soppulfur Skrevet 6. januar 2009 Del Skrevet 6. januar 2009 Selv om disse er rett så koslige vil jeg fortsatt ha de fjernet, så her er HJT-, MBAM- og Combofixlogger: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:31:44, on 06.01.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Windows\system32\taskeng.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\Taskmgr.exe C:\Program Files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.packardbell.com/?id=9355 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe" /preinstalled O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [mess shim] "C:\ProgramData\Titleaxisaxis.eqyvn" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [smpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [mess shim] "C:\ProgramData\Titleaxisaxis.0bb9bq" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O13 - Gopher Prefix: O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- End of file - 6266 bytes Malwarebytes' Anti-Malware 1.32 Databaseversjon: 1624 Windows 6.0.6001 Service Pack 1 06.01.2009 15:28:45 mbam-log-2009-01-06 (15-28-45).txt Skanntype: Rask Skann Objekter skannet: 47097 Tid tilbakelagt: 2 minute(s), 51 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) ComboFix 09-01-05.05 - Bård 2009-01-06 15:06:38.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.3326.2057 [GMT 1:00] Kjører fra: c:\users\Bård\Desktop\ComboFix.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-06 til 2009-01-06 ))))))))))))))))))))))))))))))))) . 2009-01-06 14:49 . 2009-01-06 14:49 <DIR> d-------- c:\users\Bård\AppData\Roaming\Malwarebytes 2009-01-06 14:49 . 2009-01-06 14:49 <DIR> d-------- c:\users\All Users\Malwarebytes 2009-01-06 14:49 . 2009-01-06 14:49 <DIR> d-------- c:\programdata\Malwarebytes 2009-01-06 14:49 . 2009-01-06 14:49 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-06 14:49 . 2009-01-04 18:38 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2009-01-06 14:49 . 2009-01-04 18:38 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2008-12-29 16:51 . 2008-12-29 16:51 <DIR> d-------- c:\program files\Trend Micro 2008-12-12 08:29 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll 2008-12-11 10:47 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll 2008-12-11 10:47 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll 2008-12-11 10:47 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll 2008-12-11 10:46 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe 2008-12-11 10:46 . 2008-06-23 02:59 2,868,736 --a------ c:\windows\System32\mf.dll 2008-12-11 10:46 . 2008-10-16 05:47 827,392 --a------ c:\windows\System32\wininet.dll 2008-12-11 10:45 . 2008-06-23 02:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll 2008-12-11 10:45 . 2008-06-23 02:58 94,720 --a------ c:\windows\System32\logagent.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-06 14:12 1,835,008 --sha-w c:\users\Bård\NTUSER.DAT 2009-01-06 14:12 1,835,008 --sha-w c:\users\Bård\NTUSER.DAT 2009-01-06 13:49 --------- d-----w c:\users\Bård\AppData\Roaming\Malwarebytes 2009-01-06 13:44 --------- d-----w c:\programdata\Part noun bows 2009-01-06 13:38 --------- d-----w c:\users\Bård\AppData\Roaming\OpenOffice.org2 2009-01-03 15:17 --------- d-----w c:\program files\Google 2008-12-12 07:37 --------- d-----w c:\program files\Windows Mail 2008-12-01 07:50 --------- d-----w c:\program files\Common Files\Adobe 2008-11-29 17:14 --------- d-----w c:\users\Bård\AppData\Roaming\SUPERAntiSpyware.com 2008-11-29 17:14 --------- d-----w c:\programdata\SUPERAntiSpyware.com 2008-11-29 17:14 --------- d-----w c:\program files\SUPERAntiSpyware 2008-11-29 17:13 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-11-24 13:53 97,808 ----a-w c:\windows\system32\drivers\cmdguard.sys 2008-11-24 13:53 25,104 ----a-w c:\windows\system32\drivers\cmdhlp.sys 2008-11-24 13:53 143,096 ----a-w c:\windows\System32\guard32.dll 2008-11-23 16:16 --------- d-----w c:\users\Bård\AppData\Roaming\Leadertech 2008-11-07 07:26 --------- d-s---w c:\users\Bård\AppData\Roaming\Microsoft 2008-11-07 07:22 --------- d-----w c:\users\Bård\AppData\Roaming\Nokia Multimedia Player 2008-11-07 06:38 --------- d-----w c:\users\Bård\AppData\Roaming\AdobeUM 2008-11-07 06:38 --------- d-----w c:\users\Bård\AppData\Roaming\Adobe 2008-11-07 06:35 --------- d-----w c:\users\Bård\AppData\Roaming\Nokia 2008-11-07 06:32 --------- d-----w c:\program files\Nokia 2008-11-07 06:29 --------- d-----w c:\users\Bård\AppData\Roaming\PC Suite 2008-11-07 06:28 --------- d-----w c:\programdata\PC Suite 2008-11-07 06:28 --------- d-----w c:\program files\Common Files\PCSuite 2008-11-07 06:28 --------- d-----w c:\program files\Common Files\Nokia 2008-11-07 06:26 --------- d-----w c:\programdata\Downloaded Installations 2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll 2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll 2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll 2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll 2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll 2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe 2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll 2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll 2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll 2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll 2008-10-16 13:08 162,064 ----a-w c:\windows\System32\wuwebv.dll 2008-10-16 12:56 31,232 ----a-w c:\windows\System32\wuapp.exe 2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini 2008-09-06 07:22 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-09-06 07:22 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-09-06 07:22 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mess shim"="c:\programdata\Titleaxisaxis.0bb9bq" [X] "SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2008-02-04 1038136] "PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-17 1805552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mess shim"="c:\programdata\Titleaxisaxis.eqyvn" [X] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-24 13531680] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-24 92704] "CarboniteSetupLite"="c:\program files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe" [2008-04-07 306112] "toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-01 1261336] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-12-18 622592] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536] "PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 c:\windows\RtHDVCpl.exe] c:\users\B†rd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-05-30 393216] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll c:\windows\system32\guard32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Firewall Pro] --a------ 2008-11-24 14:50 1796856 c:\program files\COMODO\Firewall\cfp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] --a------ 2008-06-24 08:39 29744 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{75792442-E277-4C57-AE20-A0AD295A9B81}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe "{A6072A5A-EC7E-4107-9389-A3425AE74F6B}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{1923209A-FED6-448E-BB0F-6841D768A360}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{CD3E834F-8318-43F1-AF0B-D67AB18C4478}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-09-06 97928] R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [2008-10-21 97808] R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [2008-10-21 25104] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-11-17 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-11-17 55024] R3 AvgWfpX;AVG Free8 Firewall Driver x86;c:\windows\System32\drivers\avgwfpx.sys [2008-09-06 69128] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [2009-01-06 38496] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408] R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-09-06 875288] R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-06 231704] --- Other Services/Drivers In Memory --- *NewlyCreated* - MBAMSWISSARMY . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-01-06 c:\windows\Tasks\Utvidet garanti-Bård.job - c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-02-04 11:13] . - - - - TOMME PEKERE FJERNET - - - - MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe . ------- Tilleggsskanning ------- . uStart Page = hxxp://go.packardbell.com/?id=9355 TCP: {90013B3E-BAF6-45A9-A6C4-C7D635DABD17} = 193.216.1.13,193.216.69.13 FF - ProfilePath - c:\users\Bård\AppData\Roaming\Mozilla\Firefox\Profiles\umphga23.default\ FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll ATTENTION: FIREFOX POLICES IS IN FORCE c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-06 15:12:42 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(824) c:\windows\system32\avgrsstx.dll c:\windows\system32\guard32.dll - - - - - - - > 'lsass.exe'(700) c:\windows\system32\avgrsstx.dll c:\windows\system32\guard32.dll . Tidspunkt ferdig: 2009-01-06 15:14:33 ComboFix-quarantined-files.txt 2009-01-06 14:14:30 Pre-Run: 387,538,313,216 byte ledig Post-Run: 387,603,505,152 byte ledig 175 --- E O F --- 2009-01-06 13:42:41 Takker på forhånd. Lenke til kommentar
snippsat Skrevet 6. januar 2009 Del Skrevet 6. januar 2009 (endret) Start HijackThis "scan" finn disse linjene merk dem,så trykk fix checked. O4 - HKLM\..\Run: [mess shim] "C:\ProgramData\Titleaxisaxis.eqyvn" O4 - HKCU\..\Run: [mess shim] "C:\ProgramData\Titleaxisaxis.0bb9bq" Start->søk Lim inn fet tekst. notepad %systemroot%\system32\drivers\etc\hosts Fjern alt etter,denne linjen viss det er noe der. 127.0.0.1 localhost Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør register-renser "svar ja til og reparere" --> backup svar ja når du blir spørt. Kjør register-renser et par ganger til alle feil er borte. Restart og sjekk om CID er borte. Endret 6. januar 2009 av SNIPPSAT Lenke til kommentar
soppulfur Skrevet 6. januar 2009 Forfatter Del Skrevet 6. januar 2009 Da var det i orden, takker for hjelp Lenke til kommentar
norbat Skrevet 6. januar 2009 Del Skrevet 6. januar 2009 (endret) Avslutt med følgende: Gå til Datamaskin-> c: Klikk Organiser->mappe og søkealternativer->Vis Sett merke framfor 'Vis skjulte filer og mapper" Åpne mappa Programdata Slett følgende mappe: c:\programdata\Part noun bows Avinstaller deretter Combofix ved å skrive combofix /u i kjør/søk-feltet. På vegne av snippsat, sier jeg Surf trygt! Endret 6. januar 2009 av norbat Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå