[LØST] PCn infisert av Zlob.downloader

[454BigBlock]

Hei - jeg er ny på forumet og har problem med Zlob.downloader... Håper noen kan hjelpe meg med å bli kvitt dette fxxskapet!

 

Jeg har Norton antivirus "alltid" oppdatert, kjører så ofte jeg husker det (Øyensynlig ikke ofte nok... ) både CCleaner og Spybot SD... Men har allikevel problemer....

 

Før jeg havnet her inne "saumfarte" jeg googlelinker uten å bli klok på gitte fremgangsmåter jeg fant... Er ikke akkurat noe data-vidunder når det kommer til lange, intrikate forklaringer på hva som må/bør/kan gjøres på velmenende sider.... Er visst litt teoretiskteknisk handicappet tror jeg...

 

Har fulgt fremgangsmåten til Norbat med unntak av at jeg kjørte MBAM to ganger. Dette fordi brannmuren i Norton hindret oppdateringer av programmet første gangen, men etter omstart gikk det greit og da skannet jeg på nytt.

 

Loggfiler som angitt:

MBAM før oppdatering:

 

Malwarebytes' Anti-Malware 1.30

Database versjon: 1306

Windows 5.1.2600 Service Pack 3

 

11.11.2008 19:59:08

mbam-log-2008-11-11 (19-59-08).txt

 

Skanntype: Rask Skann

Objekter skannet: 89764

Tid tilbakelagt: 27 minute(s), 16 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 14

Registerverdier infisert: 1

Registerfiler infisert: 4

Mapper infisert: 3

Filer infisert: 11

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

 

Registerfiler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

 

Mapper infisert:

C:\Documents and Settings\-LXXXX-\Application Data\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.

C:\Documents and Settings\-LXXXX-\Application Data\ErrorKiller\Log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.

C:\Documents and Settings\-LXXXX-\Application Data\ErrorKiller\Registry Backups (Rogue.ErrorKiller) -> Quarantined and deleted successfully.

 

Filer infisert:

C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.

C:\Documents and Settings\-Lipton-\Application Data\ErrorKiller\Errors.stg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.

C:\Documents and Settings\-Lipton-\Application Data\ErrorKiller\Results.stg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.

C:\Documents and Settings\-Lipton-\Application Data\ErrorKiller\Registry Backups\2007-05-25_13-11-01.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.

C:\Documents and Settings\-Lipton-\Application Data\ErrorKiller\Registry Backups\2007-05-25_13-11-30.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.

C:\Documents and Settings\-Lipton-\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\-Lipton-\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\-Lipton-\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\-Lipton-\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.

 

 

 

MBAM etter oppdatering:

 

Malwarebytes' Anti-Malware 1.30

Database versjon: 1383

Windows 5.1.2600 Service Pack 3

 

11.11.2008 20:37:02

mbam-log-2008-11-11 (20-37-02).txt

 

Skanntype: Rask Skann

Objekter skannet: 91160

Tid tilbakelagt: 25 minute(s), 34 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 3

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cfee97a3-4911-444d-8be8-e243a23d3de2} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

(Ingen mistenkelige filer funnet)

 

 

Combofixlog:

 

ComboFix 08-11-10.01 - -Lipton- 2008-11-11 20:43:31.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.91 [GMT 1:00]

Running from: c:\documents and settings\-LXXXX-\Desktop\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\Downloaded Program Files\setup.inf

c:\windows\system32\drivers\xoxomult.sys

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_BOONTY_GAMES

-------\Legacy_XOXOMULT

-------\Service_Boonty Games

-------\Service_xoxomult

 

 

((((((((((((((((((((((((( Files Created from 2008-10-11 to 2008-11-11 )))))))))))))))))))))))))))))))

.

 

2008-11-11 19:16 . 2008-11-11 19:16 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-11-11 19:16 . 2008-11-11 19:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2008-11-11 19:16 . 2008-11-11 19:16 <DIR> d-------- c:\documents and settings\-Lipton-\Application Data\Malwarebytes

2008-11-11 19:16 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-11 19:16 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-11 18:40 . 2008-11-11 18:40 <DIR> d-------- c:\program files\Trend Micro

2008-11-11 16:46 . 2008-11-11 16:51 <DIR> d-------- c:\program files\Windows Live Safety Center

2008-11-11 14:46 . 2008-11-11 14:46 <DIR> d-------- C:\Autoruns

2008-11-11 09:40 . 2008-11-11 09:40 <DIR> d-------- c:\program files\Common Files\Download Manager

2008-11-11 00:47 . 2008-11-11 20:37 <DIR> dr-h----- c:\documents and settings\-Lipton-\Recent

2008-11-08 17:13 . 2008-11-08 17:13 664 --a------ c:\windows\system32\d3d9caps.dat

2008-11-08 11:57 . 2008-05-26 19:05 <DIR> d-------- c:\documents and settings\Administrator.LXXXX\Application Data\Apple Computer

2008-11-08 11:57 . 2008-11-08 11:57 <DIR> d-------- c:\documents and settings\Administrator.LXXXX

2008-11-08 11:30 . 2008-11-08 11:30 <DIR> d-------- c:\temp\3fdf9

2008-10-31 10:25 . 2008-10-31 10:25 <DIR> d-------- c:\temp\42900

2008-10-30 09:24 . 2008-10-30 09:24 <DIR> d-------- c:\temp\3c6eb

2008-10-30 09:09 . 2008-11-11 20:54 16,852 --a------ c:\windows\system32\BMXStateBkp-{00000003-00000000-0000000A-00001102-00000002-80611102}.rfx

2008-10-30 09:09 . 2008-11-11 20:54 16,852 --a------ c:\windows\system32\BMXState-{00000003-00000000-0000000A-00001102-00000002-80611102}.rfx

2008-10-30 09:09 . 2008-11-11 20:54 24 --a------ c:\windows\system32\DVCStateBkp-{00000003-00000000-0000000A-00001102-00000002-80611102}.dat

2008-10-30 09:09 . 2008-11-11 20:54 24 --a------ c:\windows\system32\DVCState-{00000003-00000000-0000000A-00001102-00000002-80611102}.dat

2008-10-30 00:22 . 2008-10-30 00:22 29 --a------ c:\windows\system32\qisfafwi.tmp

2008-10-30 00:21 . 2008-10-30 00:21 176,128 --a------ c:\windows\AUJJRCPA.exe

2008-10-29 12:09 . 2008-10-29 12:27 3,375,174 --a------ c:\windows\{00000003-00000000-0000000A-00001102-00000002-80611102}.CDF

2008-10-29 12:07 . 2008-11-11 20:54 24,888 --a------ c:\windows\system32\BMXCtrlState-{00000003-00000000-0000000A-00001102-00000002-80611102}.rfx

2008-10-29 12:07 . 2008-11-11 20:54 24,888 --a------ c:\windows\system32\BMXBkpCtrlState-{00000003-00000000-0000000A-00001102-00000002-80611102}.rfx

2008-10-29 11:53 . 2000-05-11 01:00 90,112 --------- c:\windows\Updreg.EXE

2008-10-29 11:51 . 2002-02-27 19:03 4,072,118 --a------ c:\windows\CTDVAUDY.CDF

2008-10-29 11:51 . 2001-11-15 15:25 3,735,544 --a------ c:\windows\CTDV10K2.CDF

2008-10-29 11:51 . 2002-06-03 16:27 3,373,917 --a------ c:\windows\CTDV10K1.CDF

2008-10-29 11:51 . 1999-09-22 23:18 2,167,684 --a------ c:\windows\system32\CT2MGM.SF2

2008-10-29 11:51 . 2000-02-25 12:49 1,048,576 --a------ c:\windows\system32\CT1MGM.ROM

2008-10-29 11:51 . 2002-03-22 12:30 307,200 --a------ c:\windows\system32\CTDEVCON.DLL

2008-10-29 11:51 . 2002-03-22 12:16 110,592 --a------ c:\windows\system32\COMMONFX.DLL

2008-10-29 11:51 . 2001-08-17 22:36 98,304 --a--c--- c:\windows\system32\dllcache\a3d.dll

2008-10-29 11:51 . 2002-03-22 12:16 98,304 --a------ c:\windows\system32\CTASIO.DLL

2008-10-29 11:51 . 2002-03-22 12:15 94,208 --a------ c:\windows\system32\CTDPROXY.DLL

2008-10-29 11:51 . 2002-03-13 15:25 57,344 --a------ c:\windows\system32\CTAGENT.DLL

2008-10-29 11:51 . 2002-03-22 12:04 49,152 --a------ c:\windows\system32\a3d.dll

2008-10-29 11:51 . 2002-03-22 12:30 40,960 --a------ c:\windows\system32\Ac3api.dll

2008-10-29 11:49 . 2008-10-29 11:51 <DIR> d-------- c:\program files\Creative

2008-10-29 10:55 . 2008-10-29 10:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI

2008-10-29 10:55 . 2008-10-29 10:55 <DIR> d-------- c:\documents and settings\-LXXXXX-\Application Data\ATI

2008-10-29 10:52 . 2008-10-29 10:52 0 --a------ c:\windows\ativpsrm.bin

2008-10-29 10:42 . 2008-05-15 02:24 171,520 --a------ c:\windows\system32\drivers\atinavt2.sys

2008-10-29 10:42 . 2008-05-15 02:25 106,496 --a------ c:\windows\system32\atinppt2.ax

2008-10-29 10:42 . 2005-12-02 22:49 64,352 --a------ c:\windows\system32\drivers\ativmc01.cod

2008-10-29 10:41 . 2008-09-23 21:05 593,920 --------- c:\windows\system32\ati2sgag.exe

2008-10-24 07:21 . 2008-10-15 17:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

2008-10-15 17:41 . 2008-09-15 13:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys

2008-10-15 17:41 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys

2008-10-15 17:40 . 2008-08-14 11:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2008-10-15 17:40 . 2008-08-14 11:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2008-10-15 17:40 . 2008-08-14 10:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2008-10-15 17:40 . 2008-08-14 10:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-11 19:57 --------- d-----w c:\documents and settings\-LXXXXX-\Application Data\Tor

2008-11-11 19:52 --------- d-----w c:\program files\Common Files\Symantec Shared

2008-11-11 19:21 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec

2008-11-11 15:04 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2008-11-11 09:12 --------- d-----w c:\documents and settings\-LXXXXX-\Application Data\Vidalia

2008-11-11 06:41 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-11-10 19:25 --------- d-----w c:\program files\Spybot - Search & Destroy

2008-11-10 14:52 98,304 ----a-w c:\windows\DUMP4083.tmp

2008-11-10 14:45 98,304 ----a-w c:\windows\DUMP73b9.tmp

2008-11-08 11:25 --------- d-----w c:\program files\Norton Security Scan

2008-10-29 10:50 --------- d--h--w c:\program files\InstallShield Installation Information

2008-10-29 09:45 --------- d-----w c:\program files\ATI Technologies

2008-10-07 20:04 --------- d-----w c:\program files\iTunes

2008-10-07 20:04 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-07 20:03 --------- d-----w c:\program files\iPod

2008-10-01 11:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys

2008-10-01 08:00 --------- d-----w c:\documents and settings\-Lipton-\Application Data\Apple Computer

2008-09-24 03:09 3,331,072 ----a-w c:\windows\system32\drivers\ati2mtag.sys

2008-09-24 02:18 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll

2008-09-24 02:17 311,296 ----a-w c:\windows\system32\ati2dvag.dll

2008-09-24 02:09 10,772,480 ----a-w c:\windows\system32\atioglxx.dll

2008-09-24 02:07 188,416 ----a-w c:\windows\system32\atipdlxx.dll

2008-09-24 02:06 43,520 ----a-w c:\windows\system32\ati2edxx.dll

2008-09-24 02:06 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe

2008-09-24 02:06 143,360 ----a-w c:\windows\system32\Oemdspif.dll

2008-09-24 02:06 143,360 ----a-w c:\windows\system32\ati2evxx.dll

2008-09-24 02:04 581,632 ----a-w c:\windows\system32\ati2evxx.exe

2008-09-24 02:03 53,248 ----a-w c:\windows\system32\ATIDDC.DLL

2008-09-24 01:56 307,200 ----a-w c:\windows\system32\atiiiexx.dll

2008-09-24 01:54 4,008,864 ----a-w c:\windows\system32\ati3duag.dll

2008-09-24 01:38 2,399,744 ----a-w c:\windows\system32\ativvaxx.dll

2008-09-24 01:24 48,640 ----a-w c:\windows\system32\amdpcom32.dll

2008-09-24 01:20 380,928 ----a-w c:\windows\system32\atikvmag.dll

2008-09-24 01:19 39,424 ----a-w c:\windows\system32\atiadlxx.dll

2008-09-24 01:18 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll

2008-09-24 01:18 253,952 ----a-w c:\windows\system32\atiok3x2.dll

2008-09-24 01:18 17,408 ----a-w c:\windows\system32\atitvo32.dll

2008-09-24 01:12 573,440 ----a-w c:\windows\system32\ati2cqag.dll

2008-09-21 21:18 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion

2008-09-21 19:38 --------- d-----w c:\program files\Yahoo!

2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys

2008-09-13 22:43 --------- d-----w c:\program files\Bonjour

2008-09-13 22:42 --------- d-----w c:\program files\QuickTime

2008-09-13 22:41 --------- d-----w c:\program files\Common Files\Apple

2008-08-29 08:18 87,336 ----a-w c:\windows\system32\dns-sd.exe

2008-08-29 07:53 61,440 ----a-w c:\windows\system32\dnssd.dll

2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll

2008-08-14 10:09 2,145,280 ----a-w c:\windows\system32\ntoskrnl.exe

2008-08-14 09:33 2,023,936 ----a-w c:\windows\system32\ntkrnlpa.exe

2007-08-14 17:23 89,368 ----a-w c:\documents and settings\-LXXXX-\Application Data\GDIPFONTCACHEV1.DAT

2007-05-06 08:14 87,008 ----a-w c:\documents and settings\-NXXXX-\Application Data\GDIPFONTCACHEV1.DAT

2005-08-25 01:17 2,148 ----a-w c:\documents and settings\-NXXXX-\minf.dat

2005-08-25 01:17 2,148 ----a-w c:\documents and settings\-LXXXX-\minf.dat

2005-08-23 12:40 2,148 ----a-w c:\documents and settings\-UXXXX-\minf.dat

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"Vidalia"="d:\program files\Vidalia\vidalia.exe" [2007-02-08 11891712]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

"Exetender"="c:\program files\EXEtender\GPlayer.exe" [2008-01-03 1948160]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 335872]

"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 51048]

"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-08-25 714608]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-16 185896]

"Telenorhjelpen"="c:\program files\Telenor\Telenorhjelpen\Telenor.exe" [2008-02-07 189120]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]

"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 c:\windows\LOGI_MWX.EXE]

 

c:\documents and settings\-LXXXXX-\Start Menu\Programs\Startup\

NaturalColorLoad.lnk - c:\program files\SEC\Natural Color\NaturalColorLoad.exe [2005-08-21 155715]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-08-21 113664]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

NaturalColorLoad.lnk - c:\program files\SEC\Natural Color\NaturalColorLoad.exe [2005-08-21 155715]

Privoxy.lnk - d:\program files\Privoxy\privoxy.exe [2006-11-20 250368]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableLockWorkstation"= 0 (0x0)

"DisableChangePassword"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoLogoff"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.asv2"= asusasv2.dll

"VIDC.MJPG"= Pvmjpg21.dll

"VIDC.PIM1"= pclepim1.dll

"MSACM.CEGSM"= mobilev.acm

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\Program Files\\ScanSoft\\OmniPageSE\\EregEng\\NAVBrowser.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"d:\\Games\\NFS3\\NFS 3\\nfs3.exe"=

"c:\\Program Files\\Telenor\\Telenorhjelpen\\Telenor.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=

 

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 149864]

S3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]

S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\DRIVERS\cxbu0wdm.sys [2005-02-01 67178]

S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2008-10-01 32000]

 

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

 

2008-10-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

 

2008-11-10 c:\windows\Tasks\Norton Internet Security Online - Kjør full systemskanning - -Lipton-.job

- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-27 02:19]

 

2008-11-11 c:\windows\Tasks\User_Feed_Synchronization-{AA406932-F0A1-459B-BF82-AFAF207B2FE8}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]

 

2008-11-11 c:\windows\Tasks\User_Feed_Synchronization-{BF81751E-71A6-497D-94F3-664CCDBAF886}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]

.

- - - - ORPHANS REMOVED - - - -

 

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

 

 

.

------- Supplementary Scan -------

.

FireFox -: Profile - c:\documents and settings\-Lipton-\Application Data\Mozilla\Firefox\Profiles\aue2g2wo.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.online.no/

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-11 20:57:24

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\ati2evxx.exe

c:\windows\system32\scardsvr.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\Ctsvccda.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\windows\system32\wdfmgr.exe

c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

d:\program files\Tor\tor.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\program files\Symantec\LiveUpdate\LuComServer_3_4.EXE

c:\program files\Symantec\LiveUpdate\AUPDATE.EXE

c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe

.

**************************************************************************

.

Completion time: 2008-11-11 21:12:07 - machine was rebooted

ComboFix-quarantined-files.txt 2008-11-11 20:11:46

 

Pre-Run: 205 050 875 904 bytes free

Post-Run: 206,300,680,192 bytes free

 

252 --- E O F --- 2008-10-25 01:02:28

 

 

 

HJT log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:19:03, on 11.11.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\CTSvcCDA.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\Telenor\Telenorhjelpen\Telenor.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

D:\Program Files\Vidalia\vidalia.exe

D:\Program Files\Tor\tor.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\EXEtender\GPlayer.exe

C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe

D:\Program Files\Privoxy\privoxy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\-Lipton-\Desktop\infested.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.online.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Telenor Telenorhjelpen Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Telenor\Telenorhjelpen\IEFixItNowPlugin.dll

O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Telenorhjelpen] "C:\Program Files\Telenor\Telenorhjelpen\Telenor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Vidalia] "D:\Program Files\Vidalia\vidalia.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Exetender] C:\Program Files\EXEtender\GPlayer.exe /runonstartup

O4 - Startup: NaturalColorLoad.lnk = ?

O4 - Global Startup: Adobe Gamma Loader.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: NaturalColorLoad.lnk = ?

O4 - Global Startup: Privoxy.lnk = D:\Program Files\Privoxy\privoxy.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139000862902

O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab

O16 - DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} (PageDive Control) - http://www.navigram.com/engine/v812/PageDive5.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab

O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinktank...ownloadCtrl.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab

O18 - Protocol: fin - {5C472352-90D0-4214-BF20-8E4A2B82F980} - (no file)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Automatisk LiveUpdate-planlegging (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

 

--

End of file - 11859 bytes

 

 

Svært takknemlig om noen vil ta seg tid til å lede meg videre til helbredelse!

 

Mvh

Endret 11. november 2008 av 454BigBlock

[norbat]

Du er mer eller mindre helbredet. Det er noe rester igjen som du kan fjerne på følgende måte:

 

Start hjt, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked:R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O18 - Protocol: fin - {5C472352-90D0-4214-BF20-8E4A2B82F980} - (no file)

 

 

Åpne Notisblokk, kopier og lim inn teksten i fet skrift under, lagre fila på skrivebordet som CFScript.txt

Dra og slipp fila over Combofix-iconet. Combofix vil starte igjen:

 

File::

c:\windows\system32\qisfafwi.tmp

c:\windows\AUJJRCPA.exe

 

Folder::

c:\temp\3fdf9

c:\temp\42900

c:\temp\3c6eb

 

Du trenger ikke å poste flere logger.

Fortell hvordan det går med problemet.

[454BigBlock]

Du er mer eller mindre helbredet. Det er noe rester igjen...

 

Du trenger ikke å poste flere logger.

Fortell hvordan det går med problemet.

 

Takker for svar norbat!

 

Har fulgt fremgangsmåten din og kjører nå et nytt MBAM-søk... Blir spennende å se om det er noen problemer igjen...

 

Igjen - tusen takk så langt!

[norbat]

Du kan fjerne combofix ved å skrive combofix /u i kjør-feltet.

Dette vil også nullstille systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere.

 

Surf trygt.

[454BigBlock]

Ingen problemer funnet... Norton lar seg igjen oppdatere (her har maskinen havarert hver gang etter infeksjonen...) og freden og roen senker seg igjen over pcn...

 

Takker igjen norbat - uten din hjelp hadde jeg hatt STORE problemer med å fjerne gørra!!

 

Surf trygt.

Will do!