Footy Skrevet 20. desember 2009 Del Skrevet 20. desember 2009 Da har jeg sittet å ryddet opp i slektningers PC og funnet litt av hvert. Kronen på toppen har vært da å følge norbat sin guide. Noen som kunne tenke seg å gå over loggene? Begge program fant litt av hvert.. Malwarebytes' Anti-Malware 1.42 Databaseversjon: 3396 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 20.12.2009 14:20:01 mbam-log-2009-12-20 (14-20-01).txt Skanntype: Rask Skann Objekter skannet: 135494 Tid tilbakelagt: 24 minute(s), 30 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 2 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) ComboFix 09-12-19.01 - XXXX XXX 20.12.2009 14:33:41.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.511.196 [GMT 1:00] Kjører fra: c:\documents and settings\XXXX XXX\Skrivebord\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programfiler\Juniper Networks\Secure Application Manager\samnsp.dll c:\recycler\NPROTECT c:\recycler\S-1-5-21-1488022083-4210998575-949935795-1003 c:\winnt\system32\_000005_.tmp.dll . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-11-20 til 2009-12-20 ))))))))))))))))))))))))))))))))) . 2009-12-20 12:53 . 2009-12-03 15:14 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys 2009-12-20 12:53 . 2009-12-20 12:53 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2009-12-20 12:53 . 2009-12-20 12:53 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-12-20 12:53 . 2009-12-03 15:13 19160 ----a-w- c:\winnt\system32\drivers\mbam.sys 2009-12-20 12:42 . 2009-12-20 12:42 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2009-12-20 12:35 . 2009-10-29 07:45 12800 -c----w- c:\winnt\system32\dllcache\xpshims.dll 2009-12-20 12:35 . 2009-10-29 07:45 246272 -c----w- c:\winnt\system32\dllcache\ieproxy.dll 2009-12-20 12:35 . 2009-12-20 12:35 -------- d-----w- c:\winnt\ie8updates 2009-12-20 12:34 . 2009-10-02 04:44 92160 -c----w- c:\winnt\system32\dllcache\iecompat.dll 2009-12-20 12:32 . 2009-12-20 12:34 -------- dc-h--w- c:\winnt\ie8 2009-12-20 12:08 . 2009-12-20 12:08 -------- d-----w- c:\programfiler\CCleaner . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-20 13:45 . 2003-07-29 12:22 -------- d-----w- c:\programfiler\Symantec 2009-12-20 13:26 . 2003-07-29 12:22 -------- d-----w- c:\programfiler\Fellesfiler\Symantec Shared 2009-12-20 13:26 . 2003-07-29 12:22 -------- d-----w- c:\documents and settings\All Users\Programdata\Symantec 2009-12-20 13:19 . 2008-08-31 14:27 -------- d-----w- c:\programfiler\Sports Interactive 2009-12-20 13:18 . 2003-09-25 14:29 -------- d-----w- c:\programfiler\Yahoo! 2009-12-20 13:16 . 2009-08-12 18:49 -------- d-----w- c:\documents and settings\All Users\Programdata\Electronic Arts 2009-12-20 13:13 . 2006-10-19 08:39 -------- d-----w- c:\programfiler\Opera 2009-12-20 13:03 . 2003-07-29 12:14 -------- d--h--w- c:\programfiler\InstallShield Installation Information 2009-12-20 13:03 . 2006-10-19 12:14 -------- d-----w- c:\programfiler\Electronic Arts 2009-12-20 12:41 . 2009-12-20 12:41 20416 ----a-w- c:\documents and settings\Fredrik Lie\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT 2009-12-20 12:02 . 1979-12-31 23:00 79838 ----a-w- c:\winnt\system32\perfc014.dat 2009-12-20 12:02 . 1979-12-31 23:00 444344 ----a-w- c:\winnt\system32\perfh014.dat 2009-11-26 07:26 . 2009-12-16 19:45 2063640 ----a-w- c:\documents and settings\All Users\Programdata\avg8\update\backup\avgcorex.dll 2009-11-26 07:26 . 2009-12-16 19:44 3514648 ----a-w- c:\documents and settings\All Users\Programdata\avg8\update\backup\avgui.exe 2009-11-26 07:26 . 2009-12-16 19:44 2029336 ----a-w- c:\documents and settings\All Users\Programdata\avg8\update\backup\avgtray.exe 2009-10-29 07:45 . 2004-02-06 16:09 916480 ----a-w- c:\winnt\system32\wininet.dll 2009-10-21 05:41 . 2004-08-04 08:03 75776 ----a-w- c:\winnt\system32\strmfilt.dll 2009-10-21 05:41 . 2004-08-04 08:03 25088 ----a-w- c:\winnt\system32\httpapi.dll 2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\winnt\system32\drivers\http.sys 2009-10-13 10:38 . 1979-12-31 23:00 270848 ----a-w- c:\winnt\system32\oakley.dll 2009-10-12 13:40 . 1979-12-31 23:00 79872 ----a-w- c:\winnt\system32\raschap.dll 2009-10-12 13:40 . 1979-12-31 23:00 149504 ----a-w- c:\winnt\system32\rastls.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 49152] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-16 2043160] "NvMediaCenter"="c:\winnt\system32\NvMcTray.dll" [2008-05-16 86016] "NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2008-05-16 13529088] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\winnt\System32\CTFMON.EXE" [2008-04-14 15360] "NvMediaCenter"="c:\winnt\System32\NVMCTRAY.DLL" [2008-05-16 86016] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-28 10:41 11952 ----a-w- c:\winnt\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Logitech SetPoint.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Logitech SetPoint.lnk backup=c:\winnt\pss\Logitech SetPoint.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "c:\\Programfiler\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Opera\\opera.exe"= R0 DiMaint;Eicon Maintenance Driver;c:\winnt\system32\drivers\disdn\dimaint.sys [29.07.2003 14:24 91305] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\winnt\system32\drivers\avgldx86.sys [07.09.2008 17:29 335240] R1 NEOFLTR_620_13525;Juniper Networks TDI Filter Driver (NEOFLTR_620_13525);c:\winnt\system32\drivers\NEOFLTR_620_13525.sys [29.08.2008 00:37 64480] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [01.02.2009 15:03 297752] R2 DiCapi;Eicon CAPI 2.0-driver;c:\winnt\system32\drivers\disdn\capi20.sys [29.07.2003 14:24 164923] R3 DiWan;Eicon-driver for alle DIVA PnP-kort;c:\winnt\system32\drivers\disdn\Diwan.sys [29.07.2003 14:24 952007] S3 cdiskdun;cdiskdun;\??\c:\docume~1\ANDERS~1\LOKALE~1\Temp\cdiskdun.sys --> c:\docume~1\ANDERS~1\LOKALE~1\Temp\cdiskdun.sys [?] S3 USBAAPL;Apple Mobile USB Driver;c:\winnt\system32\drivers\usbaapl.sys [24.05.2008 14:17 30464] . ------- Tilleggsskanning ------- . IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab . - - - - TOMME PEKERE FJERNET - - - - HKLM-Run-Cmaudio - cmicnfg.cpl HKU-Default-Run-ALUAlert - c:\programfiler\Symantec\LiveUpdate\ALUNotify.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-20 14:47 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'explorer.exe'(2292) c:\winnt\system32\webcheck.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\winnt\system32\nvsvc32.exe c:\winnt\system32\wdfmgr.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\winnt\system32\WgaTray.exe . ************************************************************************** . Tidspunkt ferdig: 2009-12-20 14:55:13 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-12-20 13:55 Pre-Run: 30 134 800 384 byte ledig Post-Run: 32 259 772 416 byte ledig - - End Of File - - 86D4233A8F3793F26228AD4422344B63 Tusen takk og god jul! Lenke til kommentar
Footy Skrevet 22. desember 2009 Forfatter Del Skrevet 22. desember 2009 Kanskje jeg skal begynne å titte på loggene selv. Om jeg vil lære dette, hvor begynner jeg? Lenke til kommentar
norbat Skrevet 22. desember 2009 Del Skrevet 22. desember 2009 Var det et hint om treg respons? Loggene ser ok ut. Surf trygt! Lenke til kommentar
Footy Skrevet 22. desember 2009 Forfatter Del Skrevet 22. desember 2009 Takk for titten.. Men jeg er seriøs også. Krever det lang erfaring for å vite hva man ser etter eller finnes det en guide av noe slag? Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå