Noe galt i loggen min?

27. januar 2009

Håper jeg har gjort alt riktig..

Problemet er rett og slett at jeg ikke kan trykke meg frem til andre vinduer, og må nesten alltid bruke Alt+Tab for å komme til et annet ett. Msn'en min ligger foran alt, så må enten minimere den, eller krysse den ut for at den ikke er iveien, det er også sånn at det en usynling vegg foran alt, som gjør det enda vanskeligere for meg å navigere.

MBAM

Malwarebytes' Anti-Malware 1.33

Database version: 1699

Windows 5.1.2600 Service Pack 2

27.01.2009 19:56:43

mbam-log-2009-01-27 (19-56-43).txt

Scan type: Quick Scan

Objects scanned: 70915

Time elapsed: 12 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Og den andre

ComboFix 09-01-21.04 - Jonasponas 2009-01-27 20:07:44.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.529 [GMT 1:00]

Kjører fra: d:\downloads\ComboFix.exe

AV: avast! antivirus 4.8.1296 [VPS 090127-0] *On-access scanning disabled* (Updated)

AV: Norton 360 *On-access scanning disabled* (Outdated)

FW: Norton 360 *enabled*

* Opprettet nytt gjenopprettingspunkt

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-27 til 2009-01-27 )))))))))))))))))))))))))))))))))

.

2009-01-27 19:40 . 2009-01-27 19:40 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-27 19:40 . 2009-01-27 19:40 <DIR> d-------- c:\documents and settings\Jonasponas\Application Data\Malwarebytes

2009-01-27 19:40 . 2009-01-27 19:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-27 19:40 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-27 19:40 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-27 15:18 . 2009-01-27 15:18 <DIR> d-------- c:\windows\LastGood

2009-01-27 15:13 . 2009-01-27 15:13 <DIR> d-------- c:\program files\Windows Live SkyDrive

2009-01-27 15:13 . 2009-01-27 15:13 260 --a------ C:\sqmdata00.sqm

2009-01-27 15:13 . 2009-01-27 15:13 212 --a------ C:\sqmnoopt00.sqm

2009-01-26 17:23 . 2009-01-26 17:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Electronic Arts

2009-01-25 21:16 . 2009-01-25 21:16 <DIR> d-------- c:\program files\Alwil Software

2009-01-13 22:21 . 2009-01-13 22:21 <DIR> d-------- c:\program files\Microsoft

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-27 19:08 --------- d-----w c:\documents and settings\Jonasponas\Application Data\uTorrent

2009-01-27 14:20 --------- d-----w c:\program files\Windows Live

2009-01-25 21:18 --------- d-----w c:\program files\Common Files\Symantec Shared

2009-01-25 19:58 --------- d-----w c:\documents and settings\Jonasponas\Application Data\Microsoft Games

2008-12-11 10:24 333,184 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-04 21:55 307,560 ----a-w c:\windows\WLXPGSS.SCR

2008-12-02 21:37 49,480 ----a-w c:\windows\system32\sirenacm.dll

2007-09-11 17:17 22,328 ----a-w c:\documents and settings\Jonasponas\Application Data\PnkBstrK.sys

2004-02-20 22:17 20,752 ----a-w c:\program files\opera\program\plugins\cgpcfg.dll

2004-02-20 22:17 69,904 ----a-w c:\program files\opera\program\plugins\cgpcore.dll

2004-02-20 22:17 45,328 ----a-w c:\program files\opera\program\plugins\icalogon.dll

2004-02-20 22:17 24,848 ----a-w c:\program files\opera\program\plugins\pscript.dll

2004-02-20 22:17 57,616 ----a-w c:\program files\opera\program\plugins\sslsdk_b.dll

2004-02-20 22:17 24,848 ----a-w c:\program files\opera\program\plugins\tcppserv.dll

2008-06-24 21:41 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll

2008-06-24 21:41 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll

2008-06-24 21:41 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll

2008-06-24 21:41 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll

2008-06-24 21:41 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll

2007-10-11 16:29 80 --sh--r c:\windows\system32\13A68F70D5.dll

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2006-09-21 1694208]

"Steam"="d:\steam\steam.exe" [2008-10-08 1410296]

"DesktopIconToy"="c:\program files\Desktop Icon Toy\DesktopIconToy.exe" [2008-03-18 352256]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-01-09 3321856]

"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-21 213936]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-04-29 158624]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

"SoundMan"="SOUNDMAN.EXE" [2005-08-17 c:\windows\soundman.exe]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-10-24 67128]

Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.I420"= i420vfw.dll

"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\WINDOWS\\system32\\pnkbstra.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"d:\\Rockgeneratoion\\LimeWire.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"d:\\ffdshow\\uTorrent.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-25 111184]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-08-24 99376]

R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-25 20560]

S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2008-08-12 83208]

S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2008-08-12 15112]

S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2008-08-12 108680]

S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2008-08-12 100488]

S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2008-08-12 98568]

S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [2008-10-10 83496]

S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [2008-10-10 15016]

S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [2008-10-10 109992]

S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s916mgmt.sys [2008-10-10 103976]

S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\drivers\s916obex.sys [2008-10-10 100008]

S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [2007-11-13 32000]

--- Andre tjenester/drivere lastet i minnet ---

*NewlyCreated* - COMHOST

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2008-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/

uInternet Settings,ProxyOverride = *.local

IE: &Compress Image Using Image Compressor 2008 - c:\program files\MasRizal\IMC2008\imcieex_compress.html

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath -

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-27 20:09:59

Windows 5.1.2600 Service Pack 2 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket

skjulte filer: 0

**************************************************************************

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

[HKEY_USERS\S-1-5-21-796845957-1383384898-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-796845957-1383384898-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:d8,60,52,78,1b,66,47,d7,8b,d9,dd,0d,c2,41,66,c4,94,f6,ba,8e,6d,bc,10,

aa,71,69,17,dd,e1,13,ac,ec,64,24,24,2c,2b,20,8c,8c,3a,c0,d6,3b,5e,55,55,d8,\

"??"=hex:19,ba,59,ea,19,57,ef,1e,db,35,28,3a,74,e6,dd,04

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(712)

c:\windows\system32\Ati2evxx.dll

.

Tidspunkt ferdig: 2009-01-27 20:11:50

ComboFix-quarantined-files.txt 2009-01-27 19:11:46

Pre-Run: 13ÿ229ÿ543ÿ424 bytes free

Post-Run: 15,365,050,368 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

178 --- E O F --- 2009-01-26 13:53:50

Takker for hjelp.

Endret 27. januar 2009 av Bruker-127711

Patience · 27. januar 2009

Emnetittelen i denne tråden er lite beskrivende for trådens innhold og det er derfor ingen god emnetittel. Jo bedre og mer beskrivende emnetittelen er, jo lettere er det for andre å skjønne trådens innhold og det vil være lettere å treffe den riktige forumbrukeren med det rette svaret. Ber deg derfor om å endre emnetittel. Vennligst forsøk å ha dette i tankene neste gang du starter en tråd, og orienter deg om hva vår nettikette sier om dårlig bruk av emnetitler.

Husk at en god emnetittel skal beskrive eller oppsummere hvilket problem du har - ikke at du har et problem. En god emnetittel skal heller ikke kun bestå av et produktnavn.

Bruk -knappen i første post for å endre emnetittelen.

(Dette innlegget vil bli fjernet ved endring av emnetittel. Ikke kommenter dette innlegget, men gjerne dette innlegget når tittelen er endret, så vil det bli fjernet..)

Patience · 27. januar 2009

Førstepost i denne tråden er ikke beskrivende nok for emnet. Fint om trådstarter kan oppdatere denne så det blir lettere å skaffe seg en oversikt over hva emnet gjelder - samt få litt flere detaljer å gå på..

norbat · 27. januar 2009

Hvis du kjører både med Avast og Norton, avinstallerer du det ene.

27. januar 2009

Installerte Avast nettop, Norton har ikke blitt fornya, skal jeg fjerne den ene, og ta en ny søk?

r2d290 · 27. januar 2009

Hvis du vil beholde Avast, må du avinstallere Norton ja. Bruk dette verktøyet for å avinstallere norton: http://service1.symantec.com/Support/tsgen...005033108162039

Etter dette kan du gjerne poste en ny combofix-logg, dersom du mener at det fortsatt er problemer med maskinen. Hvis alt er som det skal etter avinstallering av norton kan du si ifra så avslutter vi.

1. februar 2009

Urk, glemte denne tråden helt. Fjerna Norton, og ny combofix er her.

ComboFix 09-01-31.01 - Jonasponas 2009-02-01 1:12:01.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.351 [GMT 1:00]

Kjører fra: d:\downloads\ComboFix.exe

AV: avast! antivirus 4.8.1296 [VPS 090131-0] *On-access scanning disabled* (Updated)

* Opprettet nytt gjenopprettingspunkt

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-01 til 2009-02-01 )))))))))))))))))))))))))))))))))

.

2009-01-27 21:26 . 2009-01-27 21:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\2DBoy

2009-01-27 21:25 . 2009-01-27 21:25 <DIR> d-------- c:\program files\WorldOfGoo