Gå til innhold

Noen som kan se på disse loggene? Combofix, HJT, MBAM

Rage

Av Rage
i IKT-drift og sikkerhet

Anbefalte innlegg

Rage

Rage

Skrevet
Skrevet

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:56, on 2008-11-11

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Symantec AntiVirus\SavRoam.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Symantec AntiVirus\Rtvscan.exe

C:\Programfiler\ZumieSearch\zumie.exe

C:\Programfiler\ZumieSearch\zumie.exe

C:\Programfiler\Apoint2K\Apoint.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\S3trayp.exe

C:\Programfiler\Apoint2K\Apntex.exe

C:\Programfiler\Hotkey 1.0.4\FuncKey.exe

C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe

C:\Programfiler\Dell Photo AIO Printer 922\dlbtbmgr.exe

C:\Programfiler\Dell Photo AIO Printer 922\dlbtbmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programfiler\Logitech\SetPoint\SetPoint.exe

C:\Programfiler\Fellesfiler\Logishrd\KHAL2\KHALMNPR.EXE

C:\WINDOWS\explorer.exe

C:\Programfiler\Internet Explorer\IEXPLORE.EXE

C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll

O4 - HKLM\..\Run: [Apoint] C:\Programfiler\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [FuncKey] "C:\Programfiler\Hotkey 1.0.4\FuncKey.exe"

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programfiler\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Programfiler\Dell Photo AIO Printer 922\dlbtbmgr.exe"

O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')

O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Opprett mobil favoritt... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Programfiler\SmartShopper\Bin\2.5.0\SmrtShpr.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://companyweb

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://vitaelab-sbs/connectcomputer/nshelp.dll

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Vitaelab.local

O17 - HKLM\Software\..\Telephony: DomainName = Vitaelab.local

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Vitaelab.local

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Vitaelab.local

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programfiler\Symantec AntiVirus\DefWatch.exe

O23 - Service: dkab_device - - C:\WINDOWS\system32\DKabcoms.exe

O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programfiler\Fellesfiler\Logitech\Bluetooth\LBTServ.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programfiler\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programfiler\Symantec AntiVirus\Rtvscan.exe

O23 - Service: ZumieSearch Service - Zumie.com - C:\Programfiler\ZumieSearch\zumie.exe

 

--

End of file - 7599 bytes

 

 

 

_____________________________________

 

 

 

 

 

ComboFix 08-11-10.01 - xxx 2008-11-11 9:49:31.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.360 [GMT 1:00]

Running from: c:\documents and settings\xxx\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr1.dat

 

----- BITS: Possible infected sites -----

 

hxxp://vitaelab-sbs:8530

.

((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 )))))))))))))))))))))))))))))))

.

 

2008-11-11 09:31 . 2008-11-11 09:31 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware

2008-11-11 09:31 . 2008-11-11 09:31 <DIR> d-------- c:\documents and settings\xxx\Programdata\Malwarebytes

2008-11-11 09:31 . 2008-11-11 09:31 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes

2008-11-11 09:31 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-11 09:31 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-11 09:26 . 2008-11-11 09:26 <DIR> d-------- c:\programfiler\CCleaner

2008-11-11 09:21 . 2008-11-11 09:21 <DIR> d-------- c:\documents and settings\xxx\Programdata\SmartShopper

2008-11-11 09:21 . 2008-11-11 09:21 <DIR> d-------- c:\documents and settings\xxx\Programdata\Logitech

2008-11-11 09:19 . 2007-06-13 02:34 <DIR> dr------- c:\documents and settings\xxx\Start-meny

2008-11-11 09:19 . 2007-06-13 02:34 <DIR> d--h----- c:\documents and settings\xxx\Skrivere

2008-11-11 09:19 . 2008-11-11 09:47 <DIR> d-------- c:\documents and settings\xxx\Skrivebord

2008-11-11 09:19 . <DIR> c:\documents and settings\xxxx\Siste

2008-11-11 09:19 . 2008-11-11 09:31 <DIR> dr-h----- c:\documents and settings\xxx\Programdata

2008-11-11 09:19 . 2007-06-13 02:34 <DIR> d--h----- c:\documents and settings\xxx\Maler

2008-11-11 09:19 . 2008-11-11 09:51 <DIR> d--h----- c:\documents and settings\xxx\Lokale innstillinger

2008-11-11 09:19 . 2008-11-11 09:20 <DIR> dr------- c:\documents and settings\xxxx\Favoritter

2008-11-11 09:19 . 2008-11-11 09:20 <DIR> d--h----- c:\documents and settings\xxx\AndrMask

2008-11-11 09:19 . 2008-11-11 09:19 <DIR> d-------- c:\documents and settings\xxx

2008-10-23 18:48 . 2008-10-15 17:38 337,408 --------- c:\windows\system32\dllcache\netapi32.dll

2008-10-22 11:20 . 2008-10-22 11:20 <DIR> d-------- c:\programfiler\ZumieSearch

2008-10-14 19:20 . 2008-08-14 14:27 2,190,976 --------- c:\windows\system32\dllcache\ntoskrnl.exe

2008-10-14 19:20 . 2008-08-14 14:27 2,147,328 --------- c:\windows\system32\dllcache\ntkrnlmp.exe

2008-10-14 19:20 . 2008-08-14 14:27 2,067,840 --------- c:\windows\system32\dllcache\ntkrnlpa.exe

2008-10-14 19:20 . 2008-08-14 14:27 2,025,984 --------- c:\windows\system32\dllcache\ntkrpamp.exe

2008-10-14 19:20 . 2008-09-15 16:29 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys

2008-10-14 19:20 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-11 08:19 --------- d-----w c:\programfiler\Symantec AntiVirus

2008-11-10 17:09 --------- d-----w c:\programfiler\WeFi

2008-11-10 16:47 --------- d-----w c:\documents and settings\admin\Programdata\SmartShopper

2008-10-15 01:04 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help

2008-10-03 17:31 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll

2008-09-24 13:39 --------- d-----w c:\documents and settings\admin\Programdata\vlc

2008-09-24 13:35 --------- d-----w c:\programfiler\VideoLAN

2008-09-24 13:34 --------- d-----w c:\programfiler\SmartShopper

2008-09-15 15:29 1,846,400 ----a-w c:\windows\system32\win32k.sys

2008-08-27 13:00 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll

2008-08-25 08:41 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe

2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe

2008-08-23 05:56 635,848 ----a-w c:\windows\system32\dllcache\iexplore.exe

2008-08-23 05:54 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll

2008-08-14 13:27 2,147,328 ----a-w c:\windows\system32\ntoskrnl.exe

2008-08-14 13:27 2,025,984 ----a-w c:\windows\system32\ntkrnlpa.exe

2008-08-14 10:04 138,496 ------w c:\windows\system32\dllcache\afd.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\programfiler\Apoint2K\Apoint.exe" [2005-04-16 172032]

"FuncKey"="c:\programfiler\Hotkey 1.0.4\FuncKey.exe" [2006-07-27 122880]

"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]

"ccApp"="c:\programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2006-11-21 52840]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-14 125632]

"GrooveMonitor"="c:\programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"Dell Photo AIO Printer 922"="c:\programfiler\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-11-10 290816]

"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632]

"VTTimer"="VTTimer.exe" [2006-08-03 c:\windows\system32\VTTimer.exe]

"S3Trayp"="S3trayp.exe" [2006-07-11 c:\windows\system32\S3Trayp.exe]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]

"TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-18 2247]

 

c:\documents and settings\admin\Start-meny\Programmer\Oppstart\

OneNote 2007 Screen Clipper og Launcher.lnk - c:\programfiler\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

 

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\

Hurtigstart for Adobe Reader.lnk - c:\programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

Logitech SetPoint.lnk - c:\programfiler\Logitech\SetPoint\SetPoint.exe [2008-07-28 805392]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoWelcomeScreen"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"DisablePersonalDirChange"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 01:42 72208 c:\programfiler\Fellesfiler\Logitech\Bluetooth\LBTWLgn.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\DKabcoms.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\programfiler\Microsoft ActiveSync\rapimgr.exe"= c:\programfiler\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\programfiler\Microsoft ActiveSync\wcescomm.exe"= c:\programfiler\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\programfiler\Microsoft ActiveSync\WCESMgr.exe"= c:\programfiler\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

 

R2 ZumieSearch Service;ZumieSearch Service;c:\programfiler\ZumieSearch\zumie.exe c:\programfiler\ZumieSearch\zumie.dll Service [ ]

R3 S3GIGP;S3GIGP;c:\windows\system32\DRIVERS\S3gIGPm.sys [2006-09-12 659456]

S3 dkab_device;dkab_device;c:\windows\system32\DKabcoms.exe [2006-10-21 508824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

 

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

.

------- Supplementary Scan -------

.

O8 -: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 -: {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - {BCEB373D-A35A-4200-BD43-8586CD9DFAE7} - c:\programfiler\SmartShopper\Bin\2.5.0\SmrtShpr.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-11 09:51:59

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-11-11 9:52:47

ComboFix-quarantined-files.txt 2008-11-11 08:52:43

 

Pre-Run: 104 271 753 216 byte ledig

Post-Run: 104,618,942,464 byte ledig

 

141 --- E O F --- 2008-10-29 16:44:39

 

 

 

 

__________________________

 

 

 

Malwarebytes' Anti-Malware 1.30

Database versjon: 1382

Windows 5.1.2600 Service Pack 3

 

11.11.2008 09:38:27

mbam-log-2008-11-11 (09-38-27).txt

 

Skanntype: Rask Skann

Objekter skannet: 64672

Tid tilbakelagt: 4 minute(s), 51 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

(Ingen mistenkelige filer funnet)

 

 

 

Takker for all hjelp :)

Lenke til kommentar

Videoannonse

Videoannonse
Annonse
r2d290

r2d290

Skrevet
Skrevet

Hallo

 

Kjenner du innholdet i c:\programfiler\ZumieSearch ?

 

Start HijackThis

Velg: Do a systemscan only

 

Sett en hake i boksene foran disse linjene:

 

O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Programfiler\SmartShopper\Bin\2.5.0\SmrtShpr.dll

Avslutt alle vinduer (utenom HijackThis) og nettlesere (også dette du leser fra), og trykk Fix checked.

Merk: Hvis du blir spurt om å bekrefte å fikse en linje, bekrefter du dette.

 

 

Deretter avslutter du HijackThis, restarter maskinen, og lager en ny logg:

Start HijackThis

Velg: Do a systemscan, and save a logfile

 

Post denne loggen i din neste post.

Fortell deretter hvordan maskinen din fungerer (hadde du noen problemer, og er de eventuelt fikset?)

Lenke til kommentar
r2d290

r2d290

Skrevet
Skrevet

Trykk Start - Alle Programmer - Tilbehør - Notisblokk

 

Kopier og Lim inn teksten i kodeboksen nedenfor, inn i Notisblokken:

 

File::
[Direkte adresse til en fil]

Driver::
ZumieSearch Service

 

Lagre det som CFScriptSkrivebordet

 

Dra CFScript over ComboFix.exe som ligger på Skrivebordet, slik animasjonen nedenfor viser.

 

CFScriptB-4.gif

 

Dette vil starte ComboFix igjen. Hvis maskinen ber om en omstart, lar du den gjøre det med én gang.

 

Post innholdet til ComboFix.txt inn i ditt neste svar på forumet, sammen med en ny HijackThis-logg

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste
×
×
  • Opprett ny...