Just nu i M3-nätverket
Gå till innehåll

norcomp

Medlem
  • Antal inlägg

    200
  • Gick med

  • Senaste besök

Om norcomp

  • Medlemstitel
    Aktiv
  • Födelsedag 1974-06-16

Profil

  • Ort
    ENSKEDE GÅRD
  1. Det är en gammal laptop så det kan troligtvis vara en gammal företagsdator men det lutar nu åt en ominstallation
  2. En polares dator spökar och ger en massa felmeddelanden så jag tippar på att den blivit infekterad, något som kan utläsas av denna logg ? [log]Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 08:18:31, on 2011-05-27 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\Program\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\Program\Java\jre6\bin\jqs.exe c:\Program\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Program\Microsoft Security Client\msseces.exe C:\Program\Delade filer\Java\Java Update\jusched.exe C:\Program\Delade filer\Symantec Shared\ccApp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Symantec\Symantec Endpoint Protection\Smc.exe C:\Program\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\WINDOWS\system32\wuauclt.exe C:\Program\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\dwwin.exe C:\WINDOWS\system32\msfeedssync.exe C:\Program\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\dwwin.exe C:\WINDOWS\system32\dwwin.exe C:\WINDOWS\system32\msiexec.exe C:\Program\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &smartONE Band - {2DBBF1F5-B7C5-11D9-9E22-00C04F8EEA6B} - C:\WINDOWS\system32\smart.dll O4 - HKLM\..\Run: [MSC] "c:\Program\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program\Delade filer\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program\Delade filer\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Google Sidewiki... - res://C:\Program\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O16 - DPF: {570FC26E-DBF8-46A0-90B1-8B24113F6691} (Hybrid WebView) - http://192.168.0.20:81/NVSWebAll.cab O16 - DPF: {AFCBAA8B-7800-4F42-8F97-1C2AC1B6E7FE} (NSActiveX Control) - http://192.168.0.32/install.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program\Symantec\Symantec Endpoint Protection\Smc.exe O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- End of file - 5140 bytes [/log]
  3. Har provat alla möjliga kombinationer och får det inte att fungera jag hinner ju se vad som händer i kommandotolken innan den stängs, och felet ligger redan där
  4. Nej det blir skräp av det också "Testmeddelande Õõ÷ +-Í"
  5. öppnar jag den sparade filen i ex. notepad så ser åäö rätt ut men så fort jag kör filen så blir det fel
  6. Nej den gubben gick inte heller, det blir "Testmeddelande +Ñ+ñ+Â +à+ä+û" det måste ju vara någon inställning på servern eller nått ? men jag har inga teckenproblem för övrigt
  7. Mina kunskaper räckte inte längre än till textfilen =) jag är öppen för andra förslag Edit: CodePage 65001 fungerade inte blir bara blankt där åäö borde vara i texten Edit2: Glömde spara om filen som UTF-8, men då blir i stället åäö ÅÄÖ = +Ñ+ñ+Â +à+ä+û
  8. Lajjar lite med en specialare upptäckte att man kan skicka SMS med Telia´s programvara i datorn och tänkte implementera detta i vårt företags intranät jag genererar en .cmd fil för att skapa ett nytt sms, men får problem med åäö åäö ÅÄÖ blir i stället Õõ÷ +-Í <% Response.Buffer = False Dim fileName fileName = "sms.cmd" Response.ContentType = "text/plain" Response.AddHeader "content-disposition", "attachment; filename=""" & fileName & """" Response.Write "c:\program\sms\mw.exe -newsms -number 0701234567 -text ""Testmeddelande åäö ÅÄÖ""" Response.End %>
  9. Win 2003, har för mig att man skall kunna köra 2st fjärrskrivbord samt 1 inloggning på servern samtidigt jag får bara till ett fjärrskrivbord, sedan får jag meddelandet ""det högsta antalet tillåtna anslutningar har överskridits""
  10. Nej .tmp-filen verkar inte finnas kvar Körde Combofix igen och nu krachade maskinen får blåskärm under någon sekund vid uppstart, men hinner bara läsa IRQ not less or equal tror jag blåser maskinen, tack för all hjälp
  11. Denna fil går ej att hitta c:\windows\60E273EC113E4E289F315E3951D3B059.TMP Gmer [log]GMER 1.0.15.15163 - http://www.gmer.net Rootkit scan 2009-11-10 11:47:47 Windows 5.1.2600 Service Pack 3 Running: gmer.exe; Driver: C:\DOCUME~1\xxx~1\LOKALA~1\Temp\pwtdrpog.sys ---- Kernel code sections - GMER 1.0.15 ---- ? Combo-Fix.sys Det går inte att hitta filen. ! ? C:\ComboFix\catchme.sys Det går inte att hitta sökvägen. ! ? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Det går inte att hitta filen. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Palm\HOTSYNC.EXE[2520] MSVCRT.dll!??2@YAPAXI@Z 77C19CC5 5 Bytes JMP 0A93C080 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Palm\HOTSYNC.EXE[2520] MSVCRT.dll!??3@YAXPAX@Z 77C19CDD 5 Bytes JMP 0A93C0E0 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Palm\HOTSYNC.EXE[2520] MSVCRT.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 77C19D9F 5 Bytes JMP 0A93C110 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Palm\HOTSYNC.EXE[2520] MSVCRT.dll!_aligned_offset_malloc 77C19DAF 5 Bytes JMP 0A93BFE0 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Palm\HOTSYNC.EXE[2520] MSVCRT.dll!_aligned_free 77C19E33 5 Bytes JMP 0A93C0E0 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Palm\HOTSYNC.EXE[2520] MSVCRT.dll!_aligned_malloc 77C19E52 5 Bytes JMP 0A93BFC0 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Palm\HOTSYNC.EXE[2520] MSVCRT.dll!_aligned_offset_realloc 77C19E6E 5 Bytes JMP 0A93C020 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Palm\HOTSYNC.EXE[2520] MSVCRT.dll!_aligned_realloc 77C19FC6 5 Bytes JMP 0A93C000 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Palm\HOTSYNC.EXE[2520] MSVCRT.dll!_expand 77C19FE5 5 Bytes JMP 0A93BFA0 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Palm\HOTSYNC.EXE[2520] MSVCRT.dll!_heapadd 77C1BC9F 5 Bytes JMP 0A93C160 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Palm\HOTSYNC.EXE[2520] MSVCRT.dll!_heapchk 77C1BCB3 5 Bytes JMP 0A93C170 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Palm\HOTSYNC.EXE[2520] MSVCRT.dll!_heapset + 1 77C1BD83 4 Bytes JMP 0A93C191 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Palm\HOTSYNC.EXE[2520] MSVCRT.dll!_heapmin 77C1BD8C 5 Bytes JMP 0A93C260 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Palm\HOTSYNC.EXE[2520] MSVCRT.dll!_heapused 77C1BE3A 5 Bytes JMP 0A93C230 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Palm\HOTSYNC.EXE[2520] MSVCRT.dll!_heapwalk 77C1BE4D 5 Bytes JMP 0A93C1A0 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Palm\HOTSYNC.EXE[2520] MSVCRT.dll!_msize 77C1BF6C 5 Bytes JMP 0A93BEB0 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Palm\HOTSYNC.EXE[2520] MSVCRT.dll!calloc 77C1C0C3 5 Bytes JMP 0A93BE50 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Palm\HOTSYNC.EXE[2520] MSVCRT.dll!free 77C1C21B 5 Bytes JMP 0A93C0E0 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Palm\HOTSYNC.EXE[2520] MSVCRT.dll!malloc 77C1C407 5 Bytes JMP 0A93BE10 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) .text C:\Palm\HOTSYNC.EXE[2520] MSVCRT.dll!realloc 77C1C437 5 Bytes JMP 0A93BE90 C:\Palm\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbhub \Device\00000084 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbhub \Device\00000086 hcmon.sys (VMware USB monitor/VMware, Inc.) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbehci \Device\USBFDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- [/log] smartONE är ett program från en leverantör
  12. Båda filerna OK c:\windows\system32\smartONEBand.dll c:\windows\system32\ijl11.dll Win32kDiag.txt [log]Running from: C:\Documents and Settings\xxx\Skrivbord\Win32kDiag.exe Log file at : C:\Documents and Settings\xxx\Skrivbord\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Finished![/log]
  13. Får återuppta detta på måndag för nu är det helg och då har man ju roligare saker för sig =)
  14. Här kommer loggen av någon anledning kan jah inte redigera inlägg, så loggen försvann [log]ComboFix 09-11-05.05 - xxx 2009-11-06 13:32.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.46.1053.18.502.225 [GMT 1:00] Körs från: c:\documents and settings\xxx\Skrivbord\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} VARNINIG -ÅTERSTÄLLNINGSKONSOLEN (THE RECOVERY CONSOLE) ÄR INTE INSTALLERAD PÅ DEN HÄR DATORN !! . ((((((((((((((((((((((((((((((((((((((( Andra raderingar )))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf c:\recycler\S-1-5-21-1547161642-484763869-1060284298-500 c:\recycler\S-1-5-21-3056102028-2368310092-1199321288-500 c:\recycler\S-1-5-21-3097525236-4150742305-1179169533-500 c:\recycler\S-1-5-21-3840141043-1404827908-3558602882-500 c:\windows\system32\Ijl11.dll c:\windows\system32\pagefileconfig.vbs D:\Autorun.inf . (((((((((((((((((((((((( Filer Skapade från 2009-10-06 till 2009-11-06 )))))))))))))))))))))))))))))) . 2009-11-06 11:01 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-06 11:01 . 2009-11-06 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-06 11:01 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-06 11:01 . 2009-11-06 11:01 -------- d-----w- c:\program\Malwarebytes' Anti-Malware 2009-11-06 07:54 . 2009-11-06 07:54 -------- d-----w- c:\program\Trend Micro 2009-11-03 07:25 . 2009-10-06 14:59 3510552 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe 2009-11-03 07:18 . 2009-11-03 07:18 -------- d-----w- c:\windows\ShellNew 2009-10-22 11:19 . 2009-11-06 08:19 -------- d-----w- C:\$AVG8.VAULT$ 2009-10-22 11:13 . 2009-10-22 11:13 2025752 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe 2009-10-22 11:13 . 2009-10-06 14:59 2064152 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll 2009-10-21 14:27 . 2009-08-29 08:00 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-10-21 14:27 . 2009-08-29 08:00 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-10-14 12:09 . 2009-07-25 03:23 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-13 07:39 . 2009-10-21 14:43 -------- d-----w- c:\windows\ie8updates 2009-10-13 07:39 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-10-13 07:35 . 2009-10-13 07:38 -------- dc-h--w- c:\windows\ie8 2009-10-12 08:36 . 2009-10-12 08:36 -------- d-----w- c:\windows\system32\XPSViewer 2009-10-12 08:36 . 2009-10-12 08:36 -------- d-----w- c:\program\MSBuild 2009-10-12 08:35 . 2009-10-12 08:35 -------- d-----w- c:\program\Reference Assemblies 2009-10-12 08:35 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-10-12 08:35 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-10-12 08:35 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-10-12 08:35 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-10-12 08:35 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-10-12 08:35 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-10-12 08:35 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-10-12 08:35 . 2009-10-12 08:35 -------- d-----w- C:\94c678f41404dd8802b9bc839a 2009-10-12 08:16 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-10-12 08:15 . 2009-07-10 13:31 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-10-12 08:10 . 2009-06-22 06:48 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll 2009-10-12 08:09 . 2009-10-06 14:59 1142552 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-06 12:44 . 2009-11-06 12:44 0 ----a-w- c:\windows\system32\ijl11.dll 2009-11-06 12:40 . 2009-03-26 11:23 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware 2009-11-06 12:40 . 2009-03-26 11:21 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware 2009-11-03 09:51 . 2007-12-14 09:39 -------- d-----w- c:\program\Delade filer\Adobe 2009-10-29 14:16 . 2006-06-01 16:46 493366 ----a-w- c:\windows\system32\perfh01D.dat 2009-10-29 14:16 . 2006-06-01 16:46 103654 ----a-w- c:\windows\system32\perfc01D.dat 2009-10-21 14:33 . 2007-12-14 09:14 -------- d-----w- c:\program\Java 2009-10-08 13:49 . 2006-06-02 09:50 -------- d--h--w- c:\program\InstallShield Installation Information 2009-10-06 15:00 . 2009-10-06 15:00 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-10-06 15:00 . 2009-10-06 15:00 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-10-06 15:00 . 2009-10-06 15:00 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-10-06 15:00 . 2009-10-06 15:00 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-10-06 14:59 . 2009-10-06 14:59 -------- d-----w- c:\program\AVG 2009-10-06 14:59 . 2009-10-06 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-10-06 13:31 . 2006-06-01 14:59 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-09-11 14:19 . 2006-06-01 16:45 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 21:05 . 2006-06-01 16:45 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 08:00 . 2006-06-01 16:45 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-26 08:02 . 2006-06-01 16:46 247326 ----a-w- c:\windows\system32\strmdll.dll . (((((((((((((((((((((((((((((((((( Startpunkter i registret ))))))))))))))))))))))))))))))))))))))))))))))) . . *Not* Tomma poster & legitima standardposter visas inte. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{2DBBF1F5-B7C5-11D9-9E22-00C04F8EEA6B}"= "c:\windows\system32\smartONEBand.dll" [2006-04-06 499200] [HKEY_CLASSES_ROOT\clsid\{2dbbf1f5-b7c5-11d9-9e22-00c04f8eea6b}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-06-02 114688] "VMware hqtray"="c:\program\VMware\VMware Player\hqtray.exe" [2008-10-28 64048] "AVG8_TRAY"="c:\program\AVG\AVG8\avgtray.exe" [2009-11-03 2028312] "SunJavaUpdateSched"="c:\program\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "Adobe Reader Speed Launcher"="c:\program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "Malwarebytes Anti-Malware (reboot)"="c:\program\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "combofix"="c:\combofix\CF9752.exe" [2009-11-06 391168] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2006-06-02 87751] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\xxx\Start-meny\Program\AutostartHotSync Manager.lnk - c:\palm\HOTSYNC.EXE [2004-4-13 299008] Tj„nst hanteraren.lnk - c:\program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308] c:\documents and settings\All Users\Start-meny\Program\AutostartMicrosoft Office.lnk - c:\program\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-10-06 15:00 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Program^Autostart^PWserver.lnk] path=c:\documents and settings\All Users\Start-meny\Program\Autostart\PWserver.lnk backup=c:\windows\pss\PWserver.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SQLSERVERAGENT"=3 (0x3) "MSSQLSERVER"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program\\VMware\\VMware Player\\vmware-authd.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program\\AVG\\AVG8\\avgemc.exe"= "c:\\Program\\AVG\\AVG8\\avgupd.exe"= "c:\\Program\\AVG\\AVG8\\avgnsx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3080:TCP"= 3080:TCP:xxx R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-06 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-06 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\program\AVG\AVG8\avgemc.exe [2009-10-06 908056] R2 avg8wd;AVG Free8 WatchDog;c:\program\AVG\AVG8\avgwdsvc.exe [2009-10-06 297752] R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2008-10-28 54960] S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [2006-06-01 69692] --- Övriga tjänster/drivrutiner i minnet --- *NewlyCreated* - MBR *Deregistered* - mbr . . ------- Extra genomsökning ------- . uStart Page = hxxp://www.smalandsborsen.se/ LSP: c:\program\VMware\VMware Player\vsocklib.dll TCP: {8D294097-9C84-4CC9-A2ED-3036A820DFAF} = 217.13.225.101,217.13.225.121 FF - ProfilePath - c:\documents and settings\xxx\Application Data\Mozilla\Firefox\Profiles\rmt0urxj.defaultFF - component: c:\program\AVG\AVG8\Firefox\components\avgssff.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension ---- FIREFOX POLICY ---- c:\program\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se"); . - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - - HKLM-RunOnce-<NO NAME> - (no file) HKLM-RunOnce-Option2 - (no file) HKLM-RunOnce-Option5 - (no file) HKLM-RunOnce-Option3 - (no file) HKLM-RunOnce-Option1 - (no file) HKLM-RunOnce-Option4 - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-06 13:42 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\60E273EC113E4E289F315E3951D3B059.TMP c:\windows\system32\ijl11.dll 180224 bytes executable scan completed successfully hidden files: 2 ************************************************************************** . ------------------------ Andra processer som körs ------------------------ . c:\program\Java\jre6\bin\jqs.exe c:\windows\system32\vmnat.exe c:\windows\system32\vmnetdhcp.exe c:\program\VMware\VMware Player\vmware-authd.exe c:\program\AVG\AVG8\avgrsx.exe c:\program\AVG\AVG8\avgnsx.exe c:\program\AVG\AVG8\avgcsrvx.exe c:\windows\system32\msiexec.exe . ************************************************************************** . Sluttid: 2009-11-06 13:48 - datorn startades om. ComboFix-quarantined-files.txt 2009-11-06 12:48 Före genomsökningen: 41 795 694 592 byte ledigt Efter genomsökningen: 42 072 129 536 byte ledigt - - End Of File - - 5CBA18FAE782016B561803C11FCF6472 [/log]
×
×
  • Skapa nytt...