Kan noen se over loggene?

[Enya]

MBAM

Klikk for å se/fjerne innholdet nedenfor

Malwarebytes' Anti-Malware 1.38

Databaseversjon: 2420

Windows 5.1.2600 Service Pack 2

 

13.07.2009 19:02:55

mbam-log-2009-07-13 (19-02-55).txt

 

Skanntype: Rask Skann

Objekter skannet: 98689

Tid tilbakelagt: 6 minute(s), 4 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 1

Registerverdier infisert: 0

Registerfiler infisert: 2

Mapper infisert: 0

Filer infisert: 0

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

(Ingen mistenkelige filer funnet)

 

Combofix

Klikk for å se/fjerne innholdet nedenfor

ComboFix 09-07-12.03 - Rolf Vidar 13.07.2009 19:23.1.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.47.1044.18.1023.515 [GMT 2:00]

Kjører fra: c:\documents and settings\Rolf Vidar\Skrivebord\ComboFix.exe

AV: Norman Security Suite *On-access scanning disabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}

AV: Norton AntiVirus 2006 *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norman Security Suite *disabled* {83B29CE9-9DE2-2CB5-9AB3-780D70FF12B0}

FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\Installer\2634ceb.msp

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-06-13 til 2009-07-13 )))))))))))))))))))))))))))))))))

.

 

2009-07-13 16:54 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-07-13 16:52 . 2009-07-13 16:52 -------- d-----w- c:\documents and settings\Rolf Vidar\Programdata\Malwarebytes

2009-07-13 16:50 . 2009-07-13 16:50 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes

2009-07-13 16:50 . 2009-07-13 16:55 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware

2009-07-13 16:50 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-07-01 19:02 . 2009-07-01 19:02 -------- d-----w- c:\programfiler\Innovative Solutions

2009-06-28 17:37 . 2009-06-28 19:25 -------- d-----w- c:\documents and settings\Rolf Vidar\Programdata\FileZilla

2009-06-28 17:37 . 2009-06-28 17:37 -------- d-----w- c:\programfiler\FileZilla FTP Client

2009-06-24 16:46 . 2009-06-24 16:46 -------- d-----w- c:\documents and settings\LocalService\Start-meny

2009-06-24 16:45 . 2008-04-16 10:57 42552 ----a-w- c:\windows\system32\drivers\ale_nf.sys

2009-06-24 16:45 . 2008-02-07 10:12 74624 ----a-w- c:\windows\system32\drivers\tdi_rd.sys

2009-06-24 16:45 . 2008-02-07 10:12 79752 ----a-w- c:\windows\system32\drivers\ndis_rd.sys

2009-06-24 16:45 . 2009-01-22 10:41 19512 ----a-w- c:\windows\system32\drivers\nvcw32mf.sys

2009-06-24 16:45 . 2008-05-16 09:28 212024 ----a-w- c:\windows\system32\nscrnsav.scr

2009-06-24 16:45 . 2009-07-13 17:14 -------- d-----w- c:\programfiler\Norman

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-13 16:58 . 2007-05-17 16:59 -------- d-----w- c:\programfiler\Fellesfiler\Symantec Shared

2009-07-01 19:36 . 2007-01-25 21:00 -------- d-----w- c:\documents and settings\Rolf Vidar\Programdata\Launchy

2009-07-01 19:33 . 2007-05-30 16:32 -------- d-----w- c:\programfiler\NCH Swift Sound

2009-07-01 19:30 . 2006-10-07 10:44 -------- d-----w- c:\programfiler\project dogwaffle

2009-07-01 19:27 . 2008-08-19 15:46 -------- d-----w- c:\documents and settings\All Users\Programdata\Microsoft Help

2009-07-01 19:25 . 2007-10-05 17:58 -------- d-----w- c:\programfiler\Vstep

2009-07-01 19:24 . 2006-10-25 18:39 98304 ----a-w- c:\windows\system32\CmdLineExt.dll

2009-07-01 19:04 . 2009-07-01 19:04 -------- d-----w- c:\windows\Fonts\AdvUninstal

2009-07-01 14:56 . 2006-08-22 14:02 -------- d-----w- c:\documents and settings\Rolf Vidar\Programdata\OpenOffice.org2

2009-06-26 20:08 . 2009-03-07 10:02 -------- d-----w- c:\programfiler\Data7EDS

2009-06-26 20:00 . 2007-08-24 19:24 -------- d-----w- c:\documents and settings\Rolf Vidar\Programdata\AdobeAUM

2009-06-26 19:58 . 2006-08-21 14:21 -------- d-----w- c:\programfiler\Fellesfiler\Adobe

2009-06-26 19:34 . 2006-09-01 18:16 -------- d--h--w- c:\programfiler\InstallShield Installation Information

2009-06-19 14:27 . 2001-10-09 12:00 511998 ----a-w- c:\windows\system32\perfh014.dat

2009-06-19 14:27 . 2001-10-09 12:00 105034 ----a-w- c:\windows\system32\perfc014.dat

2009-06-17 09:27 . 2009-07-13 16:51 38160 ----a-w- c:\windows\system32\drivers\is-NUREU.tmp

2009-06-17 09:27 . 2009-07-13 16:50 38160 ----a-w- c:\windows\system32\drivers\is-AA9AT.tmp

2009-05-20 08:33 . 2007-02-24 16:29 -------- d-----w- c:\programfiler\EA GAMES

2009-05-07 15:44 . 2004-08-03 23:03 344576 ----a-w- c:\windows\system32\localspl.dll

2009-04-29 04:50 . 2004-08-03 23:03 827392 ----a-w- c:\windows\system32\wininet.dll

2009-04-29 04:49 . 2004-08-03 23:03 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-04-19 20:12 . 2004-08-03 22:56 1846656 ----a-w- c:\windows\system32\win32k.sys

2009-04-15 15:18 . 2004-08-03 23:03 584192 ----a-w- c:\windows\system32\rpcrt4.dll

2009-03-07 10:02 . 2009-03-07 09:57 80 --sh--r- c:\windows\system32F41EED2AD.dll

2006-09-03 11:33 . 2006-09-03 11:33 848 --sha-w- c:\windows\system32\KGyGaAvL.sys

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SweetIM"="c:\programfiler\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 73840]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

"MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2004-10-13 1694208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-26 6803456]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-07-26 86016]

"SweetIM"="c:\programfiler\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 73840]

"ccApp"="c:\programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2007-01-22 52840]

"Symantec PIF AlertEng"="c:\programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]

"DAEMON Tools-1033"="c:\programfiler\D-Tools\daemon.exe" [2004-08-22 81920]

"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-03-07 148888]

"Norman ZANDA"="c:\programfiler\Norman\Npm\Bin\ZLH.EXE" [2009-02-11 187504]

"NPCTray"="c:\programfiler\Norman\npc\bin\npc_tray.exe" [2007-09-17 126008]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-07-26 1519616]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-04-15 77824]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programfiler\\LimeWire\\LimeWire.exe"=

"c:\\Documents and Settings\\Rolf Vidar\\Mine dokumenter\\ANNE\\Roller Coaster Tycoon 2\\rct2.exe"=

"c:\\WINDOWS\\system32\\spoolsv.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Programfiler\\MSN Messenger\\msnmsgr.exe"=

"c:\\Programfiler\\MSN Messenger\\livecall.exe"=

"c:\\Programfiler\\Mozilla Firefox\\firefox.exe"=

"c:\\Programfiler\\iTunes\\iTunes.exe"=

"c:\\Programfiler\\Mamut Home\\mamutdtx.exe"=

"c:\\Programfiler\\Mamut\\Mamut.exe"=

"c:\\Programfiler\\HP\\Diagnostic Assistant\\bin\\hprbevwr.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\bin\\Hpqdirec.exe"=

"c:\\Programfiler\\HP\\Digital Imaging\\HP Print Screen\\prnsys.exe"=

"c:\\Programfiler\\HP\\HP Software Update\\HPWUCli.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

P2 NPFSvc32;Norman Personal Firewall Service;c:\programfiler\Norman\Npf\Bin\npfsvc32.exe [24.06.2009 18:45 597104]

R0 NDIS_RD;Norman Firewall NDIS driver;c:\windows\system32\drivers\ndis_rd.sys [24.06.2009 18:45 79752]

R1 NGS;Norman General Security Driver;c:\programfiler\Norman\Ngs\Bin\ngs.sys [24.06.2009 18:45 22712]

R1 NPROSEC;Norman Security driver;c:\programfiler\Norman\Ngs\Bin\nprosec.sys [24.06.2009 18:45 53816]

R1 TDI_RD;Norman Firewall TDI driver;c:\windows\system32\drivers\tdi_rd.sys [24.06.2009 18:45 74624]

R2 Ndiskio;Ndiskio;c:\programfiler\Norman\Nse\Bin\Ndiskio.sys [24.06.2009 18:45 20448]

R2 NPROSECSVC;Norman Security service;c:\programfiler\Norman\Ngs\Bin\nprosec.exe [24.06.2009 18:45 121912]

R2 NVOY;Norman Resource Provider;c:\programfiler\Norman\Npm\Bin\nvoy.exe [24.06.2009 18:45 126008]

R2 TomTomHOMEService;TomTomHOMEService;c:\documents and settings\Rolf Vidar\Mine dokumenter\TomTom HOME 2\TomTomHOMEService.exe [08.04.2009 12:38 92008]

R3 NPC;Norman Parental Control;c:\programfiler\Norman\Npc\Bin\npcsvc32.exe [24.06.2009 18:45 416880]

R3 nsesvc;Norman Scanner Engine Service;c:\programfiler\Norman\Nse\Bin\Nsesvc.exe [24.06.2009 18:45 310328]

R3 NUAA;Norman User Activity Agent;c:\programfiler\Norman\Npc\Bin\nuaa.exe [24.06.2009 18:45 121912]

R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [24.06.2009 18:45 19512]

R3 nvcoas;Norman Virus Control on-access component;c:\programfiler\Norman\nvc\bin\Nvcoas.exe [24.06.2009 18:45 195640]

R3 Scheduler;Norman Scheduler Service;c:\programfiler\Norman\Npm\Bin\scheduler.exe [24.06.2009 18:45 130104]

S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [11.07.2006 09:03 84608]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [26.02.2009 20:33 101936]

S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);c:\windows\system32\drivers\sea1bus.sys [21.08.2007 20:00 61536]

S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;c:\windows\system32\drivers\sea1mdfl.sys [27.10.2007 12:49 9360]

S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;c:\windows\system32\drivers\sea1mdm.sys [27.10.2007 12:49 97088]

S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\sea1mgmt.sys [27.10.2007 12:49 88624]

S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);c:\windows\system32\drivers\sea1nd5.sys [14.06.2008 18:12 18704]

S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;c:\windows\system32\drivers\sea1obex.sys [27.10.2007 12:49 86432]

S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);c:\windows\system32\drivers\sea1unic.sys [14.06.2008 18:11 90800]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\programfiler\Microsoft SQL Server\100\Shared\sqladhlp.exe [10.07.2008 17:28 47128]

S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.07.2008 02:49 242712]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\programfiler\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [10.07.2008 17:28 369688]

 

--- Andre tjenester/drivere lastet i minnet ---

 

*Deregistered* - mchInjDrv

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-06-21 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2006-10-10 16:13]

 

2009-07-03 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Rolf Vidar.job

- c:\progra~1\NORTON~1\Navw32.exe [2005-09-24 10:13]

 

2009-07-13 c:\windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job

- c:\programfiler\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

.

- - - - TOMME PEKERE FJERNET - - - -

 

HKCU-Run-msnmsgr - ~c:\programfiler\MSN Messenger\msnmsgr.exe

 

 

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.startsiden.no/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE: &Windows Live Search - c:\programfiler\Windows Live Toolbar\msntb.dll/search.htm

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

LSP: c:\programfiler\Norman\npc\bin\nlf.dll

DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} - hxxp://www.navigram.com/engine/v812/PageDive5.cab

FF - ProfilePath - c:\documents and settings\Rolf Vidar\Programdata\Mozilla\Firefox\Profiles\he6wbpl7.default\

FF - plugin: c:\programfiler\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\programfiler\Mozilla Firefox\plugins\npitunes.dll

FF - plugin: c:\programfiler\Unity\WebPlayer\loader\npUnity3D32.dll

FF - HiddenExtension: Java Console: No Registry Reference - c:\programfiler\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\programfiler\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-13 19:28

Windows 5.1.2600 Service Pack 2 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

Tidspunkt ferdig: 2009-07-13 19:31

ComboFix-quarantined-files.txt 2009-07-13 17:30

 

Pre-Run: 10 497 204 224 byte ledig

Post-Run: 10 998 353 920 byte ledig

 

WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

187 --- E O F --- 2009-06-11 20:31

 

Takker for hjelp

[norbat]

Ser ikke noe malware i loggen din.

 

Du har noen rester etter Norton som du godt kan fjerne. Vil tro at Symantec sitt eget fjerningsprogram ordner dette: Norton removal tool

 

Du kan også vurdere om SweetIM er noe du må ha.

[Enya]

Takk Norbat