epqr Skrevet 9. januar 2009 Del Skrevet 9. januar 2009 Fulgt denne guiden. Hadde noe problemer med antivirus2009 + noen andre greier tror jeg. Antivirusen min puttet i alle fall en god del ting i karantene. Kjørt malwarebytes, combofix og highjackthis. Logg fra malwarebytes Malwarebytes' Anti-Malware 1.32 Databaseversjon: 1635 Windows 5.1.2600 Service Pack 3 09.02.2009 23:48:29 mbam-log-2009-02-09 (23-48-25).txt Skanntype: Rask Skann Objekter skannet: 66339 Tid tilbakelagt: 9 minute(s), 11 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 1 Registerverdier infisert: 2 Registerfiler infisert: 0 Mapper infisert: 2 Filer infisert: 6 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe (Trojan.Agent) -> No action taken. Registerverdier infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\56398750551677523631917934816415 (Rogue.Antivirus 2009) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svschost.exe (Trojan.FakeAlert) -> No action taken. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: C:\Programfiler\Antivirus 2009 (Rogue.Antivirus 2009) -> No action taken. C:\Programfiler\Microsoft Common (Trojan.Agent) -> No action taken. Filer infisert: C:\Programfiler\Mozilla Firefox\plugins\NPAskSBr.dll (Trojan.Agent) -> No action taken. C:\Programfiler\Antivirus 2009\av2009.exe (Rogue.Antivirus 2009) -> No action taken. C:\Programfiler\Microsoft Common\svchost.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\ieupdates.exe (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\svñshost.exe (Trojan.FakeAlert) -> No action taken. C:\Documents and Settings\joes1104\Programdata\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk (Rogue.Antivirus2008) -> No action taken. Logg fra combofix ComboFix 09-01-08.05 - joes1104 2009-02-09 23:58:46.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1919.1116 [GMT 1:00] Kjører fra: d:\downloads\ComboFix.exe * Resident AV is active . - REDUCED FUNCTIONALITY MODE - . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-09 til 2009-02-09 ))))))))))))))))))))))))))))))))) . 2009-02-09 23:38 . 2009-02-09 23:38 <DIR> d-------- c:\documents and settings\joes1104\Programdata\Malwarebytes 2009-02-09 23:37 . 2009-02-09 23:57 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2009-02-09 23:37 . 2009-02-09 23:37 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-02-09 23:37 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-09 23:37 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-09 23:30 . 2009-02-09 23:30 0 --a------ c:\windows\system32\winsystems.dll.tmp 2009-02-09 23:28 . 2009-02-09 23:28 0 --a------ c:\windows\system32\system32xp.exe.tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-09 22:34 --------- d-----w c:\documents and settings\joes1104\Programdata\OpenOffice.org2 2009-02-09 22:32 --------- d-----w c:\programfiler\Norman 2009-02-09 22:30 --------- d-----w c:\documents and settings\joes1104\Programdata\DiskAid 2009-02-09 20:04 --------- d-----w c:\documents and settings\joes1104\Programdata\LimeWire 2009-01-08 13:01 --------- d-----w c:\programfiler\Windows Live Safety Center 2009-01-07 22:07 --------- d-----w c:\programfiler\Ubisoft 2009-01-07 22:06 --------- d-----w c:\documents and settings\joes1104\Programdata\uTorrent 2009-01-07 22:01 --------- d--h--w c:\programfiler\InstallShield Installation Information 2009-01-07 17:32 --------- d-----w c:\programfiler\Microsoft Xbox 360 Accessories 2009-01-07 17:17 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-01-07 17:17 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf 2009-01-05 11:35 --------- d-----w c:\documents and settings\joes1104\Programdata\Obsidium 2008-12-28 22:09 --------- dc-h--w c:\documents and settings\All Users\Programdata\{87C3AE34-C46F-4FDC-825B-BC736F30A44F} 2008-12-28 22:09 --------- d-----w c:\programfiler\LibUSB-Win32 2008-12-20 21:13 --------- d-----w c:\programfiler\MinimalBrowser1 2008-12-20 20:29 --------- d-----w c:\programfiler\Microsoft SQL Server 2008-12-20 20:28 --------- d-----w c:\programfiler\MSXML 6.0 2008-12-20 20:28 --------- d-----w c:\programfiler\Microsoft.NET 2008-12-20 20:03 --------- d-----w c:\programfiler\Microsoft Synchronization Services 2008-12-20 20:03 --------- d-----w c:\programfiler\Microsoft SQL Server Compact Edition 2008-12-20 20:03 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help 2008-12-20 20:02 --------- d-----w c:\programfiler\Microsoft Visual Studio 9.0 2008-12-20 20:00 --------- d-----w c:\programfiler\Microsoft SDKs 2008-12-20 19:59 --------- d-----w c:\programfiler\MSBuild 2008-12-20 19:58 --------- d-----w c:\programfiler\Reference Assemblies 2008-12-19 23:08 --------- d-----w c:\programfiler\DivX 2008-12-18 09:24 --------- d-----w c:\documents and settings\joes1104\Programdata\OpenOffice.org 2008-12-18 09:23 --------- d-----w c:\programfiler\OpenOffice.org 3 2008-12-17 22:56 --------- d-----w c:\documents and settings\joes1104\Programdata\FrostWire 2008-12-17 18:11 --------- d-----w c:\programfiler\FrostWire2 2008-12-09 18:21 98,304 ----a-w c:\windows\system32\CmdLineExt.dll 2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll 2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll 2008-10-17 21:14 87,608 ----a-w c:\documents and settings\joes1104\Programdata\inst.exe 2008-10-17 21:14 47,360 ----a-w c:\documents and settings\joes1104\Programdata\pcouffin.sys 2008-09-26 07:59 122,880 ----a-w c:\programfiler\mozilla firefox\components\GoogleDesktopMozilla.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-10-16 66912] [HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}] 2008-10-16 20:14 66912 --a------ c:\programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\joes1104\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" [2008-09-03 133104] "MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "DAEMON Tools Lite"="d:\annet\Ny mappe576\ProMappe\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "SoundMAXPnP"="c:\programfiler\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Norman ZANDA"="c:\programfiler\Norman\Npm\bin\ZLH.EXE" [2008-06-02 273520] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-10-25 144792] "AppleSyncNotifier"="c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "Google Desktop Search"="c:\programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-26 30192] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-11-20 290088] "XboxStat"="c:\programfiler\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\joes1104\Start-meny\Programmer\Oppstart\ OpenOffice.org 2.3.lnk - c:\programfiler\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 393216] OpenOffice.org 3.0.lnk - c:\programfiler\OpenOffice.org 3\program\quickstart.exe [2008-10-04 393216] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="c:\windows\system32\userinit.exe,c:\windows\sorry.exe," [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "c:\\Programfiler\\MSN Messenger\\livecall.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\QuickTime\\QuickTimePlayer.exe"= "d:\\Annet\\Ny mappe576\\ProMappe\\uTorrent.exe"= "d:\\Annet\\Ny mappe576\\ProMappe\\FrostWire\\FrostWire.exe"= "c:\\Programfiler\\Mozilla Firefox\\firefox.exe"= "h:\\Prog\\Jedi academy\\GameData\\jamp.exe"= "h:\\Prog\\sweaw\\GameData\\sweaw.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "d:\\Annet\\Privat\\ProMappe\\opera.exe"= "d:\\Annet\\Ny mappe576\\ProMappe\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\Java\\jre6\\bin\\java.exe"= R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2008-12-28 28672] R3 nsesvc;Norman Scanner Engine Service;c:\programfiler\Norman\Nse\Bin\Nsesvc.exe [2008-08-19 322616] R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2008-08-19 19512] R3 nvcoas;Norman Virus Control on-access component;c:\programfiler\Norman\Nvc\Bin\Nvcoas.exe [2008-08-19 183352] R3 NVCScheduler;Norman Virus Control Scheduler;c:\programfiler\Norman\Nvc\Bin\Nvcsched.exe [2008-08-19 146488] R3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2008-09-03 32000] R3 wtsmpadap;Sesam Virtual Adapter;c:\windows\system32\drivers\wtsmpadap.sys [2007-10-26 39720] R3 WtSmpFlt;Sesam Adapter;c:\windows\system32\drivers\wtsmpflt.sys [2007-10-26 260520] R4 Ndiskio;Ndiskio;c:\programfiler\Norman\Nse\Bin\Ndiskio.sys [2008-08-19 20448] R4 SesamService;Sesam Control Service;c:\programfiler\Telenor\Mobile Broadband\Sesam\BIN\SecMIPService.exe [2007-11-27 1276200] S3 GoogleDesktopManager-090808-172447;Google Desktop Manager 5.8.809.8522;c:\programfiler\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-26 30192] S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2007-07-09 95744] S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2007-06-26 51968] S3 GTMM Device Service;GTMM Device Service;c:\programfiler\Telenor\Mobile Broadband\GtmmDeviceService.exe [2008-04-04 106496] S3 GTPTSER;GT PT SER;c:\windows\system32\drivers\gtptser.sys [2007-03-30 8064] S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [2008-08-18 33024] S3 PVUSB;CESG502 USB Driver;c:\windows\system32\drivers\CESG502.sys [2008-09-24 40672] S3 TSWLAN;TsWlan Packet Driver;c:\windows\system32\drivers\TsWlan.sys [2007-11-21 33664] S4 gupdate1c9512c4ae0f53c;Google Update Service (gupdate1c9512c4ae0f53c);c:\programfiler\Google\Update\GoogleUpdate.exe [2008-11-28 133104] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\programfiler\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-07-11 47128] S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-07-10 242712] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\programfiler\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688] --- Other Services/Drivers In Memory --- *NewlyCreated* - ASYNCMAC *Deregistered* - mchInjDrv [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d29d8a52-b96f-11dd-95e4-001a73f36a84}] \Shell\AutoRun\command - G:\MobileBroadbandSetup.exe AUTORUN=1 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c1106c-7b2f-11dd-9548-001a73f36a84}] \Shell\AutoRun\command - G:\LaunchU3.exe -a . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-02-09 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\programfiler\Google\Update\GoogleUpdate.exe [2008-11-20 10:18] 2009-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3303115028-1715297137-4006022345-65930.job - c:\documents and settings\joes1104\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2008-09-03 17:31] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://google.com uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch uInternet Settings,ProxyOverride = *.local FF - ProfilePath - c:\documents and settings\joes1104\Programdata\Mozilla\Firefox\Profiles\zg3dng9c.default\ FF - component: c:\documents and settings\joes1104\Programdata\Mozilla\Firefox\Profiles\zg3dng9c.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\ubiquity.dll FF - component: c:\programfiler\Google\Google Gears\Firefox\components\gears.dll FF - component: c:\programfiler\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\documents and settings\joes1104\Lokale innstillinger\Programdata\Google\Update\1.2.133.33\npGoogleOneClick7.dll FF - plugin: c:\programfiler\Google\Update\1.2.133.33\npGoogleOneClick7.dll FF - plugin: c:\programfiler\Microsoft Silverlight\2.0.31005.0\npctrl.dll FF - plugin: c:\programfiler\Mozilla Firefox\plugins\NPAskSBr.dll FF - plugin: d:\annet\Privat\ProMappe\program\plugins\npdivx32.dll FF - plugin: d:\annet\Privat\ProMappe\program\plugins\npdsplay.dll FF - plugin: d:\annet\Privat\ProMappe\program\plugins\npqtplugin.dll FF - plugin: d:\annet\Privat\ProMappe\program\plugins\npqtplugin2.dll FF - plugin: d:\annet\Privat\ProMappe\program\plugins\npqtplugin3.dll FF - plugin: d:\annet\Privat\ProMappe\program\plugins\npqtplugin4.dll FF - plugin: d:\annet\Privat\ProMappe\program\plugins\npqtplugin5.dll FF - plugin: d:\annet\Privat\ProMappe\program\plugins\npqtplugin6.dll FF - plugin: d:\annet\Privat\ProMappe\program\plugins\npqtplugin7.dll FF - plugin: d:\annet\Privat\ProMappe\program\plugins\NPSWF32.dll FF - plugin: d:\annet\Privat\ProMappe\program\plugins\npwmsdrm.dll ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-09 23:59:00 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(1324) c:\windows\system32\Ati2evxx.dll . Tidspunkt ferdig: 2009-02-10 0:00:19 ComboFix-quarantined-files.txt 2009-02-09 23:00:16 ComboFix2.txt 2009-02-09 22:54:23 Pre-Run: 36,074,979,328 byte ledig Post-Run: 36,062,937,088 byte ledig 193 --- E O F --- 2008-12-17 23:05:47 Logg fra highjackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:55, on 2009-02-09 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Norman\Npm\Bin\Elogsvc.exe C:\Programfiler\Norman\Npm\Bin\Zanda.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programfiler\Bonjour\mDNSResponder.exe C:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe C:\Programfiler\Java\jre6\bin\jqs.exe C:\Programfiler\Google\Update\GoogleUpdate.exe C:\Programfiler\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe C:\Programfiler\Telenor\Mobile Broadband\Sesam\BIN\SecMIPService.exe C:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programfiler\Norman\nse\bin\NSESVC.EXE C:\WINDOWS\System32\alg.exe C:\Programfiler\Norman\Nvc\bin\nvcoas.exe C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE C:\Programfiler\Analog Devices\Core\smax4pnp.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Programfiler\Norman\Npm\bin\ZLH.EXE C:\Programfiler\Java\jre6\bin\jusched.exe C:\Programfiler\Norman\Nvc\BIN\NIP.EXE C:\Programfiler\Norman\Nvc\bin\cclaw.exe C:\Programfiler\iTunes\iTunesHelper.exe C:\Programfiler\Microsoft Xbox 360 Accessories\XboxStat.exe C:\Documents and Settings\joes1104\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\ctfmon.exe D:\Annet\Ny mappe576\ProMappe\DAEMON Tools Lite\daemon.exe C:\Programfiler\OpenOffice.org 2.3\program\soffice.exe C:\Programfiler\OpenOffice.org 3\program\soffice.exe C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programfiler\OpenOffice.org 3\program\soffice.bin C:\Programfiler\iPod\bin\iPodService.exe C:\Programfiler\OpenOffice.org 2.3\program\soffice.BIN C:\Documents and Settings\joes1104\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe C:\Documents and Settings\joes1104\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe C:\Documents and Settings\joes1104\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\imapi.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\joes1104\Skrivebord\HiJackThus\Teste.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\sorry.exe, O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programfiler\Google\Google Gears\Internet Explorer.5.4.2\gears.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing) O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing) O4 - HKLM\..\Run: [StartCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programfiler\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programfiler\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [XboxStat] "C:\Programfiler\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\joes1104\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Annet\Ny mappe576\ProMappe\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Programfiler\OpenOffice.org 2.3\program\quickstart.exe O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programfiler\OpenOffice.org 3\program\quickstart.exe O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programfiler\Google\Google Gears\Internet Explorer.5.4.2\gears.dll O9 - Extra 'Tools' menuitem: Innstillinger for &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programfiler\Google\Google Gears\Internet Explorer.5.4.2\gears.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219080486453 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = local.vgsa.no O17 - HKLM\Software\..\Telephony: DomainName = local.vgsa.no O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = local.vgsa.no O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Elogsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.8.809.8522 (GoogleDesktopManager-090808-172447) - Google - C:\Programfiler\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: GTMM Device Service - Option nv - C:\Programfiler\Telenor\Mobile Broadband\GtmmDeviceService.exe O23 - Service: Google Update Service (gupdate1c9512c4ae0f53c) (gupdate1c9512c4ae0f53c) - Google Inc. - C:\Programfiler\Google\Update\GoogleUpdate.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe O23 - Service: Norman NJeeves - Norman ASA - C:\Programfiler\Norman\Npm\bin\NJEEVES.EXE O23 - Service: Norman ZANDA - Norman ASA - C:\Programfiler\Norman\Npm\Bin\Zanda.exe O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Programfiler\Norman\nse\bin\NSESVC.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programfiler\Norman\Nvc\bin\nvcoas.exe O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programfiler\Norman\Nvc\BIN\NVCSCHED.EXE O23 - Service: Sesam Control Service (SesamService) - Swisscom Mobile - C:\Programfiler\Telenor\Mobile Broadband\Sesam\BIN\SecMIPService.exe -- End of file - 11359 bytes Noen mer jeg burde gjøre ? Lenke til kommentar
norbat Skrevet 9. januar 2009 Del Skrevet 9. januar 2009 Oppdater MBAM, last ned ny Combofix og kjør begge programmene på nytt. Post loggene. Lenke til kommentar
epqr Skrevet 10. januar 2009 Forfatter Del Skrevet 10. januar 2009 MBAM sier at jeg har den siste versjonen.. Hvis det var det du tenkte på da. Lenke til kommentar
norbat Skrevet 10. januar 2009 Del Skrevet 10. januar 2009 Kjør bare en ny runde. Lenke til kommentar
epqr Skrevet 10. januar 2009 Forfatter Del Skrevet 10. januar 2009 MBAM logg nr. 2. Malwarebytes' Anti-Malware 1.32 Databaseversjon: 1635 Windows 5.1.2600 Service Pack 3 2009-02-10 01:20:07 mbam-log-2009-02-10 (01-20-07).txt Skanntype: Rask Skann Objekter skannet: 60366 Tid tilbakelagt: 4 minute(s), 58 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) ComboFix logg nr. 2 ComboFix 09-01-08.05 - joes1104 2009-02-10 1:22:52.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1919.1102 [GMT 1:00] Kjører fra: d:\downloads\ComboFix.exe * Resident AV is active . - REDUCED FUNCTIONALITY MODE - . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-10 til 2009-02-10 ))))))))))))))))))))))))))))))))) . 2009-02-09 23:38 . 2009-02-09 23:38 <DIR> d-------- c:\documents and settings\joes1104\Programdata\Malwarebytes 2009-02-09 23:37 . 2009-02-09 23:57 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2009-02-09 23:37 . 2009-02-09 23:37 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-02-09 23:37 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-09 23:37 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-09 23:30 . 2009-02-09 23:30 0 --a------ c:\windows\system32\winsystems.dll.tmp 2009-02-09 23:28 . 2009-02-09 23:28 0 --a------ c:\windows\system32\system32xp.exe.tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-09 22:34 --------- d-----w c:\documents and settings\joes1104\Programdata\OpenOffice.org2 2009-02-09 22:32 --------- d-----w c:\programfiler\Norman 2009-02-09 22:30 --------- d-----w c:\documents and settings\joes1104\Programdata\DiskAid 2009-02-09 20:04 --------- d-----w c:\documents and settings\joes1104\Programdata\LimeWire 2009-01-08 13:01 --------- d-----w c:\programfiler\Windows Live Safety Center 2009-01-07 22:07 --------- d-----w c:\programfiler\Ubisoft 2009-01-07 22:06 --------- d-----w c:\documents and settings\joes1104\Programdata\uTorrent 2009-01-07 22:01 --------- d--h--w c:\programfiler\InstallShield Installation Information 2009-01-07 17:32 --------- d-----w c:\programfiler\Microsoft Xbox 360 Accessories 2009-01-07 17:17 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-01-07 17:17 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf 2009-01-05 11:35 --------- d-----w c:\documents and settings\joes1104\Programdata\Obsidium 2008-12-28 22:09 --------- dc-h--w c:\documents and settings\All Users\Programdata\{87C3AE34-C46F-4FDC-825B-BC736F30A44F} 2008-12-28 22:09 --------- d-----w c:\programfiler\LibUSB-Win32 2008-12-20 21:13 --------- d-----w c:\programfiler\MinimalBrowser1 2008-12-20 20:29 --------- d-----w c:\programfiler\Microsoft SQL Server 2008-12-20 20:28 --------- d-----w c:\programfiler\MSXML 6.0 2008-12-20 20:28 --------- d-----w c:\programfiler\Microsoft.NET 2008-12-20 20:03 --------- d-----w c:\programfiler\Microsoft Synchronization Services 2008-12-20 20:03 --------- d-----w c:\programfiler\Microsoft SQL Server Compact Edition 2008-12-20 20:03 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help 2008-12-20 20:02 --------- d-----w c:\programfiler\Microsoft Visual Studio 9.0 2008-12-20 20:00 --------- d-----w c:\programfiler\Microsoft SDKs 2008-12-20 19:59 --------- d-----w c:\programfiler\MSBuild 2008-12-20 19:58 --------- d-----w c:\programfiler\Reference Assemblies 2008-12-19 23:08 --------- d-----w c:\programfiler\DivX 2008-12-18 09:24 --------- d-----w c:\documents and settings\joes1104\Programdata\OpenOffice.org 2008-12-18 09:23 --------- d-----w c:\programfiler\OpenOffice.org 3 2008-12-17 22:56 --------- d-----w c:\documents and settings\joes1104\Programdata\FrostWire 2008-12-17 18:11 --------- d-----w c:\programfiler\FrostWire2 2008-12-09 18:21 98,304 ----a-w c:\windows\system32\CmdLineExt.dll 2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll 2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll 2008-10-17 21:14 87,608 ----a-w c:\documents and settings\joes1104\Programdata\inst.exe 2008-10-17 21:14 47,360 ----a-w c:\documents and settings\joes1104\Programdata\pcouffin.sys 2008-09-26 07:59 122,880 ----a-w c:\programfiler\mozilla firefox\components\GoogleDesktopMozilla.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-10-16 66912] [HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}] 2008-10-16 20:14 66912 --a------ c:\programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\joes1104\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" [2008-09-03 133104] "MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "DAEMON Tools Lite"="d:\annet\Ny mappe576\ProMappe\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "SoundMAXPnP"="c:\programfiler\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Norman ZANDA"="c:\programfiler\Norman\Npm\bin\ZLH.EXE" [2008-06-02 273520] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-10-25 144792] "AppleSyncNotifier"="c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "Google Desktop Search"="c:\programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-26 30192] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-11-20 290088] "XboxStat"="c:\programfiler\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\joes1104\Start-meny\Programmer\Oppstart\ OpenOffice.org 2.3.lnk - c:\programfiler\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 393216] OpenOffice.org 3.0.lnk - c:\programfiler\OpenOffice.org 3\program\quickstart.exe [2008-10-04 393216] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="c:\windows\system32\userinit.exe,c:\windows\sorry.exe," [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "c:\\Programfiler\\MSN Messenger\\livecall.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\QuickTime\\QuickTimePlayer.exe"= "d:\\Annet\\Ny mappe576\\ProMappe\\uTorrent.exe"= "d:\\Annet\\Ny mappe576\\ProMappe\\FrostWire\\FrostWire.exe"= "c:\\Programfiler\\Mozilla Firefox\\firefox.exe"= "h:\\Prog\\Jedi academy\\GameData\\jamp.exe"= "h:\\Prog\\sweaw\\GameData\\sweaw.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "d:\\Annet\\Privat\\ProMappe\\opera.exe"= "d:\\Annet\\Ny mappe576\\ProMappe\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\Java\\jre6\\bin\\java.exe"= R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2008-12-28 28672] R3 nsesvc;Norman Scanner Engine Service;c:\programfiler\Norman\Nse\Bin\Nsesvc.exe [2008-08-19 322616] R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2008-08-19 19512] R3 nvcoas;Norman Virus Control on-access component;c:\programfiler\Norman\Nvc\Bin\Nvcoas.exe [2008-08-19 183352] R3 NVCScheduler;Norman Virus Control Scheduler;c:\programfiler\Norman\Nvc\Bin\Nvcsched.exe [2008-08-19 146488] R3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2008-09-03 32000] R3 wtsmpadap;Sesam Virtual Adapter;c:\windows\system32\drivers\wtsmpadap.sys [2007-10-26 39720] R3 WtSmpFlt;Sesam Adapter;c:\windows\system32\drivers\wtsmpflt.sys [2007-10-26 260520] R4 Ndiskio;Ndiskio;c:\programfiler\Norman\Nse\Bin\Ndiskio.sys [2008-08-19 20448] R4 SesamService;Sesam Control Service;c:\programfiler\Telenor\Mobile Broadband\Sesam\BIN\SecMIPService.exe [2007-11-27 1276200] S3 GoogleDesktopManager-090808-172447;Google Desktop Manager 5.8.809.8522;c:\programfiler\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-26 30192] S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2007-07-09 95744] S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2007-06-26 51968] S3 GTMM Device Service;GTMM Device Service;c:\programfiler\Telenor\Mobile Broadband\GtmmDeviceService.exe [2008-04-04 106496] S3 GTPTSER;GT PT SER;c:\windows\system32\drivers\gtptser.sys [2007-03-30 8064] S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [2008-08-18 33024] S3 PVUSB;CESG502 USB Driver;c:\windows\system32\drivers\CESG502.sys [2008-09-24 40672] S3 TSWLAN;TsWlan Packet Driver;c:\windows\system32\drivers\TsWlan.sys [2007-11-21 33664] S4 gupdate1c9512c4ae0f53c;Google Update Service (gupdate1c9512c4ae0f53c);c:\programfiler\Google\Update\GoogleUpdate.exe [2008-11-28 133104] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\programfiler\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-07-11 47128] S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-07-10 242712] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\programfiler\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688] --- Other Services/Drivers In Memory --- *NewlyCreated* - ASYNCMAC *Deregistered* - mchInjDrv [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d29d8a52-b96f-11dd-95e4-001a73f36a84}] \Shell\AutoRun\command - G:\MobileBroadbandSetup.exe AUTORUN=1 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c1106c-7b2f-11dd-9548-001a73f36a84}] \Shell\AutoRun\command - G:\LaunchU3.exe -a . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-02-09 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\programfiler\Google\Update\GoogleUpdate.exe [2008-11-20 10:18] 2009-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3303115028-1715297137-4006022345-65930.job - c:\documents and settings\joes1104\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2008-09-03 17:31] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://google.com uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch uInternet Settings,ProxyOverride = *.local FF - ProfilePath - c:\documents and settings\joes1104\Programdata\Mozilla\Firefox\Profiles\zg3dng9c.default\ FF - component: c:\documents and settings\joes1104\Programdata\Mozilla\Firefox\Profiles\zg3dng9c.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\ubiquity.dll FF - component: c:\programfiler\Google\Google Gears\Firefox\components\gears.dll FF - component: c:\programfiler\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\documents and settings\joes1104\Lokale innstillinger\Programdata\Google\Update\1.2.133.33\npGoogleOneClick7.dll FF - plugin: c:\programfiler\Google\Update\1.2.133.33\npGoogleOneClick7.dll FF - plugin: c:\programfiler\Microsoft Silverlight\2.0.31005.0\npctrl.dll FF - plugin: c:\programfiler\Mozilla Firefox\plugins\NPAskSBr.dll FF - plugin: d:\annet\Privat\ProMappe\program\plugins\npdivx32.dll FF - plugin: d:\annet\Privat\ProMappe\program\plugins\npdsplay.dll FF - plugin: d:\annet\Privat\ProMappe\program\plugins\npqtplugin.dll FF - plugin: d:\annet\Privat\ProMappe\program\plugins\npqtplugin2.dll FF - plugin: d:\annet\Privat\ProMappe\program\plugins\npqtplugin3.dll FF - plugin: d:\annet\Privat\ProMappe\program\plugins\npqtplugin4.dll FF - plugin: d:\annet\Privat\ProMappe\program\plugins\npqtplugin5.dll FF - plugin: d:\annet\Privat\ProMappe\program\plugins\npqtplugin6.dll FF - plugin: d:\annet\Privat\ProMappe\program\plugins\npqtplugin7.dll FF - plugin: d:\annet\Privat\ProMappe\program\plugins\NPSWF32.dll FF - plugin: d:\annet\Privat\ProMappe\program\plugins\npwmsdrm.dll ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-10 01:23:15 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(1324) c:\windows\system32\Ati2evxx.dll . Tidspunkt ferdig: 2009-02-10 1:25:07 ComboFix-quarantined-files.txt 2009-02-10 00:25:03 ComboFix2.txt 2009-02-09 23:00:20 ComboFix3.txt 2009-02-09 22:54:23 Pre-Run: 36,066,222,080 byte ledig Post-Run: 36,055,678,976 byte ledig 194 --- E O F --- 2008-12-17 23:05:47 Det sto at combofix var utdatert btw. Denmåtte kjøre med "REDUCED FUNCTIONALITY" eller noe lignene. Lenke til kommentar
raWrz Skrevet 10. januar 2009 Del Skrevet 10. januar 2009 hei kjør kombofix fra skriveborde du kjørte den fra d:\downloads\ Lenke til kommentar
norbat Skrevet 10. januar 2009 Del Skrevet 10. januar 2009 Hvis du ikke fikk et valg om å oppdatere combofix da du startet det, henter du en ny combofix. Før du kjører ny combofix-skann, kan du vurdere å avinstallere Ask Toolbar om dette ikke er en toolbar du selv har installert (den burde la seg avinstallere fra legg til/fjern programmer) Lenke til kommentar
epqr Skrevet 10. januar 2009 Forfatter Del Skrevet 10. januar 2009 Får ikke avinstallert askbar. Feil ved innlasting av C:\\progamfiler....\1.bin\askbar.dll kan godt slette hele mappa hvis det gjør samme nytten. Den kommer ikke opp i IE nå uansett. Får forsatt den samme meldingen for combofix, slev etter at jeg har lastet ned en ny. Vet ikke om det er noe "offisielt" sted å hente den fra ? Hentet min fra bleeding computer. ComboFix logg. Kjørt fra skrivebordet. ComboFix 09-01-09.03 - joes1104 2009-02-10 13:07:54.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.1919.1029 [GMT 1:00] Kjører fra: c:\documents and settings\joes1104\Skrivebord\ComboFix.exe * Opprettet nytt gjenopprettingspunkt . - REDUCED FUNCTIONALITY MODE - . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-10 til 2009-02-10 ))))))))))))))))))))))))))))))))) . 2009-02-09 23:38 . 2009-02-09 23:38 <DIR> d-------- c:\documents and settings\joes1104\Programdata\Malwarebytes 2009-02-09 23:37 . 2009-02-09 23:57 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2009-02-09 23:37 . 2009-02-09 23:37 <DIR> d-------- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-02-09 23:37 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-09 23:37 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-09 23:30 . 2009-02-09 23:30 0 --a------ c:\windows\system32\winsystems.dll.tmp 2009-02-09 23:28 . 2009-02-09 23:28 0 --a------ c:\windows\system32\system32xp.exe.tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-10 11:53 --------- d-----w c:\documents and settings\joes1104\Programdata\OpenOffice.org2 2009-02-10 11:52 --------- d-----w c:\programfiler\Norman 2009-02-09 22:30 --------- d-----w c:\documents and settings\joes1104\Programdata\DiskAid 2009-02-09 20:04 --------- d-----w c:\documents and settings\joes1104\Programdata\LimeWire 2009-01-08 13:01 --------- d-----w c:\programfiler\Windows Live Safety Center 2009-01-07 22:07 --------- d-----w c:\programfiler\Ubisoft 2009-01-07 22:06 --------- d-----w c:\documents and settings\joes1104\Programdata\uTorrent 2009-01-07 22:01 --------- d--h--w c:\programfiler\InstallShield Installation Information 2009-01-07 17:32 --------- d-----w c:\programfiler\Microsoft Xbox 360 Accessories 2009-01-07 17:17 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-01-07 17:17 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf 2009-01-05 11:35 --------- d-----w c:\documents and settings\joes1104\Programdata\Obsidium 2008-12-28 22:09 --------- dc-h--w c:\documents and settings\All Users\Programdata\{87C3AE34-C46F-4FDC-825B-BC736F30A44F} 2008-12-28 22:09 --------- d-----w c:\programfiler\LibUSB-Win32 2008-12-20 21:13 --------- d-----w c:\programfiler\MinimalBrowser1 2008-12-20 20:29 --------- d-----w c:\programfiler\Microsoft SQL Server 2008-12-20 20:28 --------- d-----w c:\programfiler\MSXML 6.0 2008-12-20 20:28 --------- d-----w c:\programfiler\Microsoft.NET 2008-12-20 20:03 --------- d-----w c:\programfiler\Microsoft Synchronization Services 2008-12-20 20:03 --------- d-----w c:\programfiler\Microsoft SQL Server Compact Edition 2008-12-20 20:03 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help 2008-12-20 20:02 --------- d-----w c:\programfiler\Microsoft Visual Studio 9.0 2008-12-20 20:00 --------- d-----w c:\programfiler\Microsoft SDKs 2008-12-20 19:59 --------- d-----w c:\programfiler\MSBuild 2008-12-20 19:58 --------- d-----w c:\programfiler\Reference Assemblies 2008-12-19 23:08 --------- d-----w c:\programfiler\DivX 2008-12-18 09:24 --------- d-----w c:\documents and settings\joes1104\Programdata\OpenOffice.org 2008-12-18 09:23 --------- d-----w c:\programfiler\OpenOffice.org 3 2008-12-17 22:56 --------- d-----w c:\documents and settings\joes1104\Programdata\FrostWire 2008-12-17 18:11 --------- d-----w c:\programfiler\FrostWire2 2008-12-09 18:21 98,304 ----a-w c:\windows\system32\CmdLineExt.dll 2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll 2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll 2008-10-17 21:14 87,608 ----a-w c:\documents and settings\joes1104\Programdata\inst.exe 2008-10-17 21:14 47,360 ----a-w c:\documents and settings\joes1104\Programdata\pcouffin.sys 2008-09-26 07:59 122,880 ----a-w c:\programfiler\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((( snapshot@2009-02-09_23.53.19,93 ))))))))))))))))))))))))))))))))))))))))) . + 2009-02-10 11:52:57 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2b4.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-10-16 66912] [HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}] 2008-10-16 20:14 66912 --a------ c:\programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\joes1104\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" [2008-09-03 133104] "MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "DAEMON Tools Lite"="d:\annet\Ny mappe576\ProMappe\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "SoundMAXPnP"="c:\programfiler\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Norman ZANDA"="c:\programfiler\Norman\Npm\bin\ZLH.EXE" [2008-06-02 273520] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2008-10-25 144792] "AppleSyncNotifier"="c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "Google Desktop Search"="c:\programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-26 30192] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2008-11-20 290088] "XboxStat"="c:\programfiler\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\joes1104\Start-meny\Programmer\Oppstart\ OpenOffice.org 2.3.lnk - c:\programfiler\OpenOffice.org 2.3\program\quickstart.exe [2007-11-14 393216] OpenOffice.org 3.0.lnk - c:\programfiler\OpenOffice.org 3\program\quickstart.exe [2008-10-04 393216] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="c:\windows\system32\userinit.exe,c:\windows\sorry.exe," [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "c:\\Programfiler\\MSN Messenger\\livecall.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\QuickTime\\QuickTimePlayer.exe"= "d:\\Annet\\Ny mappe576\\ProMappe\\uTorrent.exe"= "d:\\Annet\\Ny mappe576\\ProMappe\\FrostWire\\FrostWire.exe"= "c:\\Programfiler\\Mozilla Firefox\\firefox.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "d:\\Annet\\Privat\\ProMappe\\opera.exe"= "d:\\Annet\\Ny mappe576\\ProMappe\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\Java\\jre6\\bin\\java.exe"= R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2008-12-28 28672] R3 nsesvc;Norman Scanner Engine Service;c:\programfiler\Norman\Nse\Bin\Nsesvc.exe [2008-08-19 322616] R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2008-08-19 19512] R3 nvcoas;Norman Virus Control on-access component;c:\programfiler\Norman\Nvc\Bin\Nvcoas.exe [2008-08-19 183352] R3 NVCScheduler;Norman Virus Control Scheduler;c:\programfiler\Norman\Nvc\Bin\Nvcsched.exe [2008-08-19 146488] R3 wtsmpadap;Sesam Virtual Adapter;c:\windows\system32\drivers\wtsmpadap.sys [2007-10-26 39720] R3 WtSmpFlt;Sesam Adapter;c:\windows\system32\drivers\wtsmpflt.sys [2007-10-26 260520] R4 Ndiskio;Ndiskio;c:\programfiler\Norman\Nse\Bin\Ndiskio.sys [2008-08-19 20448] R4 SesamService;Sesam Control Service;c:\programfiler\Telenor\Mobile Broadband\Sesam\BIN\SecMIPService.exe [2007-11-27 1276200] S3 GoogleDesktopManager-090808-172447;Google Desktop Manager 5.8.809.8522;c:\programfiler\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-26 30192] S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [2007-07-09 95744] S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [2007-06-26 51968] S3 GTMM Device Service;GTMM Device Service;c:\programfiler\Telenor\Mobile Broadband\GtmmDeviceService.exe [2008-04-04 106496] S3 GTPTSER;GT PT SER;c:\windows\system32\drivers\gtptser.sys [2007-03-30 8064] S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [2008-08-18 33024] S3 PVUSB;CESG502 USB Driver;c:\windows\system32\drivers\CESG502.sys [2008-09-24 40672] S3 TSWLAN;TsWlan Packet Driver;c:\windows\system32\drivers\TsWlan.sys [2007-11-21 33664] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2008-09-03 32000] S4 gupdate1c9512c4ae0f53c;Google Update Service (gupdate1c9512c4ae0f53c);c:\programfiler\Google\Update\GoogleUpdate.exe [2008-11-28 133104] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\programfiler\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-07-11 47128] S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-07-10 242712] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\programfiler\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688] --- Other Services/Drivers In Memory --- *Deregistered* - mchInjDrv [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d29d8a52-b96f-11dd-95e4-001a73f36a84}] \Shell\AutoRun\command - G:\MobileBroadbandSetup.exe AUTORUN=1 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e9c1106c-7b2f-11dd-9548-001a73f36a84}] \Shell\AutoRun\command - G:\LaunchU3.exe -a . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-02-10 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\programfiler\Google\Update\GoogleUpdate.exe [2008-11-20 10:18] 2009-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3303115028-1715297137-4006022345-65930.job - c:\documents and settings\joes1104\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2008-09-03 17:31] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://google.com uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch uInternet Settings,ProxyOverride = *.local FF - ProfilePath - c:\documents and settings\joes1104\Programdata\Mozilla\Firefox\Profiles\zg3dng9c.default\ FF - component: c:\documents and settings\joes1104\Programdata\Mozilla\Firefox\Profiles\zg3dng9c.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\ubiquity.dll FF - component: c:\programfiler\Google\Google Gears\Firefox\components\gears.dll FF - component: c:\programfiler\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\documents and settings\joes1104\Lokale innstillinger\Programdata\Google\Update\1.2.133.33\npGoogleOneClick7.dll FF - plugin: c:\programfiler\Google\Update\1.2.133.33\npGoogleOneClick7.dll FF - plugin: c:\programfiler\Microsoft Silverlight\2.0.31005.0\npctrl.dll FF - plugin: c:\programfiler\Mozilla Firefox\plugins\NPAskSBr.dll FF - plugin: d:\annet\Privat\ProMappe\program\plugins\npdivx32.dll FF - plugin: d:\annet\Privat\ProMappe\program\plugins\npdsplay.dll FF - plugin: d:\annet\Privat\ProMappe\program\plugins\npqtplugin.dll FF - plugin: d:\annet\Privat\ProMappe\program\plugins\npqtplugin2.dll FF - plugin: d:\annet\Privat\ProMappe\program\plugins\npqtplugin3.dll FF - plugin: d:\annet\Privat\ProMappe\program\plugins\npqtplugin4.dll FF - plugin: d:\annet\Privat\ProMappe\program\plugins\npqtplugin5.dll FF - plugin: d:\annet\Privat\ProMappe\program\plugins\npqtplugin6.dll FF - plugin: d:\annet\Privat\ProMappe\program\plugins\npqtplugin7.dll FF - plugin: d:\annet\Privat\ProMappe\program\plugins\NPSWF32.dll FF - plugin: d:\annet\Privat\ProMappe\program\plugins\npwmsdrm.dll ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-10 13:08:17 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(1660) c:\windows\system32\Ati2evxx.dll . Tidspunkt ferdig: 2009-02-10 13:10:10 ComboFix-quarantined-files.txt 2009-02-10 12:09:51 ComboFix2.txt 2009-02-10 00:25:09 ComboFix3.txt 2009-02-09 23:00:20 ComboFix4.txt 2009-02-09 22:54:23 Pre-Run: 36,030,341,120 byte ledig Post-Run: 36,019,060,736 byte ledig 196 --- E O F --- 2008-12-17 23:05:47 Lenke til kommentar
norbat Skrevet 10. januar 2009 Del Skrevet 10. januar 2009 Start HJT, velg "Do a system scan only", sett merke framfor følgende linjer og klikk Fix checked: R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\sorry.exe, O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Programfiler\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing) O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing) Bruk utforsker til å slette følgende filer/mapper: C:\Programfiler\AskSBar c:\windows\system32\winsystems.dll.tmp c:\windows\system32\system32xp.exe.tmp Avintaller combofix ved å skrive combofix /u i kjør-feltet (start->kjør) Dette vil også nullstille systemgjenopprettingen slik at du ikke blir infisert ved en evt. gjenoppretting senere. Sørg forøvrig at Java, Flash player og Adobe reader er oppdatert i tillegg til Windows. Surt trygt. Lenke til kommentar
epqr Skrevet 10. januar 2009 Forfatter Del Skrevet 10. januar 2009 (endret) Filene er slettet. combofix er avinstallert. Java og adobe reader er oppdatert. Tusen takk for all hjelp Endret 10. januar 2009 av epqr Lenke til kommentar
Bruker-158599 Skrevet 10. januar 2009 Del Skrevet 10. januar 2009 Filene er slettet. combofix er avinstallert. Java og adobe reader er oppdatert. Tusen takk for all hjelp Hvis du mener problemet er løst så kan du forandre emntet til løst ved å trykke på Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå