehome\ehtray.exe C:\ProgramData\U3\U3Launcher\LaunchU3.exe C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\rundll32.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Windows\System32\mobsync.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Apoint2K\Apntex.exe Lenke til kommentar
r2d290 Skrevet 23. januar 2009 Del Skrevet 23. januar 2009 Blomsterbob: Kom med et eksempel. Du kan gjerne spørre i tråden: https://www.diskusjon.no/index.php?showtopic=980726 Kan ha det som en tråd der man spør om spørsmål fra de som lærer analyse (evt. sende en av oss en PM) H1rik1: Opprett en egen tråd, ved å klikke på "Nytt emne" øverst eller nederst på denne siden, og post loggen der Lenke til kommentar
Gjest Bruker-127711 Skrevet 27. januar 2009 Del Skrevet 27. januar 2009 Jeg har et problem, jeg vet ikke om det er virus eller bare noe feil. Det er rett og slett at jeg ikke kan trykke meg frem til andre vinduer, og må nesten alltid bruke Alt+Tab for å komme til et annet ett. Msn'en min ligger foran alt, så må enten minimere den, eller krysse den ut for at den ikke er iveien, det er også sånn at det en usynling vegg foran alt, som gjør det enda vanskeligere for meg å navigere. Vet ikke helt om det er riktig tråd, men det første jeg så. Lenke til kommentar
Sitronade Skrevet 27. januar 2009 Del Skrevet 27. januar 2009 Takk for guiden. Har PC'en full av dritt, skal prøve den da jeg kommer hjem. Lenke til kommentar
raWrz Skrevet 27. januar 2009 Del Skrevet 27. januar 2009 Atsjonas: følg guiden og legg ut loggene i en ny tråd Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå