Hayer Skrevet 30. mars 2008 Del Skrevet 30. mars 2008 (endret) Hei! Har problemer med at pcen sender ut store mengder spam og går tregt. (Skjønner godt at NGT vil stenge linjen av den grunnen) Men problemet er at jeg ikke får fjernet det. Har skannet med AVG, AVG Anti-Spyware(Begge free edition), og Norton 360. Men fortsatt samme problem. Her er et bilde av alle prossesene mine Edit : ComboFix Logg Klikk for å se/fjerne innholdet nedenfor ComboFix 08-03-30.1 - Ped 2008-03-29 21:47:15.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.2609 [GMT 1:00] Running from: C:\Documents and Settings\Ped\Skrivebord\Anti Virus\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Programfiler\Helper C:\WINDOWS\inf\yutsubk.cat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_yutsubk ((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-30 ))))))))))))))))))))))))))))))) . 2008-03-29 22:41 . 2008-03-29 22:41 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-03-29 22:41 . 2008-03-29 22:41 <DIR> d-------- C:\Documents and Settings\Ped\Programdata\SUPERAntiSpyware.com 2008-03-29 22:41 . 2008-03-29 22:41 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-03-29 22:39 . 2008-03-11 04:23 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-03-29 22:38 . 2008-03-29 22:39 <DIR> dr-h----- C:\Documents and Settings\Ped\Siste 2008-03-28 23:09 . 2008-03-29 13:13 <DIR> d-------- C:\Documents and Settings\Ped\Programdata\NoNameScript 2008-03-28 04:36 . 2008-03-28 04:36 <DIR> d-------- C:\phett 2008-03-28 04:35 . 2008-03-28 04:35 <DIR> d-------- C:\template 2008-03-25 11:00 . 2008-03-25 11:00 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-03-25 10:43 . 2008-03-25 10:43 <DIR> d-------- C:\Programfiler\Google 2008-03-25 10:43 . 2007-12-03 03:10 644,400 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX 2008-03-25 06:33 . 2008-03-25 06:33 21,666 --a------ C:\banner_phett.gif 2008-03-24 09:49 . 2008-03-24 09:49 <DIR> d-------- C:\Programfiler\Fellesfiler\Blizzard Entertainment 2008-03-24 05:38 . 2008-03-24 05:38 <DIR> d--h----- C:\WINDOWS\PIF 2008-03-23 09:21 . 2008-03-23 09:21 268 --ah----- C:\sqmdata03.sqm 2008-03-23 09:21 . 2008-03-23 09:21 244 --ah----- C:\sqmnoopt03.sqm 2008-03-23 09:15 . 2008-03-23 09:15 <DIR> d--hs---- C:\found.000 2008-03-15 01:02 . 2008-03-15 01:02 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\AVG7 2008-03-15 00:05 . 2006-05-06 05:10 6,947 --a------ C:\WINDOWS\hpomdl11.dat 2008-03-14 23:49 . 2008-03-14 23:49 <DIR> d-------- C:\Documents and Settings\Ped\Programdata\Grisoft 2008-03-14 23:49 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-03-14 23:49 . 2007-01-18 14:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2008-03-14 23:33 . 2008-03-14 23:33 <DIR> d-------- C:\fsaua.data 2008-03-14 23:24 . 2008-03-15 00:21 110,367 --a------ C:\WINDOWS\hpoins11.dat 2008-03-14 23:08 . 2008-03-14 23:24 110,061 --------- C:\WINDOWS\hpoins11.dat.temp 2008-03-14 23:08 . 2006-05-06 05:10 6,947 --------- C:\WINDOWS\hpomdl11.dat.temp 2008-03-14 22:47 . 2008-03-14 22:47 114,928 --a------ C:\oversould.psd 2008-03-14 22:45 . 2008-03-14 22:46 <DIR> d-------- C:\Programfiler\HP 2008-03-14 21:43 . 2008-03-14 21:44 <DIR> d-------- C:\mybot 2008-03-14 11:41 . 2008-03-14 23:33 <DIR> d-------- C:\Windrop 2008-03-14 07:52 . 2008-03-14 07:57 20,142 --a------ C:\1337.GIF 2008-03-14 07:49 . 2008-03-25 05:29 <DIR> d-------- C:\Programfiler\FileZilla FTP Client 2008-03-14 07:49 . 2008-03-29 13:13 <DIR> d-------- C:\Documents and Settings\Ped\Programdata\FileZilla 2008-03-14 07:38 . 2008-03-14 07:38 28,717 --a------ C:\1337.jpg 2008-03-13 07:13 . 2008-03-29 09:00 <DIR> d-------- C:\Documents and Settings\Ped\Programdata\AVG7 2008-03-13 07:12 . 2008-03-14 23:49 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Grisoft 2008-03-13 07:12 . 2008-03-15 01:03 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg7 2008-03-13 05:51 . 2008-02-03 07:03 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny 2008-03-13 05:51 . 2008-02-03 07:03 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere 2008-03-13 05:51 . 2008-03-15 01:02 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord 2008-03-13 05:51 . 2008-02-03 07:03 <DIR> d--h----- C:\Documents and Settings\Administrator\Siste 2008-03-13 05:51 . 2008-02-03 07:03 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata 2008-03-13 05:51 . 2008-02-03 07:03 <DIR> d-------- C:\Documents and Settings\Administrator\Mine dokumenter 2008-03-13 05:51 . 2008-02-03 07:06 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler 2008-03-13 05:51 . 2008-03-30 21:51 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger 2008-03-13 05:51 . 2008-02-03 07:03 <DIR> d-------- C:\Documents and Settings\Administrator\Favoritter 2008-03-13 05:51 . 2008-02-03 07:03 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask 2008-03-13 04:57 . 2007-08-13 19:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll 2008-03-11 08:26 . 2008-03-11 08:43 <DIR> d-------- C:\xampp 2008-03-11 04:23 . 2008-03-29 22:43 <DIR> d-------- C:\Documents and Settings\Ped\.housecall6.6 2008-03-11 04:22 . 2008-03-11 04:22 <DIR> d-------- C:\WINDOWS\Sun 2008-03-09 01:42 . 2004-08-03 23:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys 2008-03-09 01:42 . 2004-08-03 23:31 20,992 --a--c--- C:\WINDOWS\system32\dllcache\rtl8139.sys 2008-03-08 02:42 . 2008-03-08 02:48 <DIR> d-------- C:\World of Warcraft 2008-03-06 05:56 . 2008-03-29 22:12 <DIR> d-------- C:\Mp'3s 2008-03-06 05:39 . 2008-03-08 07:59 <DIR> d-------- C:\Documents and Settings\Ped\Programdata\LimeWire 2008-03-06 05:38 . 2008-03-06 05:38 <DIR> d-------- C:\Programfiler\Java 2008-03-06 05:38 . 2007-12-14 02:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-03-06 05:36 . 2008-03-06 05:38 <DIR> d-------- C:\Programfiler\LimeWire 2008-03-06 05:36 . 2008-03-06 05:36 <DIR> d-------- C:\Programfiler\Fellesfiler\Java 2008-03-06 04:45 . 2008-03-06 10:36 <DIR> d-------- C:\Video 2008-03-06 04:25 . 2008-03-06 04:25 <DIR> d-------- C:\Programfiler\VideoMach-4.0.4 2008-03-05 10:47 . 2008-03-05 10:47 <DIR> d-------- C:\Programfiler\Bonjour 2008-03-04 07:36 . 2008-03-04 09:12 <DIR> d-------- C:\Programfiler\MagicISO 2008-03-04 07:07 . 2008-03-04 07:08 <DIR> d-------- C:\Programfiler\Winamp 2008-03-04 07:07 . 2008-03-04 07:55 <DIR> d-------- C:\Documents and Settings\Ped\Programdata\Winamp 2008-03-04 03:34 . 2008-03-04 07:54 <DIR> d-------- C:\Programfiler\BitLord 2008-03-04 02:26 . 2008-03-06 22:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys 2008-03-04 02:26 . 2008-03-06 22:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat 2008-03-04 02:26 . 2008-03-06 22:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf 2008-03-03 04:22 . 2008-03-25 11:00 1,298 --a------ C:\WINDOWS\mozver.dat 2008-03-02 05:34 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2008-03-02 04:00 . 2006-08-21 11:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys 2008-03-02 04:00 . 2006-08-21 11:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe 2008-03-02 04:00 . 2006-08-21 14:28 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll 2008-03-02 01:20 . 2006-12-19 20:18 333,824 -----c--- C:\WINDOWS\system32\dllcache\wiaservc.dll 2008-03-02 01:19 . 2007-10-25 18:57 8,460,800 -----c--- C:\WINDOWS\system32\dllcache\shell32.dll 2008-03-02 01:19 . 2006-08-16 11:37 225,664 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-03-02 01:19 . 2006-12-19 23:51 134,656 -----c--- C:\WINDOWS\system32\dllcache\shsvcs.dll 2008-03-02 01:19 . 2006-08-16 14:00 100,352 -----c--- C:\WINDOWS\system32\dllcache\6to4svc.dll 2008-03-02 01:18 . 2006-06-22 07:17 1,436,672 -----c--- C:\WINDOWS\system32\dllcache\query.dll 2008-03-02 01:18 . 2007-06-13 15:24 1,033,216 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe 2008-03-02 01:18 . 2007-11-07 11:30 721,920 -----c--- C:\WINDOWS\system32\dllcache\lsasrv.dll 2008-03-02 01:18 . 2006-08-17 14:30 332,288 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll 2008-03-02 01:18 . 2006-10-13 14:41 141,824 -----c--- C:\WINDOWS\system32\dllcache\nwprovau.dll 2008-03-02 01:18 . 2006-08-17 14:30 132,096 -----c--- C:\WINDOWS\system32\dllcache\wkssvc.dll 2008-03-02 01:18 . 2006-06-22 07:17 69,120 -----c--- C:\WINDOWS\system32\dllcache\ciodm.dll 2008-03-02 01:17 . 2007-05-16 17:19 1,314,816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll 2008-03-02 01:17 . 2007-08-21 08:18 683,520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-03-02 01:17 . 2007-05-16 17:19 510,976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll 2008-03-02 01:17 . 2007-05-16 17:19 86,528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll 2008-03-02 01:17 . 2007-05-16 17:19 85,504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll 2008-03-02 01:15 . 2006-11-27 16:55 539,136 -----c--- C:\WINDOWS\system32\dllcache\msftedit.dll 2008-03-02 01:15 . 2007-08-13 19:38 491,520 --a--c--- C:\WINDOWS\system32\dllcache\jscript.dll 2008-03-02 01:15 . 2006-11-27 16:55 433,152 -----c--- C:\WINDOWS\system32\dllcache\riched20.dll 2008-03-02 01:13 . 2007-02-09 13:10 574,464 -----c--- C:\WINDOWS\system32\dllcache\ntfs.sys 2008-03-02 01:13 . 2006-05-05 11:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys 2008-03-02 01:13 . 2006-05-05 11:47 174,592 -----c--- C:\WINDOWS\system32\dllcache\rdbss.sys 2008-03-02 01:13 . 2007-04-25 16:23 144,896 -----c--- C:\WINDOWS\system32\dllcache\schannel.dll 2008-03-02 01:12 . 2007-04-02 07:59 546,304 -----c--- C:\WINDOWS\system32\dllcache\hhctrl.ocx . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-29 20:41 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-03-29 20:15 --------- d-----w C:\Documents and Settings\Ped\Programdata\mIRC 2008-03-29 20:14 --------- d-----w C:\Programfiler\mIRC 2008-03-29 04:19 --------- d-----w C:\Programfiler\Steam 2008-03-29 03:31 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec 2008-03-25 08:43 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-03-23 07:22 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-03-13 09:27 --------- d-----w C:\Programfiler\PeerGuardian2 2008-03-13 05:12 --------- d-----w C:\Programfiler\DAEMON Tools Lite 2008-03-13 03:56 --------- d-----w C:\Programfiler\CCleaner 2008-03-13 02:43 --------- d-----w C:\Documents and Settings\Ped\Programdata\uTorrent 2008-03-08 05:39 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-03-08 00:59 --------- d-----w C:\Documents and Settings\Ped\Programdata\Ventrilo 2008-03-07 08:42 --------- d-----w C:\Documents and Settings\All Users\Programdata\FLEXnet 2008-03-05 19:14 --------- d-----w C:\Programfiler\Norton 360 2008-03-04 07:14 --------- d-----w C:\Documents and Settings\Ped\Programdata\Azureus 2008-02-03 05:20 --------- d-----w C:\Programfiler\SMC 2008-02-03 05:08 558,142 ----a-w C:\WINDOWS\java\Packages\6prtn7bl.zip 2008-02-03 05:08 155,995 ----a-w C:\WINDOWS\java\Packages\9npv3brb.zip 2008-02-03 05:08 --------- d-----w C:\Programfiler\microsoft frontpage 2008-02-03 05:07 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester 2008-02-03 05:06 --------- d-----w C:\Programfiler\Elektroniske tjenester 2007-12-07 02:17 824,832 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03 15360] "ccleaner"="C:\Programfiler\CCleaner\CCleaner.exe" [2008-02-20 16:15 816368] "msnmsgr"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 17:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nTrayFw"="C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 11:40 270336] "D-Link AirPlus G"="C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 16:04 1544192] "ANIWZCS2Service"="C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 19:19 49152] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-07-18 03:54 116072] "Symantec PIF AlertEng"="C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048] "!AVG Anti-Spyware"="C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-15 01:02 579072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 02:03 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-15 01:02 219136] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa] antiwpa.dll 2007-01-02 09:24 60416 C:\WINDOWS\system32\antiwpa.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ :\WINDOWS\syste [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ljf85.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "C:\\Programfiler\\Steam\\steamapps\\netroon\\counter-strike\\hl.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "C:\\Programfiler\\mIRC\\mirc.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avginet.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgemc.exe"= S2 Powert;Powertweak NT helper;C:\PROGRA~1\POWERT~1\powert2k.sys [] S2 riode32;riode32;C:\WINDOWS\system32\drivers\riode32.sys [] S3 2802W;SMC2802W 2.4GHz 54 Mbps Wireless PCI Driver;C:\WINDOWS\system32\DRIVERS\2802W.sys [2004-04-29 15:19] *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-02-03 05:34:31 C:\WINDOWS\Tasks\$~$Sys0$.job" - C:\WINDOWS\System32\rundll32.exe7 . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-30 21:53:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\system32\wscntfy.exe . ************************************************************************** . Completion time: 2008-03-30 22:01:03 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-30 20:00:59 Pre-Run: 414,693,646,336 byte ledig Post-Run: 414,733,721,600 byte ledig . 2008-03-14 21:40:07 --- E O F --- Hijackthis Logg Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:44:50, on 29.03.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Windows Live\Messenger\msnmsgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programfiler\Winamp\winamp.exe C:\Programfiler\Ventrilo\Ventrilo.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\msiexec.exe C:\Documents and Settings\Ped\Skrivebord\Anti Virus\HijackThis.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hardware.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.7\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programfiler\Fellesfiler\Symantec Shared\coShared\Browser\1.7\UIBHO.dll O4 - HKLM\..\Run: [nTrayFw] C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ccleaner] "C:\Programfiler\CCleaner\CCleaner.exe" /AUTO O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZNfox000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programfiler\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\VAScanner\comHost.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 8607 bytes Endret 30. mars 2008 av Hayer Lenke til kommentar
norbat Skrevet 30. mars 2008 Del Skrevet 30. mars 2008 Ble det funnet noe under disse scanningene? Post gjerne en logg fra Combofix. Den kan evt. fortelle litt mer: Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
Peppep Skrevet 30. mars 2008 Del Skrevet 30. mars 2008 (endret) Hei. For at ekspertene på området skal kunne hjelpe deg best mulig bør du gå gjennom "langversjonen" i denne tråden: https://www.diskusjon.no/index.php?showtopic=691246. (Jeg skjønner egentlig ikke hvorfor det står at det tar 1-1,5 time, jeg brukte i alle fall mye kortere tid på det.) Post deretter de tre loggene her i denne tråden, helst som vedlegg eller ved å bruke [ skjul ] <loggen> [ /skjul ] (uten de ekstra mellomrommene) for å holde det oversiktlig. Deretter vil trolig norbat eller SNIPPSAT komme og finne ut hva du evt må fjerne. Lykke til. Edit: Jeg ser at norbat kom meg i forkjøpet. Hør på ham fremfor meg. ;-) Endret 30. mars 2008 av Peppep Lenke til kommentar
Hayer Skrevet 30. mars 2008 Forfatter Del Skrevet 30. mars 2008 Sånn da var loggene postet (se post #1) Lenke til kommentar
norbat Skrevet 30. mars 2008 Del Skrevet 30. mars 2008 (endret) Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Driver:: riode32 Registry:: [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ljf85.sys] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00 Post loggen Edit: Du bør også bestemme deg om du skal bruke AVG eller Norton. 2 antivirusprog. er ingen god løsning. Endret 30. mars 2008 av norbat Lenke til kommentar
Hayer Skrevet 30. mars 2008 Forfatter Del Skrevet 30. mars 2008 Da var det gjort.. Her er den nye loggen Klikk for å se/fjerne innholdet nedenfor ComboFix 08-03-30.1 - Ped 2008-03-30 23:40:11.2 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.2791 [GMT 2:00] Running from: C:\Documents and Settings\Ped\Skrivebord\Anti Virus\ComboFix.exe Command switches used :: C:\Documents and Settings\Ped\Skrivebord\Anti Virus\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_RIODE32 -------\Service_riode32 ((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-30 ))))))))))))))))))))))))))))))) . 2008-03-30 23:30 . 2008-03-30 23:35 <DIR> dr-h----- C:\Documents and Settings\Ped\Siste 2008-03-30 23:12 . 2008-03-30 23:13 <DIR> d-------- C:\Programfiler\OpenOffice.org 2.4 2008-03-30 23:09 . 2008-03-30 23:09 <DIR> d-------- C:\Programfiler\Alex Feinman 2008-03-30 22:50 . 2008-03-30 22:50 <DIR> d-------- C:\Programfiler\Alwil Software 2008-03-30 22:50 . 2008-03-29 19:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-03-30 22:50 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-03-30 22:50 . 2008-03-29 19:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-03-30 22:50 . 2008-03-29 19:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-03-30 22:50 . 2008-01-17 17:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-03-30 22:50 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys 2008-03-30 22:50 . 2008-03-29 19:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-03-30 22:50 . 2008-03-29 19:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-03-30 22:50 . 2008-03-29 19:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-03-30 22:50 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys 2008-03-29 22:41 . 2008-03-30 21:57 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-03-29 22:41 . 2008-03-29 22:41 <DIR> d-------- C:\Documents and Settings\Ped\Programdata\SUPERAntiSpyware.com 2008-03-29 22:41 . 2008-03-29 22:41 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-03-29 22:39 . 2008-03-11 04:23 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-03-28 23:09 . 2008-03-29 13:13 <DIR> d-------- C:\Documents and Settings\Ped\Programdata\NoNameScript 2008-03-28 04:36 . 2008-03-28 04:36 <DIR> d-------- C:\phett 2008-03-28 04:35 . 2008-03-28 04:35 <DIR> d-------- C:\template 2008-03-25 11:00 . 2008-03-25 11:00 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-03-25 10:43 . 2008-03-25 10:43 <DIR> d-------- C:\Programfiler\Google 2008-03-25 10:43 . 2007-12-03 03:10 644,400 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX 2008-03-25 06:33 . 2008-03-25 06:33 21,666 --a------ C:\banner_phett.gif 2008-03-24 09:49 . 2008-03-24 09:49 <DIR> d-------- C:\Programfiler\Fellesfiler\Blizzard Entertainment 2008-03-24 05:38 . 2008-03-24 05:38 <DIR> d--h----- C:\WINDOWS\PIF 2008-03-23 09:21 . 2008-03-23 09:21 268 --ah----- C:\sqmdata03.sqm 2008-03-23 09:21 . 2008-03-23 09:21 244 --ah----- C:\sqmnoopt03.sqm 2008-03-23 09:15 . 2008-03-23 09:15 <DIR> d--hs---- C:\found.000 2008-03-15 01:02 . 2008-03-15 01:02 <DIR> d-------- C:\Documents and Settings\LocalService\Programdata\AVG7 2008-03-15 00:05 . 2006-05-06 05:10 6,947 --a------ C:\WINDOWS\hpomdl11.dat 2008-03-14 23:49 . 2008-03-14 23:49 <DIR> d-------- C:\Documents and Settings\Ped\Programdata\Grisoft 2008-03-14 23:49 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-03-14 23:49 . 2007-01-18 14:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2008-03-14 23:33 . 2008-03-14 23:33 <DIR> d-------- C:\fsaua.data 2008-03-14 23:24 . 2008-03-15 00:21 110,367 --a------ C:\WINDOWS\hpoins11.dat 2008-03-14 23:08 . 2008-03-14 23:24 110,061 --------- C:\WINDOWS\hpoins11.dat.temp 2008-03-14 23:08 . 2006-05-06 05:10 6,947 --------- C:\WINDOWS\hpomdl11.dat.temp 2008-03-14 22:47 . 2008-03-14 22:47 114,928 --a------ C:\oversould.psd 2008-03-14 22:45 . 2008-03-14 22:46 <DIR> d-------- C:\Programfiler\HP 2008-03-14 21:43 . 2008-03-14 21:44 <DIR> d-------- C:\mybot 2008-03-14 11:41 . 2008-03-14 23:33 <DIR> d-------- C:\Windrop 2008-03-14 07:52 . 2008-03-14 07:57 20,142 --a------ C:\1337.GIF 2008-03-14 07:49 . 2008-03-25 05:29 <DIR> d-------- C:\Programfiler\FileZilla FTP Client 2008-03-14 07:49 . 2008-03-29 13:13 <DIR> d-------- C:\Documents and Settings\Ped\Programdata\FileZilla 2008-03-14 07:38 . 2008-03-14 07:38 28,717 --a------ C:\1337.jpg 2008-03-13 07:13 . 2008-03-30 23:16 <DIR> d-------- C:\Documents and Settings\Ped\Programdata\AVG7 2008-03-13 07:12 . 2008-03-14 23:49 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Grisoft 2008-03-13 07:12 . 2008-03-15 01:03 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg7 2008-03-13 05:51 . 2008-02-03 07:03 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny 2008-03-13 05:51 . 2008-02-03 07:03 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere 2008-03-13 05:51 . 2008-03-15 01:02 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord 2008-03-13 05:51 . 2008-02-03 07:03 <DIR> d--h----- C:\Documents and Settings\Administrator\Siste 2008-03-13 05:51 . 2008-02-03 07:03 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata 2008-03-13 05:51 . 2008-02-03 07:03 <DIR> d-------- C:\Documents and Settings\Administrator\Mine dokumenter 2008-03-13 05:51 . 2008-02-03 07:06 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler 2008-03-13 05:51 . 2008-03-30 22:01 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger 2008-03-13 05:51 . 2008-02-03 07:03 <DIR> d-------- C:\Documents and Settings\Administrator\Favoritter 2008-03-13 05:51 . 2008-02-03 07:03 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask 2008-03-13 04:57 . 2007-08-13 19:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll 2008-03-11 08:26 . 2008-03-11 08:43 <DIR> d-------- C:\xampp 2008-03-11 04:23 . 2008-03-30 23:35 <DIR> d-------- C:\Documents and Settings\Ped\.housecall6.6 2008-03-11 04:22 . 2008-03-11 04:22 <DIR> d-------- C:\WINDOWS\Sun 2008-03-09 01:42 . 2004-08-03 23:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys 2008-03-09 01:42 . 2004-08-03 23:31 20,992 --a--c--- C:\WINDOWS\system32\dllcache\rtl8139.sys 2008-03-08 02:42 . 2008-03-08 02:48 <DIR> d-------- C:\World of Warcraft 2008-03-06 05:56 . 2008-03-29 22:12 <DIR> d-------- C:\Mp'3s 2008-03-06 05:39 . 2008-03-08 07:59 <DIR> d-------- C:\Documents and Settings\Ped\Programdata\LimeWire 2008-03-06 05:38 . 2008-03-06 05:38 <DIR> d-------- C:\Programfiler\Java 2008-03-06 05:38 . 2007-12-14 02:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-03-06 05:36 . 2008-03-06 05:38 <DIR> d-------- C:\Programfiler\LimeWire 2008-03-06 05:36 . 2008-03-06 05:36 <DIR> d-------- C:\Programfiler\Fellesfiler\Java 2008-03-06 04:45 . 2008-03-06 10:36 <DIR> d-------- C:\Video 2008-03-06 04:25 . 2008-03-06 04:25 <DIR> d-------- C:\Programfiler\VideoMach-4.0.4 2008-03-05 10:47 . 2008-03-05 10:47 <DIR> d-------- C:\Programfiler\Bonjour 2008-03-04 07:36 . 2008-03-04 09:12 <DIR> d-------- C:\Programfiler\MagicISO 2008-03-04 07:07 . 2008-03-04 07:08 <DIR> d-------- C:\Programfiler\Winamp 2008-03-04 07:07 . 2008-03-04 07:55 <DIR> d-------- C:\Documents and Settings\Ped\Programdata\Winamp 2008-03-04 03:34 . 2008-03-04 07:54 <DIR> d-------- C:\Programfiler\BitLord 2008-03-04 02:26 . 2008-03-06 22:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys 2008-03-04 02:26 . 2008-03-06 22:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat 2008-03-04 02:26 . 2008-03-06 22:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf 2008-03-03 04:22 . 2008-03-25 11:00 1,298 --a------ C:\WINDOWS\mozver.dat 2008-03-02 05:34 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2008-03-02 04:00 . 2006-08-21 11:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys 2008-03-02 04:00 . 2006-08-21 11:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe 2008-03-02 04:00 . 2006-08-21 14:28 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll 2008-03-02 01:20 . 2006-12-19 20:18 333,824 -----c--- C:\WINDOWS\system32\dllcache\wiaservc.dll 2008-03-02 01:19 . 2007-10-25 18:57 8,460,800 -----c--- C:\WINDOWS\system32\dllcache\shell32.dll 2008-03-02 01:19 . 2006-08-16 11:37 225,664 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-03-02 01:19 . 2006-12-19 23:51 134,656 -----c--- C:\WINDOWS\system32\dllcache\shsvcs.dll 2008-03-02 01:19 . 2006-08-16 14:00 100,352 -----c--- C:\WINDOWS\system32\dllcache\6to4svc.dll 2008-03-02 01:18 . 2006-06-22 07:17 1,436,672 -----c--- C:\WINDOWS\system32\dllcache\query.dll 2008-03-02 01:18 . 2007-06-13 15:24 1,033,216 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe 2008-03-02 01:18 . 2007-11-07 11:30 721,920 -----c--- C:\WINDOWS\system32\dllcache\lsasrv.dll 2008-03-02 01:18 . 2006-08-17 14:30 332,288 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll 2008-03-02 01:18 . 2006-10-13 14:41 141,824 -----c--- C:\WINDOWS\system32\dllcache\nwprovau.dll 2008-03-02 01:18 . 2006-08-17 14:30 132,096 -----c--- C:\WINDOWS\system32\dllcache\wkssvc.dll 2008-03-02 01:18 . 2006-06-22 07:17 69,120 -----c--- C:\WINDOWS\system32\dllcache\ciodm.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-30 21:32 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec 2008-03-29 20:41 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-03-29 20:15 --------- d-----w C:\Documents and Settings\Ped\Programdata\mIRC 2008-03-29 20:14 --------- d-----w C:\Programfiler\mIRC 2008-03-29 04:19 --------- d-----w C:\Programfiler\Steam 2008-03-25 08:43 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-03-23 07:22 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-03-13 09:27 --------- d-----w C:\Programfiler\PeerGuardian2 2008-03-13 05:12 --------- d-----w C:\Programfiler\DAEMON Tools Lite 2008-03-13 03:56 --------- d-----w C:\Programfiler\CCleaner 2008-03-13 02:43 --------- d-----w C:\Documents and Settings\Ped\Programdata\uTorrent 2008-03-08 05:39 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-03-08 00:59 --------- d-----w C:\Documents and Settings\Ped\Programdata\Ventrilo 2008-03-07 08:42 --------- d-----w C:\Documents and Settings\All Users\Programdata\FLEXnet 2008-03-05 19:14 --------- d-----w C:\Programfiler\Norton 360 2008-03-04 07:14 --------- d-----w C:\Documents and Settings\Ped\Programdata\Azureus 2008-02-03 05:20 --------- d-----w C:\Programfiler\SMC 2008-02-03 05:08 558,142 ----a-w C:\WINDOWS\java\Packages\6prtn7bl.zip 2008-02-03 05:08 155,995 ----a-w C:\WINDOWS\java\Packages\9npv3brb.zip 2008-02-03 05:08 --------- d-----w C:\Programfiler\microsoft frontpage 2008-02-03 05:07 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester 2008-02-03 05:06 --------- d-----w C:\Programfiler\Elektroniske tjenester . ((((((((((((((((((((((((((((( snapshot@2008-03-30_22.00.51.06 ))))))))))))))))))))))))))))))))))))))))) . - 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE + 2000-08-31 06:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE - 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE + 2000-08-31 06:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE + 2008-03-30 21:13:29 2,363,392 ----a-r C:\WINDOWS\Installer\{F87A8E11-02A4-4875-A3A5-5961081B0E4E}\soffice.exe - 2000-08-31 07:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe + 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe + 2008-03-29 17:26:52 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys - 2000-08-31 07:00:00 73,728 ----a-w C:\WINDOWS\system32\fdsv.exe + 2000-08-31 06:00:00 73,728 ----a-w C:\WINDOWS\system32\fdsv.exe - 2008-03-12 04:56:55 1,403,304 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-03-30 21:44:56 1,420,456 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT - 2000-08-31 07:00:00 80,412 ----a-w C:\WINDOWS\system32\grep.exe + 2000-08-31 06:00:00 80,412 ----a-w C:\WINDOWS\system32\grep.exe - 2008-03-03 02:17:02 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-03-30 21:07:19 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-03-03 02:17:02 46,134 ----a-w C:\WINDOWS\system32\perfc014.dat + 2008-03-30 21:07:19 46,134 ----a-w C:\WINDOWS\system32\perfc014.dat - 2008-03-03 02:17:02 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-03-30 21:07:19 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-03-03 02:17:02 318,652 ----a-w C:\WINDOWS\system32\perfh014.dat + 2008-03-30 21:07:19 318,652 ----a-w C:\WINDOWS\system32\perfh014.dat - 2000-08-31 07:00:00 98,816 ----a-w C:\WINDOWS\system32\sed.exe + 2000-08-31 06:00:00 98,816 ----a-w C:\WINDOWS\system32\sed.exe - 2000-08-31 07:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe + 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe - 2000-08-31 07:00:00 136,704 ----a-w C:\WINDOWS\system32\swsc.exe + 2000-08-31 06:00:00 136,704 ----a-w C:\WINDOWS\system32\swsc.exe - 2000-08-31 07:00:00 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe + 2000-08-31 06:00:00 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe - 2000-08-31 07:00:00 49,152 ----a-w C:\WINDOWS\system32\VFind.exe + 2000-08-31 06:00:00 49,152 ----a-w C:\WINDOWS\system32\VFind.exe - 2000-08-31 07:00:00 68,096 ----a-w C:\WINDOWS\system32\zip.exe + 2000-08-31 06:00:00 68,096 ----a-w C:\WINDOWS\system32\zip.exe + 2008-03-30 21:45:06 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7a4.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03 15360] "ccleaner"="C:\Programfiler\CCleaner\CCleaner.exe" [2008-02-20 16:15 816368] "msnmsgr"="C:\Programfiler\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 17:03 1481968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nTrayFw"="C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 11:40 270336] "D-Link AirPlus G"="C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 16:04 1544192] "ANIWZCS2Service"="C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 19:19 49152] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-07-18 03:54 116072] "Symantec PIF AlertEng"="C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048] "!AVG Anti-Spyware"="C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-15 01:02 579072] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 02:03 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-15 01:02 219136] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa] antiwpa.dll 2007-01-02 09:24 60416 C:\WINDOWS\system32\antiwpa.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "C:\\Programfiler\\Steam\\steamapps\\netroon\\counter-strike\\hl.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "C:\\Programfiler\\mIRC\\mirc.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avginet.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Programfiler\\Grisoft\\AVG7\\avgemc.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35] S2 Powert;Powertweak NT helper;C:\PROGRA~1\POWERT~1\powert2k.sys [] S3 2802W;SMC2802W 2.4GHz 54 Mbps Wireless PCI Driver;C:\WINDOWS\system32\DRIVERS\2802W.sys [2004-04-29 15:19] *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-02-03 05:34:31 C:\WINDOWS\Tasks\$~$Sys0$.job" - C:\WINDOWS\System32\rundll32.exe7 . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-30 23:45:54 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Fellesfiler\Symantec Shared\ccSvcHst.exe C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe C:\Programfiler\Alwil Software\Avast4\ashServ.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\imapi.exe . ************************************************************************** . Completion time: 2008-03-30 23:49:41 - machine was rebooted [Ped] ComboFix-quarantined-files.txt 2008-03-30 21:49:37 ComboFix2.txt 2008-03-30 20:01:03 Pre-Run: 413,999,300,608 byte ledig Post-Run: 414,077,878,272 byte ledig . 2008-03-14 21:40:07 --- E O F --- Sikkert mye dritt der ... Lenke til kommentar
norbat Skrevet 30. mars 2008 Del Skrevet 30. mars 2008 Neida, dette ser riktig så fint ut Men, å kjøre flere antivirusprogram på samme pc er ikke nødvendig, og de kan komme i konflikt med hverandre. Bestem deg derfor for hvilket antivirusprogram du ønsker å bruke: Norton, AVG eller Avast. Avinstaller de to andre! Etter at du har avinstallert to av dem, kan du godt poste en ny combofix-logg, så ser vi om det ligger igjen noen filer fra de 2 av-programmene du fjernet. Lenke til kommentar
Hayer Skrevet 30. mars 2008 Forfatter Del Skrevet 30. mars 2008 (endret) Går for Norton 360 jeg, det har fikset alle problemene jeg har hatt før Endret 30. mars 2008 av Hayer Lenke til kommentar
norbat Skrevet 30. mars 2008 Del Skrevet 30. mars 2008 Ok, både avg og avast skulle være grei sak å avinstallere fra legg til/fjern programmer, så strengt tatt behøves ingen flere logger. Hvordan kjører PC-en? Lenke til kommentar
Hayer Skrevet 30. mars 2008 Forfatter Del Skrevet 30. mars 2008 PCen går som normalt, men får noen feil melding på oppstart som lukker seg med engang, men det gjør ikke så mye så lenge PCen fungerer. Siste logg Klikk for å se/fjerne innholdet nedenfor ComboFix 08-03-30.1 - Ped 2008-03-31 0:39:26.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.3134 [GMT 2:00] Running from: C:\Documents and Settings\Ped\Skrivebord\Anti Virus\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-30 ))))))))))))))))))))))))))))))) . 2008-03-31 00:38 . 2008-03-31 00:38 <DIR> dr-h----- C:\Documents and Settings\Ped\Siste 2008-03-30 23:12 . 2008-03-30 23:13 <DIR> d-------- C:\Programfiler\OpenOffice.org 2.4 2008-03-30 23:09 . 2008-03-30 23:09 <DIR> d-------- C:\Programfiler\Alex Feinman 2008-03-30 22:50 . 2008-03-30 22:50 <DIR> d-------- C:\Programfiler\Alwil Software 2008-03-29 22:41 . 2008-03-31 00:35 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-03-29 22:41 . 2008-03-31 00:35 <DIR> d-------- C:\Documents and Settings\Ped\Programdata\SUPERAntiSpyware.com 2008-03-29 22:41 . 2008-03-29 22:41 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-03-29 22:39 . 2008-03-11 04:23 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-03-28 23:09 . 2008-03-29 13:13 <DIR> d-------- C:\Documents and Settings\Ped\Programdata\NoNameScript 2008-03-28 04:36 . 2008-03-28 04:36 <DIR> d-------- C:\phett 2008-03-28 04:35 . 2008-03-28 04:35 <DIR> d-------- C:\template 2008-03-25 11:00 . 2008-03-25 11:00 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-03-25 10:43 . 2008-03-25 10:43 <DIR> d-------- C:\Programfiler\Google 2008-03-25 10:43 . 2007-12-03 03:10 644,400 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX 2008-03-25 06:33 . 2008-03-25 06:33 21,666 --a------ C:\banner_phett.gif 2008-03-24 09:49 . 2008-03-24 09:49 <DIR> d-------- C:\Programfiler\Fellesfiler\Blizzard Entertainment 2008-03-24 05:38 . 2008-03-24 05:38 <DIR> d--h----- C:\WINDOWS\PIF 2008-03-23 09:21 . 2008-03-23 09:21 268 --ah----- C:\sqmdata03.sqm 2008-03-23 09:21 . 2008-03-23 09:21 244 --ah----- C:\sqmnoopt03.sqm 2008-03-23 09:15 . 2008-03-23 09:15 <DIR> d--hs---- C:\found.000 2008-03-15 00:05 . 2006-05-06 05:10 6,947 --a------ C:\WINDOWS\hpomdl11.dat 2008-03-14 23:33 . 2008-03-14 23:33 <DIR> d-------- C:\fsaua.data 2008-03-14 23:24 . 2008-03-15 00:21 110,367 --a------ C:\WINDOWS\hpoins11.dat 2008-03-14 23:08 . 2008-03-14 23:24 110,061 --------- C:\WINDOWS\hpoins11.dat.temp 2008-03-14 23:08 . 2006-05-06 05:10 6,947 --------- C:\WINDOWS\hpomdl11.dat.temp 2008-03-14 22:47 . 2008-03-14 22:47 114,928 --a------ C:\oversould.psd 2008-03-14 22:45 . 2008-03-14 22:46 <DIR> d-------- C:\Programfiler\HP 2008-03-14 21:43 . 2008-03-14 21:44 <DIR> d-------- C:\mybot 2008-03-14 11:41 . 2008-03-14 23:33 <DIR> d-------- C:\Windrop 2008-03-14 07:52 . 2008-03-14 07:57 20,142 --a------ C:\1337.GIF 2008-03-14 07:49 . 2008-03-25 05:29 <DIR> d-------- C:\Programfiler\FileZilla FTP Client 2008-03-14 07:49 . 2008-03-29 13:13 <DIR> d-------- C:\Documents and Settings\Ped\Programdata\FileZilla 2008-03-14 07:38 . 2008-03-14 07:38 28,717 --a------ C:\1337.jpg 2008-03-13 07:12 . 2008-03-31 00:19 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Grisoft 2008-03-13 05:51 . 2008-02-03 07:03 <DIR> dr------- C:\Documents and Settings\Administrator\Start-meny 2008-03-13 05:51 . 2008-02-03 07:03 <DIR> d--h----- C:\Documents and Settings\Administrator\Skrivere 2008-03-13 05:51 . 2008-03-31 00:19 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord 2008-03-13 05:51 . 2008-02-03 07:03 <DIR> d--h----- C:\Documents and Settings\Administrator\Siste 2008-03-13 05:51 . 2008-02-03 07:03 <DIR> dr-h----- C:\Documents and Settings\Administrator\Programdata 2008-03-13 05:51 . 2008-02-03 07:03 <DIR> d-------- C:\Documents and Settings\Administrator\Mine dokumenter 2008-03-13 05:51 . 2008-02-03 07:06 <DIR> d--h----- C:\Documents and Settings\Administrator\Maler 2008-03-13 05:51 . 2008-03-30 23:49 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale innstillinger 2008-03-13 05:51 . 2008-02-03 07:03 <DIR> d-------- C:\Documents and Settings\Administrator\Favoritter 2008-03-13 05:51 . 2008-02-03 07:03 <DIR> d--h----- C:\Documents and Settings\Administrator\AndrMask 2008-03-13 04:57 . 2007-08-13 19:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll 2008-03-11 08:26 . 2008-03-11 08:43 <DIR> d-------- C:\xampp 2008-03-11 04:23 . 2008-03-30 23:35 <DIR> d-------- C:\Documents and Settings\Ped\.housecall6.6 2008-03-11 04:22 . 2008-03-11 04:22 <DIR> d-------- C:\WINDOWS\Sun 2008-03-09 01:42 . 2004-08-03 23:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys 2008-03-09 01:42 . 2004-08-03 23:31 20,992 --a--c--- C:\WINDOWS\system32\dllcache\rtl8139.sys 2008-03-08 02:42 . 2008-03-08 02:48 <DIR> d-------- C:\World of Warcraft 2008-03-06 05:56 . 2008-03-29 22:12 <DIR> d-------- C:\Mp'3s 2008-03-06 05:39 . 2008-03-08 07:59 <DIR> d-------- C:\Documents and Settings\Ped\Programdata\LimeWire 2008-03-06 05:38 . 2008-03-06 05:38 <DIR> d-------- C:\Programfiler\Java 2008-03-06 05:38 . 2007-12-14 02:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-03-06 05:36 . 2008-03-06 05:38 <DIR> d-------- C:\Programfiler\LimeWire 2008-03-06 05:36 . 2008-03-06 05:36 <DIR> d-------- C:\Programfiler\Fellesfiler\Java 2008-03-06 04:45 . 2008-03-06 10:36 <DIR> d-------- C:\Video 2008-03-06 04:25 . 2008-03-06 04:25 <DIR> d-------- C:\Programfiler\VideoMach-4.0.4 2008-03-05 10:47 . 2008-03-05 10:47 <DIR> d-------- C:\Programfiler\Bonjour 2008-03-04 07:36 . 2008-03-31 00:34 <DIR> d-------- C:\Programfiler\MagicISO 2008-03-04 07:07 . 2008-03-04 07:08 <DIR> d-------- C:\Programfiler\Winamp 2008-03-04 07:07 . 2008-03-04 07:55 <DIR> d-------- C:\Documents and Settings\Ped\Programdata\Winamp 2008-03-04 03:34 . 2008-03-04 07:54 <DIR> d-------- C:\Programfiler\BitLord 2008-03-04 02:26 . 2008-03-06 22:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys 2008-03-04 02:26 . 2008-03-06 22:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat 2008-03-04 02:26 . 2008-03-06 22:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf 2008-03-03 04:22 . 2008-03-25 11:00 1,298 --a------ C:\WINDOWS\mozver.dat 2008-03-02 05:34 . 2007-07-09 15:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2008-03-02 04:00 . 2006-08-21 11:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys 2008-03-02 04:00 . 2006-08-21 11:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe 2008-03-02 04:00 . 2006-08-21 14:28 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll 2008-03-02 01:20 . 2006-12-19 20:18 333,824 -----c--- C:\WINDOWS\system32\dllcache\wiaservc.dll 2008-03-02 01:19 . 2007-10-25 18:57 8,460,800 -----c--- C:\WINDOWS\system32\dllcache\shell32.dll 2008-03-02 01:19 . 2006-08-16 11:37 225,664 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-03-02 01:19 . 2006-12-19 23:51 134,656 -----c--- C:\WINDOWS\system32\dllcache\shsvcs.dll 2008-03-02 01:19 . 2006-08-16 14:00 100,352 -----c--- C:\WINDOWS\system32\dllcache\6to4svc.dll 2008-03-02 01:18 . 2006-06-22 07:17 1,436,672 -----c--- C:\WINDOWS\system32\dllcache\query.dll 2008-03-02 01:18 . 2007-06-13 15:24 1,033,216 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe 2008-03-02 01:18 . 2007-11-07 11:30 721,920 -----c--- C:\WINDOWS\system32\dllcache\lsasrv.dll 2008-03-02 01:18 . 2006-08-17 14:30 332,288 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll 2008-03-02 01:18 . 2006-10-13 14:41 141,824 -----c--- C:\WINDOWS\system32\dllcache\nwprovau.dll 2008-03-02 01:18 . 2006-08-17 14:30 132,096 -----c--- C:\WINDOWS\system32\dllcache\wkssvc.dll 2008-03-02 01:18 . 2006-06-22 07:17 69,120 -----c--- C:\WINDOWS\system32\dllcache\ciodm.dll 2008-03-02 01:17 . 2007-05-16 17:19 1,314,816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll 2008-03-02 01:17 . 2007-08-21 08:18 683,520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-03-02 01:17 . 2007-05-16 17:19 510,976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll 2008-03-02 01:17 . 2007-05-16 17:19 86,528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll 2008-03-02 01:17 . 2007-05-16 17:19 85,504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll 2008-03-02 01:15 . 2006-11-27 16:55 539,136 -----c--- C:\WINDOWS\system32\dllcache\msftedit.dll 2008-03-02 01:15 . 2007-08-13 19:38 491,520 --a--c--- C:\WINDOWS\system32\dllcache\jscript.dll 2008-03-02 01:15 . 2006-11-27 16:55 433,152 -----c--- C:\WINDOWS\system32\dllcache\riched20.dll 2008-03-02 01:13 . 2007-02-09 13:10 574,464 -----c--- C:\WINDOWS\system32\dllcache\ntfs.sys 2008-03-02 01:13 . 2006-05-05 11:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys 2008-03-02 01:13 . 2006-05-05 11:47 174,592 -----c--- C:\WINDOWS\system32\dllcache\rdbss.sys 2008-03-02 01:13 . 2007-04-25 16:23 144,896 -----c--- C:\WINDOWS\system32\dllcache\schannel.dll 2008-03-02 01:12 . 2007-04-02 07:59 546,304 -----c--- C:\WINDOWS\system32\dllcache\hhctrl.ocx 2008-03-01 22:38 . 2008-03-01 22:38 268 --ah----- C:\sqmdata02.sqm 2008-03-01 22:38 . 2008-03-01 22:38 244 --ah----- C:\sqmnoopt02.sqm 2008-03-01 22:24 . 2008-03-14 01:55 <DIR> d--h----- C:\WINDOWS\$hf_mig$ . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-30 22:35 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-03-30 22:01 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec 2008-03-29 20:15 --------- d-----w C:\Documents and Settings\Ped\Programdata\mIRC 2008-03-29 20:14 --------- d-----w C:\Programfiler\mIRC 2008-03-29 04:19 --------- d-----w C:\Programfiler\Steam 2008-03-25 08:43 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-03-23 07:22 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-03-13 09:27 --------- d-----w C:\Programfiler\PeerGuardian2 2008-03-13 03:56 --------- d-----w C:\Programfiler\CCleaner 2008-03-13 02:43 --------- d-----w C:\Documents and Settings\Ped\Programdata\uTorrent 2008-03-08 05:39 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-03-08 00:59 --------- d-----w C:\Documents and Settings\Ped\Programdata\Ventrilo 2008-03-07 08:42 --------- d-----w C:\Documents and Settings\All Users\Programdata\FLEXnet 2008-03-05 19:14 --------- d-----w C:\Programfiler\Norton 360 2008-03-04 07:14 --------- d-----w C:\Documents and Settings\Ped\Programdata\Azureus 2008-02-03 05:20 --------- d-----w C:\Programfiler\SMC 2008-02-03 05:08 558,142 ----a-w C:\WINDOWS\java\Packages\6prtn7bl.zip 2008-02-03 05:08 155,995 ----a-w C:\WINDOWS\java\Packages\9npv3brb.zip 2008-02-03 05:08 --------- d-----w C:\Programfiler\microsoft frontpage 2008-02-03 05:07 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester 2008-02-03 05:06 --------- d-----w C:\Programfiler\Elektroniske tjenester 2007-12-07 02:17 824,832 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll . ((((((((((((((((((((((((((((( snapshot_2008-03-30_23.49.28.60 ))))))))))))))))))))))))))))))))))))))))) . - 2008-03-30 21:07:19 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-03-30 22:41:56 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-03-30 21:07:19 46,134 ----a-w C:\WINDOWS\system32\perfc014.dat + 2008-03-30 22:41:56 46,134 ----a-w C:\WINDOWS\system32\perfc014.dat - 2008-03-30 21:07:19 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-03-30 22:41:56 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-03-30 21:07:19 318,652 ----a-w C:\WINDOWS\system32\perfh014.dat + 2008-03-30 22:41:56 318,652 ----a-w C:\WINDOWS\system32\perfh014.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nTrayFw"="C:\Programfiler\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 11:40 270336] "D-Link AirPlus G"="C:\Programfiler\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 16:04 1544192] "ANIWZCS2Service"="C:\Programfiler\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 19:19 49152] "ccApp"="C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-07-18 03:54 116072] "Symantec PIF AlertEng"="C:\Programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 02:03 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa] antiwpa.dll 2007-01-02 09:24 60416 C:\WINDOWS\system32\antiwpa.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "C:\\Programfiler\\Steam\\steamapps\\netroon\\counter-strike\\hl.exe"= "C:\\Programfiler\\uTorrent\\uTorrent.exe"= "C:\\Programfiler\\mIRC\\mirc.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= S2 Powert;Powertweak NT helper;C:\PROGRA~1\POWERT~1\powert2k.sys [] S3 2802W;SMC2802W 2.4GHz 54 Mbps Wireless PCI Driver;C:\WINDOWS\system32\DRIVERS\2802W.sys [2004-04-29 15:19] *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-02-03 05:34:31 C:\WINDOWS\Tasks\$~$Sys0$.job" - C:\WINDOWS\System32\rundll32.exe7 . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-31 00:42:12 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Aavmker4] -- [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aswFsBlk] "ImagePath"="system32\DRIVERS\aswFsBlk.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aswMon2] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aswRdr] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aswSP] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aswUpdSv] "ImagePath"="\"C:\Programfiler\Alwil Software\Avast4\aswUpdSv.exe\"" -- [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\avast! Antivirus] "ImagePath"="\"C:\Programfiler\Alwil Software\Avast4\ashServ.exe\"" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\avast! Mail Scanner] "ImagePath"="\"C:\Programfiler\Alwil Software\Avast4\ashMaiSv.exe\" /service" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\avast! Web Scanner] "ImagePath"="\"C:\Programfiler\Alwil Software\Avast4\ashWebSv.exe\" /service" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVG Anti-Rootkit] "ImagePath"="System32\DRIVERS\avgarkt.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVG Anti-Spyware Driver] "ImagePath"="\??\C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVG Anti-Spyware Guard] "ImagePath"="C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avg7Alrt] "ImagePath"="C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avg7Core] "ImagePath"="\SystemRoot\System32\Drivers\avg7core.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avg7RsW] "ImagePath"="\SystemRoot\System32\Drivers\avg7rsw.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avg7RsXP] "ImagePath"="\SystemRoot\System32\Drivers\avg7rsxp.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avg7UpdSvc] "ImagePath"="C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AvgArCln] "ImagePath"="System32\DRIVERS\AvgArCln.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AvgAsCln] "ImagePath"="System32\DRIVERS\AvgAsCln.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AvgClean] "ImagePath"="\SystemRoot\System32\Drivers\avgclean.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGEMS] "ImagePath"="C:\PROGRA~1\Grisoft\AVG7\avgemc.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AvgTdi] "ImagePath"="\SystemRoot\System32\Drivers\avgtdi.sys" . Completion time: 2008-03-31 0:42:47 ComboFix-quarantined-files.txt 2008-03-30 22:42:38 ComboFix2.txt 2008-03-30 21:49:42 ComboFix3.txt 2008-03-30 20:01:03 Pre-Run: 414,180,356,096 byte ledig Post-Run: 414,165,835,776 byte ledig . 2008-03-14 21:40:07 --- E O F --- Lenke til kommentar
norbat Skrevet 30. mars 2008 Del Skrevet 30. mars 2008 Har du avinstallert AVG og Avast, og ser du hva disse feilmeldingene sier? Lenke til kommentar
Jarmo Skrevet 30. mars 2008 Del Skrevet 30. mars 2008 (endret) Hadde en maskin som sendte ut masse dritt, hadde blitt Zombie grunnet rootkits(backdoorloader et eller annet) Tok sin tid å finne og umulig å fjerne, måtte bare reformatere disken. Gadd ikke bruke hele dagen til å rense reg.osv. (manuelt). Endret 30. mars 2008 av Jarmo Lenke til kommentar
r2d290 Skrevet 30. mars 2008 Del Skrevet 30. mars 2008 Hadde en maskin som sendte ut masse dritt, hadde blitt Zombie grunnet rootkits(backdoorloader et eller annet) Tok sin tid å finne og umulig å fjerne, måtte bare reformatere disken. Gadd ikke bruke hele dagen til å rense reg.osv. (manuelt). unskyld for at jeg spør, men hva var hensikten med å skrive dette? Lenke til kommentar
Jarmo Skrevet 30. mars 2008 Del Skrevet 30. mars 2008 Hadde en maskin som sendte ut masse dritt, hadde blitt Zombie grunnet rootkits(backdoorloader et eller annet) Tok sin tid å finne og umulig å fjerne, måtte bare reformatere disken. Gadd ikke bruke hele dagen til å rense reg.osv. (manuelt). unskyld for at jeg spør, men hva var hensikten med å skrive dette? Det er mange muligheter som være årsaken til problemer for trådstarter. Lenke til kommentar
norbat Skrevet 30. mars 2008 Del Skrevet 30. mars 2008 I dette tilfellet inngikk det også et rootkit (C:\Windows\system32\drivers\riode32.sys) Lenke til kommentar
Hayer Skrevet 31. mars 2008 Forfatter Del Skrevet 31. mars 2008 åja, prøvde å slette den siden den kom opp på en online test, men fikk ikke tilgang å var redd for å slette den pga .sys endingen <.< Lenke til kommentar
norbat Skrevet 31. mars 2008 Del Skrevet 31. mars 2008 Du kan sjekke om følgende fil: C:\Windows\system32\drivers\riode32.sys fortsatt finnes på systemet ditt. Hvis, så sletter du den (du må antakelig vise skjulte filer og mapper, samt ha mulighet til å vise beskyttede operativsystemfiler) Ut over dette ser PC-en ren ut. Hvordan kjører PC-en? Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå