nilsso Skrevet 20. august 2008 Del Skrevet 20. august 2008 Etter litt research på nettet fant bla. denne siden: http://no.pcthreat.com/parasitebyid-9no.html + søking med flere virusprogrammer, fant jeg ut at jeg hadde fått virtumonde. Problemet er bare at ingen av de programmene jeg har prøvd har klart å fjerne virtumonde permanent. Her er en liste over dem: Spybot Spyware doctor Lavasoft's Ad-aware Vundofix Nod-32 Derfor spørr jeg her om det er noen som vet om et program som fjerne virtumonde permanent? Takk for svar. Lenke til kommentar
PerB Skrevet 20. august 2008 Del Skrevet 20. august 2008 Les innleggene i Sikkerhet/Antivirusprogrammer. Her vil du få gode råd i fjerning av det meste av virus/trojanere/malware... Lenke til kommentar
nilsso Skrevet 20. august 2008 Forfatter Del Skrevet 20. august 2008 Les denne det har jeg gjort. du må betale for det, vil helst fikse noe gratis. Lenke til kommentar
snippsat Skrevet 20. august 2008 Del Skrevet 20. august 2008 Ja vi gjør det gratis den liken er bare tull. Gjør dette så order vi opp. Last Combofix ned ,legg på skrivebordet. Ikke klikk på vindu mens programet kjører. post logg C:\combofix.txt Lenke til kommentar
nilsso Skrevet 20. august 2008 Forfatter Del Skrevet 20. august 2008 (endret) Combofix logg: ComboFix 08-08-19.02 - sysop 2008-08-20 16:01:47.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1217 [GMT 2:00] Running from: C:\Documents and Settings\sysop\Skrivebord\ComboFix.exe * Created a new restore point * Resident AV is active [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BMdf41959a.txt C:\WINDOWS\BMdf41959a.xml C:\WINDOWS\cookies.ini C:\WINDOWS\system32\__c004FB69.dat C:\WINDOWS\system32\__c0085964.dat C:\WINDOWS\system32\__c009E0EA.dat C:\WINDOWS\system32\__c00A33C4.dat C:\WINDOWS\system32\__c00DB7CA.dat C:\WINDOWS\system32\__c00DFF3F.dat C:\WINDOWS\system32\~.exe C:\WINDOWS\system32\eLRBJRqr.ini C:\WINDOWS\system32\eLRBJRqr.ini2 C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\tmp0_498659160770.bk C:\WINDOWS\system32\vpmqlwav.ini C:\xcrashdump.dat . ((((((((((((((((((((((((( Files Created from 2008-07-20 to 2008-08-20 ))))))))))))))))))))))))))))))) . 2008-08-20 14:43 . 2008-08-20 14:43 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-08-20 14:43 . 2008-08-20 14:43 <DIR> d-------- C:\Documents and Settings\sysop\Programdata\SUPERAntiSpyware.com 2008-08-20 14:43 . 2008-08-20 14:43 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-08-19 12:13 . 2008-08-19 12:13 <DIR> d-------- C:\Programfiler\Enigma Software Group 2008-08-16 19:25 . 2008-08-16 19:25 <DIR> d-------- C:\Documents and Settings\sysop\Programdata\PC Suite 2008-08-16 19:25 . 2008-08-16 19:37 <DIR> d-------- C:\Documents and Settings\sysop\Programdata\Nokia 2008-08-16 19:25 . 2008-08-16 19:25 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\PC Suite 2008-08-16 19:24 . 2008-08-16 19:24 <DIR> d-------- C:\Programfiler\Fellesfiler\PCSuite 2008-08-16 19:24 . 2008-08-16 19:24 <DIR> d-------- C:\Programfiler\Fellesfiler\Nokia 2008-08-16 19:15 . 2008-08-16 19:15 <DIR> d-------- C:\Programfiler\PC Connectivity Solution 2008-08-16 19:15 . 2008-08-16 19:24 <DIR> d-------- C:\Programfiler\Nokia 2008-08-16 19:15 . 2008-05-07 07:38 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2008-08-16 19:15 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys 2008-08-16 19:14 . 2008-08-16 19:14 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Installations 2008-08-11 21:42 . 2008-08-11 21:42 <DIR> d-------- C:\Programfiler\HyCam2 2008-08-09 15:21 . 2008-08-09 15:21 94,208 --a------ C:\WINDOWS\DIIUnin.exe 2008-08-09 15:21 . 2008-08-13 23:38 39,692 --a------ C:\WINDOWS\DIIUnin.dat 2008-08-09 15:21 . 2008-08-09 15:21 2,829 --a------ C:\WINDOWS\DIIUnin.pif 2008-08-08 19:57 . 2008-08-20 15:37 <DIR> dr-h----- C:\Documents and Settings\sysop\Siste 2008-08-08 19:56 . 2008-08-08 19:56 <DIR> d-------- C:\Programfiler\CCleaner 2008-08-08 19:02 . 2008-08-08 19:32 <DIR> d-------- C:\VundoFix Backups 2008-08-07 23:11 . 2008-08-07 23:11 510 --a------ C:\WINDOWS\system32\xtupdate.zip 2008-08-07 23:11 . 2008-08-07 23:11 510 --a------ C:\WINDOWS\system32\xtupdate.dat 2008-08-07 23:10 . 2004-11-15 06:14 613,376 --a------ C:\WINDOWS\system32\is-6U23N.tmp 2008-08-07 23:10 . 2004-11-12 15:29 216,064 --a------ C:\WINDOWS\system32\is-48911.tmp 2008-08-07 22:59 . 2008-08-20 15:57 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP 2008-08-07 22:58 . 2008-08-07 22:58 <DIR> d-------- C:\Programfiler\Ace Utilities 2008-08-07 22:57 . 2008-08-07 22:57 <DIR> d-------- C:\WINDOWS\system32\AppData 2008-08-07 22:56 . 2008-08-07 23:02 <DIR> d-------- C:\Programfiler\WinUtilities 2008-08-05 03:25 . 2008-08-05 04:25 <DIR> d-------- C:\vcs5BGEffects 2008-08-05 03:14 . 2008-08-07 23:07 <DIR> d-------- C:\Programfiler\AV Vcs 6.0 DIAMOND 2008-08-02 01:00 . 2008-08-02 01:00 <DIR> d-------- C:\Programfiler\THQ 2008-07-28 23:07 . 2008-07-28 23:07 <DIR> dr-h----- C:\Documents and Settings\sysop\Programdata\SecuROM 2008-07-28 23:07 . 2008-07-28 23:07 <DIR> d-------- C:\Documents and Settings\sysop\Programdata\Bioshock 2008-07-25 10:36 . 2008-07-25 10:36 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2008-07-25 10:36 . 2008-07-25 10:36 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb 2008-07-23 18:50 . 2008-07-23 18:50 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-07-23 18:48 . 2008-07-23 18:48 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2008-07-23 18:48 . 2008-07-23 18:48 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2008-07-23 18:47 . 2008-07-23 18:47 634,880 --a------ C:\WINDOWS\system32\divxdec.ax 2008-07-23 18:47 . 2008-07-23 18:47 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax 2008-07-23 18:47 . 2008-07-23 18:47 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest 2008-07-23 18:47 . 2008-07-23 18:47 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest 2008-07-23 18:46 . 2008-07-23 18:46 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-20 14:09 --------- d-----w C:\Programfiler\Symantec AntiVirus 2008-08-20 14:00 --------- d-----w C:\Programfiler\Diablo II 2008-08-20 12:43 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-08-16 17:15 --------- d-----w C:\Programfiler\DIFX 2008-08-16 13:43 --------- d-----w C:\Programfiler\Starcraft 2008-08-16 11:48 --------- d-----w C:\Programfiler\DivX 2008-08-12 21:27 --------- d-----w C:\Documents and Settings\sysop\Programdata\uTorrent 2008-08-08 18:06 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-08-07 21:10 --------- d-----w C:\Programfiler\XP Tools 2008-08-07 20:16 --------- d-----w C:\Programfiler\Spybot - Search & Destroy 2008-07-28 21:03 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-07-26 02:50 --------- d-----w C:\Programfiler\mIRC 2008-07-18 15:44 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2008-07-18 15:44 249,856 ------w C:\WINDOWS\Setup1.exe 2008-07-18 08:55 1,598,010,535 ----a-w C:\Programfiler\Diablo II1.12.rar 2008-07-12 15:03 --------- d-----w C:\Programfiler\Prime95 2008-07-12 15:03 --------- d-----w C:\Programfiler\NCH Swift Sound 2008-07-10 14:30 --------- d-----w C:\Documents and Settings\sysop\Programdata\DivX 2008-06-28 20:02 --------- d-----w C:\Programfiler\Fellesfiler\Blizzard Entertainment 2008-06-27 11:23 --------- d-----w C:\Programfiler\Eidos 2007-11-12 11:02 22,328 -c--a-w C:\Documents and Settings\sysop\Programdata\PnkBstrK.sys 2006-12-29 01:07 38,912 ----a-w C:\Programfiler\D2Loader-1.11b.exe 2004-06-15 06:00 13,824 ----a-w C:\Documents and Settings\sysop\cnmss Canon PIXMA iP3000 (Local).exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 13:54 5674352] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 10:52 94208] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "NVIDIA nTune"="C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920] "Steam"="c:\steam\steam.exe" [2008-03-28 14:15 1271032] "Nokia.PCSync"="C:\Programfiler\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 16:00 1249280] "PC Suite Tray"="C:\Programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-06-18 14:31 1122816] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 07:03 221184] "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-08-09 07:03 81920] "SMSERIAL"="C:\Programfiler\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 04:31 630784] "Wow Video&Audio"="C:\Programfiler\Compal\Wow Video&Audio\WVAMain.exe" [2007-04-13 01:59 947760] "WLSS"="C:\Programfiler\Compal\Wireless Select Switch\WLSS.exe" [2007-03-29 15:00 190000] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 20:05 8429568] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 20:05 81920] "NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 04:48 36975] "GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016] "DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "nod32kui"="C:\Programfiler\Eset\nod32kui.exe" [2008-05-17 21:18 950664] "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 02:28 16126464 C:\WINDOWS\RTHDCPL.exe] "nwiz"="nwiz.exe" [2007-04-19 20:05 1626112 C:\WINDOWS\system32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] C:\Documents and Settings\sysop\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2007-11-03 19:37:39 692224] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "vidc.i420"= i420vfw.dll "msacm.imc"= imc32.acm "msacm.divxa32"= divxa32.acm [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\[u]0[/u]\[u]0[/u]] "Script"=scs_sav.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\[u]0[/u]\[u]0[/u]] "Script"=SymUniPwdDisable.bat [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^sysop^Start-meny^Programmer^Oppstart^BJ Status Monitor Canon PIXMA iP3000.lnk] path=C:\Documents and Settings\sysop\Start-meny\Programmer\Oppstart\BJ Status Monitor Canon PIXMA iP3000.lnk backup=C:\WINDOWS\pss\BJ Status Monitor Canon PIXMA iP3000.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recordpad [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-01-28 12:43 2097488 C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray] --a------ 2006-06-15 02:40 124656 C:\PROGRA~1\SYMANT~1\VPTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2007-05-15 00:22 35328 C:\Programfiler\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Steam\\Steam.exe"= "C:\\Steam\\steamapps\\d2l_zod\\counter-strike\\hl.exe"= "C:\\WINDOWS\\system32\\mmc.exe"= "C:\\Programfiler\\Starcraft\\StarCraft.exe"= "C:\\Programfiler\\mIRC\\mirc.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Programfiler\\utorrent\\utorrent.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Programfiler\\VentSrv\\ventrilo_srv.exe"= "C:\\Programfiler\\Diablo II\\D2Loader-1.11b.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Programfiler\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "C:\\Programfiler\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "C:\\Programfiler\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Steam\\steamapps\\d2l_zod\\dedicated server\\hlds.exe"= "C:\\Steam\\steamapps\\tomcat409\\counter-strike\\hl.exe"= "C:\\Programfiler\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"= "C:\\Programfiler\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4000:TCP"= 4000:TCP:d2 "4000:UDP"= 4000:UDP:d2 R0 EMSC;COMPAL Embedded System Control;C:\WINDOWS\system32\DRIVERS\EMSC.SYS [2007-03-14 11:16] R0 HWFProt;Hywave File Protector HWFProt;C:\WINDOWS\system32\Drivers\HWFProt.sys [2003-05-11 23:20] S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\DOCUME~1\sysop\LOKALE~1\Temp\EverestDriver.sys [] S3 w3304an5;WN3X0X Wireless Adapter;C:\PROGRA~1\3Com\3COMOF~1\drivers\WINXP\w3304an5.SYS [] . Contents of the 'Scheduled Tasks' folder 2008-06-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57] . - - - - ORPHANS REMOVED - - - - BHO-{db4d7568-ee80-40b4-8c8f-78671c1edfd2} - (no file) Notify-__c0015852 - C:\WINDOWS\system32\__c0015852.dat Notify-__c00772BE - C:\WINDOWS\system32\__c00772BE.dat Notify-jkkLEWop - jkkLEWop.dll Notify-__c003135E - (no file) Notify-__c003182F - (no file) Notify-__c0055C91 - (no file) Notify-__c00576F8 - (no file) Notify-__c006E65F - (no file) Notify-__c00773FC - (no file) Notify-__c0085964 - (no file) Notify-__c009E0EA - (no file) Notify-__c009F12A - (no file) Notify-__c00A33C4 - (no file) Notify-__c00D64FE - (no file) Notify-__c00DB7CA - (no file) Notify-__c00DFF3F - (no file) Notify-__c00EEF18 - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\sysop\Programdata\Mozilla\Firefox\Profiles\i5tcuync.default\ FF -: plugin - C:\Programfiler\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\Programfiler\Java\jre1.5.0_03\bin\NPJava11.dll FF -: plugin - C:\Programfiler\Java\jre1.5.0_03\bin\NPJava12.dll FF -: plugin - C:\Programfiler\Java\jre1.5.0_03\bin\NPJava13.dll FF -: plugin - C:\Programfiler\Java\jre1.5.0_03\bin\NPJava14.dll FF -: plugin - C:\Programfiler\Java\jre1.5.0_03\bin\NPJava32.dll FF -: plugin - C:\Programfiler\Java\jre1.5.0_03\bin\NPJPI150_03.dll FF -: plugin - C:\Programfiler\Java\jre1.5.0_03\bin\NPOJI610.dll FF -: plugin - C:\Programfiler\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF -: plugin - C:\Programfiler\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-20 16:12:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Symantec AntiVirus\DefWatch.exe C:\Programfiler\ESET\nod32krn.exe C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Symantec AntiVirus\SavRoam.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.exe C:\Programfiler\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Programfiler\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Programfiler\Fellesfiler\Nokia\MPAPI\MPAPI3s.exe . ************************************************************************** . Completion time: 2008-08-20 16:18:24 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-20 14:18:20 Pre-Run: 89,522,614,272 byte ledig Post-Run: 89,773,318,144 byte ledig 282 --- E O F --- 2007-10-30 17:47:05 Malware logg: Malwarebytes' Anti-Malware 1.25 Database versjon: 1062 Windows 5.1.2600 Service Pack 2 16:34:59 20.08.2008 mbam-log-08-20-2008 (16-34-59).txt Skanntype: Rask Skann Objekter skannet: 51275 Tid tilbakelagt: 3 minute(s), 37 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 1 Registerfiler infisert: 0 Mapper infisert: 6 Filer infisert: 1 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\programfiler\registrysmart\microsoft.vc80.mfc\ (Rogue.RegistrySmart) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: C:\Programfiler\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Programfiler\RegistrySmart\Microsoft.VC80.CRT (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Programfiler\RegistrySmart\Microsoft.VC80.MFC (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\sysop\Programdata\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\sysop\Programdata\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully. C:\Documents and Settings\sysop\Programdata\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully. Filer infisert: C:\Documents and Settings\sysop\Programdata\RegistrySmart\Registry Backups\2007-11-03_14-57-09.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully. HJT logg: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:39:44, on 20.08.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Symantec AntiVirus\DefWatch.exe C:\Programfiler\Eset\nod32krn.exe C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Symantec AntiVirus\SavRoam.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe C:\WINDOWS\RTHDCPL.EXE C:\Programfiler\Motorola\SMSERIAL\sm56hlpr.exe C:\Programfiler\Compal\Wow Video&Audio\WVAMain.exe C:\Programfiler\Compal\Wireless Select Switch\WLSS.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe C:\Programfiler\DAEMON Tools\daemon.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Eset\nod32kui.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe C:\Programfiler\Messenger\msmsgs.exe C:\steam\steam.exe C:\Programfiler\Nokia\Nokia PC Suite 7\PCSync2.exe C:\Programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\Logitech\SetPoint\SetPoint.exe C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE C:\Programfiler\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Programfiler\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Programfiler\Fellesfiler\Nokia\MPAPI\MPAPI3s.exe C:\WINDOWS\explorer.exe C:\Programfiler\Mozilla Firefox\firefox.exe C:\Programfiler\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\sysop\Skrivebord\try\jonny23k582jny.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SMSERIAL] C:\Programfiler\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [Wow Video&Audio] C:\Programfiler\Compal\Wow Video&Audio\WVAMain.exe O4 - HKLM\..\Run: [WLSS] C:\Programfiler\Compal\Wireless Select Switch\WLSS.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programfiler\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Programfiler\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [Steam] c:\steam\steam.exe O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programfiler\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.skoleportalen.no O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193760440125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hfk.vgs.no O17 - HKLM\Software\..\Telephony: DomainName = hfk.vgs.no O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = hfk.vgs.no O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programfiler\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NBService - Nero AG - C:\Programfiler\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programfiler\Eset\nod32krn.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programfiler\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programfiler\Symantec AntiVirus\SavRoam.exe O23 - Service: ServiceLayer - Nokia. - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programfiler\Symantec AntiVirus\Rtvscan.exe -- End of file - 9542 bytes Der var loggene ja. Endret 20. august 2008 av nilsso Lenke til kommentar
snippsat Skrevet 20. august 2008 Del Skrevet 20. august 2008 (endret) Kopiere fet tekst under bildet->åpne notisblokk og lim inn. Lagre på skrivebordet som CFScript.txt Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt File:: C:\WINDOWS\system32\xtupdate.zip C:\WINDOWS\system32\xtupdate.dat C:\WINDOWS\system32\is-6U23N.tmp C:\WINDOWS\system32\is-48911.tmp Folder:: C:\VundoFix Backups --- Du må fjerne et antivirus på systemet ditt. Du kan kun ha et. Fjerner du norton bruker du denne. Norton-Removal-Tool --- Uppdate Java. --- Post loggen fra combofix,da er det bra tenker jeg. Combofix fjernet en del grums. Endret 20. august 2008 av SNIPPSAT Lenke til kommentar
nilsso Skrevet 20. august 2008 Forfatter Del Skrevet 20. august 2008 Combofix loggen etter å ha følgt dine "skritt": ComboFix 08-08-19.02 - sysop 2008-08-20 17:52:42.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.1373 [GMT 2:00] Running from: C:\Documents and Settings\sysop\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\sysop\Skrivebord\CFScript.txt * Created a new restore point * Resident AV is active [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] FILE :: C:\WINDOWS\system32\is-48911.tmp C:\WINDOWS\system32\is-6U23N.tmp C:\WINDOWS\system32\xtupdate.dat C:\WINDOWS\system32\xtupdate.zip . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\VundoFix Backups C:\VundoFix Backups\gieeyuds.dll.bad C:\VundoFix Backups\hwmazz.dll.bad C:\VundoFix Backups\jphlfovk.dll.bad C:\WINDOWS\system32\is-48911.tmp C:\WINDOWS\system32\is-6U23N.tmp C:\WINDOWS\system32\xtupdate.dat C:\WINDOWS\system32\xtupdate.zip . ((((((((((((((((((((((((( Files Created from 2008-07-20 to 2008-08-20 ))))))))))))))))))))))))))))))) . 2008-08-20 16:30 . 2008-08-20 16:30 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-08-20 16:30 . 2008-08-20 16:30 <DIR> d-------- C:\Documents and Settings\sysop\Programdata\Malwarebytes 2008-08-20 16:30 . 2008-08-20 16:30 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-08-20 16:30 . 2008-08-17 15:05 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-20 16:30 . 2008-08-17 15:05 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-20 14:43 . 2008-08-20 14:43 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-08-20 14:43 . 2008-08-20 14:43 <DIR> d-------- C:\Documents and Settings\sysop\Programdata\SUPERAntiSpyware.com 2008-08-20 14:43 . 2008-08-20 14:43 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-08-19 12:13 . 2008-08-19 12:13 <DIR> d-------- C:\Programfiler\Enigma Software Group 2008-08-16 19:25 . 2008-08-16 19:25 <DIR> d-------- C:\Documents and Settings\sysop\Programdata\PC Suite 2008-08-16 19:25 . 2008-08-16 19:37 <DIR> d-------- C:\Documents and Settings\sysop\Programdata\Nokia 2008-08-16 19:25 . 2008-08-16 19:25 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\PC Suite 2008-08-16 19:24 . 2008-08-16 19:24 <DIR> d-------- C:\Programfiler\Fellesfiler\PCSuite 2008-08-16 19:24 . 2008-08-16 19:24 <DIR> d-------- C:\Programfiler\Fellesfiler\Nokia 2008-08-16 19:15 . 2008-08-16 19:15 <DIR> d-------- C:\Programfiler\PC Connectivity Solution 2008-08-16 19:15 . 2008-08-16 19:24 <DIR> d-------- C:\Programfiler\Nokia 2008-08-16 19:15 . 2008-05-07 07:38 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2008-08-16 19:15 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys 2008-08-16 19:14 . 2008-08-16 19:14 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Installations 2008-08-11 21:42 . 2008-08-11 21:42 <DIR> d-------- C:\Programfiler\HyCam2 2008-08-09 15:21 . 2008-08-09 15:21 94,208 --a------ C:\WINDOWS\DIIUnin.exe 2008-08-09 15:21 . 2008-08-13 23:38 39,692 --a------ C:\WINDOWS\DIIUnin.dat 2008-08-09 15:21 . 2008-08-09 15:21 2,829 --a------ C:\WINDOWS\DIIUnin.pif 2008-08-08 19:57 . 2008-08-20 17:20 <DIR> dr-h----- C:\Documents and Settings\sysop\Siste 2008-08-08 19:56 . 2008-08-08 19:56 <DIR> d-------- C:\Programfiler\CCleaner 2008-08-07 22:59 . 2008-08-20 15:57 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP 2008-08-07 22:58 . 2008-08-07 22:58 <DIR> d-------- C:\Programfiler\Ace Utilities 2008-08-07 22:57 . 2008-08-07 22:57 <DIR> d-------- C:\WINDOWS\system32\AppData 2008-08-07 22:56 . 2008-08-07 23:02 <DIR> d-------- C:\Programfiler\WinUtilities 2008-08-05 03:25 . 2008-08-05 04:25 <DIR> d-------- C:\vcs5BGEffects 2008-08-05 03:14 . 2008-08-07 23:07 <DIR> d-------- C:\Programfiler\AV Vcs 6.0 DIAMOND 2008-08-02 01:00 . 2008-08-02 01:00 <DIR> d-------- C:\Programfiler\THQ 2008-07-28 23:07 . 2008-07-28 23:07 <DIR> dr-h----- C:\Documents and Settings\sysop\Programdata\SecuROM 2008-07-28 23:07 . 2008-07-28 23:07 <DIR> d-------- C:\Documents and Settings\sysop\Programdata\Bioshock 2008-07-25 10:36 . 2008-07-25 10:36 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe 2008-07-25 10:36 . 2008-07-25 10:36 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb 2008-07-23 18:50 . 2008-07-23 18:50 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2008-07-23 18:48 . 2008-07-23 18:48 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2008-07-23 18:48 . 2008-07-23 18:48 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2008-07-23 18:47 . 2008-07-23 18:47 634,880 --a------ C:\WINDOWS\system32\divxdec.ax 2008-07-23 18:47 . 2008-07-23 18:47 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax 2008-07-23 18:47 . 2008-07-23 18:47 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest 2008-07-23 18:47 . 2008-07-23 18:47 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest 2008-07-23 18:46 . 2008-07-23 18:46 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-20 15:52 --------- d-----w C:\Programfiler\Diablo II 2008-08-20 15:18 --------- d-----w C:\Programfiler\Symantec AntiVirus 2008-08-20 15:18 --------- d-----w C:\Programfiler\Symantec 2008-08-20 15:18 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-08-20 15:18 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec 2008-08-20 12:43 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-08-16 17:15 --------- d-----w C:\Programfiler\DIFX 2008-08-16 13:43 --------- d-----w C:\Programfiler\Starcraft 2008-08-16 11:48 --------- d-----w C:\Programfiler\DivX 2008-08-12 21:27 --------- d-----w C:\Documents and Settings\sysop\Programdata\uTorrent 2008-08-09 13:50 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2008-08-09 13:50 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2008-08-09 13:50 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2008-08-09 13:46 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2008-08-08 18:06 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-08-07 21:11 259,584 ----a-w C:\WINDOWS\system32\xtsupermenuhook.dll 2008-08-07 21:10 --------- d-----w C:\Programfiler\XP Tools 2008-08-07 20:16 --------- d-----w C:\Programfiler\Spybot - Search & Destroy 2008-07-28 21:03 --------- d--h--w C:\Programfiler\InstallShield Installation Information 2008-07-28 20:40 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-07-26 02:50 --------- d-----w C:\Programfiler\mIRC 2008-07-18 15:44 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2008-07-18 15:44 249,856 ------w C:\WINDOWS\Setup1.exe 2008-07-18 08:55 1,598,010,535 ----a-w C:\Programfiler\Diablo II1.12.rar 2008-07-12 15:03 --------- d-----w C:\Programfiler\Prime95 2008-07-12 15:03 --------- d-----w C:\Programfiler\NCH Swift Sound 2008-07-10 14:30 --------- d-----w C:\Documents and Settings\sysop\Programdata\DivX 2008-06-28 20:02 --------- d-----w C:\Programfiler\Fellesfiler\Blizzard Entertainment 2008-06-27 11:23 --------- d-----w C:\Programfiler\Eidos 2008-06-11 00:07 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2008-06-11 00:07 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-06-11 00:07 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2007-11-12 11:02 22,328 -c--a-w C:\Documents and Settings\sysop\Programdata\PnkBstrK.sys 2006-12-29 01:07 38,912 ----a-w C:\Programfiler\D2Loader-1.11b.exe 2004-06-15 06:00 13,824 ----a-w C:\Documents and Settings\sysop\cnmss Canon PIXMA iP3000 (Local).exe . ((((((((((((((((((((((((((((( snapshot@2008-08-20_16.17.58.64 ))))))))))))))))))))))))))))))))))))))))) . - 2007-11-07 08:46:15 25,214 -c--a-r C:\WINDOWS\Installer\{78D891EF-9E2D-4FC8-A71F-E6F897BA1B21}\ARPPRODUCTICON.exe + 2008-08-20 15:18:58 25,214 ----a-r C:\WINDOWS\Installer\{78D891EF-9E2D-4FC8-A71F-E6F897BA1B21}\ARPPRODUCTICON.exe - 2007-11-07 08:46:15 40,960 -c--a-r C:\WINDOWS\Installer\{78D891EF-9E2D-4FC8-A71F-E6F897BA1B21}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe + 2008-08-20 15:18:58 40,960 ----a-r C:\WINDOWS\Installer\{78D891EF-9E2D-4FC8-A71F-E6F897BA1B21}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe - 2007-11-07 08:46:15 40,960 -c--a-r C:\WINDOWS\Installer\{78D891EF-9E2D-4FC8-A71F-E6F897BA1B21}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe + 2008-08-20 15:18:58 40,960 ----a-r C:\WINDOWS\Installer\{78D891EF-9E2D-4FC8-A71F-E6F897BA1B21}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe - 2008-08-08 10:08:47 10,134 ----a-r C:\WINDOWS\Installer\{F408DA6B-DA75-4D95-B87D-49AFF0B4EBB0}\ARPPRODUCTICON.exe + 2008-08-20 14:14:57 10,134 ----a-r C:\WINDOWS\Installer\{F408DA6B-DA75-4D95-B87D-49AFF0B4EBB0}\ARPPRODUCTICON.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 13:54 5674352] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programfiler\Fellesfiler\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 10:52 94208] "MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "NVIDIA nTune"="C:\Programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920] "Steam"="c:\steam\steam.exe" [2008-03-28 14:15 1271032] "Nokia.PCSync"="C:\Programfiler\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 16:00 1249280] "PC Suite Tray"="C:\Programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-06-18 14:31 1122816] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 07:03 221184] "ISUSScheduler"="C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" [2004-08-09 07:03 81920] "SMSERIAL"="C:\Programfiler\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 04:31 630784] "Wow Video&Audio"="C:\Programfiler\Compal\Wow Video&Audio\WVAMain.exe" [2007-04-13 01:59 947760] "WLSS"="C:\Programfiler\Compal\Wireless Select Switch\WLSS.exe" [2007-03-29 15:00 190000] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 20:05 8429568] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 20:05 81920] "NeroFilterCheck"="C:\Programfiler\Fellesfiler\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 04:48 36975] "GrooveMonitor"="C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016] "DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "nod32kui"="C:\Programfiler\Eset\nod32kui.exe" [2008-05-17 21:18 950664] "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 02:28 16126464 C:\WINDOWS\RTHDCPL.exe] "nwiz"="nwiz.exe" [2007-04-19 20:05 1626112 C:\WINDOWS\system32\nwiz.exe] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] C:\Documents and Settings\sysop\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2007-11-03 19:37:39 692224] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "vidc.i420"= i420vfw.dll "msacm.imc"= imc32.acm "msacm.divxa32"= divxa32.acm [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\[u]0[/u]\[u]0[/u]] "Script"=scs_sav.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\[u]0[/u]\[u]0[/u]] "Script"=SymUniPwdDisable.bat [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^sysop^Start-meny^Programmer^Oppstart^BJ Status Monitor Canon PIXMA iP3000.lnk] path=C:\Documents and Settings\sysop\Start-meny\Programmer\Oppstart\BJ Status Monitor Canon PIXMA iP3000.lnk backup=C:\WINDOWS\pss\BJ Status Monitor Canon PIXMA iP3000.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recordpad [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2008-01-28 12:43 2097488 C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2007-05-15 00:22 35328 C:\Programfiler\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Steam\\Steam.exe"= "C:\\Steam\\steamapps\\d2l_zod\\counter-strike\\hl.exe"= "C:\\WINDOWS\\system32\\mmc.exe"= "C:\\Programfiler\\Starcraft\\StarCraft.exe"= "C:\\Programfiler\\mIRC\\mirc.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Programfiler\\utorrent\\utorrent.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Programfiler\\VentSrv\\ventrilo_srv.exe"= "C:\\Programfiler\\Diablo II\\D2Loader-1.11b.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Programfiler\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= "C:\\Programfiler\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "C:\\Programfiler\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "C:\\Programfiler\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Steam\\steamapps\\d2l_zod\\dedicated server\\hlds.exe"= "C:\\Steam\\steamapps\\tomcat409\\counter-strike\\hl.exe"= "C:\\Programfiler\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"= "C:\\Programfiler\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4000:TCP"= 4000:TCP:d2 "4000:UDP"= 4000:UDP:d2 R0 EMSC;COMPAL Embedded System Control;C:\WINDOWS\system32\DRIVERS\EMSC.SYS [2007-03-14 11:16] R0 HWFProt;Hywave File Protector HWFProt;C:\WINDOWS\system32\Drivers\HWFProt.sys [2003-05-11 23:20] S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\DOCUME~1\sysop\LOKALE~1\Temp\EverestDriver.sys [] S3 w3304an5;WN3X0X Wireless Adapter;C:\PROGRA~1\3Com\3COMOF~1\drivers\WINXP\w3304an5.SYS [] . Contents of the 'Scheduled Tasks' folder 2008-06-06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57] . - - - - ORPHANS REMOVED - - - - Notify-NavLogon - (no file) MSConfigStartUp-vptray - C:\PROGRA~1\SYMANT~1\VPTray.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-20 17:54:17 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\NavLogon.dll . Completion time: 2008-08-20 17:55:12 ComboFix-quarantined-files.txt 2008-08-20 15:55:03 ComboFix2.txt 2008-08-20 14:18:25 Pre-Run: 90,055,163,904 byte ledig Post-Run: 90,044,047,360 byte ledig 253 --- E O F --- 2007-10-30 17:47:05 Lenke til kommentar
snippsat Skrevet 20. august 2008 Del Skrevet 20. august 2008 Da ser det bra ut Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Surf trygt. Lenke til kommentar
nilsso Skrevet 20. august 2008 Forfatter Del Skrevet 20. august 2008 usikker på hvor du mener... hvorhen skal jeg skrive combofix /u ? cmd window? combofix window(vist denne fikk jeg det ikke helt til)? start+r window? Lenke til kommentar
Auke Skrevet 25. september 2008 Del Skrevet 25. september 2008 Jeg sliter med det samme. Kjørte combofix, men fikk ikke fjernet viruset. Prøvde det samme som beskrevet for Nilsso. Her er min logg: ComboFix 08-09-25.01 - Atle 2008-09-25 19:44:52.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.205 [GMT 2:00] Running from: C:\Documents and Settings\Atle\Programdata\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\blphc33hj0e5cp.scr C:\WINDOWS\system32\lphc33hj0e5cp.exe . ((((((((((((((((((((((((( Files Created from 2008-08-25 to 2008-09-25 ))))))))))))))))))))))))))))))) . 2008-09-22 21:02 . 2008-09-22 21:02 <DIR> d-------- C:\Programfiler\iPod 2008-09-22 21:02 . 2008-09-22 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-22 20:59 . 2008-09-22 21:00 <DIR> d-------- C:\Programfiler\QuickTime 2008-09-22 20:50 . 2008-09-22 20:50 <DIR> d-------- C:\Programfiler\Safari 2008-09-22 20:48 . 2008-09-22 20:48 <DIR> d-------- C:\Programfiler\Bonjour 2008-09-18 13:27 . 2008-09-18 13:27 <DIR> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP 2008-09-18 13:03 . 2008-09-18 13:03 <DIR> d-------- C:\Programfiler\TeaTimer (Spybot - Search & Destroy) 2008-09-18 10:08 . 2008-09-18 10:08 <DIR> d-------- C:\Programfiler\cvcrqo 2008-09-18 10:08 . 2008-09-18 10:08 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\nwxkhqru 2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe 2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-22 19:02 --------- d-----w C:\Programfiler\iTunes 2008-09-22 17:57 --------- d-----w C:\Documents and Settings\Atle\Programdata\Apple Computer 2008-09-18 11:24 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-09-18 11:12 --------- d-----w C:\Programfiler\Spybot - Search & Destroy 2008-09-18 08:08 --------- d-----w C:\Programfiler\ESET 2008-09-07 13:20 --------- d-----w C:\Programfiler\DC++ 2008-09-06 19:46 --------- d-----w C:\Programfiler\Last.fm 2008-09-02 15:43 --------- d-----w C:\Programfiler\Apple Software Update 2008-08-07 10:26 --------- d-----w C:\Documents and Settings\All Users\Programdata\Lavasoft . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2FD4F59A-8815-633C-FECC-03AB510AAE1C}] 2008-09-18 10:08 118784 --a------ C:\Programfiler\cvcrqo\DbStr.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nod32kui"="C:\Programfiler\Eset\nod32kui.exe" [2007-08-18 917504] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-13 294912] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "PRISMSVR.EXE"="C:\Programfiler\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE" [2004-04-26 295001] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-01-26 495616] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-09-06 413696] "AppleSyncNotifier"="C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-09-10 289576] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 C:\WINDOWS\system32\Ati2mdxx.exe] "SoundMan"="SOUNDMAN.EXE" [2002-09-11 C:\WINDOWS\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "WsHft00xP7"="C:\Documents and Settings\All Users\Programdata\nwxkhqru\jotixkvw.exe" [2008-09-18 69632] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ 3Com Wireless 11g PC Card.lnk - C:\Programfiler\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\Monitor.exe [2004-07-02 299008] Kodak EasyShare software.lnk - C:\Programfiler\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 282624] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\ff_vfw.dll "vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\DC++\\DCPlusPlus.exe"= "C:\\Programfiler\\Last.fm\\LastFM.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\Opera\\Opera.exe"= "C:\\Programfiler\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= R3 WBFIRDMA;Winbond infrarød enhetsdriver;C:\WINDOWS\system32\DRIVERS\wbfirdma.sys [2001-08-17 35871] S3 3C154G;3Com OfficeConnect 802.11g PC Card Driver;C:\WINDOWS\system32\DRIVERS\3C154G72.sys [2004-05-18 386432] S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-02-08 61536] S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-02-08 9360] S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-02-08 97088] S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys [2007-02-08 88624] S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);C:\WINDOWS\system32\DRIVERS\sea1nd5.sys [2007-02-08 18704] S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\sea1obex.sys [2007-02-08 86432] S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);C:\WINDOWS\system32\DRIVERS\sea1unic.sys [2007-02-08 90800] S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-07-22 32000] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.no/ R1 -: HKCU-Internet Settings,ProxyOverride = *.local O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-25 19:47:25 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-09-25 19:48:37 ComboFix-quarantined-files.txt 2008-09-25 17:48:33 Pre-Run: 4 840 296 448 byte ledig Post-Run: 5,008,551,936 byte ledig 121 Lenke til kommentar
r2d290 Skrevet 25. september 2008 Del Skrevet 25. september 2008 Det er forskjellige navn på de ulike filene, og derfor også ulik løsning for hvert eksempel. Ditt CFScript skal se slik ut: File:: C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP Folder:: C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP C:\Programfiler\cvcrqo C:\Documents and Settings\All Users\Programdata\nwxkhqru Registry:: [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2FD4F59A-8815-633C-FECC-03AB510AAE1C}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "WsHft00xP7"=- Regner med at du kan resten: lagre tekstfil som CFScript.cfg, dra den over combofix-ikonet osv... Post loggen som blir laget. Lenke til kommentar
Auke Skrevet 28. september 2008 Del Skrevet 28. september 2008 ComboFix 08-09-27.05 - Atle 2008-09-28 22:11:57.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.131 [GMT 2:00] Running from: C:\Documents and Settings\Atle\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Atle\Skrivebord\CFScript.cfg * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Programdata\nwxkhqru C:\Documents and Settings\All Users\Programdata\nwxkhqru\jotixkvw.exe C:\Programfiler\cvcrqo C:\Programfiler\cvcrqo\DbStr.dll C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustCall64.dll C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCall.dll C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCalla.dll . ((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-28 ))))))))))))))))))))))))))))))) . 2008-09-22 21:02 . 2008-09-22 21:02 <DIR> d-------- C:\Programfiler\iPod 2008-09-22 21:02 . 2008-09-22 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-22 20:59 . 2008-09-22 21:00 <DIR> d-------- C:\Programfiler\QuickTime 2008-09-22 20:50 . 2008-09-22 20:50 <DIR> d-------- C:\Programfiler\Safari 2008-09-22 20:48 . 2008-09-22 20:48 <DIR> d-------- C:\Programfiler\Bonjour 2008-09-18 13:03 . 2008-09-18 13:03 <DIR> d-------- C:\Programfiler\TeaTimer (Spybot - Search & Destroy) 2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe 2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-22 19:02 --------- d-----w C:\Programfiler\iTunes 2008-09-22 17:57 --------- d-----w C:\Documents and Settings\Atle\Programdata\Apple Computer 2008-09-18 11:24 --------- d-----w C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-09-18 11:12 --------- d-----w C:\Programfiler\Spybot - Search & Destroy 2008-09-18 08:08 --------- d-----w C:\Programfiler\ESET 2008-09-07 13:20 --------- d-----w C:\Programfiler\DC++ 2008-09-06 19:46 --------- d-----w C:\Programfiler\Last.fm 2008-09-02 15:43 --------- d-----w C:\Programfiler\Apple Software Update 2008-08-07 10:26 --------- d-----w C:\Documents and Settings\All Users\Programdata\Lavasoft . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nod32kui"="C:\Programfiler\Eset\nod32kui.exe" [2007-08-18 917504] "ATIPTA"="C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-13 294912] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "PRISMSVR.EXE"="C:\Programfiler\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE" [2004-04-26 295001] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-01-26 495616] "QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-09-06 413696] "AppleSyncNotifier"="C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-09-10 289576] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 C:\WINDOWS\system32\Ati2mdxx.exe] "SoundMan"="SOUNDMAN.EXE" [2002-09-11 C:\WINDOWS\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ 3Com Wireless 11g PC Card.lnk - C:\Programfiler\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\Monitor.exe [2004-07-02 299008] Kodak EasyShare software.lnk - C:\Programfiler\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 282624] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\ff_vfw.dll "vidc.wmv3"= C:\PROGRA~1\COMBIN~1\Filters\wmv9vcm.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\DC++\\DCPlusPlus.exe"= "C:\\Programfiler\\Last.fm\\LastFM.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\Opera\\Opera.exe"= "C:\\Programfiler\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\iTunes\\iTunes.exe"= R3 WBFIRDMA;Winbond infrarød enhetsdriver;C:\WINDOWS\system32\DRIVERS\wbfirdma.sys [2001-08-17 35871] S3 3C154G;3Com OfficeConnect 802.11g PC Card Driver;C:\WINDOWS\system32\DRIVERS\3C154G72.sys [2004-05-18 386432] S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-02-08 61536] S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-02-08 9360] S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-02-08 97088] S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys [2007-02-08 88624] S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);C:\WINDOWS\system32\DRIVERS\sea1nd5.sys [2007-02-08 18704] S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\sea1obex.sys [2007-02-08 86432] S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);C:\WINDOWS\system32\DRIVERS\sea1unic.sys [2007-02-08 90800] S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-07-22 32000] . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - BHO-{2FD4F59A-8815-633C-FECC-03AB510AAE1C} - C:\Programfiler\cvcrqo\DbStr.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-28 22:13:32 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-09-28 22:14:29 ComboFix-quarantined-files.txt 2008-09-28 20:14:17 ComboFix2.txt 2008-09-28 20:09:13 ComboFix3.txt 2008-09-25 18:18:39 Pre-Run: 6 059 532 288 byte ledig Post-Run: 6,050,353,152 byte ledig 118 Lenke til kommentar
Auke Skrevet 28. september 2008 Del Skrevet 28. september 2008 Problemet ser ut til å være løst. Tusen takk for hjelpen! Lenke til kommentar
r2d290 Skrevet 28. september 2008 Del Skrevet 28. september 2008 Loggen ser også fin ut Du er velkommen tilbake hvis du skulle ha flere problemer -Surf trygt- Lenke til kommentar
Knut63 Skrevet 30. september 2008 Del Skrevet 30. september 2008 Gidder du vennligst ta en titt på denne også? ComboFix 08-09-30.02 - Knut_PC 2008-09-30 23:53:35.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.752 [GMT 2:00] Running from: C:\Documents and Settings\Knut_PC\Skrivebord\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BMab9547e2.txt C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\pskt.ini C:\WINDOWS\system32\cxmfsuaw.ini C:\WINDOWS\system32\hgGvvvWM.dll C:\WINDOWS\system32\MWvvvGgh.ini C:\WINDOWS\system32\MWvvvGgh.ini2 . ((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-30 ))))))))))))))))))))))))))))))) . 2008-09-30 19:41 . 2008-07-28 11:29 160,792 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys 2008-09-30 19:40 . 2008-09-30 19:41 <DIR> d-------- C:\Programfiler\Spyware Doctor 2008-09-30 19:40 . 2008-09-30 19:40 <DIR> d-------- C:\Programfiler\Fellesfiler\PC Tools 2008-09-30 19:40 . 2008-09-30 19:40 <DIR> d-------- C:\Documents and Settings\Knut_PC\Programdata\PC Tools 2008-09-30 19:40 . 2008-09-30 19:40 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\PC Tools 2008-09-30 19:40 . 2008-08-25 11:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-09-30 19:40 . 2008-08-25 11:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-09-30 19:40 . 2008-08-25 11:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-09-30 19:40 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-09-30 18:34 . 2008-09-30 18:34 67,072 --a------ C:\WINDOWS\system32\wausfmxc.dll 2008-09-30 18:33 . 2008-09-30 18:33 123,904 --a------ C:\WINDOWS\system32\rkbmmvle.dll 2008-09-30 18:33 . 2008-09-30 18:33 123,904 --a------ C:\WINDOWS\system32\etakpf.dll 2008-09-30 18:33 . 2008-09-30 18:33 101,888 --a------ C:\WINDOWS\system32\qkdqhxhy.dll 2008-09-30 18:33 . 2008-09-30 18:33 0 --a------ C:\WINDOWS\BMab9547e2.xml 2008-09-30 07:54 . 2008-09-30 07:54 326,324 --a------ C:\WINDOWS\system32\iiffDUll.dll 2008-09-29 20:54 . 2008-09-29 20:54 326,756 --a------ C:\WINDOWS\system32\nnnmnnOG.dll 2008-09-29 18:54 . 2008-09-29 18:54 326,756 --a------ C:\WINDOWS\system32\khfCtsQH.dll 2008-09-29 16:54 . 2008-09-29 16:54 326,472 --a------ C:\WINDOWS\system32\pmnlLDWM.dll 2008-09-29 10:54 . 2008-09-29 10:54 326,688 --a------ C:\WINDOWS\system32\ljJyxutQ.dll 2008-09-29 09:54 . 2008-09-29 09:54 326,504 --a------ C:\WINDOWS\system32\jkkHyxyw.dll 2008-09-28 11:54 . 2008-09-28 11:54 326,508 --a------ C:\WINDOWS\system32\ljJYRLCs.dll 2008-09-28 09:54 . 2008-09-28 09:54 326,912 --a------ C:\WINDOWS\system32\opnoNHbY.dll 2008-09-28 08:54 . 2008-09-28 08:54 326,200 --a------ C:\WINDOWS\system32\fccCRIxv.dll 2008-09-28 02:54 . 2008-09-28 02:54 325,944 --a------ C:\WINDOWS\system32\nnnkJCuv.dll 2008-09-27 23:54 . 2008-09-27 23:54 326,788 --a------ C:\WINDOWS\system32\vtUkkhiI.dll 2008-09-27 21:50 . 2008-09-27 21:50 <DIR> d-------- C:\Programfiler\Vizky 2008-09-27 21:50 . 2008-09-27 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\VIZ_MPS 2008-09-27 19:53 . 2008-09-27 19:53 326,120 --a------ C:\WINDOWS\system32\cbXNEVpQ.dll 2008-09-27 14:53 . 2008-09-27 14:53 326,504 --a------ C:\WINDOWS\system32\jkkHWmMG.dll 2008-09-27 13:43 . 2008-09-27 13:43 38,272 --------- C:\WINDOWS\system32\mlJBQGVM.dll 2008-09-18 15:53 . 2008-09-30 23:45 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP 2008-09-18 15:30 . 2008-09-18 15:53 <DIR> d-------- C:\Programfiler\Flash Slideshow Maker Professional 2008-09-18 14:32 . 2008-09-18 14:32 <DIR> d-------- C:\Programfiler\TechSmith 2008-09-18 14:32 . 2008-09-18 14:32 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\TechSmith 2008-09-14 14:35 . 2008-09-14 14:35 <DIR> d-------- C:\Documents and Settings\Knut_PC\Programdata\JGsoft 2008-09-14 14:34 . 2008-09-14 14:34 <DIR> d-------- C:\Programfiler\JGsoft 2008-09-14 14:34 . 2008-08-05 03:01 67,208 --a------ C:\WINDOWS\UnDeploy.exe 2008-09-14 13:56 . 2008-09-14 13:56 <DIR> d-------- C:\Programfiler\WinGZip 2008-09-13 17:37 . 2008-09-13 17:37 <DIR> d-------- C:\Programfiler\Advanced DHTML Popup Pro V2 2008-09-13 17:37 . 2008-09-13 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Advanced DHTML Popup Pro V2 2008-09-11 21:09 . 2008-09-11 21:09 <DIR> d-------- C:\Programfiler\TPTEST5 2008-09-10 12:48 . 2008-09-10 12:48 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-09-10 12:47 . 2008-09-10 12:47 <DIR> d-------- C:\Programfiler\Fellesfiler\Skype 2008-09-10 12:47 . 2008-09-30 16:52 <DIR> d-------- C:\Documents and Settings\Knut_PC\Programdata\Skype 2008-08-21 13:57 . 2008-08-21 13:57 <DIR> d-------- C:\Programfiler\Astonsoft 2008-08-21 13:57 . 2008-08-21 13:58 <DIR> d-------- C:\Documents and Settings\Knut_PC\Programdata\DeepBurner 2008-08-13 20:18 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-13 20:18 . 2008-05-01 16:38 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-07 13:52 . 2008-08-07 13:52 <DIR> d-------- C:\WINDOWS\system32\no 2008-08-07 13:52 . 2008-08-07 13:52 <DIR> d-------- C:\WINDOWS\system32\bits 2008-08-07 13:52 . 2008-08-07 13:52 <DIR> d-------- C:\WINDOWS\l2schemas 2008-08-07 13:45 . 2008-08-07 13:45 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-08-07 13:35 . 2008-08-07 13:35 <DIR> d-------- C:\WINDOWS\EHome 2008-08-05 02:43 . 2004-08-03 22:29 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys 2008-08-05 02:43 . 2004-08-03 22:29 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys 2008-08-05 02:43 . 2004-08-03 22:29 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys 2008-08-05 02:43 . 2004-08-03 22:29 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys 2008-08-05 02:43 . 2004-08-03 22:29 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys 2008-08-05 02:43 . 2004-08-03 22:29 11,295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys 2008-08-05 02:41 . 2004-08-04 00:54 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-30 17:07 --------- d-----w C:\Programfiler\Lavasoft 2008-09-30 17:06 --------- d-----w C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-09-30 17:03 --------- d-----w C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-09-30 16:18 --------- d-----w C:\Programfiler\Everest Poker 2008-09-30 15:42 --------- d-----w C:\Programfiler\Spybot - Search & Destroy 2008-09-30 09:33 --------- d-----w C:\Documents and Settings\Knut_PC\Programdata\BitTorrent 2008-09-29 22:06 --------- d-----w C:\Documents and Settings\Knut_PC\Programdata\skypePM 2008-09-29 12:13 --------- d-----w C:\Programfiler\FlashFXP 2008-09-13 15:37 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield 2008-09-10 10:47 --------- d-----w C:\Programfiler\Skype 2008-09-10 10:47 --------- d-----w C:\Documents and Settings\All Users\Programdata\Skype 2008-09-06 09:16 --------- d-----w C:\Programfiler\Messenger Plus! Live 2008-08-31 14:26 --------- d-----w C:\Documents and Settings\Knut_PC\Programdata\DNA 2008-08-30 16:45 --------- d-----w C:\Programfiler\DNA 2008-08-22 15:49 --------- d-----w C:\Programfiler\Java 2008-08-15 09:37 --------- d-----w C:\Programfiler\WinSCP 2008-08-09 20:07 --------- d-----w C:\Programfiler\icuii 2008-07-28 00:22 --------- d-----w C:\Documents and Settings\Knut_PC\Programdata\dvdcss 2008-04-16 11:42 32 ----a-w C:\Documents and Settings\All Users\Programdata\ezsid.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22e5c36e-d56d-4671-b420-a477a77cf1ec}] 2008-09-30 18:33 123904 --a------ C:\WINDOWS\system32\etakpf.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-22 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "Google Update"="C:\Documents and Settings\Knut_PC\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" [2008-09-03 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "egui"="C:\Programfiler\ESET\ESET Smart Security\egui.exe" [2007-11-14 1410304] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-11 406016] "LVCOMSX"="C:\Programfiler\Fellesfiler\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248] "LogitechCommunicationsManager"="C:\Programfiler\Fellesfiler\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2008-03-16 385024] "ISUSPM Startup"="C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184] "ISTray"="C:\Programfiler\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264] "BMab9547e2"="C:\WINDOWS\system32\qkdqhxhy.dll" [2008-09-30 101888] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 C:\WINDOWS\ALCXMNTR.EXE] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 C:\WINDOWS\KHALMNPR.Exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 C:\WINDOWS\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Logitech SetPoint.lnk - C:\Programfiler\Logitech\SetPoint\SetPoint.exe [2008-01-16 692224] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=etakpf.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= Pvmjpg30.dll "VIDC.PIM1"= pclepim1.dll "VIDC.MFZ0"= MyFlashZip0.ax [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Gamma Loader.exe.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Gamma Loader.exe.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^TrayMin300.exe.lnk] path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\TrayMin300.exe.lnk backup=C:\WINDOWS\pss\TrayMin300.exe.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 C:\Programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2008-02-28 18:07 132392 C:\Programfiler\Fellesfiler\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath] --a------ 2004-06-09 15:37 40960 C:\WINDOWS\VM_STI.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2008-04-14 18:22 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-02-16 17:15 221184 C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] --a--c--- 2006-06-26 10:34 614960 C:\Programfiler\Logitech\QuickCam10\QuickCam10.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdeamon] --a------ 2007-06-01 09:06 20480 C:\Programfiler\Lexmark 4800 Series\lxdeamon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdemon.exe] --a------ 2007-06-11 14:53 455600 C:\Programfiler\Lexmark 4800 Series\lxdemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2008-02-18 17:29 2221352 C:\Programfiler\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2008-04-28 17:14 570664 C:\Programfiler\Fellesfiler\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-16 16:14 385024 C:\Programfiler\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-08-12 18:19 21741864 C:\Programfiler\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2007-03-28 01:07 593920 C:\Programfiler\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] --a------ 2008-05-06 10:42 202088 C:\Programfiler\TomTom HOME 2\HOMERunner.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\FlashFXP\\FlashFXP.exe"= "C:\\Programfiler\\Nero\\Nero8\\Nero ShowTime\\ShowTime.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\Lexmark 4800 Series\\Drivers\\I386\\lxdewbgw.exe"= "C:\\Programfiler\\Lexmark 4800 Series\\lxdeamon.exe"= "C:\\Programfiler\\Lexmark 4800 Series\\FRun.exe"= "C:\\Programfiler\\Lexmark 4800 Series\\lxdemon.exe"= "C:\\WINDOWS\\system32\\lxdecfg.exe"= "C:\\WINDOWS\\system32\\lxdecoms.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdepswx.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdejswx.exe"= "C:\\Programfiler\\Lexmark 4800 Series\\Wireless\\lxdewpss.exe"= "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdetime.exe"= "C:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "C:\\Programfiler\\icuii\\ICUII.exe"= "C:\\Programfiler\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"= "C:\\Programfiler\\Pinnacle\\Studio 10\\programs\\RM.exe"= "C:\\Programfiler\\Pinnacle\\Studio 10\\programs\\Studio.exe"= "C:\\Programfiler\\Pinnacle\\Studio 10\\programs\\umi.exe"= "C:\\Programfiler\\DNA\\btdna.exe"= "C:\\Programfiler\\BitTorrent\\bittorrent.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "C:\\Programfiler\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9100:TCP"= 9100:TCP:Skriver "9100:UDP"= 9100:UDP:Skriver ut "21:UDP"= 21:UDP:Ftp R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-07-28 160792] R2 lxde_device;lxde_device;C:\WINDOWS\system32\lxdecoms.exe [2007-05-29 598960] R2 NMSAccessU;NMSAccessU;C:\Programfiler\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096] R3 cmeu0wdm;CardMan 2020;C:\WINDOWS\system32\DRIVERS\cmeu0wdm.sys [2004-06-21 42537] S2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdeserv.exe [2007-05-29 99248] S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 61536] S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 9360] S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 97088] S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 88624] S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 18704] S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 86432] S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 90800] . Contents of the 'Scheduled Tasks' folder . - - - - ORPHANS REMOVED - - - - BHO-{376EFD74-7AA4-44A4-9E39-E374ED3139A9} - (no file) BHO-{8B036371-BCDE-434F-AC17-6DEC5C7FDA5E} - C:\WINDOWS\system32\hgGvvvWM.dll WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) ShellExecuteHooks-{376EFD74-7AA4-44A4-9E39-E374ED3139A9} - (no file) Notify-mlJBQGVM - (no file) MSConfigStartUp-EzPrint - C:\Programfiler\Lexmark 2300 Series\ezprint.exe MSConfigStartUp-lxcgmon - C:\Programfiler\Lexmark 2300 Series\lxcgmon.exe MSConfigStartUp-PicoZip - C:\Programfiler\PicoZip\PicoZipTray.exe MSConfigStartUp-OpAgent - OpAgent.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Knut_PC\Programdata\Mozilla\Firefox\Profiles\h16i19rc.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://startsiden.no FF -: plugin - C:\Documents and Settings\Knut_PC\Lokale innstillinger\Programdata\Google\Update\1.2.131.11\npGoogleOneClick5.dll FF -: plugin - C:\Programfiler\DNA\plugins\npbtdna.dll FF -: plugin - C:\Programfiler\Mozilla Firefox\plugins\npbittorrent.dll FF -: plugin - C:\Programfiler\Vizky\npVizky.dll . . ------- File Associations ------- . txtfile="C:\Programfiler\JGsoft\EditPadLite\EditPadLite.exe" "%1" . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-01 00:13:07 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\Programfiler\Fellesfiler\Logitech\LVMVFM\LVPrcSrv.exe C:\WINDOWS\system32\scardsvr.exe C:\Programfiler\ESET\ESET Smart Security\ekrn.exe C:\Programfiler\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Programfiler\Spyware Doctor\pctsAuxs.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.exe . ************************************************************************** . Completion time: 2008-10-01 0:26:12 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-30 22:26:08 Pre-Run: 50 559 942 656 byte ledig Post-Run: 50,581,532,672 byte ledig 274 --- E O F --- 2008-09-16 01:00:47 Lenke til kommentar
norbat Skrevet 1. oktober 2008 Del Skrevet 1. oktober 2008 Knut63: Kjør gjennom hele veiledningen: https://www.diskusjon.no/index.php?showtopic=691246. Loggene poster du i en egen tråd som du oppretter ved å velge Nytt Emne-knappen Lenke til kommentar
Auke Skrevet 8. juli 2009 Del Skrevet 8. juli 2009 Sliter med virus. Kjørte Combofix. Logen så slik ut: ComboFix 09-07-07.A8 - Atle 08.07.2009 16:31.8 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.47.1044.18.509.282 [GMT 2:00] Kjører fra: c:\documents and settings\Atle\Skrivebord\ComboFix.exe AV: Eset NOD32 antivirus system 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Anti-virus er aktiv . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-06-08 til 2009-07-08 ))))))))))))))))))))))))))))))))) . Ingen nye filer opprettet i dette tidsrommet . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-08 13:42 . 2009-04-20 10:50 -------- d---a-w- c:\documents and settings\All Users\Programdata\TEMP 2009-07-06 17:58 . 2007-08-26 14:15 -------- d-----w- c:\programfiler\DC++ 2009-06-20 20:23 . 2008-12-27 11:45 -------- d-----w- c:\documents and settings\Atle\Programdata\Spotify 2009-05-29 18:12 . 2009-05-29 18:11 -------- d-----w- c:\programfiler\Hotspot Shield 2009-05-21 14:57 . 2009-05-21 14:56 -------- d-----w- c:\documents and settings\All Users\Programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-05-21 14:57 . 2007-08-26 14:32 -------- d-----w- c:\programfiler\iTunes 2009-05-21 14:56 . 2009-05-21 14:56 -------- d-----w- c:\programfiler\iPod 2009-05-21 14:56 . 2007-08-26 14:26 -------- d-----w- c:\programfiler\Fellesfiler\Apple 2009-05-21 14:52 . 2009-05-21 14:52 -------- d-----w- c:\programfiler\QuickTime 2009-05-21 14:42 . 2009-05-21 14:42 75048 ----a-w- c:\documents and settings\All Users\Programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe 2009-05-21 14:39 . 2008-09-22 18:50 -------- d-----w- c:\programfiler\Safari 2009-05-21 14:36 . 2009-05-21 14:36 -------- d-----w- c:\programfiler\Bonjour 2009-05-20 19:54 . 2009-05-20 19:54 33840 ----a-w- c:\windows\system32\drivers\HssDrv.sys 2009-05-19 16:28 . 2007-08-18 10:47 42168 ----a-w- c:\documents and settings\Atle\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT 2009-05-14 18:08 . 2009-05-14 18:08 27136 ----a-w- c:\windows\system32\drivers\tapvpn.sys 2009-05-10 16:31 . 2007-08-20 16:53 -------- d-----w- c:\programfiler\Spybot - Search & Destroy 2009-04-30 21:08 . 2009-05-29 18:42 575488 ----a-w- c:\documents and settings\Atle\Programdata\Mozilla\Firefox\Profiles\ywxpcq6d.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll 2009-04-19 13:35 . 2009-04-19 13:35 152576 ----a-w- c:\documents and settings\Atle\Programdata\Sun\Java\jre1.6.0_13\lzma.dll 2009-04-12 14:41 . 2001-10-09 12:00 72088 ----a-w- c:\windows\system32\perfc014.dat 2009-04-12 14:41 . 2001-10-09 12:00 408142 ----a-w- c:\windows\system32\perfh014.dat . ((((((((((((((((((((((((((((( SnapShot@2009-07-08_13.16.51 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-08 13:40 . 2009-07-08 13:40 16384 c:\windows\temp\Perflib_Perfdata_1d4.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] 2009-05-29 18:11 218160 ----a-w- c:\programfiler\Hotspot Shield\hssie\HssIE.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "MsnMsgr"="c:\programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "SpybotSD TeaTimer"="c:\programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-08 68856] "RegistryMechanic"="c:\programfiler\Registry Mechanic\RegMech.exe" [2008-07-08 2828184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nod32kui"="c:\programfiler\Eset\nod32kui.exe" [2007-08-18 917504] "ATIPTA"="c:\programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-13 294912] "PRISMSVR.EXE"="c:\programfiler\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE" [2004-04-26 295001] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "AppleSyncNotifier"="c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 177472] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2009-04-02 342312] "ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-04 28672] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2002-09-11 46592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ 3Com Wireless 11g PC Card.lnk - c:\programfiler\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\Monitor.exe [2004-7-2 299008] Adobe Gamma Loader.lnk - c:\programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-25 113664] Kodak EasyShare software.lnk - c:\programfiler\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "c:\\Programfiler\\MSN Messenger\\livecall.exe"= "c:\\Programfiler\\DC++\\DCPlusPlus.exe"= "c:\\Programfiler\\Last.fm\\LastFM.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\Programfiler\\Opera\\Opera.exe"= "c:\\Programfiler\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Programfiler\\Java\\jre6\\bin\\javaw.exe"= "c:\\Programfiler\\Spotify\\spotify.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= R2 HssSrv;Hotspot Shield Routing Service;c:\programfiler\Hotspot Shield\HssWPR\hsssrv.exe [20.05.2009 21:53 331312] R3 WBFIRDMA;Winbond infrarød enhetsdriver;c:\windows\system32\drivers\wbfirdma.sys [18.08.2007 14:11 35871] S3 3C154G;3Com OfficeConnect 802.11g PC Card Driver;c:\windows\system32\drivers\3C154G72.sys [23.12.2007 17:01 386432] S3 HssTrayService;Hotspot Shield Tray Service;c:\programfiler\Hotspot Shield\bin\HssTrayService.exe [21.05.2009 00:29 34352] S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [28.03.2008 16:04 61536] S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [28.03.2008 16:04 9360] S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [28.03.2008 16:04 97088] S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [28.03.2008 16:04 88624] S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [28.03.2008 16:05 18704] S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [28.03.2008 16:04 86432] S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [28.03.2008 16:04 90800] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [07.09.2007 16:23 36864] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-06-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2007-07-25 10:34] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.no/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uInternet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=lo alhost:1080 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: imon.dll FF - ProfilePath - c:\documents and settings\Atle\Programdata\Mozilla\Firefox\Profiles\ywxpcq6d.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.no FF - component: c:\documents and settings\Atle\Programdata\Mozilla\Firefox\Profiles\ywxpcq6d.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-08 16:35 Windows 5.1.2600 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ÿÿŒ^L*] "DisplayName"="" "DeviceDesc"="" "ProviderName"="00" "MFG"="????????2" "ReinstallString"="??" "DeviceInstanceIds"=multi:"s\\atle\\lokale innstillinger\\temporary internet files\\content.ie5\\sbsw29jq\\g732[1]\\driver\\2kxp_inf\\cx_07817.inf0" . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'lsass.exe'(852) c:\windows\system32\imon.dll - - - - - - - > 'explorer.exe'(3804) c:\windows\system32\msi.dll . Tidspunkt ferdig: 2009-07-08 16:38 ComboFix-quarantined-files.txt 2009-07-08 14:38 ComboFix2.txt 2009-07-08 13:36 ComboFix3.txt 2009-07-08 13:18 ComboFix4.txt 2008-09-28 20:14 Pre-Run: 4 498 890 752 byte ledig Post-Run: 4 787 380 224 byte ledig 149 Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå