Gjest Slettet+127836 Skrevet 11. mars 2010 Del Skrevet 11. mars 2010 (endret) Hei! Sitter på en bærbar nå, som har vært treig i det siste. Har kjørt malwarebytes, den fant 2 .dll filer(nevnt i tittelemne) og jeg fjernet disse. Deretter kjørte jeg combofix. Her er logg fra combofix: ComboFix 10-03-10.05 - Oppgavepc 11.03.2010 10:00:10.1.1 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.47.1044.18.1917.1121 [GMT 1:00] Kjører fra: c:\users\Oppgavepc\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-3026536038-3935883823-1286954553-500 c:\$recycle.bin\S-1-5-21-349111809-2567388203-2673728989-500 c:\windows\system32\nsprs.dll c:\windows\system32\oem9.inf c:\windows\system32\ssprs.dll . ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-02-11 til 2010-03-11 ))))))))))))))))))))))))))))))))) . 2010-03-11 09:12 . 2010-03-11 09:12 -------- d-----w- c:\users\Oppgavepc\AppData\Local\temp 2010-03-11 09:12 . 2010-03-11 09:12 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-03-11 08:35 . 2009-12-14 09:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100310.037\NAVEX32A.DLL 2010-03-11 08:35 . 2010-02-16 09:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100310.037\NAVENG.SYS 2010-03-11 08:35 . 2010-02-16 09:00 1324720 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100310.037\NAVEX15.SYS 2010-03-11 08:35 . 2009-12-14 09:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100310.037\EECTRL.SYS 2010-03-11 08:35 . 2009-12-14 09:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100310.037\CCERASER.DLL 2010-03-11 08:35 . 2009-12-14 09:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100310.037\ECMSVR32.DLL 2010-03-11 08:35 . 2009-12-14 09:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100310.037\NAVENG32.DLL 2010-03-11 08:35 . 2009-12-14 09:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100310.037\ERASER.SYS 2010-03-11 08:33 . 2010-03-11 08:33 -------- d-----w- c:\users\Oppgavepc\AppData\Roaming\Malwarebytes 2010-03-11 08:33 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-11 08:33 . 2010-03-11 08:33 -------- d-----w- c:\programdata\Malwarebytes 2010-03-11 08:33 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-11 08:33 . 2010-03-11 08:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-11 08:30 . 2009-11-20 03:02 268664 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100310.001\SymIDSco.sys 2010-03-11 08:30 . 2009-11-20 03:02 732536 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100310.001\Scxpx86.dll 2010-03-11 08:30 . 2009-11-20 03:02 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100310.001\SymIDSI.dll 2010-03-11 08:30 . 2009-11-20 03:02 286768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100310.001\IDSvix86.sys 2010-03-11 08:30 . 2009-11-20 03:02 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100310.001\IDSxpx86.dll 2010-03-11 08:30 . 2009-11-20 03:02 396336 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100310.001\IDSviA64.sys 2010-03-11 08:30 . 2009-07-22 00:51 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100310.001\IDS9xx86.dll 2010-03-11 08:24 . 2010-03-11 08:48 -------- d-----w- c:\users\Oppgavepc\AppData\Local\Spotify 2010-03-11 08:24 . 2010-03-11 08:29 -------- d-----w- c:\users\Oppgavepc\AppData\Roaming\Spotify 2010-03-11 08:24 . 2010-03-11 08:24 -------- d-----w- c:\program files\Spotify 2010-03-11 08:20 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe 2010-03-09 12:29 . 2010-02-16 09:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100308.057\NAVENG.SYS 2010-03-09 12:29 . 2010-02-16 09:00 1324720 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100308.057\NAVEX15.SYS 2010-03-09 12:29 . 2009-12-14 09:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100308.057\EECTRL.SYS 2010-03-09 12:29 . 2009-12-14 09:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100308.057\CCERASER.DLL 2010-03-09 12:29 . 2009-12-14 09:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100308.057\ECMSVR32.DLL 2010-03-09 12:29 . 2009-12-14 09:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100308.057\NAVENG32.DLL 2010-03-09 12:29 . 2009-12-14 09:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100308.057\NAVEX32A.DLL 2010-03-09 12:29 . 2009-12-14 09:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100308.057\ERASER.SYS 2010-03-09 08:29 . 2009-11-20 03:02 268664 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100305.001\SymIDSco.sys 2010-03-09 08:29 . 2009-11-20 03:02 732536 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100305.001\Scxpx86.dll 2010-03-09 08:29 . 2009-11-20 03:02 286768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100305.001\IDSvix86.sys 2010-03-09 08:29 . 2009-11-20 03:02 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100305.001\SymIDSI.dll 2010-03-09 08:29 . 2009-11-20 03:02 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100305.001\IDSxpx86.dll 2010-03-09 08:29 . 2009-11-20 03:02 396336 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100305.001\IDSviA64.sys 2010-03-09 08:29 . 2009-07-22 00:51 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20100305.001\IDS9xx86.dll 2010-02-27 15:36 . 2010-02-27 15:36 48 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-02-24 14:16 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll 2010-02-24 14:15 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll 2010-02-24 14:15 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll 2010-02-24 14:15 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe 2010-02-24 14:15 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-02-24 14:15 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2010-02-24 14:15 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-02-24 14:15 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll 2010-02-24 14:15 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll 2010-02-24 14:15 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe 2010-02-24 14:15 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll 2010-02-24 14:15 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2010-02-24 14:15 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2010-02-16 09:00 . 2010-02-16 09:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng.sys 2010-02-16 09:00 . 2010-02-16 09:00 1324720 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex15.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-11 09:04 . 2009-03-29 04:08 665648 ----a-w- c:\windows\system32\perfh01D.dat 2010-03-11 09:04 . 2009-03-29 04:08 150488 ----a-w- c:\windows\system32\perfc01D.dat 2010-03-11 09:04 . 2009-03-29 04:01 536460 ----a-w- c:\windows\system32\perfh014.dat 2010-03-11 09:04 . 2009-03-29 04:01 107028 ----a-w- c:\windows\system32\perfc014.dat 2010-03-11 09:04 . 2009-03-29 03:54 505846 ----a-w- c:\windows\system32\perfh00B.dat 2010-03-11 09:04 . 2009-03-29 03:54 116038 ----a-w- c:\windows\system32\perfc00B.dat 2010-03-11 09:04 . 2009-03-29 03:47 532672 ----a-w- c:\windows\system32\perfh006.dat 2010-03-11 09:04 . 2009-03-29 03:47 111226 ----a-w- c:\windows\system32\perfc006.dat 2010-03-11 08:54 . 2009-03-29 04:37 12 ----a-w- c:\windows\bthservsdp.dat 2010-03-11 08:35 . 2009-08-26 07:57 -------- d-----w- c:\users\Oppgavepc\AppData\Roaming\EndNote 2010-03-11 08:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-03-11 08:21 . 2009-08-19 08:45 -------- d-----w- c:\programdata\Microsoft Help 2010-03-10 09:17 . 2009-10-08 14:19 148 ----a-w- c:\programdata\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll 2010-03-02 13:22 . 2009-03-29 04:52 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-03-02 13:22 . 2009-03-29 04:47 -------- d-----w- c:\program files\Hewlett-Packard 2010-02-27 16:29 . 2009-08-19 09:00 108144 ----a-w- c:\users\Oppgavepc\AppData\Local\GDIPFONTCACHEV1.DAT 2010-02-24 08:16 . 2009-10-05 10:09 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-17 22:39 . 2009-03-29 06:26 588472 ----a-w- c:\windows\system32\ezsvc7x.dll 2010-02-14 07:45 . 2009-08-20 10:30 -------- d-----w- c:\program files\uTorrent 2010-02-13 08:20 . 2009-08-20 10:26 -------- d-----w- c:\users\Oppgavepc\AppData\Roaming\uTorrent 2010-02-13 08:18 . 2009-08-20 17:56 -------- d-----w- c:\program files\Common Files\Adobe 2010-01-28 15:38 . 2010-01-28 15:38 -------- d-----w- c:\program files\MpD 2010-01-20 14:32 . 2009-08-19 17:19 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-06 15:38 . 2010-02-24 14:15 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll 2010-01-06 15:38 . 2010-02-24 14:15 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll 2010-01-06 15:38 . 2010-02-24 14:15 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll 2010-01-06 15:38 . 2010-02-24 14:15 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll 2010-01-02 06:38 . 2010-01-22 07:23 916480 ----a-w- c:\windows\system32\wininet.dll 2010-01-02 06:32 . 2010-01-22 07:23 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-01-02 06:32 . 2010-01-22 07:23 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-01-02 04:57 . 2010-01-22 07:23 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-12-14 09:00 . 2009-12-14 09:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\eeCtrl.sys 2009-12-14 09:00 . 2009-12-14 09:00 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\cceraser.dll 2009-12-14 09:00 . 2009-12-14 09:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ecmsvr32.dll 2009-12-14 09:00 . 2009-12-14 09:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\naveng32.dll 2009-12-14 09:00 . 2009-12-14 09:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\navex32a.dll 2009-12-14 09:00 . 2009-12-14 09:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ERASER.sys 2009-12-11 11:43 . 2010-02-10 07:26 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-11 11:43 . 2010-02-10 07:26 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys 2009-03-29 04:43 . 2009-03-29 04:10 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT 2009-12-04 15:08 . 2006-11-02 06:25 10 --sha-r- c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6001.18000_none_fe0d791a728dd79c\config.sys 2009-12-04 15:08 . 2006-11-02 06:25 10 --sha-r- c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8\config.sys . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-10-22 3883856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048] "osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-03 450652] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-11-17 258048] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-11 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):a9,69,99,bc,ff,4f,ca,01 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-349111809-2567388203-2673728989-1000] "EnableNotificationsRef"=dword:00000001 R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-08-19 721904] R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888] S1 IDSVix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20100310.001\IDSvix86.sys [2009-11-20 286768] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe [2009-03-02 81920] S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456] S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352] S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-12-23 365952] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-26 102448] S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - COMHOST [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.dagbladet.no/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nb_no&c=91&bd=Pavilion&pf=cnnb IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-11 10:12 Windows 6.0.6002 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . Tidspunkt ferdig: 2010-03-11 10:17:55 ComboFix-quarantined-files.txt 2010-03-11 09:17 Pre-Run: 104 138 452 992 byte ledig Post-Run: 104 111 865 856 byte ledig - - End Of File - - 447D80916A4462BEDA71844CF5445663 Og her er malwarebytes log: Malwarebytes' Anti-Malware 1.44 Databaseversjon: 3851 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18882 11.03.2010 09:48:05 mbam-log-2010-03-11 (09-48-05).txt Skanntype: Rask Skann Objekter skannet: 105196 Tid tilbakelagt: 12 minute(s), 2 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 2 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\Windows\System32\serauth1.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\System32\serauth2.dll (Trojan.Agent) -> Quarantined and deleted successfully. Veldig fint hvis noen kan se på disse to loggene, da jeg helst vil ha denne pcn fri for tull Endret 11. mars 2010 av Slettet+127836 Lenke til kommentar
norbat Skrevet 11. mars 2010 Del Skrevet 11. mars 2010 Det mangler noe av combofix-loggen... Lenke til kommentar
Gjest Slettet+127836 Skrevet 11. mars 2010 Del Skrevet 11. mars 2010 beklager det, prøv nå Lenke til kommentar
norbat Skrevet 11. mars 2010 Del Skrevet 11. mars 2010 Loggene viser ikke noe malware, så det skulle ikke bli noe pc-tull Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå