[Løst]Infisert datamaskin, MBAM- og ComboFix logg inside

JarlG · 6. februar 2009

Hei!

Jeg har fått som oppgave å 'fikse' en kompis sin data. Symptomene var at det var popups fra 'Antivirus Plus', dette er nå fjernet etter å ha fjernet en rootkit som hindret meg i å installere MBAM - men under søket merket jeg at det var MANGE flere problemer, i tillegg.

Han hadde Norton fra før, men dette ville verken kjøres eller avinstalleres, så jeg installerte AVG til liten nytte. Det fjernet 7 trojaner, men nå vil det ikke skrus av når jeg skal kjøre ComboFix. Jeg tok allikevel sjangsen og kjørte ComboFix.

Enda et problem er at jeg ikke kommer meg på nettet med denne datamaskinen, men i safe-mode with networking så kommer jeg inn på nettsider, men på sider som google så blir jeg redirectet akkurat slik som stickyen beskriver. Det står at dette kan fjernes via ComboFix, men det er ikke gjort enda.

Her er MBAM og ComboFix loggene:

MBAM

Malwarebytes' Anti-Malware 1.33

Database version: 1654

Windows 5.1.2600 Service Pack 2

06.02.2009 18:41:47

mbam-log-2009-02-06 (18-41-47).txt

Scan type: Quick Scan

Objects scanned: 46968

Time elapsed: 4 minute(s), 20 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 7

Registry Values Infected: 1

Registry Data Items Infected: 1

Folders Infected: 2

Files Infected: 25

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{d032570a-5f63-4812-a094-87d007c23012} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:

C:\WINDOWS\system32\InternetExplorer.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\avphl.dll (Rogue.AntivirusPlus) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSScfub.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSirxy.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSktao.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSnrsr.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSocun.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSoexh.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSravu.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSriqp.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\TDSSpaxt.sys (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\TDSSxxou.sys (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\TDSS9c13.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\Documents and Settings\sNipp\Local Settings\Temp\~tmpa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\sNipp\Local Settings\Temp\TDSS6cf5.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\sNipp\Local Settings\Temp\TDSSc186.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\sNipp\Programdata\Microsoft\Internet Explorer\Quick Launch\Antivirus Plus.lnk (Rogue.AntivirusPlus) -> Quarantined and deleted successfully.

C:\Documents and Settings\sNipp\Local Settings\Temp\TDSS6ce5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\sNipp\Local Settings\Temp\TDSS79c6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\TDSS97ed.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\sNipp\Local Settings\Temp\TDSSc157.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSfpmp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSqqon.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSStkdv.log (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSwrhd.log (Trojan.TDSS) -> Quarantined and deleted successfully.

ComboFix

ComboFix 09-02-05.04 - sNipp 2009-02-06 22:20:04.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.649 [GMT 1:00]

Kjører fra: c:\documents and settings\sNipp\Skrivebord\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated)

FW: Norton Internet Security 2006 *enabled*

* Opprettet nytt gjenopprettingspunkt

ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !!

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\TDSSosvd.dat

c:\windows\system32\TDSSwupe.dat

E:\Autorun.inf

.

((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_TDSSSERV.SYS

-------\Service_TDSSserv.sys

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-06 til 2009-02-06 )))))))))))))))))))))))))))))))))

.

2009-02-06 18:40 . 2009-02-06 18:40 <DIR> d--h----- C:\$AVG8.VAULT$

2009-02-06 18:36 . 2009-02-06 18:36 <DIR> d-------- c:\documents and settings\sNipp\Programdata\Malwarebytes

2009-02-06 18:31 . 2009-02-06 18:31 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-02-06 18:31 . 2009-02-06 18:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-02-06 18:31 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-06 18:31 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-02-06 16:34 . 2009-02-06 16:34 <DIR> d-------- c:\documents and settings\sNipp\DoctorWeb

2009-02-06 16:18 . 2009-02-06 16:18 <DIR> d-------- c:\windows\system32\drivers\Avg

2009-02-06 16:18 . 2009-02-06 16:18 <DIR> d-------- c:\program files\AVG

2009-02-06 16:18 . 2009-02-06 22:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8

2009-02-06 16:18 . 2009-02-06 16:18 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys

2009-02-06 16:18 . 2009-02-06 16:18 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys

2009-02-06 16:18 . 2009-02-06 16:18 10,520 --a------ c:\windows\system32\avgrsstx.dll

2009-02-06 15:43 . 2009-02-06 15:43 <DIR> d-------- c:\documents and settings\sNipp\Programdata\AVGTOOLBAR

2009-02-06 15:37 . 2009-02-06 15:37 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AVGTOOLBAR

2009-02-06 12:29 . 2009-02-06 12:29 268 --ah----- C:\sqmdata01.sqm

2009-02-06 12:29 . 2009-02-06 12:29 244 --ah----- C:\sqmnoopt01.sqm

2009-02-06 12:16 . 2009-02-06 12:16 664 --a------ c:\windows\system32\d3d9caps.dat

2009-02-06 12:02 . 2009-02-06 12:02 268 --ah----- C:\sqmdata00.sqm

2009-02-06 12:02 . 2009-02-06 12:02 244 --ah----- C:\sqmnoopt00.sqm

2009-02-06 12:01 . 2009-02-06 15:46 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP

2009-02-06 12:01 . 2005-08-25 19:18 118,784 --a------ c:\windows\system32\MSSTDFMT.DLL

2009-02-06 12:00 . 2009-02-06 12:01 <DIR> d-------- c:\program files\SpywareBlaster

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-06 11:05 --------- d-----w c:\program files\Common Files\Symantec Shared

2009-02-06 10:08 --------- d-----w c:\program files\Symantec

2008-12-18 16:33 --------- d-----w c:\documents and settings\sNipp\Programdata\uTorrent

2008-12-17 18:12 --------- d-----w c:\program files\Xfire

2008-12-16 18:13 --------- d-----w c:\documents and settings\sNipp\Programdata\AdobeUM

2008-12-15 23:23 --------- d-----w c:\documents and settings\sNipp\Programdata\Xfire

2008-12-15 14:56 --------- d-----w c:\documents and settings\sNipp\Programdata\dvdcss

2008-12-15 14:28 --------- d-----w c:\documents and settings\sNipp\Programdata\Ventrilo

2008-12-15 14:23 --------- dc-h--w c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}

2008-12-15 12:58 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2

2008-12-13 21:03 --------- d-----w c:\program files\Windows Live

2008-12-13 21:00 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller

2008-12-13 20:59 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller

2008-12-11 17:10 --------- d-----w c:\documents and settings\sNipp\Programdata\vlc

2008-12-11 17:09 --------- d-----w c:\program files\VideoLAN

2008-12-08 15:35 --------- d-----w c:\program files\Ventrilo

2008-12-08 15:35 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"Google Update"="c:\documents and settings\sNipp\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" [2008-12-15 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-06 1261336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-16 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Hurtigstart.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Hurtigstart.lnk

backup=c:\windows\pss\HP Photosmart Premier Hurtigstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hurtigstart for Adobe Reader.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Hurtigstart for Adobe Reader.lnk

backup=c:\windows\pss\Hurtigstart for Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^sNipp^Start Menu^Programs^StartUp^Xfire.lnk]

path=c:\documents and settings\sNipp\Start Menu\Programs\StartUp\Xfire.lnk

backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

--a------ 2005-09-17 15:27 52848 c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]

--a------ 2006-06-19 09:50 40960 c:\program files\Hewlett-Packard\Default Settings\Cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2006-03-16 05:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

--a------ 2005-08-05 20:56 64512 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2005-02-16 22:11 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

--a------ 2006-05-03 21:58 458752 c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]

--a------ 2005-09-30 13:33 120464 c:\program files\Norton Internet Security\CfgWiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

--a------ 2006-07-20 06:58 7581696 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2006-07-20 06:58 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]

--a------ 2006-06-19 10:33 163840 c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]

--a------ 2006-07-19 14:14 102400 c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]

--a------ 2005-10-11 09:23 1187840 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]

--a------ 2004-11-09 03:45 218240 c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2005-11-10 20:03 36975 c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

--a------ 2006-06-17 06:22 794713 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

--a------ 2006-06-02 16:02 61952 c:\windows\system32\CHDAudPropShortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]

--a------ 2006-03-16 05:00 177152 c:\windows\system32\mqrt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2006-07-20 06:58 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mqsvc.exe"=

"c:\\Program Files\\Xfire\\Xfire.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-06 97928]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-06 875288]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-06 231704]

R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-06 76040]

R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [2006-06-06 61952]

S2 cdralw;NVIDIA Compatible Windows Miniport Driver;c:\windows\system32\DRIVERS\nvmini.sys --> c:\windows\system32\DRIVERS\nvmini.sys [?]

--- Andre tjenester/drivere lastet i minnet ---

*NewlyCreated* - COMHOST

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf8e62f9-c53d-11dd-acf7-001636b91feb}]

\Shell\AutoRun\command - WD_Windows_Tools\Setup.exe

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2009-02-06 c:\windows\Tasks\GoogleUpdateTaskUser.job

- c:\documents and settings\sNipp\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2008-12-15 20:25]

2009-01-09 c:\windows\Tasks\Internett-tjenester.job

- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-08 11:23]

2008-12-18 c:\windows\Tasks\Norton AntiVirus - Kjør fullstendig systemsøk - sNipp.job

- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-10-07 15:26]

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NB_NO&c=64&bd=pavilion&pf=laptop

uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NB_NO&c=64&bd=pavilion&pf=laptop

IE: &Google-søk - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html

IE: &Oversett engelsk ord - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html

IE: Koblinger bakover - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html

IE: Lignende sider - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html

IE: Øyeblikksbilde av siden i hurtigbufferen - c:\program files\Google\GoogleToolbar1.dll/cmcache.html

FF - ProfilePath - c:\documents and settings\sNipp\Programdata\Mozilla\Firefox\Profiles\rpzlaqr8.default\

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-06 22:24:26

Windows 5.1.2600 Service Pack 2 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket

skjulte filer: 0

**************************************************************************

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\program files\Common Files\Symantec Shared\ccProxy.exe

c:\program files\Common Files\Symantec Shared\SNDSrvc.exe

c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

c:\windows\system32\msdtc.exe

c:\windows\ehome\ehrecvr.exe

c:\windows\ehome\ehSched.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

c:\program files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

c:\windows\system32\nvsvc32.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\mqsvc.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\windows\system32\mqtgsvc.exe

c:\windows\system32\dllhost.exe

c:\program files\AVG\AVG8\avgrsx.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2009-02-06 22:26:37 - maskinen ble startet på nytt [sNipp]

ComboFix-quarantined-files.txt 2009-02-06 21:26:32

Pre-Run: 9 032 769 536 bytes free

Post-Run: 9,209,008,128 byte ledig

230 --- E O F --- 2009-01-09 17:55:34

Oppdager nå at ved et Full-system søk så er det blitt merket 9 infeksjoner av MBAM. Jeg poster logg av dette søket når det er ferdig.

Takker for all hjelp!

norbat · 6. februar 2009

Når søket er ferdig, kan du avinstallere Norton ved å bruke Norton Removal Tool

Deretter kjører du combofix og poster ny logg.

JarlG · 6. februar 2009

Har nå gjort som du sa, og merkelig nok fikk jeg internett tilbake på infiserte maskinen etter jeg hadde avinstallert Norton. :O

Her er ny ComboFix logg:

ComboFix 09-02-06.01 - sNipp 2009-02-06 23:40:57.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.664 [GMT 1:00]

Kjører fra: c:\documents and settings\sNipp\Skrivebord\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

* Opprettet nytt gjenopprettingspunkt

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

G:\resycled

g:\resycled\boot.com

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-06 til 2009-02-06 )))))))))))))))))))))))))))))))))

.

2009-02-06 18:40 . 2009-02-06 22:54 <DIR> d--h----- C:\$AVG8.VAULT$