denix89 Skrevet 15. mai 2009 Rapporter Del Skrevet 15. mai 2009 (endret) Jeg får meldinger fra 2 av familien min på msn som er en link. men når jeg får den så er de avlogget. og jeg tror det noe virus eller noe. men er det meg eller de. Jeg har sakt i fra til dem begge. og de har scanet helle pcen for virus. men jeg får forsatt meldinger. meldingene er slik: h t t p://img19029.PicBuckets.com/?user=elisabeth_busch&pic=DSC00425.JPG h t t p://img19029.PicBuckets.com/?user=elisabeth_busch&pic=DSC00845.JPG h t t p://img19029.PicBuckets.com/?user=elisabeth_busch&pic=DSC01345.JPG h t t p://img19029.PicBuckets.com/?user=elisabeth_busch&pic=DSC01425.JPG eller h t t p://WowThatsCoool.com h t t p://SweetStufff.com noen som vet hva jeg eller de kan gjøre for å fjerne det... Endret 15. mai 2009 av Skagen Fjernet hurtiglenker til potensielt skadelige sider/filer. Lenke til kommentar
Gavekort Skrevet 15. mai 2009 Rapporter Del Skrevet 15. mai 2009 Er de linkene eksempler? Om de ikke er det så anbefaler jeg at du deaktiverer hyper-linken. Lenke til kommentar
Gjest Skrevet 15. mai 2009 Rapporter Del Skrevet 15. mai 2009 Hei! https://www.diskusjon.no/index.php?showtopi...t&p=7627252 Kjør igjennom veiledningen for ALLE pc-ene du mener har det og post slik: PC 1: Logg for pc-en her. PC 2: Logg for pc-en her. Slik at vi kan se hvem pc som er hvem. Ta gjerne og post hver eneste logg i spoiler Lenke til kommentar
Skyb3rt Skrevet 15. mai 2009 Rapporter Del Skrevet 15. mai 2009 Hei. Eg har samme problem, og eg trur eg veit ka so gjer da. du må skjifta passord på msnen. eg trur da fordi av og til når eg er på msn blir eg logga ut og da står at "du ble logget ut fordi du ble logget på en annen datamaskin" eller noe sånt, og det vil si at noen har passordet ditt. Lenke til kommentar
Gjest Skrevet 15. mai 2009 Rapporter Del Skrevet 15. mai 2009 Hei Umuligt! Jeg anbefaler deg å trykke på denne lenken: https://www.diskusjon.no/index.php?act=post..._post&f=131 Som gjør at du oppretter en ny tråd. I den posten har du med dette: https://www.diskusjon.no/index.php?showtopi...t&p=7627252 Slik at vi kan hjelpe trådstartere i denne tråden og deg i en annen tråd. Lenke til kommentar
denix89 Skrevet 16. mai 2009 Forfatter Rapporter Del Skrevet 16. mai 2009 (endret) Min pc: Malwarebytes' Anti-Malware 1.36 Databaseversjon: 2138 Windows 5.1.2600 Service Pack 3 16.05.2009 02:34:18 mbam-log-2009-05-16 (02-34-18).txt Skanntype: Rask Skann Objekter skannet: 85286 Tid tilbakelagt: 3 minute(s), 46 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) ComboFix 09-05-15.01 - Daniel 16.05.2009 2:37.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.47.1033.18.3070.2170 [GMT 2:00] Kjører fra: c:\documents and settings\Daniel\Desktop\ComboFix.exe AV: Norton 360 *On-access scanning disabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4} FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3} ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-04-16 til 2009-05-16 ))))))))))))))))))))))))))))))))) . 2009-05-16 00:30 . 2009-05-16 00:30 -------- d-----w c:\documents and settings\Daniel\Application Data\Malwarebytes 2009-05-16 00:30 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-16 00:30 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-16 00:30 . 2009-05-16 00:30 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-05-16 00:30 . 2009-05-16 00:30 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-15 18:45 . 2009-05-15 18:45 -------- d-----w c:\windows\LastGood 2009-05-14 23:24 . 2009-05-14 23:24 -------- d-----w c:\documents and settings\Daniel\Local Settings\Application Data\DC++ 2009-05-14 23:24 . 2009-05-14 23:37 -------- d-----w c:\documents and settings\Daniel\Application Data\DC++ 2009-05-05 21:00 . 2009-05-15 18:45 -------- d-----w c:\program files\Windows Live Safety Center 2009-05-04 21:58 . 2009-05-04 21:58 -------- d-----w c:\documents and settings\All Users\Application Data\ATI 2009-05-04 21:56 . 2009-05-04 21:59 -------- d-----w c:\program files\ATI 2009-05-04 21:54 . 2009-02-25 13:15 593920 ------w c:\windows\system32\ati2sgag.exe 2009-05-04 21:54 . 2009-05-04 21:55 -------- d-----w c:\program files\ATI Technologies 2009-05-04 08:50 . 2009-05-04 08:50 -------- d-----w c:\program files\TomTom International B.V 2009-04-30 21:30 . 2009-04-30 21:30 -------- d-----w c:\program files\WinPcap 2009-04-30 18:52 . 2009-04-30 18:53 -------- d-----w c:\documents and settings\Daniel\Logitech 2009-04-30 18:51 . 2009-04-30 18:52 -------- d-----w c:\program files\Common Files\Remote Control Software Common 2009-04-30 18:51 . 2009-04-30 18:51 -------- d-----w c:\program files\Common Files\Remote Control USB Driver 2009-04-30 18:51 . 2009-04-30 18:51 127034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe 2009-04-27 21:51 . 2008-05-29 07:28 28416 ----a-w c:\windows\system32\uxtuneup.dll 2009-04-27 21:51 . 2009-05-01 12:25 355584 ----a-w c:\windows\system32\TuneUpDefragService.exe 2009-04-27 21:49 . 2009-04-27 21:49 -------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-04-26 15:52 . 2009-04-26 15:52 -------- d-----w C:\logs 2009-04-26 15:27 . 2009-04-26 15:27 578560 -c--a-w c:\windows\system32\dllcache\user32.dll 2009-04-26 15:25 . 2009-04-26 15:25 -------- d-----w c:\windows\ERUNT 2009-04-26 12:19 . 2009-04-26 12:57 -------- d-----w c:\documents and settings\Daniel\DoctorWeb 2009-04-25 00:46 . 2009-04-25 00:53 -------- d-----w c:\documents and settings\Daniel\Application Data\DivX 2009-04-25 00:19 . 2009-04-25 00:19 -------- d-----w c:\program files\Common Files\DivX Shared 2009-04-25 00:16 . 2009-04-25 00:16 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2009-04-25 00:16 . 2009-04-25 00:16 -------- d-----w c:\documents and settings\Daniel\Local Settings\Application Data\Apple 2009-04-25 00:15 . 2009-04-25 00:15 -------- d-----w c:\documents and settings\Daniel\Local Settings\Application Data\Apple Computer 2009-04-25 00:13 . 2009-04-25 00:13 -------- d-----w c:\program files\WMV9_VCM 2009-04-25 00:13 . 2009-04-25 00:13 166158 ----a-w c:\windows\Video Cleaner Pro Uninstaller.exe 2009-04-25 00:13 . 2009-04-25 00:13 -------- d-----w c:\documents and settings\Daniel\Application Data\River Past G5 2009-04-25 00:13 . 2009-04-25 00:45 -------- d-----w c:\documents and settings\All Users\Application Data\River Past G5 2009-04-25 00:13 . 2009-04-25 00:40 -------- d-----w c:\program files\Common Files\River Past 2009-04-23 21:14 . 2009-04-23 21:14 410984 ----a-w c:\windows\system32\deploytk.dll 2009-04-22 22:32 . 2009-04-27 21:50 -------- d-----w c:\program files\TuneUp Utilities 2009 2009-04-22 22:32 . 2009-04-22 22:32 -------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2009-04-20 23:27 . 2009-04-20 23:27 0 ----a-w c:\windows\ativpsrm.bin 2009-04-20 19:39 . 2009-04-20 19:47 -------- d-----w c:\documents and settings\Daniel\Local Settings\Application Data\BingoCabin 2009-04-18 20:41 . 2009-04-18 20:41 -------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-04-18 20:18 . 2009-04-18 20:44 -------- d-----w c:\documents and settings\Daniel\Application Data\Symantec 2009-04-18 20:15 . 2009-04-18 20:44 60808 ----a-w c:\windows\system32\S32EVNT1.DLL 2009-04-18 20:15 . 2009-04-18 20:44 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS 2009-04-18 20:15 . 2009-04-18 20:44 -------- d-----w c:\program files\Symantec 2009-04-18 18:19 . 2009-04-18 20:51 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-04-18 18:18 . 2009-05-16 00:36 -------- d-----w c:\program files\Common Files\Symantec Shared . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-04 21:48 . 2008-10-24 06:52 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-30 18:51 . 2008-10-25 06:09 -------- d-----w c:\program files\Logitech 2009-04-26 15:52 . 2009-04-26 15:52 5122252 ----a-w c:\documents and settings\All Users\SPL1E.tmp 2009-04-23 21:14 . 2008-10-24 05:48 -------- d-----w c:\program files\Java 2009-04-18 20:44 . 2009-04-18 20:15 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF 2009-04-18 20:44 . 2009-04-18 20:15 10635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT 2009-04-15 20:31 . 2008-12-17 00:09 -------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint 2009-04-15 20:14 . 2009-04-05 15:51 1654 ----a-w c:\windows\system32\ealregsnapshot1.reg 2009-04-12 19:56 . 2009-04-12 19:56 -------- d-----w c:\program files\Electronic Arts 2009-04-10 12:11 . 2009-04-10 12:11 -------- d-----w c:\program files\TomTom DesktopSuite 2009-04-08 14:28 . 2008-10-24 07:42 -------- d-----w c:\program files\Common Files\Logitech 2009-04-08 12:48 . 2008-10-24 06:17 47880 ----a-w c:\documents and settings\Daniel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-08 12:37 . 2008-10-24 08:42 -------- d-----w c:\program files\Common Files\Adobe 2009-04-02 20:24 . 2009-04-02 19:43 -------- d-----w c:\program files\Common Files\Common Share 2009-03-20 02:20 . 2008-10-24 07:48 724992 ----a-w c:\windows\iun6002.exe 2009-03-06 14:22 . 2004-08-10 19:00 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-04 00:54 . 2009-03-04 00:54 49001228 ----a-w c:\documents and settings\All Users\SPL146.tmp 2009-03-04 00:38 . 2009-03-04 00:38 20364898 ----a-w c:\documents and settings\All Users\SPL12C.tmp 2009-03-03 00:18 . 2004-08-10 19:00 826368 ----a-w c:\windows\system32\wininet.dll 2009-02-25 23:12 . 2009-02-25 23:12 17801 ----a-w c:\windows\system32\drivers\AegisP.sys 2009-02-25 22:58 . 2007-06-27 01:58 3565568 ----a-w c:\windows\system32\drivers\ati2mtag.sys 2009-02-25 21:42 . 2009-02-25 21:42 442368 ----a-w c:\windows\system32\ATIDEMGX.dll 2009-02-25 21:41 . 2007-06-27 01:58 325120 ------w c:\windows\system32\ati2dvag.dll 2009-02-25 21:30 . 2009-02-25 21:30 11841536 ----a-w c:\windows\system32\atioglxx.dll 2009-02-25 21:30 . 2009-02-25 21:30 204800 ----a-w c:\windows\system32\atipdlxx.dll 2009-02-25 21:29 . 2009-02-25 21:29 155648 ----a-w c:\windows\system32\Oemdspif.dll 2009-02-25 21:29 . 2009-02-25 21:29 26112 ----a-w c:\windows\system32\Ati2mdxx.exe 2009-02-25 21:29 . 2009-02-25 21:29 43520 ----a-w c:\windows\system32\ati2edxx.dll 2009-02-25 21:29 . 2009-02-25 21:29 155648 ----a-w c:\windows\system32\ati2evxx.dll 2009-02-25 21:27 . 2009-02-25 21:27 602112 ----a-w c:\windows\system32\ati2evxx.exe 2009-02-25 21:26 . 2009-02-25 21:26 53248 ----a-w c:\windows\system32\ATIDDC.DLL 2009-02-25 21:16 . 2007-06-27 01:41 3817984 ------w c:\windows\system32\ati3duag.dll 2009-02-25 21:09 . 2009-02-25 21:09 307200 ----a-w c:\windows\system32\atiiiexx.dll 2009-02-25 20:59 . 2007-06-27 01:31 2670080 ------w c:\windows\system32\ativvaxx.dll 2009-02-25 20:58 . 2009-02-25 20:58 887724 ----a-w c:\windows\system32\ativva6x.dat 2009-02-25 20:58 . 2009-02-25 20:58 3107788 ----a-w c:\windows\system32\ativva5x.dat 2009-02-25 20:44 . 2009-02-25 20:44 49664 ----a-w c:\windows\system32\amdpcom32.dll 2009-02-25 20:40 . 2009-02-25 20:40 475136 ----a-w c:\windows\system32\atikvmag.dll 2009-02-25 20:38 . 2009-02-25 20:38 126976 ----a-w c:\windows\system32\atiadlxx.dll 2009-02-25 20:38 . 2009-02-25 20:38 17408 ----a-w c:\windows\system32\atitvo32.dll 2009-02-25 20:37 . 2009-02-25 20:37 53248 ----a-w c:\windows\system32\drivers\ati2erec.dll 2009-02-25 20:35 . 2009-02-25 20:35 290816 ----a-w c:\windows\system32\atiok3x2.dll 2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalrt.dll 2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalcl.dll 2009-02-25 20:32 . 2007-06-27 01:10 626688 ------w c:\windows\system32\ati2cqag.dll 2009-02-25 20:30 . 2009-02-25 20:30 3227648 ----a-w c:\windows\system32\aticaldd.dll 2009-02-20 18:09 . 2004-08-10 19:00 78336 ----a-w c:\windows\system32\ieencode.dll 2009-02-19 12:03 . 2009-02-19 12:03 579464 ----a-w c:\windows\system32\SymNeti.dll 2009-02-19 12:03 . 2009-02-19 12:03 207240 ----a-w c:\windows\system32\SymRedir.dll 2009-02-19 11:31 . 2008-02-06 21:43 31280 ----a-w c:\windows\system32\drivers\SymIM.sys 2009-02-19 11:31 . 2009-02-19 11:31 41008 ----a-w c:\windows\system32\drivers\symndisv.sys 2009-02-19 11:31 . 2009-02-19 11:31 96560 ----a-w c:\windows\system32\drivers\symfw.sys 2009-02-19 11:31 . 2009-02-19 11:31 38576 ----a-w c:\windows\system32\drivers\symids.sys 2009-02-19 11:31 . 2009-02-19 11:31 37424 ----a-w c:\windows\system32\drivers\symndis.sys 2009-02-19 11:31 . 2009-02-19 11:31 22320 ----a-w c:\windows\system32\drivers\symredrv.sys 2009-02-19 11:31 . 2009-02-19 11:31 184496 ----a-w c:\windows\system32\drivers\symtdi.sys 2009-02-19 11:31 . 2009-02-19 11:31 13616 ----a-w c:\windows\system32\drivers\symdns.sys . ------- Sigcheck ------- [-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys [7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\TCPIP.SYS [-] 2008-11-18 18:22 361600 D24EA301E2B36C4E975FD216CA85D8E7 c:\windows\system32\dllcache\TCPIP.SYS [-] 2008-11-18 18:22 361600 D24EA301E2B36C4E975FD216CA85D8E7 c:\windows\system32\drivers\TCPIP.SYS . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "TomTomHOME.exe"="d:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048] "osCheck"="d:\program files\Norton\osCheck.exe" [2008-02-26 988512] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-10-30 16269312] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304] "Resume copy"="copyfstq.exe" - c:\windows\COPYFSTQ.EXE [2002-03-24 46080] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-07-19 439568] c:\documents and settings\Daniel\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - d:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-10-24 3581680] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - d:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-24 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 ----a-w c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-16 19:35 87352 ----a-w c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /p \??\N:\0autocheck autochk * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\uTorrent\\utorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\lxdxcoms.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxtime.exe"= "c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxjswx.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxwbgw.exe"= "c:\\Program Files\\Lexmark 3600-4600 Series\\Diagnostics\\LXDXdiag.exe"= "c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxlscn.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "d:\\spill\\Burnout\\BurnoutLauncher.exe"= "d:\\spill\\Burnout\\BurnoutConfigTool.exe"= "d:\\spill\\Burnout\\BurnoutParadise.exe"= "d:\\Program Files\\River Past\\Video Cleaner Pro\\VideoCleaner.exe"= "d:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3587:TCP"= 3587:TCP:Windows Node-til-node-gruppering "3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [18.02.2008 21:37 149352] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [02.11.2008 19:16 47640] R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?] R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [29.10.2008 18:28 98984] R2 MSSQL$MAMUT;SQL Server (MAMUT);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24.11.2008 23:31 29263712] R2 TomTomHOMEService;TomTomHOMEService;d:\program files\TomTom HOME 2\TomTomHOMEService.exe [08.04.2009 12:38 92008] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [18.04.2009 22:45 101936] S2 LMIInfo;LogMeIn Kernel Information Provider;\??\d:\program files\LogMeIn\x86\RaInfo.sys --> d:\program files\LogMeIn\x86\RaInfo.sys [?] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [13.01.2008 04:32 23888] S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [01.11.2008 20:57 84608] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25.01.2007 19:31 42000] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [07.01.2009 18:14 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [07.01.2009 18:14 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [07.01.2009 18:14 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [07.01.2009 18:14 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [07.01.2009 18:14 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [07.01.2009 18:14 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [07.01.2009 18:14 115752] S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [07.01.2009 18:14 90536] S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [07.01.2009 18:14 15016] S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [07.01.2009 18:14 122152] S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [07.01.2009 18:14 115496] S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [07.01.2009 18:14 25768] S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [07.01.2009 18:14 111912] S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [07.01.2009 18:14 117672] S4 LMIRfsClientNP;LMIRfsClientNP; [x] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - COMHOST [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34897a02-3881-11de-a04f-00184d716c3d}] \Shell\AutoRun\command - O:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34897a03-3881-11de-a04f-00184d716c3d}] \Shell\AutoRun\command - P:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35a4cdea-25c7-11de-a00c-00184d716c3d}] \Shell\AutoRun\command - M:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36042530-1882-11de-9fe2-00184d716c3d}] \Shell\AutoRun\command - O:\laucher.exe . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-05-16 c:\windows\Tasks\1-Click Maintenance.job - d:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-16 07:09] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.nettby.no/ uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&ksporter til Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 Trusted Zone: buypass.no Trusted Zone: headit.no Trusted Zone: norsk-tipping.no Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - d:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-16 02:39 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-1715567821-2025429265-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C147CCC0-AAEB-E078-88DE-CD29057F9AE6}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-1715567821-2025429265-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:cb,0b,35,b0,9b,21,60,9b,1b,b9,23,4c,14,55,71,ea,cb,b6,bf,9a,67, 9a,c9,53,80,ed,7b,bd,9d,8a,0d,90,5d,92,7e,28,d1,4c,9e,00,b3,cc,c0,57,12,cf,\ "rkeysecu"=hex:9e,8c,84,43,43,f6,77,17,02,4b,fe,30,ee,25,dc,93 . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(1560) c:\windows\system32\Ati2evxx.dll c:\program files\common files\logitech\bluetooth\LBTWlgn.dll c:\windows\system32\LMIinit.dll c:\program files\common files\logitech\bluetooth\LBTServ.dll c:\windows\system32\LMIRfsClientNP.dll - - - - - - - > 'explorer.exe'(2668) d:\program files\Stardock\ObjectDock\DockShellHook.dll d:\program files\Logitech\SetPoint\lgscroll.dll c:\program files\Windows Media Player\wmpband.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Tidspunkt ferdig: 2009-05-16 2:40 ComboFix-quarantined-files.txt 2009-05-16 00:40 Pre-Run: 35 360 145 408 bytes free Post-Run: 35 353 845 760 byte ledig Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 296 --- E O F --- 2009-05-13 23:14 Pc 1 Malwarebytes' Anti-Malware 1.36 Databaseversjon: 2139 Windows 5.1.2600 Service Pack 3 16.05.2009 02:52:36 mbam-log-2009-05-16 (02-52-36).txt Skanntype: Rask Skann Objekter skannet: 86297 Tid tilbakelagt: 2 minute(s), 39 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 11 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 1 Filer infisert: 1 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_CLASSES_ROOT\iercpt.iercptbho (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\iercpt.iercptbho.1 (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{59c345ba-3d5e-44e3-9d10-d3848af15d73} (Rogue.AntiMalwareSuite) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d4cdc21d-43be-4101-a1ef-e379f134771e} (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{a6fbd2e4-1c7e-4eab-80dd-01de2645566a} (Rogue.AntiMalwareSuite) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{3a9377a6-be7f-485d-908c-d44114691389} (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d4cdc21d-43be-4101-a1ef-e379f134771e} (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\iercpt.DLL (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: C:\Documents and Settings\Sir Busch\Local Settings\Application Data\qip (Rogue.Multiple) -> Quarantined and deleted successfully. Filer infisert: C:\Documents and Settings\Sir Busch\Local Settings\Application Data\qip\data.ini (Rogue.Multiple) -> Quarantined and deleted successfully. ComboFix 09-05-15.01 - Sir Busch 16.05.2009 3:00.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.47.1033.18.3582.3029 [GMT 2:00] Kjører fra: c:\documents and settings\Sir Busch\Desktop\ComboFix.exe AV: Norton 360 *On-access scanning disabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4} FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3} * Opprettet nytt gjenopprettingspunkt ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-04-16 til 2009-05-16 ))))))))))))))))))))))))))))))))) . 2009-05-16 00:48 . 2009-05-16 00:48 -------- d-----w c:\documents and settings\Sir Busch\Application Data\Malwarebytes 2009-05-16 00:48 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-16 00:48 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-16 00:48 . 2009-05-16 00:48 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-05-16 00:48 . 2009-05-16 00:48 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-10 15:41 . 2009-05-10 15:41 -------- d-----w c:\program files\TomTom DesktopSuite 2009-05-09 17:56 . 2009-05-09 17:56 -------- d-----w c:\program files\MSN Messenger 2009-05-09 17:43 . 2009-05-09 17:49 -------- d-----w c:\program files\RegCure 2009-05-09 17:42 . 2009-05-09 17:43 -------- d-----w c:\windows\RegCure 2009-05-09 16:35 . 2009-05-09 17:30 60808 ----a-w c:\windows\system32\S32EVNT1.DLL 2009-05-09 16:35 . 2009-05-09 17:30 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS 2009-05-09 16:35 . 2009-05-09 17:30 -------- d-----w c:\program files\Symantec 2009-05-09 16:35 . 2009-05-12 00:45 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-05-09 16:34 . 2009-05-16 00:59 -------- d-----w c:\program files\Common Files\Symantec Shared 2009-05-09 11:47 . 2009-05-09 14:09 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-05-08 22:17 . 2009-05-08 22:17 -------- d-----w c:\documents and settings\Sir Busch\Application Data\InstallShield 2009-04-22 23:40 . 2009-04-22 23:40 -------- d-----w c:\documents and settings\Sir Busch\Local Settings\Application Data\Symantec 2009-04-22 23:35 . 2009-04-22 23:35 -------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-04-22 23:05 . 2009-05-09 17:01 -------- d-----w c:\documents and settings\Sir Busch\Application Data\Symantec 2009-04-16 12:40 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-16 12:40 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-16 12:40 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe 2009-04-16 12:40 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-16 12:40 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-16 12:40 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-16 12:40 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-16 12:40 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-16 12:40 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-16 11:59 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-16 11:59 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-04-16 11:58 . 2009-05-08 22:36 -------- d-----w c:\documents and settings\All Users\Application Data\Electronic Arts . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-09 17:30 . 2009-05-09 16:35 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF 2009-05-09 17:30 . 2009-05-09 16:35 10635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT 2009-05-09 17:30 . 2009-04-22 23:04 5468 ----a-w c:\windows\system32\drivers\SymRedir.PNF 2009-05-09 17:30 . 2009-04-22 23:04 4484 ----a-w c:\windows\system32\drivers\SYMEVENT.PNF 2009-05-09 17:30 . 2008-10-29 18:44 21208 ----a-w c:\windows\system32\drivers\INFCACHE.1 2009-05-09 17:03 . 2008-10-29 19:22 -------- d--h--w c:\program files\InstallShield Installation Information 2009-05-09 14:40 . 2008-10-29 21:17 -------- d-----w c:\program files\Windows Media Connect 2 2009-05-09 14:37 . 2009-01-05 00:02 -------- d-----w c:\program files\DivX 2009-05-08 22:39 . 2008-10-29 21:14 -------- d-----w c:\program files\NCH Swift Sound 2009-04-22 23:37 . 2009-04-22 23:37 4828 ----a-w c:\windows\system32\drivers\srtspl.PNF 2009-04-22 23:37 . 2009-04-22 23:37 4828 ----a-w c:\windows\system32\drivers\srtsp.PNF 2009-04-22 23:37 . 2009-04-22 23:37 4820 ----a-w c:\windows\system32\drivers\srtspx.PNF 2009-04-22 23:37 . 2009-04-22 23:37 3960 ----a-w c:\windows\system32\drivers\COH_Mon.PNF 2009-04-22 23:37 . 2009-04-22 23:37 3952 ----a-w c:\windows\system32\drivers\CO_Mon.PNF 2009-04-12 15:53 . 2009-04-12 15:53 9694 ----a-w c:\windows\system32\ealregsnapshot1.reg 2009-03-06 14:22 . 2004-08-10 19:00 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:18 . 2004-08-10 19:00 826368 ----a-w c:\windows\system32\wininet.dll 2009-02-20 18:09 . 2004-08-10 19:00 78336 ----a-w c:\windows\system32\ieencode.dll 2009-02-19 12:03 . 2009-02-19 12:03 579464 ----a-w c:\windows\system32\SymNeti.dll 2009-02-19 12:03 . 2009-02-19 12:03 207240 ----a-w c:\windows\system32\SymRedir.dll 2009-02-19 11:31 . 2009-02-19 11:31 31280 ----a-w c:\windows\system32\drivers\SymIM.sys 2009-02-19 11:31 . 2009-02-19 11:31 41008 ----a-w c:\windows\system32\drivers\symndisv.sys 2009-02-19 11:31 . 2009-02-19 11:31 96560 ----a-w c:\windows\system32\drivers\symfw.sys 2009-02-19 11:31 . 2009-02-19 11:31 38576 ----a-w c:\windows\system32\drivers\symids.sys 2009-02-19 11:31 . 2009-02-19 11:31 37424 ----a-w c:\windows\system32\drivers\symndis.sys 2009-02-19 11:31 . 2009-02-19 11:31 22320 ----a-w c:\windows\system32\drivers\symredrv.sys 2009-02-19 11:31 . 2009-02-19 11:31 184496 ----a-w c:\windows\system32\drivers\symtdi.sys 2009-02-19 11:31 . 2009-02-19 11:31 13616 ----a-w c:\windows\system32\drivers\symdns.sys . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8523776] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048] "osCheck"="d:\program files\Norton 360\osCheck.exe" [2008-02-26 988512] "Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-11-06 1626112] "Resume copy"="copyfstq.exe" - c:\windows\COPYFSTQ.EXE [2002-03-24 46080] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Sir Busch\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - d:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-10-29 3581680] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-12-27 67128] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ASUS WiFi-AP Solo.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "d:\\Program Files\\uTorrent\\utorrent.exe"= "d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\WINDOWS\\system32\\lxdxcoms.exe"= "c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxamon.exe"= "c:\\Program Files\\Lexmark 3600-4600 Series\\frun.exe"= "c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxtime.exe"= "d:\\spill\\Battlefield\\BF2.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\EA SPORTS\\FIFA 07\\fifa07.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxjswx.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Lexmark 3600-4600 Series\\Lexmark 3600-4600 Series\\lxdxmon.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "d:\\spill\\Burnout.Paradise.The.Ultimate.Box-RELOADED\\BurnoutLauncher.exe"= "d:\\spill\\Burnout.Paradise.The.Ultimate.Box-RELOADED\\BurnoutConfigTool.exe"= "d:\\spill\\Burnout.Paradise.The.Ultimate.Box-RELOADED\\BurnoutParadise.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [18.02.2008 21:37 149352] R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?] R2 TomTomHOMEService;TomTomHOMEService;d:\program files\TomTom HOME 2\TomTomHOMEService.exe [08.04.2009 12:38 92008] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [09.05.2009 19:31 101936] S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [29.10.2008 23:52 98984] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [13.01.2008 04:32 23888] S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [29.10.2008 23:56 84608] S3 PciCon;PciCon;\??\f:\pcicon.sys --> f:\PciCon.sys [?] S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [29.10.2008 21:22 176128] S3 sdAuxService;Spyware Doctor Auxiliary Service;d:\program files\Spyware Doctor\svcntaux.exe [29.10.2008 22:59 708176] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - COMHOST HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c82a1900-3c1c-11de-aa04-001e8c3af54f}] \Shell\AutoRun\command - G:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c82a1901-3c1c-11de-aa04-001e8c3af54f}] \Shell\AutoRun\command - I:\InstallTomTomHOME.exe . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-05-16 c:\windows\Tasks\1-Click Maintenance.job - d:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-16 08:09] . . ------- Tilleggsskanning ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com IE: E&ksporter til Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Åpne i ny bakgrunnsflik - c:\program files\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?1f774af371f64c79b447e530da551aec IE: Åpne i ny forgrunnsflik - c:\program files\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?1f774af371f64c79b447e530da551aec LSP: %SYSTEMROOT%\system32\nvappfilter.dll Trusted Zone: buypass.no Trusted Zone: headit.no Trusted Zone: norsk-tipping.no Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-16 03:01 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'lsass.exe'(1092) c:\windows\system32\nvappfilter.dll - - - - - - - > 'explorer.exe'(4028) d:\program files\Stardock\ObjectDock\DockShellHook.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Tidspunkt ferdig: 2009-05-16 3:02 ComboFix-quarantined-files.txt 2009-05-16 01:01 Pre-Run: 33 849 708 544 bytes free Post-Run: 33 878 958 080 byte ledig 200 --- E O F --- 2009-05-13 21:46 pc 2 kommer senere. Endret 16. mai 2009 av denix89 Lenke til kommentar
snippsat Skrevet 16. mai 2009 Rapporter Del Skrevet 16. mai 2009 Min pc. Kopiere fet tekst under bildet->åpne notisblokk og lim inn. Lagre på skrivebordet som CFScript.txt Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt File:: c:\documents and settings\All Users\SPL1E.tmp c:\windows\iun6002.exe c:\documents and settings\All Users\SPL146.tmp c:\documents and settings\All Users\SPL12C.tmp Pc 1. Pc1 er ren for maleware. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Sjekk om software er oppdatert Secunia Pc1 ferdig. Lenke til kommentar
Pseudopod Skrevet 16. mai 2009 Rapporter Del Skrevet 16. mai 2009 Har du/dere prøvd å forandre passordet på MSN kontoene deres? Det er veldig vanlig at disse virusene ikke faktisk ligger på noen av PCene, men at en nettside har lurt dere til å oppgi brukernavn og passord, og deretter benytter slemmingene dette for å logge på til vilkårlige tider og sende ut spam. Lenke til kommentar
snippsat Skrevet 16. mai 2009 Rapporter Del Skrevet 16. mai 2009 (endret) Ja husk og skifte passord på MSN konto ,som Pseudopod nevner. Glemte og ta det med,dette er råd vi alltid gir for ofte er kontoen i selv problemet og ikke noe som kjører fra pcen. Endret 16. mai 2009 av SNIPPSAT Lenke til kommentar
denix89 Skrevet 16. mai 2009 Forfatter Rapporter Del Skrevet 16. mai 2009 (endret) Jeg skal ordne med passordet. er det noe spesil tid jeg må ha passordet forandret. siden jeg er så vant med det passordet jeg hadde... og så har jeg laget det tekst dokumenete som "snippsat" sa. men skal jeg legge det også ut her? Endret 16. mai 2009 av denix89 Lenke til kommentar
Pseudopod Skrevet 16. mai 2009 Rapporter Del Skrevet 16. mai 2009 Jeg har meget sterk tro på at alt ordner seg med en gang de bytter passord, og at de ikke trenger å gjøre noe mer . Lenke til kommentar
denix89 Skrevet 16. mai 2009 Forfatter Rapporter Del Skrevet 16. mai 2009 men hvor lenge må jeg ha det byttet? helle tiden eller kan jeg gå tilbake til det gamle passordet etter en liten stund? Lenke til kommentar
___ Skrevet 16. mai 2009 Rapporter Del Skrevet 16. mai 2009 men hvor lenge må jeg ha det byttet? helle tiden eller kan jeg gå tilbake til det gamle passordet etter en liten stund? Hvis noen stjeler husnøklene dine og begår innbrudd hjemme hos deg, så skifter du selvfølgelig lås. Ville du satt tilbake den gamle låsen etter en stund, så lenge du visste at uvedkommende hadde nøkler som passet til den? Werner Lenke til kommentar
denix89 Skrevet 16. mai 2009 Forfatter Rapporter Del Skrevet 16. mai 2009 forstår... dumt spørsmål av meg... Lenke til kommentar
snippsat Skrevet 16. mai 2009 Rapporter Del Skrevet 16. mai 2009 men skal jeg legge det også ut her? Du skal poste loggen etter du har gjort det "c:\combofix.txt" Lenke til kommentar
denix89 Skrevet 17. mai 2009 Forfatter Rapporter Del Skrevet 17. mai 2009 (endret) Her er den siste loggen for min pc. ComboFix 09-05-15.08 - Daniel 16.05.2009 19:17.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.47.1033.18.3070.2441 [GMT 2:00] Kjører fra: c:\documents and settings\Daniel\Desktop\ComboFix.exe Command switches brukt :: c:\documents and settings\Daniel\Desktop\CFScript.txt AV: Norton 360 *On-access scanning disabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4} FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3} ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! FILE :: c:\documents and settings\All Users\SPL12C.tmp c:\documents and settings\All Users\SPL146.tmp c:\documents and settings\All Users\SPL1E.tmp c:\windows\iun6002.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-04-16 til 2009-05-16 ))))))))))))))))))))))))))))))))) . 2009-05-16 00:30 . 2009-05-16 00:30 -------- d-----w c:\documents and settings\Daniel\Application Data\Malwarebytes 2009-05-16 00:30 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-16 00:30 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-16 00:30 . 2009-05-16 00:30 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-05-16 00:30 . 2009-05-16 00:30 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-14 23:24 . 2009-05-14 23:24 -------- d-----w c:\documents and settings\Daniel\Local Settings\Application Data\DC++ 2009-05-14 23:24 . 2009-05-14 23:37 -------- d-----w c:\documents and settings\Daniel\Application Data\DC++ 2009-05-05 21:00 . 2009-05-15 18:45 -------- d-----w c:\program files\Windows Live Safety Center 2009-05-04 21:58 . 2009-05-04 21:58 -------- d-----w c:\documents and settings\All Users\Application Data\ATI 2009-05-04 21:56 . 2009-05-04 21:59 -------- d-----w c:\program files\ATI 2009-05-04 21:54 . 2009-02-25 13:15 593920 ------w c:\windows\system32\ati2sgag.exe 2009-05-04 21:54 . 2009-05-04 21:55 -------- d-----w c:\program files\ATI Technologies 2009-05-04 08:50 . 2009-05-04 08:50 -------- d-----w c:\program files\TomTom International B.V 2009-04-30 21:30 . 2009-04-30 21:30 -------- d-----w c:\program files\WinPcap 2009-04-30 18:52 . 2009-04-30 18:53 -------- d-----w c:\documents and settings\Daniel\Logitech 2009-04-30 18:51 . 2009-04-30 18:52 -------- d-----w c:\program files\Common Files\Remote Control Software Common 2009-04-30 18:51 . 2009-04-30 18:51 -------- d-----w c:\program files\Common Files\Remote Control USB Driver 2009-04-30 18:51 . 2009-04-30 18:51 127034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe 2009-04-27 21:51 . 2008-05-29 07:28 28416 ----a-w c:\windows\system32\uxtuneup.dll 2009-04-27 21:51 . 2009-05-01 12:25 355584 ----a-w c:\windows\system32\TuneUpDefragService.exe 2009-04-27 21:49 . 2009-04-27 21:49 -------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-04-26 15:52 . 2009-04-26 15:52 -------- d-----w C:\logs 2009-04-26 15:27 . 2009-04-26 15:27 578560 -c--a-w c:\windows\system32\dllcache\user32.dll 2009-04-26 15:25 . 2009-04-26 15:25 -------- d-----w c:\windows\ERUNT 2009-04-26 12:19 . 2009-04-26 12:57 -------- d-----w c:\documents and settings\Daniel\DoctorWeb 2009-04-25 00:46 . 2009-04-25 00:53 -------- d-----w c:\documents and settings\Daniel\Application Data\DivX 2009-04-25 00:19 . 2009-04-25 00:19 -------- d-----w c:\program files\Common Files\DivX Shared 2009-04-25 00:16 . 2009-04-25 00:16 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2009-04-25 00:16 . 2009-04-25 00:16 -------- d-----w c:\documents and settings\Daniel\Local Settings\Application Data\Apple 2009-04-25 00:15 . 2009-04-25 00:15 -------- d-----w c:\documents and settings\Daniel\Local Settings\Application Data\Apple Computer 2009-04-25 00:13 . 2009-04-25 00:13 -------- d-----w c:\program files\WMV9_VCM 2009-04-25 00:13 . 2009-04-25 00:13 166158 ----a-w c:\windows\Video Cleaner Pro Uninstaller.exe 2009-04-25 00:13 . 2009-04-25 00:13 -------- d-----w c:\documents and settings\Daniel\Application Data\River Past G5 2009-04-25 00:13 . 2009-04-25 00:45 -------- d-----w c:\documents and settings\All Users\Application Data\River Past G5 2009-04-25 00:13 . 2009-04-25 00:40 -------- d-----w c:\program files\Common Files\River Past 2009-04-23 21:14 . 2009-04-23 21:14 410984 ----a-w c:\windows\system32\deploytk.dll 2009-04-22 22:32 . 2009-04-27 21:50 -------- d-----w c:\program files\TuneUp Utilities 2009 2009-04-22 22:32 . 2009-04-22 22:32 -------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2009-04-20 23:27 . 2009-04-20 23:27 0 ----a-w c:\windows\ativpsrm.bin 2009-04-20 19:39 . 2009-04-20 19:47 -------- d-----w c:\documents and settings\Daniel\Local Settings\Application Data\BingoCabin 2009-04-18 20:41 . 2009-04-18 20:41 -------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-04-18 20:18 . 2009-04-18 20:44 -------- d-----w c:\documents and settings\Daniel\Application Data\Symantec 2009-04-18 20:15 . 2009-04-18 20:44 60808 ----a-w c:\windows\system32\S32EVNT1.DLL 2009-04-18 20:15 . 2009-04-18 20:44 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS 2009-04-18 20:15 . 2009-04-18 20:44 -------- d-----w c:\program files\Symantec 2009-04-18 18:19 . 2009-04-18 20:51 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-04-18 18:18 . 2009-05-16 16:55 -------- d-----w c:\program files\Common Files\Symantec Shared . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-04 21:48 . 2008-10-24 06:52 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-30 18:51 . 2008-10-25 06:09 -------- d-----w c:\program files\Logitech 2009-04-23 21:14 . 2008-10-24 05:48 -------- d-----w c:\program files\Java 2009-04-18 20:44 . 2009-04-18 20:15 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF 2009-04-18 20:44 . 2009-04-18 20:15 10635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT 2009-04-15 20:31 . 2008-12-17 00:09 -------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint 2009-04-15 20:14 . 2009-04-05 15:51 1654 ----a-w c:\windows\system32\ealregsnapshot1.reg 2009-04-12 19:56 . 2009-04-12 19:56 -------- d-----w c:\program files\Electronic Arts 2009-04-10 12:11 . 2009-04-10 12:11 -------- d-----w c:\program files\TomTom DesktopSuite 2009-04-08 14:28 . 2008-10-24 07:42 -------- d-----w c:\program files\Common Files\Logitech 2009-04-08 12:48 . 2008-10-24 06:17 47880 ----a-w c:\documents and settings\Daniel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-08 12:37 . 2008-10-24 08:42 -------- d-----w c:\program files\Common Files\Adobe 2009-04-02 20:24 . 2009-04-02 19:43 -------- d-----w c:\program files\Common Files\Common Share 2009-03-06 14:22 . 2004-08-10 19:00 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:18 . 2004-08-10 19:00 826368 ----a-w c:\windows\system32\wininet.dll 2009-02-25 23:12 . 2009-02-25 23:12 17801 ----a-w c:\windows\system32\drivers\AegisP.sys 2009-02-25 22:58 . 2007-06-27 01:58 3565568 ----a-w c:\windows\system32\drivers\ati2mtag.sys 2009-02-25 21:42 . 2009-02-25 21:42 442368 ----a-w c:\windows\system32\ATIDEMGX.dll 2009-02-25 21:41 . 2007-06-27 01:58 325120 ------w c:\windows\system32\ati2dvag.dll 2009-02-25 21:30 . 2009-02-25 21:30 11841536 ----a-w c:\windows\system32\atioglxx.dll 2009-02-25 21:30 . 2009-02-25 21:30 204800 ----a-w c:\windows\system32\atipdlxx.dll 2009-02-25 21:29 . 2009-02-25 21:29 155648 ----a-w c:\windows\system32\Oemdspif.dll 2009-02-25 21:29 . 2009-02-25 21:29 26112 ----a-w c:\windows\system32\Ati2mdxx.exe 2009-02-25 21:29 . 2009-02-25 21:29 43520 ----a-w c:\windows\system32\ati2edxx.dll 2009-02-25 21:29 . 2009-02-25 21:29 155648 ----a-w c:\windows\system32\ati2evxx.dll 2009-02-25 21:27 . 2009-02-25 21:27 602112 ----a-w c:\windows\system32\ati2evxx.exe 2009-02-25 21:26 . 2009-02-25 21:26 53248 ----a-w c:\windows\system32\ATIDDC.DLL 2009-02-25 21:16 . 2007-06-27 01:41 3817984 ------w c:\windows\system32\ati3duag.dll 2009-02-25 21:09 . 2009-02-25 21:09 307200 ----a-w c:\windows\system32\atiiiexx.dll 2009-02-25 20:59 . 2007-06-27 01:31 2670080 ------w c:\windows\system32\ativvaxx.dll 2009-02-25 20:58 . 2009-02-25 20:58 887724 ----a-w c:\windows\system32\ativva6x.dat 2009-02-25 20:58 . 2009-02-25 20:58 3107788 ----a-w c:\windows\system32\ativva5x.dat 2009-02-25 20:44 . 2009-02-25 20:44 49664 ----a-w c:\windows\system32\amdpcom32.dll 2009-02-25 20:40 . 2009-02-25 20:40 475136 ----a-w c:\windows\system32\atikvmag.dll 2009-02-25 20:38 . 2009-02-25 20:38 126976 ----a-w c:\windows\system32\atiadlxx.dll 2009-02-25 20:38 . 2009-02-25 20:38 17408 ----a-w c:\windows\system32\atitvo32.dll 2009-02-25 20:37 . 2009-02-25 20:37 53248 ----a-w c:\windows\system32\drivers\ati2erec.dll 2009-02-25 20:35 . 2009-02-25 20:35 290816 ----a-w c:\windows\system32\atiok3x2.dll 2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalrt.dll 2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalcl.dll 2009-02-25 20:32 . 2007-06-27 01:10 626688 ------w c:\windows\system32\ati2cqag.dll 2009-02-25 20:30 . 2009-02-25 20:30 3227648 ----a-w c:\windows\system32\aticaldd.dll 2009-02-20 18:09 . 2004-08-10 19:00 78336 ----a-w c:\windows\system32\ieencode.dll 2009-02-19 12:03 . 2009-02-19 12:03 579464 ----a-w c:\windows\system32\SymNeti.dll 2009-02-19 12:03 . 2009-02-19 12:03 207240 ----a-w c:\windows\system32\SymRedir.dll 2009-02-19 11:31 . 2008-02-06 21:43 31280 ----a-w c:\windows\system32\drivers\SymIM.sys 2009-02-19 11:31 . 2009-02-19 11:31 41008 ----a-w c:\windows\system32\drivers\symndisv.sys 2009-02-19 11:31 . 2009-02-19 11:31 96560 ----a-w c:\windows\system32\drivers\symfw.sys 2009-02-19 11:31 . 2009-02-19 11:31 38576 ----a-w c:\windows\system32\drivers\symids.sys 2009-02-19 11:31 . 2009-02-19 11:31 37424 ----a-w c:\windows\system32\drivers\symndis.sys 2009-02-19 11:31 . 2009-02-19 11:31 22320 ----a-w c:\windows\system32\drivers\symredrv.sys 2009-02-19 11:31 . 2009-02-19 11:31 184496 ----a-w c:\windows\system32\drivers\symtdi.sys 2009-02-19 11:31 . 2009-02-19 11:31 13616 ----a-w c:\windows\system32\drivers\symdns.sys . ------- Sigcheck ------- [-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys [7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\TCPIP.SYS [-] 2008-11-18 18:22 361600 D24EA301E2B36C4E975FD216CA85D8E7 c:\windows\system32\dllcache\TCPIP.SYS [-] 2008-11-18 18:22 361600 D24EA301E2B36C4E975FD216CA85D8E7 c:\windows\system32\drivers\TCPIP.SYS . ((((((((((((((((((((((((((((( SnapShot@2009-05-16_00.39.14 ))))))))))))))))))))))))))))))))))))))))) . + 2009-05-16 15:05 . 2009-05-16 15:05 16384 c:\windows\Temp\Perflib_Perfdata_98c.dat + 2009-05-16 15:05 . 2009-05-16 15:05 16384 c:\windows\Temp\Perflib_Perfdata_478.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048] "osCheck"="d:\program files\Norton\osCheck.exe" [2008-02-26 988512] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-10-30 16269312] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304] "Resume copy"="copyfstq.exe" - c:\windows\COPYFSTQ.EXE [2002-03-24 46080] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-07-19 439568] c:\documents and settings\Daniel\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - d:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-10-24 3581680] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - d:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-24 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 ----a-w c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-16 19:35 87352 ----a-w c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /p \??\N:\0autocheck autochk * [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\uTorrent\\utorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\lxdxcoms.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxtime.exe"= "c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxjswx.exe"= "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxwbgw.exe"= "c:\\Program Files\\Lexmark 3600-4600 Series\\Diagnostics\\LXDXdiag.exe"= "c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxlscn.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "d:\\spill\\Burnout\\BurnoutLauncher.exe"= "d:\\spill\\Burnout\\BurnoutConfigTool.exe"= "d:\\spill\\Burnout\\BurnoutParadise.exe"= "d:\\Program Files\\River Past\\Video Cleaner Pro\\VideoCleaner.exe"= "d:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3587:TCP"= 3587:TCP:Windows Node-til-node-gruppering "3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [18.02.2008 21:37 149352] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [02.11.2008 19:16 47640] R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?] R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [29.10.2008 18:28 98984] R2 MSSQL$MAMUT;SQL Server (MAMUT);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24.11.2008 23:31 29263712] R2 TomTomHOMEService;TomTomHOMEService;d:\program files\TomTom HOME 2\TomTomHOMEService.exe [08.04.2009 12:38 92008] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [18.04.2009 22:45 101936] S2 LMIInfo;LogMeIn Kernel Information Provider;\??\d:\program files\LogMeIn\x86\RaInfo.sys --> d:\program files\LogMeIn\x86\RaInfo.sys [?] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [13.01.2008 04:32 23888] S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [01.11.2008 20:57 84608] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25.01.2007 19:31 42000] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [07.01.2009 18:14 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [07.01.2009 18:14 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [07.01.2009 18:14 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [07.01.2009 18:14 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [07.01.2009 18:14 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [07.01.2009 18:14 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [07.01.2009 18:14 115752] S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [07.01.2009 18:14 90536] S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [07.01.2009 18:14 15016] S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [07.01.2009 18:14 122152] S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [07.01.2009 18:14 115496] S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [07.01.2009 18:14 25768] S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [07.01.2009 18:14 111912] S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [07.01.2009 18:14 117672] S4 LMIRfsClientNP;LMIRfsClientNP; [x] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - COMHOST [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-05-16 c:\windows\Tasks\1-Click Maintenance.job - d:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-16 07:09] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.nettby.no/ uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&ksporter til Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 Trusted Zone: buypass.no Trusted Zone: headit.no Trusted Zone: norsk-tipping.no Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - d:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-16 19:19 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-1715567821-2025429265-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C147CCC0-AAEB-E078-88DE-CD29057F9AE6}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-1715567821-2025429265-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:cb,0b,35,b0,9b,21,60,9b,1b,b9,23,4c,14,55,71,ea,cb,b6,bf,9a,67, 9a,c9,53,80,ed,7b,bd,9d,8a,0d,90,5d,92,7e,28,d1,4c,9e,00,b3,cc,c0,57,12,cf,\ "rkeysecu"=hex:9e,8c,84,43,43,f6,77,17,02,4b,fe,30,ee,25,dc,93 . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(1592) c:\windows\system32\Ati2evxx.dll c:\program files\common files\logitech\bluetooth\LBTWlgn.dll c:\windows\system32\LMIinit.dll c:\program files\common files\logitech\bluetooth\LBTServ.dll c:\windows\system32\LMIRfsClientNP.dll - - - - - - - > 'explorer.exe'(3616) d:\program files\Stardock\ObjectDock\DockShellHook.dll d:\program files\Logitech\SetPoint\lgscroll.dll c:\program files\Windows Media Player\wmpband.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Tidspunkt ferdig: 2009-05-16 19:20 ComboFix-quarantined-files.txt 2009-05-16 17:20 ComboFix2.txt 2009-05-16 17:00 ComboFix3.txt 2009-05-16 00:40 Pre-Run: 35 290 128 384 bytes free Post-Run: 35 267 932 160 byte ledig Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 294 --- E O F --- 2009-05-13 23:14 Endret 17. mai 2009 av denix89 Lenke til kommentar
denix89 Skrevet 18. mai 2009 Forfatter Rapporter Del Skrevet 18. mai 2009 (endret) hvordan var den siste loggen. var den ok? Endret 18. mai 2009 av denix89 Lenke til kommentar
snippsat Skrevet 18. mai 2009 Rapporter Del Skrevet 18. mai 2009 Ja loggen er fin. Følg rutiner post 7. Lenke til kommentar
denix89 Skrevet 18. mai 2009 Forfatter Rapporter Del Skrevet 18. mai 2009 det var jo det jeg gjorde... Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå