medlem-124997 Skrevet 30. mai 2008 Forfatter Rapporter Del Skrevet 30. mai 2008 ComboFix 08-05-29.1 - asåire 2008-05-30 21:23:59.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.1066 [GMT 2:00] Running from: C:\Users\asåire\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-30 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-30 19:27 2,621,440 --sha-w C:\Users\asåire\NTUSER.DAT 2008-05-30 19:27 2,621,440 --sha-w C:\Users\asåire\NTUSER.DAT 2008-05-30 19:11 --------- d-----w C:\Program Files\Norton Internet Security 2008-05-30 19:11 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-05-30 17:37 13,072 ----a-w C:\Users\asåire\AppData\Roaming\nvModes.dat 2008-05-13 21:50 --------- d-----w C:\ProgramData\Microsoft Help 2008-05-13 21:50 --------- d-----w C:\Program Files\Windows Mail 2008-04-21 12:09 --------- d-s---w C:\Users\asåire\AppData\Roaming\Microsoft 2008-04-14 17:14 --------- d-----w C:\Program Files\Java 2008-04-07 11:23 --------- d-----w C:\Users\asåire\AppData\Roaming\Adobe 2008-04-03 10:01 --------- d-----w C:\ProgramData\Symantec 2008-03-08 04:30 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-03-08 04:30 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-03-08 04:30 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-03-08 04:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-03-08 04:30 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2008-03-08 00:37 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-03-08 00:22 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll 2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll 2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll 2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe 2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe 2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll 2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll 2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll 2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll 2008-02-16 18:37 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-02-16 18:33 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-02-16 18:33 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-02-16 18:31 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-02-16 18:31 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-02-16 18:31 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-02-15 12:31 61,224 ----a-w C:\Users\asåire\GoToAssistDownloadHelper.exe 2008-02-15 12:31 61,224 ----a-w C:\Users\asåire\GoToAssistDownloadHelper.exe 2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe 2008-01-14 20:29 66,247,384 ----a-w C:\Users\asåire\mediamanager23_enu.exe 2008-01-14 20:29 66,247,384 ----a-w C:\Users\asåire\mediamanager23_enu.exe 2008-01-14 20:29 13,841,966 ----a-w C:\Users\asåire\vegaspro80_manual.exe 2008-01-14 20:29 13,841,966 ----a-w C:\Users\asåire\vegaspro80_manual.exe 2008-01-14 20:29 115,662,325 ----a-w C:\Users\asåire\SonyVegasPro80a-ce_enu.exe 2008-01-14 20:29 115,662,325 ----a-w C:\Users\asåire\SonyVegasPro80a-ce_enu.exe 2007-11-05 13:55 174 --sha-w C:\Program Files\desktop.ini 2007-11-09 21:25 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2007-11-09 21:25 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2007-11-09 21:25 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ------- Sigcheck ------- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 21:41 1232896] "????r"="" [] "?????????"="??????????????e" [] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-07 22:35 171448] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440] "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 00:06 2321600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-11-22 09:29 90191] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-11-22 09:29 7757824] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-11-22 09:29 81920] "RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 07:37 4186112 C:\Windows\RtHDVCpl.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 05:00 815104] "Acer Tour"="" [] "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344] "eRecoveryService"="" [] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 19:30 517768] "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 00:24 620152] "Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 17:40 1884160] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-20 14:17 115816] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2007-11-05 19:53:24 295606] Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 01:01:50 734872] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696] Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2006-12-13 01:59:46 528384] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{10F17EAB-EFAE-4A90-849F-2F61E345A737}"= UDP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite "{D10C1BEF-BA76-4B6A-A61B-2B4843146994}"= TCP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite "{5B33E76E-9A3D-4DDD-9978-33FC639978C8}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{B4FF5431-EEE8-4867-BE19-033F7F41220A}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{E8BD0A9E-75F4-46E9-83A7-C6E8D9B29170}"= UDP:3703:Adobe Version Cue CS3 Server "{B3924350-4E31-46B2-AAC6-43C14DE086E8}"= UDP:3704:Adobe Version Cue CS3 Server "{0E9BE563-54C1-4960-9536-334ADE75F07C}"= UDP:50900:Adobe Version Cue CS3 Server "{A2A3B232-3437-4A99-96DE-3E2218BB4957}"= UDP:50901:Adobe Version Cue CS3 Server "{4AFFC9A6-EEC9-4673-B6DE-61BF52DFF58D}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server "{37D018E7-A369-42DF-B25C-02F16B00ACC0}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server "{3F51E7F3-12B7-4DFC-ABAD-6C5697A29809}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{2CFBB938-2ACC-4E06-B01F-B50A427149CF}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{528F0473-6130-4BB6-8C72-8E32E06D7FD1}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{175D8319-2A83-4DC6-8396-D2E76D7B7858}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{8C6AA67E-97F4-4F84-9F2F-ADB9859A5D9B}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{FB007768-FE18-4B71-909A-F86E32066610}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{7F860DF2-5418-4F9C-BAEA-A6FA2D1062F2}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs "{D8B236A0-C983-410D-B978-BF65B92A1AE5}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080529.001\IDSvix86.sys [2008-02-13 18:18] R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-11-20 22:43] R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2006-11-13 01:13] R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 13:57] R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2006-12-01 11:34] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 11:39] R3 Cam5607;Acer OrbiCam;C:\Windows\system32\Drivers\BisonC07.sys [2005-11-29 09:20] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 14:39] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 09:30] S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSONY_MEDIAMGR2 [] S3 SMSCIRDA;SMSC Infrared Device Driver;C:\Windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 16:44] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a2692a2-8d10-11dc-b65d-001b38214d0c}] \shell\AutoRun\command - F:\SETUP.EXE \shell\configure\command - F:\SETUP.EXE \shell\install\command - F:\SETUP.EXE *Newly Created Service* - CATCHME *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-05-26 20:09:49 C:\Windows\Tasks\Norton Internet Security Online - Kjør fullstendig systemsøk - asåire.job" - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK: "2007-11-28 21:24:34 C:\Windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-30 21:27:30 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-05-30 21:28:50 ComboFix-quarantined-files.txt 2008-05-30 19:28:26 Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application. Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application. 178 --- E O F --- 2008-05-28 20:06:08 Ble dette rett? Lenke til kommentar
r2d290 Skrevet 30. mai 2008 Rapporter Del Skrevet 30. mai 2008 (endret) glem dette innlegget... Endret 30. mai 2008 av r2d290 Lenke til kommentar
medlem-124997 Skrevet 30. mai 2008 Forfatter Rapporter Del Skrevet 30. mai 2008 Jeg søkte med noe combigreier istad, men trodde jeg gjorde noe feil, så tenkte å ta det om igjen, men kanskje jeg gjorde rett likevel? :S Lenke til kommentar
r2d290 Skrevet 30. mai 2008 Rapporter Del Skrevet 30. mai 2008 (endret) edit: loggen er vist på plass nå (beklager at jeg ikke så det) Endret 30. mai 2008 av r2d290 Lenke til kommentar
medlem-124997 Skrevet 30. mai 2008 Forfatter Rapporter Del Skrevet 30. mai 2008 (endret) Vel, dere som klarer å tyde loggen, og ser mening i alle disse ordene... Hva slags diagnose får PC-en min? Det er mulig Norton tok det første gangen, for da restartet jeg PC-en og greier. Men det er vel typisk min flaks at det ligger der enda! Liker virkelig ikke dette. :S Endret 30. mai 2008 av medlem-124997 Lenke til kommentar
snippsat Skrevet 30. mai 2008 Rapporter Del Skrevet 30. mai 2008 (endret) Loggen der fin ut. Norton en ny tracking cookie. Norton vil alltid finne cookies. Dette er ikke farlig. --- Du kan rense opp litt med CCleaner. Dette fjerner cookies. Denne kan du godt kjøre en gang iblant. --- Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser og"svar ja til og reparere" --- Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. --- Surf trygt. Endret 30. mai 2008 av SNIPPSAT Lenke til kommentar
medlem-124997 Skrevet 30. mai 2008 Forfatter Rapporter Del Skrevet 30. mai 2008 (endret) Betyr dette at min PC er virusfri? og, ehe.. hvor er kjør vinduet? Endret 30. mai 2008 av medlem-124997 Lenke til kommentar
snippsat Skrevet 30. mai 2008 Rapporter Del Skrevet 30. mai 2008 Start->kjør eller søk for vista. Ja du er fri for virus-spyware. Lenke til kommentar
morgan_kane Skrevet 30. mai 2008 Rapporter Del Skrevet 30. mai 2008 Start->kjør eller søk for vista. eller windowsknappen+R for å få opp kjør;) Lenke til kommentar
medlem-124997 Skrevet 30. mai 2008 Forfatter Rapporter Del Skrevet 30. mai 2008 Start->kjør eller søk for vista. Ja du er fri for virus-spyware. Takk gud! Da stoler jeg på dere! Takk for all hjelp og tålmodighet! Lenke til kommentar
r2d290 Skrevet 30. mai 2008 Rapporter Del Skrevet 30. mai 2008 Og, når du har fått til å avinstallere combofix, er det fint om du redigerer emnetittelen din. Rediger førsteinlegget ditt med FULL redigering, og skriv: [LØST] foran emnetittelen din. Dette vil gjøre at det blir mer ryddig her på forumet Lenke til kommentar
medlem-124997 Skrevet 30. mai 2008 Forfatter Rapporter Del Skrevet 30. mai 2008 (endret) jeg skal skrive det. Men når jeg skriver combofix /u så er det ingenting som forsvinner! :S ikonet ligger fortsatt på skrivebordet. (jeg la det i papirkurven nå) Men jeg trenger kanskje ikke slette programmet? Eller? Endret 30. mai 2008 av medlem-124997 Lenke til kommentar
snippsat Skrevet 30. mai 2008 Rapporter Del Skrevet 30. mai 2008 (endret) Det skjer noe men det ser ikke du Ikonet på skrivebordet sletter du. Endret 30. mai 2008 av SNIPPSAT Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå