Enya Skrevet 28. november 2008 Rapporter Del Skrevet 28. november 2008 Ja, jeg har tatt på meg ansvaret med å prøve å fikse pcen til søsteren min. Symptomet er vel at den går fryktelig tregt og er enkelte ting jeg ikke klarer å åpne som "Ctrl+Alt+Del" og internett. Hun påstår at dette skjedde plutselig så jeg regner med at det er noe snusk som er kommet. Har kjørt igjennom MBAM, Combofix og Hijackthis så her er loggene. Håper noen kan finne ut hva den er infisert av MBAM Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.30 Database versjon: 1431 Windows 5.1.2600 Service Pack 2 28.11.2008 17:06:16 mbam-log-2008-11-28 (17-06-16).txt Skanntype: Rask Skann Objekter skannet: 43797 Tid tilbakelagt: 2 minute(s), 24 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 1 Registernøkler infisert: 1 Registerverdier infisert: 5 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 18 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: C:\WINDOWS\system32\__c008B268.dat (Trojan.Agent) -> Delete on reboot. Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c008b268 (Trojan.Vundo) -> Delete on reboot. Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f2d92de.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f34af5d.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f5b0341.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f17bc2.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f8dd1a.exe (Trojan.Agent) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\WINDOWS\system32\__c0012462.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Sigrid\Lokale innstillinger\Temp\_A00F2D92DE.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Sigrid\Lokale innstillinger\Temp\_A00F34AF5D.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Sigrid\Lokale innstillinger\Temp\_A00F5B0341.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Sigrid\Lokale innstillinger\Temp\_A00F17BC2.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Sigrid\Lokale innstillinger\Temp\_A00F8DD1A.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\__c008B268.dat (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\__c0026468.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\__c008D7D2.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\__c009FCC3.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\__c00A8118.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\__c00D752D.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\__c0013252.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\__c0039EB7.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\__c0041AA6.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\__c00DC844.exe (Trojan.Vundo) -> Quarantined and deleted successfully. Combofix Klikk for å se/fjerne innholdet nedenfor ComboFix 08-11-27.07 - Sigrid 2008-11-28 17:18:53.1 - NTFSx86 Kjører fra: f:\virusfjerning\ComboFix.exe ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\IE4 Error Log.txt c:\windows\system32\1.tmp c:\windows\system32\2.tmp c:\windows\system32\3.tmp c:\windows\system32\4.tmp c:\windows\system32\5.tmp c:\windows\system32\6.tmp c:\windows\system32\7.tmp c:\windows\system32\8.tmp c:\windows\system32\9.tmp c:\windows\system32\A.tmp c:\windows\system32\B.tmp c:\windows\system32\C.tmp c:\windows\system32\D.tmp C:\xcrashdump.dat . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-10-28 til 2008-11-28 ))))))))))))))))))))))))))))))))) . 2008-11-28 17:18 . 2008-11-28 17:18 0 --a------ c:\windows\system32\35.tmp 2008-11-28 17:08 . 2008-11-28 17:08 0 --a------ c:\windows\system32\32.tmp 2008-11-28 17:07 . 2008-11-28 17:07 0 --a------ c:\windows\system32\2D.tmp 2008-11-28 17:06 . 2008-11-28 17:06 268 --ah----- C:\sqmdata10.sqm 2008-11-28 17:06 . 2008-11-28 17:06 244 --ah----- C:\sqmnoopt10.sqm 2008-11-28 17:02 . 2008-11-28 17:02 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2008-11-28 17:02 . 2008-11-28 17:02 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\Malwarebytes 2008-11-28 17:02 . 2008-11-28 17:02 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2008-11-28 17:02 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-28 17:02 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-21 21:12 . 2008-11-21 21:12 0 --a------ c:\windows\system32\30.tmp 2008-11-20 18:52 . 2008-11-20 18:52 0 --a------ c:\windows\system32\2F.tmp 2008-11-17 16:11 . 2008-11-17 16:11 0 --a------ c:\windows\system32\34.tmp 2008-11-17 16:02 . 2008-11-17 16:02 0 --a------ c:\windows\system32\2E.tmp 2008-11-17 16:01 . 2008-11-17 16:01 318,464 --ahs---- c:\windows\system32\26.tmp 2008-11-13 21:00 . 2008-11-13 21:00 0 --a------ c:\windows\system32\2C.tmp 2008-11-13 18:25 . 2008-11-13 18:25 0 --a------ c:\windows\system32\2B.tmp 2008-11-12 20:50 . 2008-11-12 20:50 0 --a------ c:\windows\system32\4A.tmp 2008-11-12 20:07 . 2008-11-12 20:07 0 --a------ c:\windows\system32\2A.tmp 2008-11-11 15:23 . 2008-11-11 15:23 0 --a------ c:\windows\system32\29.tmp 2008-11-10 19:39 . 2008-11-10 19:39 0 --a------ c:\windows\system32\28.tmp 2008-11-10 16:15 . 2008-11-10 16:15 318,464 --ahs---- c:\windows\system32\1C.tmp 2008-11-10 16:15 . 2008-11-10 16:15 0 --a------ c:\windows\system32\27.tmp 2008-11-09 18:33 . 2008-11-09 18:33 0 --a------ c:\windows\system32\25.tmp 2008-11-09 18:13 . 2008-11-09 18:13 <DIR> d-------- c:\programfiler\Electronic Arts 2008-11-09 14:13 . 2008-11-09 14:13 0 --a------ c:\windows\system32\24.tmp 2008-11-08 21:18 . 2008-11-08 21:18 0 --a------ c:\windows\system32\23.tmp 2008-11-08 17:56 . 2008-11-08 17:56 0 --a------ c:\windows\system32\22.tmp 2008-11-08 10:33 . 2008-11-08 10:33 0 --a------ c:\windows\system32\21.tmp 2008-11-07 22:27 . 2008-11-07 22:27 0 --a------ c:\windows\system32\134.tmp 2008-11-07 22:26 . 2008-11-07 22:26 0 --a------ c:\windows\system32\132.tmp 2008-11-07 22:08 . 2008-11-07 22:08 268 --ah----- C:\sqmdata06.sqm 2008-11-07 22:08 . 2008-11-07 22:08 244 --ah----- C:\sqmnoopt08.sqm 2008-11-07 22:08 . 2008-11-07 22:08 244 --ah----- C:\sqmnoopt07.sqm 2008-11-07 22:08 . 2008-11-07 22:08 244 --ah----- C:\sqmnoopt06.sqm 2008-11-07 22:08 . 2008-11-07 22:08 232 --ah----- C:\sqmdata08.sqm 2008-11-07 22:08 . 2008-11-07 22:08 232 --ah----- C:\sqmdata07.sqm 2008-11-07 22:08 . 2008-11-07 22:08 172 --ah----- C:\sqmnoopt09.sqm 2008-11-07 22:08 . 2008-11-07 22:08 172 --ah----- C:\sqmdata09.sqm 2008-11-07 18:39 . 2008-11-07 18:39 268 --ah----- C:\sqmdata05.sqm 2008-11-07 18:39 . 2008-11-07 18:39 244 --ah----- C:\sqmnoopt05.sqm 2008-11-07 18:38 . 2008-11-07 18:38 268 --ah----- C:\sqmdata04.sqm 2008-11-07 18:38 . 2008-11-07 18:38 244 --ah----- C:\sqmnoopt04.sqm 2008-11-07 18:38 . 2008-11-07 18:38 0 --a------ c:\windows\system32\20.tmp 2008-11-07 17:49 . 2008-11-07 17:49 268 --ah----- C:\sqmdata03.sqm 2008-11-07 17:49 . 2008-11-07 17:49 244 --ah----- C:\sqmnoopt03.sqm 2008-11-07 17:25 . 2008-11-07 17:25 0 --a------ c:\windows\system32\1F.tmp 2008-11-05 18:56 . 2008-11-05 18:56 0 --a------ c:\windows\system32\1E.tmp 2008-11-03 20:33 . 2008-11-03 20:33 0 --a------ c:\windows\system32\1D.tmp 2008-11-03 19:18 . 2008-11-03 19:18 318,464 --ahs---- c:\windows\system32\18.tmp 2008-11-02 17:26 . 2008-11-02 17:26 0 --a------ c:\windows\system32\1A.tmp 2008-11-02 17:25 . 2008-11-02 17:25 318,464 --ahs---- c:\windows\system32\16.tmp 2008-11-02 16:19 . 2008-11-02 16:19 0 --a------ c:\windows\system32\2738.tmp 2008-11-02 14:56 . 2008-11-02 14:56 0 --a------ c:\windows\system32\15.tmp 2008-11-02 13:04 . 2008-11-02 13:04 318,464 --ahs---- c:\windows\system32\14.tmp 2008-11-02 13:04 . 2008-11-02 13:04 318,464 --ahs---- c:\windows\system32\13.tmp 2008-11-02 12:07 . 2008-11-02 12:07 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\Pogo Games 2008-11-02 11:33 . 2008-11-02 11:33 318,464 --ahs---- c:\windows\system32\12.tmp 2008-11-01 21:45 . 2008-11-01 21:45 318,464 --ahs---- c:\windows\system32\10.tmp 2008-11-01 16:53 . 2008-11-01 16:53 0 --a------ c:\windows\system32\11.tmp 2008-11-01 15:38 . 2008-11-01 15:38 0 --a------ c:\windows\system32\F.tmp 2008-10-31 15:28 . 2008-10-31 15:28 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\blg 2008-10-31 15:28 . 2008-10-31 15:28 <DIR> d-------- c:\documents and settings\All Users\Programdata\blg 2008-10-31 14:17 . 2008-10-31 14:17 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\PetShowCraze 2008-10-30 20:00 . 2008-10-30 20:00 318,464 --ahs---- c:\windows\system32\19.tmp 2008-10-30 19:59 . 2008-10-30 19:59 318,464 --ahs---- c:\windows\system32\17.tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-02 11:44 --------- d---a-w c:\documents and settings\All Users\Programdata\TEMP 2008-11-02 11:07 --------- d-----w c:\documents and settings\All Users\Programdata\BigFishGamesCache 2008-10-25 20:18 318,464 --sha-w c:\windows\system32\D0.tmp 2008-10-25 20:18 318,464 --sha-w c:\windows\system32\CF.tmp 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-22 17:21 318,464 --sha-w c:\windows\system32\88.tmp 2008-10-22 16:21 318,464 --sha-w c:\windows\system32\87.tmp 2008-10-22 15:18 318,464 --sha-w c:\windows\system32\4C.tmp 2008-10-22 14:18 318,464 --sha-w c:\windows\system32\4B.tmp 2008-10-22 13:18 318,464 --sha-w c:\windows\system32\49.tmp 2008-10-22 12:18 318,464 --sha-w c:\windows\system32\1B.tmp 2008-10-22 12:17 131,072 ----a-w c:\windows\system32\dxtrans32.dll 2008-10-17 14:20 126,976 ----a-w c:\windows\system32\filemgmt32.dll 2008-10-06 10:51 --------- d-----w c:\documents and settings\Sigrid\Programdata\PlayFirst 2008-10-06 10:05 --------- d-----w c:\documents and settings\Sigrid\Programdata\EleFun Games 2008-09-15 15:42 1,846,016 ----a-w c:\windows\system32\win32k.sys 2008-09-04 16:46 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2008-03-02 10:13 0 ----a-w c:\programfiler\temp01 . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "SoundMan"="SOUNDMAN.EXE" [2003-04-24 c:\windows\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\6c16de67486] 2008-10-22 13:17 131072 c:\windows\system32\dxtrans32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\dxtrans32.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2008-09-24 67968] *Newly Created Service* - PROCEXP90 . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-11-21 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job - c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . . ------- Tilleggsskanning ------- . FireFox -: Profile - c:\documents and settings\Sigrid\Programdata\Mozilla\Firefox\Profiles\ayoumz6v.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - www.startsiden.no . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-28 17:19:53 Windows 5.1.2600 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(684) c:\windows\System32\dxtrans32.dll - - - - - - - > 'lsass.exe'(744) c:\windows\System32\dxtrans32.dll . Tidspunkt ferdig: 2008-11-28 17:20:41 ComboFix-quarantined-files.txt 2008-11-28 16:20:28 Pre-Run: 228 277 305 344 byte ledig Post-Run: 228,404,908,032 byte ledig 169 --- E O F --- 2008-11-17 18:02:19 Hijackthis Klikk for å se/fjerne innholdet nedenfor Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:23:15, on 28.11.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Programfiler\Java\jre1.6.0_03\bin\jucheck.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\imapi.exe C:\WINDOWS\explorer.exe C:\Programfiler\Trend Micro\HijackThis\test.exe.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1201982593843 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O20 - AppInit_DLLs: C:\WINDOWS\System32\dxtrans32.dll O20 - Winlogon Notify: 6c16de67486 - C:\WINDOWS\System32\dxtrans32.dll -- End of file - 4359 bytes Lenke til kommentar
raWrz Skrevet 28. november 2008 Rapporter Del Skrevet 28. november 2008 (endret) last ned CCleaner: http://www.filehippo.com/download_ccleaner/ kjør den og gi meg ny combofix logg når den er ferdig edit: skru data'n av og på og ta ny skann med mbam Endret 28. november 2008 av Submit Lenke til kommentar
Enya Skrevet 28. november 2008 Forfatter Rapporter Del Skrevet 28. november 2008 Usikker på hvilken rekkefølge du vil ha det i etter du editerte litt, men jeg tolket det slik: Restart --> CCleaner --> Restart --> MBAM --> Restart --> Combofix Da fikk jeg disse loggene: MBAM Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.30 Database versjon: 1431 Windows 5.1.2600 Service Pack 2 28.11.2008 18:00:38 mbam-log-2008-11-28 (18-00-38).txt Skanntype: Rask Skann Objekter skannet: 42944 Tid tilbakelagt: 7 minute(s), 33 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Combofix Klikk for å se/fjerne innholdet nedenfor ComboFix 08-11-27.07 - Sigrid 2008-11-28 18:21:53.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.751 [GMT 1:00] Kjører fra: f:\virusfjerning\ComboFix.exe ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-10-28 til 2008-11-28 ))))))))))))))))))))))))))))))))) . 2008-11-28 18:10 . 2008-11-28 18:10 0 --a------ c:\windows\system32\5.tmp 2008-11-28 18:05 . 2008-11-28 18:05 0 --a------ c:\windows\system32\3.tmp 2008-11-28 18:04 . 2008-11-28 18:04 268 --ah----- C:\sqmdata11.sqm 2008-11-28 18:04 . 2008-11-28 18:04 244 --ah----- C:\sqmnoopt11.sqm 2008-11-28 17:50 . 2008-11-28 17:50 0 --a------ c:\windows\system32\2.tmp 2008-11-28 17:48 . 2008-11-28 18:01 <DIR> dr-h----- c:\documents and settings\Sigrid\Siste 2008-11-28 17:46 . 2008-11-28 17:46 <DIR> d-------- c:\programfiler\Yahoo! 2008-11-28 17:46 . 2008-11-28 17:46 <DIR> d-------- c:\programfiler\CCleaner 2008-11-28 17:21 . 2008-11-28 17:21 <DIR> d-------- c:\programfiler\Trend Micro 2008-11-28 17:18 . 2008-11-28 17:18 0 --a------ c:\windows\system32\35.tmp 2008-11-28 17:08 . 2008-11-28 17:08 0 --a------ c:\windows\system32\32.tmp 2008-11-28 17:07 . 2008-11-28 17:07 0 --a------ c:\windows\system32\2D.tmp 2008-11-28 17:06 . 2008-11-28 17:06 268 --ah----- C:\sqmdata10.sqm 2008-11-28 17:06 . 2008-11-28 17:06 244 --ah----- C:\sqmnoopt10.sqm 2008-11-28 17:02 . 2008-11-28 17:02 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2008-11-28 17:02 . 2008-11-28 17:02 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\Malwarebytes 2008-11-28 17:02 . 2008-11-28 17:02 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2008-11-28 17:02 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-28 17:02 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-21 21:12 . 2008-11-21 21:12 0 --a------ c:\windows\system32\30.tmp 2008-11-20 18:52 . 2008-11-20 18:52 0 --a------ c:\windows\system32\2F.tmp 2008-11-17 16:11 . 2008-11-17 16:11 0 --a------ c:\windows\system32\34.tmp 2008-11-17 16:02 . 2008-11-17 16:02 0 --a------ c:\windows\system32\2E.tmp 2008-11-17 16:01 . 2008-11-17 16:01 318,464 --ahs---- c:\windows\system32\26.tmp 2008-11-13 21:00 . 2008-11-13 21:00 0 --a------ c:\windows\system32\2C.tmp 2008-11-13 18:25 . 2008-11-13 18:25 0 --a------ c:\windows\system32\2B.tmp 2008-11-12 20:50 . 2008-11-12 20:50 0 --a------ c:\windows\system32\4A.tmp 2008-11-12 20:07 . 2008-11-12 20:07 0 --a------ c:\windows\system32\2A.tmp 2008-11-11 15:23 . 2008-11-11 15:23 0 --a------ c:\windows\system32\29.tmp 2008-11-10 19:39 . 2008-11-10 19:39 0 --a------ c:\windows\system32\28.tmp 2008-11-10 16:15 . 2008-11-10 16:15 318,464 --ahs---- c:\windows\system32\1C.tmp 2008-11-10 16:15 . 2008-11-10 16:15 0 --a------ c:\windows\system32\27.tmp 2008-11-09 18:33 . 2008-11-09 18:33 0 --a------ c:\windows\system32\25.tmp 2008-11-09 18:13 . 2008-11-09 18:13 <DIR> d-------- c:\programfiler\Electronic Arts 2008-11-09 14:13 . 2008-11-09 14:13 0 --a------ c:\windows\system32\24.tmp 2008-11-08 21:18 . 2008-11-08 21:18 0 --a------ c:\windows\system32\23.tmp 2008-11-08 17:56 . 2008-11-08 17:56 0 --a------ c:\windows\system32\22.tmp 2008-11-08 10:33 . 2008-11-08 10:33 0 --a------ c:\windows\system32\21.tmp 2008-11-07 22:27 . 2008-11-07 22:27 0 --a------ c:\windows\system32\134.tmp 2008-11-07 22:26 . 2008-11-07 22:26 0 --a------ c:\windows\system32\132.tmp 2008-11-07 22:08 . 2008-11-07 22:08 268 --ah----- C:\sqmdata06.sqm 2008-11-07 22:08 . 2008-11-07 22:08 244 --ah----- C:\sqmnoopt08.sqm 2008-11-07 22:08 . 2008-11-07 22:08 244 --ah----- C:\sqmnoopt07.sqm 2008-11-07 22:08 . 2008-11-07 22:08 244 --ah----- C:\sqmnoopt06.sqm 2008-11-07 22:08 . 2008-11-07 22:08 232 --ah----- C:\sqmdata08.sqm 2008-11-07 22:08 . 2008-11-07 22:08 232 --ah----- C:\sqmdata07.sqm 2008-11-07 22:08 . 2008-11-07 22:08 172 --ah----- C:\sqmnoopt09.sqm 2008-11-07 22:08 . 2008-11-07 22:08 172 --ah----- C:\sqmdata09.sqm 2008-11-07 18:39 . 2008-11-07 18:39 268 --ah----- C:\sqmdata05.sqm 2008-11-07 18:39 . 2008-11-07 18:39 244 --ah----- C:\sqmnoopt05.sqm 2008-11-07 18:38 . 2008-11-07 18:38 268 --ah----- C:\sqmdata04.sqm 2008-11-07 18:38 . 2008-11-07 18:38 244 --ah----- C:\sqmnoopt04.sqm 2008-11-07 18:38 . 2008-11-07 18:38 0 --a------ c:\windows\system32\20.tmp 2008-11-07 17:49 . 2008-11-07 17:49 268 --ah----- C:\sqmdata03.sqm 2008-11-07 17:49 . 2008-11-07 17:49 244 --ah----- C:\sqmnoopt03.sqm 2008-11-07 17:25 . 2008-11-07 17:25 0 --a------ c:\windows\system32\1F.tmp 2008-11-05 18:56 . 2008-11-05 18:56 0 --a------ c:\windows\system32\1E.tmp 2008-11-03 20:33 . 2008-11-03 20:33 0 --a------ c:\windows\system32\1D.tmp 2008-11-03 19:18 . 2008-11-03 19:18 318,464 --ahs---- c:\windows\system32\18.tmp 2008-11-02 17:26 . 2008-11-02 17:26 0 --a------ c:\windows\system32\1A.tmp 2008-11-02 17:25 . 2008-11-02 17:25 318,464 --ahs---- c:\windows\system32\16.tmp 2008-11-02 16:19 . 2008-11-02 16:19 0 --a------ c:\windows\system32\2738.tmp 2008-11-02 14:56 . 2008-11-02 14:56 0 --a------ c:\windows\system32\15.tmp 2008-11-02 13:04 . 2008-11-02 13:04 318,464 --ahs---- c:\windows\system32\14.tmp 2008-11-02 13:04 . 2008-11-02 13:04 318,464 --ahs---- c:\windows\system32\13.tmp 2008-11-02 12:07 . 2008-11-02 12:07 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\Pogo Games 2008-11-02 11:33 . 2008-11-02 11:33 318,464 --ahs---- c:\windows\system32\12.tmp 2008-11-01 21:45 . 2008-11-01 21:45 318,464 --ahs---- c:\windows\system32\10.tmp 2008-11-01 16:53 . 2008-11-01 16:53 0 --a------ c:\windows\system32\11.tmp 2008-11-01 15:38 . 2008-11-01 15:38 0 --a------ c:\windows\system32\F.tmp 2008-10-31 15:28 . 2008-10-31 15:28 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\blg 2008-10-31 15:28 . 2008-10-31 15:28 <DIR> d-------- c:\documents and settings\All Users\Programdata\blg 2008-10-31 14:17 . 2008-10-31 14:17 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\PetShowCraze 2008-10-30 20:00 . 2008-10-30 20:00 318,464 --ahs---- c:\windows\system32\19.tmp 2008-10-30 19:59 . 2008-10-30 19:59 318,464 --ahs---- c:\windows\system32\17.tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-02 11:44 --------- d---a-w c:\documents and settings\All Users\Programdata\TEMP 2008-11-02 11:07 --------- d-----w c:\documents and settings\All Users\Programdata\BigFishGamesCache 2008-10-25 20:18 318,464 --sha-w c:\windows\system32\D0.tmp 2008-10-25 20:18 318,464 --sha-w c:\windows\system32\CF.tmp 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-22 17:21 318,464 --sha-w c:\windows\system32\88.tmp 2008-10-22 16:21 318,464 --sha-w c:\windows\system32\87.tmp 2008-10-22 15:18 318,464 --sha-w c:\windows\system32\4C.tmp 2008-10-22 14:18 318,464 --sha-w c:\windows\system32\4B.tmp 2008-10-22 13:18 318,464 --sha-w c:\windows\system32\49.tmp 2008-10-22 12:18 318,464 --sha-w c:\windows\system32\1B.tmp 2008-10-22 12:17 131,072 ----a-w c:\windows\system32\dxtrans32.dll 2008-10-17 14:20 126,976 ----a-w c:\windows\system32\filemgmt32.dll 2008-10-06 10:51 --------- d-----w c:\documents and settings\Sigrid\Programdata\PlayFirst 2008-10-06 10:05 --------- d-----w c:\documents and settings\Sigrid\Programdata\EleFun Games 2008-09-15 15:42 1,846,016 ----a-w c:\windows\system32\win32k.sys 2008-09-04 16:46 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2008-03-02 10:13 0 ----a-w c:\programfiler\temp01 . ((((((((((((((((((((((((((((( snapshot@2008-11-28_17.20.13,95 ))))))))))))))))))))))))))))))))))))))))) . - 2008-10-26 15:36:34 39,992 ----a-w c:\windows\system32\perfc009.dat + 2008-11-28 16:54:59 39,992 ----a-w c:\windows\system32\perfc009.dat - 2008-10-26 15:36:34 46,134 ----a-w c:\windows\system32\perfc014.dat + 2008-11-28 16:54:59 46,134 ----a-w c:\windows\system32\perfc014.dat - 2008-10-26 15:36:34 311,604 ----a-w c:\windows\system32\perfh009.dat + 2008-11-28 16:54:59 311,604 ----a-w c:\windows\system32\perfh009.dat - 2008-10-26 15:36:34 318,652 ----a-w c:\windows\system32\perfh014.dat + 2008-11-28 16:54:59 318,652 ----a-w c:\windows\system32\perfh014.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "SoundMan"="SOUNDMAN.EXE" [2003-04-24 c:\windows\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\6c16de67486] 2008-10-22 13:17 131072 c:\windows\system32\dxtrans32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\dxtrans32.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2008-09-24 67968] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-11-28 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job - c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . . ------- Tilleggsskanning ------- . FireFox -: Profile - c:\documents and settings\Sigrid\Programdata\Mozilla\Firefox\Profiles\ayoumz6v.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - www.startsiden.no . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-28 18:22:33 Windows 5.1.2600 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(680) c:\windows\System32\dxtrans32.dll . Tidspunkt ferdig: 2008-11-28 18:23:18 ComboFix-quarantined-files.txt 2008-11-28 17:23:09 ComboFix2.txt 2008-11-28 16:20:42 Pre-Run: 228,436,852,736 byte ledig Post-Run: 228,428,034,048 byte ledig 170 --- E O F --- 2008-11-17 18:02:19 Restartet og kjørte en MBAM til: Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.30 Database versjon: 1431 Windows 5.1.2600 Service Pack 2 28.11.2008 18:34:19 mbam-log-2008-11-28 (18-34-19).txt Skanntype: Rask Skann Objekter skannet: 42910 Tid tilbakelagt: 7 minute(s), 29 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Maskinen har også sendt ut/inn 30 millioner pakker på ganske kort tid nå. Så noe er alvorlig galt Lenke til kommentar
raWrz Skrevet 28. november 2008 Rapporter Del Skrevet 28. november 2008 takker hadde holdt med sånn Restart --> CCleaner --> MBAM --> Combofix Lenke til kommentar
raWrz Skrevet 28. november 2008 Rapporter Del Skrevet 28. november 2008 Trykk Start - Alle Programmer - Tilbehør - Notisblokk Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken: File:: c:\windows\system32\24.tmp c:\windows\system32\23.tmp c:\windows\system32\22.tmp c:\windows\system32\21.tmp c:\windows\system32\134.tmp c:\windows\system32\132.tmp c:\windows\system32\27.tmp c:\windows\system32\25.tmp c:\windows\system32\30.tmp c:\windows\system32\2F.tmp c:\windows\system32\34.tmp c:\windows\system32\2E.tmp c:\windows\system32\26.tmp c:\windows\system32\2C.tmp c:\windows\system32\2B.tmp c:\windows\system32\4A.tmp c:\windows\system32\2A.tmp c:\windows\system32\29.tmp c:\windows\system32\28.tmp c:\windows\system32\20.tmp c:\windows\system32\1F.tmp c:\windows\system32\1E.tmp c:\windows\system32\1D.tmp c:\windows\system32\18.tmp c:\windows\system32\1A.tmp c:\windows\system32\16.tmp c:\windows\system32\2738.tmp c:\windows\system32\15.tmp c:\windows\system32\14.tmp c:\windows\system32\13.tmp c:\windows\system32\12.tmp c:\windows\system32\10.tmp c:\windows\system32\11.tmp c:\windows\system32\F.tmp c:\windows\system32\19.tmp c:\windows\system32\17.tmp c:\windows\system32\D0.tmp c:\windows\system32\CF.tmp c:\windows\system32\88.tmp c:\windows\system32\87.tmp c:\windows\system32\4C.tmp c:\windows\system32\4B.tmp c:\windows\system32\49.tmp c:\windows\system32\1B.tmp c:\windows\system32\filemgmt32.dll c:\windows\system32\dxtrans32.dll Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\6c16de67486] Lagre det som CFScript på Skrivebordet Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser. Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang. Post innholdet til ComboFix.txt inn i ditt neste svar på forumet. ____________________________________________________________________ kjenner du til mappene blg, PlayFirst? Lenke til kommentar
Enya Skrevet 28. november 2008 Forfatter Rapporter Del Skrevet 28. november 2008 Nei, kjenner ikke til de mappene. Lager ny Combofix nå. Lenke til kommentar
Enya Skrevet 28. november 2008 Forfatter Rapporter Del Skrevet 28. november 2008 (endret) Slik ble den nye Combofiksen etter CFScript Klikk for å se/fjerne innholdet nedenfor ComboFix 08-11-27.07 - Sigrid 2008-11-28 19:13:48.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.762 [GMT 1:00] Kjører fra: c:\documents and settings\Sigrid\Skrivebord\ComboFix.exe Command switches brukt :: c:\documents and settings\Sigrid\Skrivebord\CFScript.txt * Opprettet nytt gjenopprettingspunkt ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! FILE :: c:\windows\system32\10.tmp c:\windows\system32\11.tmp c:\windows\system32\12.tmp c:\windows\system32\13.tmp c:\windows\system32\132.tmp c:\windows\system32\134.tmp c:\windows\system32\14.tmp c:\windows\system32\15.tmp c:\windows\system32\16.tmp c:\windows\system32\17.tmp c:\windows\system32\18.tmp c:\windows\system32\19.tmp c:\windows\system32\1A.tmp c:\windows\system32\1B.tmp c:\windows\system32\1D.tmp c:\windows\system32\1E.tmp c:\windows\system32\1F.tmp c:\windows\system32\20.tmp c:\windows\system32\21.tmp c:\windows\system32\22.tmp c:\windows\system32\23.tmp c:\windows\system32\24.tmp c:\windows\system32\25.tmp c:\windows\system32\26.tmp c:\windows\system32\27.tmp c:\windows\system32\2738.tmp c:\windows\system32\28.tmp c:\windows\system32\29.tmp c:\windows\system32\2A.tmp c:\windows\system32\2B.tmp c:\windows\system32\2C.tmp c:\windows\system32\2E.tmp c:\windows\system32\2F.tmp c:\windows\system32\30.tmp c:\windows\system32\34.tmp c:\windows\system32\49.tmp c:\windows\system32\4A.tmp c:\windows\system32\4B.tmp c:\windows\system32\4C.tmp c:\windows\system32\87.tmp c:\windows\system32\88.tmp c:\windows\system32\CF.tmp c:\windows\system32\D0.tmp c:\windows\system32\dxtrans32.dll c:\windows\system32\F.tmp c:\windows\system32\filemgmt32.dll . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\10.tmp c:\windows\system32\11.tmp c:\windows\system32\12.tmp c:\windows\system32\13.tmp c:\windows\system32\132.tmp c:\windows\system32\134.tmp c:\windows\system32\14.tmp c:\windows\system32\15.tmp c:\windows\system32\16.tmp c:\windows\system32\17.tmp c:\windows\system32\18.tmp c:\windows\system32\19.tmp c:\windows\system32\1A.tmp c:\windows\system32\1B.tmp c:\windows\system32\1D.tmp c:\windows\system32\1E.tmp c:\windows\system32\1F.tmp c:\windows\system32\20.tmp c:\windows\system32\21.tmp c:\windows\system32\22.tmp c:\windows\system32\23.tmp c:\windows\system32\24.tmp c:\windows\system32\25.tmp c:\windows\system32\26.tmp c:\windows\system32\27.tmp c:\windows\system32\2738.tmp c:\windows\system32\28.tmp c:\windows\system32\29.tmp c:\windows\system32\2A.tmp c:\windows\system32\2B.tmp c:\windows\system32\2C.tmp c:\windows\system32\2E.tmp c:\windows\system32\2F.tmp c:\windows\system32\30.tmp c:\windows\system32\34.tmp c:\windows\system32\49.tmp c:\windows\system32\4A.tmp c:\windows\system32\4B.tmp c:\windows\system32\4C.tmp c:\windows\system32\87.tmp c:\windows\system32\88.tmp c:\windows\system32\CF.tmp c:\windows\system32\D0.tmp c:\windows\system32\dxtrans32.dll c:\windows\system32\F.tmp c:\windows\system32\filemgmt32.dll . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-10-28 til 2008-11-28 ))))))))))))))))))))))))))))))))) . 2008-11-28 18:50 . 2008-11-28 18:50 268 --ah----- C:\sqmdata12.sqm 2008-11-28 18:50 . 2008-11-28 18:50 244 --ah----- C:\sqmnoopt12.sqm 2008-11-28 18:25 . 2008-11-28 18:25 0 --a------ c:\windows\system32\4.tmp 2008-11-28 18:10 . 2008-11-28 18:10 0 --a------ c:\windows\system32\5.tmp 2008-11-28 18:05 . 2008-11-28 18:05 0 --a------ c:\windows\system32\3.tmp 2008-11-28 18:04 . 2008-11-28 18:04 268 --ah----- C:\sqmdata11.sqm 2008-11-28 18:04 . 2008-11-28 18:04 244 --ah----- C:\sqmnoopt11.sqm 2008-11-28 17:50 . 2008-11-28 17:50 0 --a------ c:\windows\system32\2.tmp 2008-11-28 17:48 . 2008-11-28 18:34 <DIR> dr-h----- c:\documents and settings\Sigrid\Siste 2008-11-28 17:46 . 2008-11-28 17:46 <DIR> d-------- c:\programfiler\Yahoo! 2008-11-28 17:46 . 2008-11-28 17:46 <DIR> d-------- c:\programfiler\CCleaner 2008-11-28 17:21 . 2008-11-28 17:21 <DIR> d-------- c:\programfiler\Trend Micro 2008-11-28 17:18 . 2008-11-28 17:18 0 --a------ c:\windows\system32\35.tmp 2008-11-28 17:08 . 2008-11-28 17:08 0 --a------ c:\windows\system32\32.tmp 2008-11-28 17:07 . 2008-11-28 17:07 0 --a------ c:\windows\system32\2D.tmp 2008-11-28 17:06 . 2008-11-28 17:06 268 --ah----- C:\sqmdata10.sqm 2008-11-28 17:06 . 2008-11-28 17:06 244 --ah----- C:\sqmnoopt10.sqm 2008-11-28 17:02 . 2008-11-28 17:02 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2008-11-28 17:02 . 2008-11-28 17:02 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\Malwarebytes 2008-11-28 17:02 . 2008-11-28 17:02 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2008-11-28 17:02 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-28 17:02 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-10 16:15 . 2008-11-10 16:15 318,464 --ahs---- c:\windows\system32\1C.tmp 2008-11-09 18:13 . 2008-11-09 18:13 <DIR> d-------- c:\programfiler\Electronic Arts 2008-11-07 22:08 . 2008-11-07 22:08 268 --ah----- C:\sqmdata06.sqm 2008-11-07 22:08 . 2008-11-07 22:08 244 --ah----- C:\sqmnoopt08.sqm 2008-11-07 22:08 . 2008-11-07 22:08 244 --ah----- C:\sqmnoopt07.sqm 2008-11-07 22:08 . 2008-11-07 22:08 244 --ah----- C:\sqmnoopt06.sqm 2008-11-07 22:08 . 2008-11-07 22:08 232 --ah----- C:\sqmdata08.sqm 2008-11-07 22:08 . 2008-11-07 22:08 232 --ah----- C:\sqmdata07.sqm 2008-11-07 22:08 . 2008-11-07 22:08 172 --ah----- C:\sqmnoopt09.sqm 2008-11-07 22:08 . 2008-11-07 22:08 172 --ah----- C:\sqmdata09.sqm 2008-11-07 18:39 . 2008-11-07 18:39 268 --ah----- C:\sqmdata05.sqm 2008-11-07 18:39 . 2008-11-07 18:39 244 --ah----- C:\sqmnoopt05.sqm 2008-11-07 18:38 . 2008-11-07 18:38 268 --ah----- C:\sqmdata04.sqm 2008-11-07 18:38 . 2008-11-07 18:38 244 --ah----- C:\sqmnoopt04.sqm 2008-11-07 17:49 . 2008-11-07 17:49 268 --ah----- C:\sqmdata03.sqm 2008-11-07 17:49 . 2008-11-07 17:49 244 --ah----- C:\sqmnoopt03.sqm 2008-11-02 12:07 . 2008-11-02 12:07 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\Pogo Games 2008-10-31 15:28 . 2008-10-31 15:28 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\blg 2008-10-31 15:28 . 2008-10-31 15:28 <DIR> d-------- c:\documents and settings\All Users\Programdata\blg 2008-10-31 14:17 . 2008-10-31 14:17 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\PetShowCraze . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-02 11:44 --------- d---a-w c:\documents and settings\All Users\Programdata\TEMP 2008-11-02 11:07 --------- d-----w c:\documents and settings\All Users\Programdata\BigFishGamesCache 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-06 10:51 --------- d-----w c:\documents and settings\Sigrid\Programdata\PlayFirst 2008-10-06 10:05 --------- d-----w c:\documents and settings\Sigrid\Programdata\EleFun Games 2008-03-02 10:13 0 ----a-w c:\programfiler\temp01 . ((((((((((((((((((((((((((((( snapshot@2008-11-28_17.20.13,95 ))))))))))))))))))))))))))))))))))))))))) . - 2008-10-26 15:36:34 39,992 ----a-w c:\windows\system32\perfc009.dat + 2008-11-28 16:54:59 39,992 ----a-w c:\windows\system32\perfc009.dat - 2008-10-26 15:36:34 46,134 ----a-w c:\windows\system32\perfc014.dat + 2008-11-28 16:54:59 46,134 ----a-w c:\windows\system32\perfc014.dat - 2008-10-26 15:36:34 311,604 ----a-w c:\windows\system32\perfh009.dat + 2008-11-28 16:54:59 311,604 ----a-w c:\windows\system32\perfh009.dat - 2008-10-26 15:36:34 318,652 ----a-w c:\windows\system32\perfh014.dat + 2008-11-28 16:54:59 318,652 ----a-w c:\windows\system32\perfh014.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "SoundMan"="SOUNDMAN.EXE" [2003-04-24 c:\windows\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2008-09-24 67968] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-11-28 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job - c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-28 19:16:27 Windows 5.1.2600 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\wscntfy.exe . ************************************************************************** . Tidspunkt ferdig: 2008-11-28 19:18:12 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2008-11-28 18:18:10 ComboFix2.txt 2008-11-28 17:23:19 ComboFix3.txt 2008-11-28 16:20:42 Pre-Run: 228 413 886 464 byte ledig Post-Run: 228,404,715,520 byte ledig 217 --- E O F --- 2008-11-17 18:02:19 Endret 28. november 2008 av Enya Lenke til kommentar
raWrz Skrevet 28. november 2008 Rapporter Del Skrevet 28. november 2008 Trykk Start - Alle Programmer - Tilbehør - Notisblokk Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken: File:: c:\windows\system32\35.tmp c:\windows\system32\32.tmp c:\windows\system32\2D.tmp c:\windows\system32\4.tmp c:\windows\system32\5.tmp c:\windows\system32\3.tmp c:\windows\system32\2.tmp Lagre det som CFScript på Skrivebordet Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser. Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang. Post innholdet til ComboFix.txt inn i ditt neste svar på forumet. Lenke til kommentar
Enya Skrevet 28. november 2008 Forfatter Rapporter Del Skrevet 28. november 2008 Ny Combofix logg: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-11-27.07 - Sigrid 2008-11-28 19:26:58.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.752 [GMT 1:00] Kjører fra: c:\documents and settings\Sigrid\Skrivebord\ComboFix.exe Command switches brukt :: c:\documents and settings\Sigrid\Skrivebord\CFScript.txt * Opprettet nytt gjenopprettingspunkt ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! FILE :: c:\windows\system32\2.tmp c:\windows\system32\2D.tmp c:\windows\system32\3.tmp c:\windows\system32\32.tmp c:\windows\system32\35.tmp c:\windows\system32\4.tmp c:\windows\system32\5.tmp . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\2.tmp c:\windows\system32\2D.tmp c:\windows\system32\3.tmp c:\windows\system32\32.tmp c:\windows\system32\35.tmp c:\windows\system32\4.tmp c:\windows\system32\5.tmp . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-10-28 til 2008-11-28 ))))))))))))))))))))))))))))))))) . 2008-11-28 18:50 . 2008-11-28 18:50 268 --ah----- C:\sqmdata12.sqm 2008-11-28 18:50 . 2008-11-28 18:50 244 --ah----- C:\sqmnoopt12.sqm 2008-11-28 18:04 . 2008-11-28 18:04 268 --ah----- C:\sqmdata11.sqm 2008-11-28 18:04 . 2008-11-28 18:04 244 --ah----- C:\sqmnoopt11.sqm 2008-11-28 17:48 . 2008-11-28 19:26 <DIR> dr-h----- c:\documents and settings\Sigrid\Siste 2008-11-28 17:46 . 2008-11-28 17:46 <DIR> d-------- c:\programfiler\Yahoo! 2008-11-28 17:46 . 2008-11-28 17:46 <DIR> d-------- c:\programfiler\CCleaner 2008-11-28 17:21 . 2008-11-28 17:21 <DIR> d-------- c:\programfiler\Trend Micro 2008-11-28 17:06 . 2008-11-28 17:06 268 --ah----- C:\sqmdata10.sqm 2008-11-28 17:06 . 2008-11-28 17:06 244 --ah----- C:\sqmnoopt10.sqm 2008-11-28 17:02 . 2008-11-28 17:02 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2008-11-28 17:02 . 2008-11-28 17:02 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\Malwarebytes 2008-11-28 17:02 . 2008-11-28 17:02 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2008-11-28 17:02 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-28 17:02 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-10 16:15 . 2008-11-10 16:15 318,464 --ahs---- c:\windows\system32\1C.tmp 2008-11-09 18:13 . 2008-11-09 18:13 <DIR> d-------- c:\programfiler\Electronic Arts 2008-11-07 22:08 . 2008-11-07 22:08 268 --ah----- C:\sqmdata06.sqm 2008-11-07 22:08 . 2008-11-07 22:08 244 --ah----- C:\sqmnoopt08.sqm 2008-11-07 22:08 . 2008-11-07 22:08 244 --ah----- C:\sqmnoopt07.sqm 2008-11-07 22:08 . 2008-11-07 22:08 244 --ah----- C:\sqmnoopt06.sqm 2008-11-07 22:08 . 2008-11-07 22:08 232 --ah----- C:\sqmdata08.sqm 2008-11-07 22:08 . 2008-11-07 22:08 232 --ah----- C:\sqmdata07.sqm 2008-11-07 22:08 . 2008-11-07 22:08 172 --ah----- C:\sqmnoopt09.sqm 2008-11-07 22:08 . 2008-11-07 22:08 172 --ah----- C:\sqmdata09.sqm 2008-11-07 18:39 . 2008-11-07 18:39 268 --ah----- C:\sqmdata05.sqm 2008-11-07 18:39 . 2008-11-07 18:39 244 --ah----- C:\sqmnoopt05.sqm 2008-11-07 18:38 . 2008-11-07 18:38 268 --ah----- C:\sqmdata04.sqm 2008-11-07 18:38 . 2008-11-07 18:38 244 --ah----- C:\sqmnoopt04.sqm 2008-11-07 17:49 . 2008-11-07 17:49 268 --ah----- C:\sqmdata03.sqm 2008-11-07 17:49 . 2008-11-07 17:49 244 --ah----- C:\sqmnoopt03.sqm 2008-11-02 12:07 . 2008-11-02 12:07 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\Pogo Games 2008-10-31 15:28 . 2008-10-31 15:28 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\blg 2008-10-31 15:28 . 2008-10-31 15:28 <DIR> d-------- c:\documents and settings\All Users\Programdata\blg 2008-10-31 14:17 . 2008-10-31 14:17 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\PetShowCraze . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-02 11:44 --------- d---a-w c:\documents and settings\All Users\Programdata\TEMP 2008-11-02 11:07 --------- d-----w c:\documents and settings\All Users\Programdata\BigFishGamesCache 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-06 10:51 --------- d-----w c:\documents and settings\Sigrid\Programdata\PlayFirst 2008-10-06 10:05 --------- d-----w c:\documents and settings\Sigrid\Programdata\EleFun Games 2008-09-15 15:42 1,846,016 ----a-w c:\windows\system32\win32k.sys 2008-09-04 16:46 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2008-03-02 10:13 0 ----a-w c:\programfiler\temp01 . ((((((((((((((((((((((((((((( snapshot@2008-11-28_17.20.13,95 ))))))))))))))))))))))))))))))))))))))))) . - 2008-10-26 15:36:34 39,992 ----a-w c:\windows\system32\perfc009.dat + 2008-11-28 16:54:59 39,992 ----a-w c:\windows\system32\perfc009.dat - 2008-10-26 15:36:34 46,134 ----a-w c:\windows\system32\perfc014.dat + 2008-11-28 16:54:59 46,134 ----a-w c:\windows\system32\perfc014.dat - 2008-10-26 15:36:34 311,604 ----a-w c:\windows\system32\perfh009.dat + 2008-11-28 16:54:59 311,604 ----a-w c:\windows\system32\perfh009.dat - 2008-10-26 15:36:34 318,652 ----a-w c:\windows\system32\perfh014.dat + 2008-11-28 16:54:59 318,652 ----a-w c:\windows\system32\perfh014.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "SoundMan"="SOUNDMAN.EXE" [2003-04-24 c:\windows\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2008-09-24 67968] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-11-28 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job - c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-28 19:27:41 Windows 5.1.2600 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . Tidspunkt ferdig: 2008-11-28 19:28:18 ComboFix-quarantined-files.txt 2008-11-28 18:28:00 ComboFix2.txt 2008-11-28 18:18:13 ComboFix3.txt 2008-11-28 17:23:19 ComboFix4.txt 2008-11-28 16:20:42 Pre-Run: 228 395 118 592 byte ledig Post-Run: 228,387,393,536 byte ledig 128 --- E O F --- 2008-11-17 18:02:19 Lenke til kommentar
raWrz Skrevet 28. november 2008 Rapporter Del Skrevet 28. november 2008 tror jeg snart må fp meg en syns test Trykk Start - Alle Programmer - Tilbehør - Notisblokk Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken: File:: c:\windows\system32\1C.tmp Folder:: c:\programfiler\temp01 Lagre det som CFScript på Skrivebordet Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser. Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang. Post innholdet til ComboFix.txt inn i ditt neste svar på forumet. Lenke til kommentar
Enya Skrevet 28. november 2008 Forfatter Rapporter Del Skrevet 28. november 2008 Hehe... Enda en logg: Klikk for å se/fjerne innholdet nedenfor ComboFix 08-11-27.07 - Sigrid 2008-11-28 19:45:38.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.743 [GMT 1:00] Kjører fra: c:\documents and settings\Sigrid\Skrivebord\ComboFix.exe Command switches brukt :: c:\documents and settings\Sigrid\Skrivebord\CFScript.txt * Opprettet nytt gjenopprettingspunkt ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! FILE :: c:\windows\system32\1C.tmp . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programfiler\temp01\ c:\windows\system32\1C.tmp . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-10-28 til 2008-11-28 ))))))))))))))))))))))))))))))))) . 2008-11-28 18:50 . 2008-11-28 18:50 268 --ah----- C:\sqmdata12.sqm 2008-11-28 18:50 . 2008-11-28 18:50 244 --ah----- C:\sqmnoopt12.sqm 2008-11-28 18:04 . 2008-11-28 18:04 268 --ah----- C:\sqmdata11.sqm 2008-11-28 18:04 . 2008-11-28 18:04 244 --ah----- C:\sqmnoopt11.sqm 2008-11-28 17:48 . 2008-11-28 19:44 <DIR> dr-h----- c:\documents and settings\Sigrid\Siste 2008-11-28 17:46 . 2008-11-28 17:46 <DIR> d-------- c:\programfiler\Yahoo! 2008-11-28 17:46 . 2008-11-28 17:46 <DIR> d-------- c:\programfiler\CCleaner 2008-11-28 17:21 . 2008-11-28 17:21 <DIR> d-------- c:\programfiler\Trend Micro 2008-11-28 17:06 . 2008-11-28 17:06 268 --ah----- C:\sqmdata10.sqm 2008-11-28 17:06 . 2008-11-28 17:06 244 --ah----- C:\sqmnoopt10.sqm 2008-11-28 17:02 . 2008-11-28 17:02 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2008-11-28 17:02 . 2008-11-28 17:02 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\Malwarebytes 2008-11-28 17:02 . 2008-11-28 17:02 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2008-11-28 17:02 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-28 17:02 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-09 18:13 . 2008-11-09 18:13 <DIR> d-------- c:\programfiler\Electronic Arts 2008-11-07 22:08 . 2008-11-07 22:08 268 --ah----- C:\sqmdata06.sqm 2008-11-07 22:08 . 2008-11-07 22:08 244 --ah----- C:\sqmnoopt08.sqm 2008-11-07 22:08 . 2008-11-07 22:08 244 --ah----- C:\sqmnoopt07.sqm 2008-11-07 22:08 . 2008-11-07 22:08 244 --ah----- C:\sqmnoopt06.sqm 2008-11-07 22:08 . 2008-11-07 22:08 232 --ah----- C:\sqmdata08.sqm 2008-11-07 22:08 . 2008-11-07 22:08 232 --ah----- C:\sqmdata07.sqm 2008-11-07 22:08 . 2008-11-07 22:08 172 --ah----- C:\sqmnoopt09.sqm 2008-11-07 22:08 . 2008-11-07 22:08 172 --ah----- C:\sqmdata09.sqm 2008-11-07 18:39 . 2008-11-07 18:39 268 --ah----- C:\sqmdata05.sqm 2008-11-07 18:39 . 2008-11-07 18:39 244 --ah----- C:\sqmnoopt05.sqm 2008-11-07 18:38 . 2008-11-07 18:38 268 --ah----- C:\sqmdata04.sqm 2008-11-07 18:38 . 2008-11-07 18:38 244 --ah----- C:\sqmnoopt04.sqm 2008-11-07 17:49 . 2008-11-07 17:49 268 --ah----- C:\sqmdata03.sqm 2008-11-07 17:49 . 2008-11-07 17:49 244 --ah----- C:\sqmnoopt03.sqm 2008-11-02 12:07 . 2008-11-02 12:07 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\Pogo Games 2008-10-31 15:28 . 2008-10-31 15:28 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\blg 2008-10-31 15:28 . 2008-10-31 15:28 <DIR> d-------- c:\documents and settings\All Users\Programdata\blg 2008-10-31 14:17 . 2008-10-31 14:17 <DIR> d-------- c:\documents and settings\Sigrid\Programdata\PetShowCraze . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-02 11:44 --------- d---a-w c:\documents and settings\All Users\Programdata\TEMP 2008-11-02 11:07 --------- d-----w c:\documents and settings\All Users\Programdata\BigFishGamesCache 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-06 10:51 --------- d-----w c:\documents and settings\Sigrid\Programdata\PlayFirst 2008-10-06 10:05 --------- d-----w c:\documents and settings\Sigrid\Programdata\EleFun Games 2008-09-15 15:42 1,846,016 ----a-w c:\windows\system32\win32k.sys 2008-09-04 16:46 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2008-03-02 10:13 0 ----a-w c:\programfiler\temp01 . ((((((((((((((((((((((((((((( snapshot@2008-11-28_17.20.13,95 ))))))))))))))))))))))))))))))))))))))))) . - 2008-10-26 15:36:34 39,992 ----a-w c:\windows\system32\perfc009.dat + 2008-11-28 16:54:59 39,992 ----a-w c:\windows\system32\perfc009.dat - 2008-10-26 15:36:34 46,134 ----a-w c:\windows\system32\perfc014.dat + 2008-11-28 16:54:59 46,134 ----a-w c:\windows\system32\perfc014.dat - 2008-10-26 15:36:34 311,604 ----a-w c:\windows\system32\perfh009.dat + 2008-11-28 16:54:59 311,604 ----a-w c:\windows\system32\perfh009.dat - 2008-10-26 15:36:34 318,652 ----a-w c:\windows\system32\perfh014.dat + 2008-11-28 16:54:59 318,652 ----a-w c:\windows\system32\perfh014.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "MsnMsgr"="c:\programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "SoundMan"="SOUNDMAN.EXE" [2003-04-24 c:\windows\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2008-09-24 67968] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2008-11-28 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job - c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-28 19:46:12 Windows 5.1.2600 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . Tidspunkt ferdig: 2008-11-28 19:46:49 ComboFix-quarantined-files.txt 2008-11-28 18:46:32 ComboFix2.txt 2008-11-28 18:28:19 ComboFix3.txt 2008-11-28 18:18:13 ComboFix4.txt 2008-11-28 17:23:19 ComboFix5.txt 2008-11-28 18:45:05 Pre-Run: 228 376 203 264 byte ledig Post-Run: 228,368,719,872 byte ledig 117 --- E O F --- 2008-11-17 18:02:19 Lenke til kommentar
raWrz Skrevet 28. november 2008 Rapporter Del Skrevet 28. november 2008 Combofix må avinstalleres. Gå til Start > Kjør Skriv følgende i boksen: ComboFix /u PS: legg merke til mellomrommet mellom X og /u Du skal nå ha noe som tilsvarer bildet nedenfor: Trykk Enter. Denne kommandoen vil: Fjerne følgende:ComboFix og dets tilhørende filer og mapper. VundoFix backups, hvis de eksisterer. Mappen C:\Deckard, hvis den eksisterer Mappen C:\OtMoveIt, hvis den eksisterer [*] Nullstille klokke-instillingene. [*] Skjule filetternavn hvis det er nødvendig. [*] Skjule System/Skjulte filer og mapper hvis det er nødvendig. [*] Nullstille systemgjennoprettingspunkter. Mbam kan du beholde Lenke til kommentar
Enya Skrevet 28. november 2008 Forfatter Rapporter Del Skrevet 28. november 2008 Ok. Tusen takk for rask hjelp Et siste spørsmål. Har du noe peiling på hvor dette "skitet" kan ha kommet fra? Sånn at jeg kan gi lillesøsteren min på 11 en liten alvlorspreken Bør vel også oppdatere windows, java, flash og slikt også nå for å tette alle hull. Lenke til kommentar
raWrz Skrevet 28. november 2008 Rapporter Del Skrevet 28. november 2008 java update: http://www.java.com/en/download/windows_xp...www.java.com:80 flah player update: http://get.adobe.com/flashplayer/?promoid=BUIGP Windows Update: http://windowsupdate.microsoft.com dette kan komme fra masse rart bla. popup osv forresten bruker du/dere antivirus program? ser ingen tegn til det i loggene Lenke til kommentar
Enya Skrevet 28. november 2008 Forfatter Rapporter Del Skrevet 28. november 2008 Nei, har ikke hatt noe antivirus instalert på denne maskinen. Har aldri hatt noe særlig problemer med det siden jeg sitter bak en "syk" brannmur i routeren fra internett leverandøren. Aner ikke hvordan den virker, men er noe TelNet greier. Den blir vist oppdatert jevnlig og i følge leverandøren er det ikke nødvendig med antivirus når jeg har den. Nå er dette riktignok en laptop, så problemene kan ha kommet via internett fra et annet nettverk. Kan vel alikevel ikke være for sikker, så blir nok antivirus på den fra nå av Lenke til kommentar
raWrz Skrevet 28. november 2008 Rapporter Del Skrevet 28. november 2008 anbefaler Avira Anti vir: http://www.free-av.com/en/download/1/avira..._antivirus.html enekl og bruke og gir fin varsling hvis får virus Lenke til kommentar
Enya Skrevet 28. november 2008 Forfatter Rapporter Del Skrevet 28. november 2008 Greit, den skal instaleres Takker igjen for hjelp Hva skulle jeg og andre gjort uten dere virus folk Lenke til kommentar
Bruker-158599 Skrevet 28. november 2008 Rapporter Del Skrevet 28. november 2008 Greit, den skal instaleres Takker igjen for hjelp Hva skulle jeg og andre gjort uten dere virus folk DU burde tilpasse avira. Fjerne popupen som kommer frem, og gjøre update vinduene usynelige. http://www.tipsfor.us/2007/08/15/make-avir...on-more-usable/ Ditt valg Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå