Gå til innhold

Fjerning av virus - Malware og Combofix logger

Kaizerlol

Av Kaizerlol
i IKT-drift og sikkerhet

Anbefalte innlegg

Kaizerlol

Kaizerlol

Skrevet
Skrevet (endret)

Malwarebytes fant ingenting men AVG finner en del...

 

Malwarebytes

 

 

 

Malwarebytes' Anti-Malware 1.40

Databaseversjon: 2559

Windows 6.0.6000

 

04.08.2009 17:12:19

mbam-log-2009-08-04 (17-12-19).txt

 

Skanntype: Rask Skann

Objekter skannet: 73786

Tid tilbakelagt: 3 minute(s), 15 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

(Ingen mistenkelige filer funnet)

 

 

 

Combofix

 

 

 

ComboFix 09-08-03.A2 - Christian 04.08.2009 17:15.1.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.47.1044.18.3582.2116 [GMT 2:00]

Kjører fra: c:\users\Christian\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500

J:\autorun.inf

K:\Autorun.inf

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-07-04 til 2009-08-04 )))))))))))))))))))))))))))))))))

.

 

2009-08-04 15:08 . 2009-08-04 15:08 -------- d-----w- c:\users\Christian\AppData\Roaming\Malwarebytes

2009-08-04 15:08 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-04 15:08 . 2009-08-04 15:08 -------- d-----w- c:\programdata\Malwarebytes

2009-08-04 15:08 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-04 15:08 . 2009-08-04 15:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-04 14:59 . 2009-08-04 15:00 -------- d-----w- c:\users\Christian\AppData\Roaming\Ventrilo

2009-08-04 14:56 . 2009-08-04 14:56 -------- d-----w- c:\program files\Ventrilo

2009-08-04 14:47 . 2009-08-04 15:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2009-08-04 14:47 . 2009-08-04 14:50 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-08-04 14:45 . 2009-08-04 14:45 -------- d-----w- c:\program files\CCleaner

2009-08-04 14:31 . 2009-08-04 14:31 -------- d-----w- c:\windows\system32\Macromed

2009-08-04 14:27 . 2009-08-04 14:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-08-04 14:27 . 2009-08-04 14:27 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-08-04 14:27 . 2009-08-04 14:27 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-08-04 14:27 . 2009-08-04 14:28 -------- d-----w- c:\windows\system32\drivers\Avg

2009-08-04 14:27 . 2009-08-04 14:27 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-08-04 14:27 . 2009-08-04 14:27 -------- d-----w- c:\programdata\avg8

2009-08-04 14:27 . 2009-08-04 14:27 -------- d-----w- c:\program files\AVG

2009-08-04 14:18 . 2009-08-04 14:18 61440 ----a-w- c:\windows\system32\winipsec.dll

2009-08-04 14:18 . 2009-08-04 14:18 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL

2009-08-04 14:18 . 2009-08-04 14:18 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll

2009-08-04 14:18 . 2009-08-04 14:18 272896 ----a-w- c:\windows\system32\polstore.dll

2009-08-04 14:17 . 2009-08-04 14:17 87040 ----a-w- c:\windows\system32\msoert2.dll

2009-08-04 14:17 . 2009-08-04 14:17 39424 ----a-w- c:\windows\system32\ACCTRES.dll

2009-08-04 14:17 . 2009-08-04 14:17 205824 ----a-w- c:\windows\system32\msoeacct.dll

2009-08-04 14:16 . 2009-08-04 14:16 194560 ----a-w- c:\windows\system32\WebClnt.dll

2009-08-04 14:16 . 2009-08-04 14:16 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys

2009-08-04 14:16 . 2009-08-04 14:16 2028032 ----a-w- c:\windows\system32\win32k.sys

2009-08-04 14:15 . 2009-08-04 14:15 156160 ----a-w- c:\windows\system32\t2embed.dll

2009-08-04 14:15 . 2009-08-04 14:15 72704 ----a-w- c:\windows\system32\fontsub.dll

2009-08-04 14:15 . 2009-08-04 14:15 34304 ----a-w- c:\windows\system32\atmlib.dll

2009-08-04 14:15 . 2009-08-04 14:15 289792 ----a-w- c:\windows\system32\atmfd.dll

2009-08-04 14:15 . 2009-08-04 14:15 24064 ----a-w- c:\windows\system32\lpk.dll

2009-08-04 14:15 . 2009-08-04 14:15 10240 ----a-w- c:\windows\system32\dciman32.dll

2009-08-04 14:14 . 2009-08-04 14:14 49664 ----a-w- c:\windows\system32\csrsrv.dll

2009-08-04 14:14 . 2009-08-04 14:14 376320 ----a-w- c:\windows\system32\winsrv.dll

2009-08-04 14:13 . 2009-08-04 14:13 376832 ----a-w- c:\windows\system32\winhttp.dll

2009-08-04 14:12 . 2009-08-04 14:12 297472 ----a-w- c:\windows\system32\gdi32.dll

2009-08-04 14:11 . 2009-08-04 14:11 211456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2009-08-04 14:11 . 2009-08-04 14:11 500736 ----a-w- c:\windows\system32\msdtcprx.dll

2009-08-04 14:11 . 2009-08-04 14:11 30208 ----a-w- c:\windows\system32\xolehlp.dll

2009-08-04 14:10 . 2009-08-04 14:10 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2009-08-04 14:10 . 2009-08-04 14:10 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2009-08-04 14:10 . 2009-08-04 14:10 1687040 ----a-w- c:\windows\system32\gameux.dll

2009-08-04 14:09 . 2009-08-04 14:09 303616 ----a-w- c:\windows\system32\wmpeffects.dll

2009-08-04 14:08 . 2009-08-04 14:08 2048 ----a-w- c:\windows\system32\msxml3r.dll

2009-08-04 14:08 . 2009-08-04 14:08 1194496 ----a-w- c:\windows\system32\msxml3.dll

2009-08-04 14:08 . 2009-08-04 14:08 414208 ----a-w- c:\windows\system32\msscp.dll

2009-08-04 14:07 . 2009-08-04 14:07 86016 ----a-w- c:\windows\system32\icfupgd.dll

2009-08-04 14:07 . 2009-08-04 14:07 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys

2009-08-04 14:07 . 2009-08-04 14:07 61952 ----a-w- c:\windows\system32\cmifw.dll

2009-08-04 14:07 . 2009-08-04 14:07 396800 ----a-w- c:\windows\system32\MPSSVC.dll

2009-08-04 14:07 . 2009-08-04 14:07 392192 ----a-w- c:\windows\system32\FirewallAPI.dll

2009-08-04 14:07 . 2009-08-04 14:07 23040 ----a-w- c:\windows\system32\drivers\tunnel.sys

2009-08-04 14:07 . 2009-08-04 14:07 16896 ----a-w- c:\windows\system32\wfapigp.dll

2009-08-04 14:07 . 2009-08-04 14:07 178688 ----a-w- c:\windows\system32\iphlpsvc.dll

2009-08-04 14:07 . 2009-08-04 14:07 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS

2009-08-04 14:06 . 2009-08-04 14:06 2048 ----a-w- c:\windows\system32\tzres.dll

2009-08-04 14:05 . 2009-08-04 14:05 8147968 ----a-w- c:\windows\system32\wmploc.DLL

2009-08-04 14:05 . 2009-08-04 14:05 7680 ----a-w- c:\windows\system32\spwmp.dll

2009-08-04 14:05 . 2009-08-04 14:05 4096 ----a-w- c:\windows\system32\dxmasf.dll

2009-08-04 14:03 . 2009-08-04 14:03 696832 ----a-w- c:\windows\system32\localspl.dll

2009-08-04 14:02 . 2009-08-04 14:02 104448 ----a-w- c:\windows\system32\DWWIN.EXE

2009-08-04 14:01 . 2009-08-04 14:01 2923520 ----a-w- c:\windows\explorer.exe

2009-08-04 13:58 . 2009-08-04 13:58 4493312 ----a-w- c:\windows\system32\NlsData0010.dll

2009-08-04 13:56 . 2009-08-04 13:56 1585664 ----a-w- c:\windows\system32\setupapi.dll

2009-08-04 13:54 . 2009-08-04 13:54 549888 ----a-w- c:\windows\system32\rpcss.dll

2009-08-04 13:54 . 2009-08-04 13:54 3503584 ----a-w- c:\windows\system32\ntkrnlpa.exe

2009-08-04 13:54 . 2009-08-04 13:54 3469280 ----a-w- c:\windows\system32\ntoskrnl.exe

2009-08-04 13:54 . 2009-08-04 13:54 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll

2009-08-04 13:54 . 2009-08-04 13:54 97280 ----a-w- c:\windows\system32\iasrecst.dll

2009-08-04 13:54 . 2009-08-04 13:54 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe

2009-08-04 13:54 . 2009-08-04 13:54 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll

2009-08-04 13:54 . 2009-08-04 13:54 53248 ----a-w- c:\windows\system32\iasads.dll

2009-08-04 13:54 . 2009-08-04 13:54 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll

2009-08-04 13:54 . 2009-08-04 13:54 37888 ----a-w- c:\windows\system32\iasdatastore.dll

2009-08-04 13:54 . 2009-08-04 13:54 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe

2009-08-04 13:54 . 2009-08-04 13:54 158720 ----a-w- c:\windows\system32\sdohlp.dll

2009-08-04 13:54 . 2009-08-04 13:54 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll

2009-08-04 13:53 . 2009-08-04 13:53 9728 ----a-w- c:\windows\system32\LAPRXY.DLL

2009-08-04 13:53 . 2009-08-04 13:53 2048 ----a-w- c:\windows\system32\asferror.dll

2009-08-04 13:53 . 2009-08-04 13:53 223232 ----a-w- c:\windows\system32\WMASF.DLL

2009-08-04 13:52 . 2009-08-04 13:52 7680 ----a-w- c:\windows\system32\lsass.exe

2009-08-04 13:52 . 2009-08-04 13:52 72704 ----a-w- c:\windows\system32\secur32.dll

2009-08-04 13:52 . 2009-08-04 13:52 1233408 ----a-w- c:\windows\system32\lsasrv.dll

2009-08-04 13:52 . 2009-08-04 13:52 25600 ----a-w- c:\windows\system32\amxread.dll

2009-08-04 13:52 . 2009-08-04 13:52 14848 ----a-w- c:\windows\system32\apilogen.dll

2009-08-04 13:50 . 2009-08-04 13:50 441856 ----a-w- c:\windows\system32\win32spl.dll

2009-08-04 13:50 . 2009-08-04 13:50 37376 ----a-w- c:\windows\system32\printcom.dll

2009-08-04 13:50 . 2009-08-04 13:50 14848 ----a-w- c:\windows\system32\wshrm.dll

2009-08-04 13:50 . 2009-08-04 13:50 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys

2009-08-04 13:49 . 2009-08-04 13:49 11776 ----a-w- c:\windows\system32\sbunattend.exe

2009-08-04 13:48 . 2009-08-04 13:48 290304 ----a-w- c:\windows\system32\drivers\srv.sys

2009-08-04 13:48 . 2009-08-04 12:50 -------- d-----w- c:\windows\Panther

2009-08-04 13:48 . 2009-08-04 13:48 83968 ----a-w- c:\windows\system32\dnsrslvr.dll

2009-08-04 13:48 . 2009-08-04 13:48 24576 ----a-w- c:\windows\system32\dnscacheugc.exe

2009-08-04 13:47 . 2009-08-04 13:47 269824 ----a-w- c:\windows\system32\schannel.dll

2009-08-04 13:46 . 2009-08-04 13:46 97800 ----a-w- c:\windows\system32\infocardapi.dll

2009-08-04 13:46 . 2009-08-04 13:46 622080 ----a-w- c:\windows\system32\icardagt.exe

2009-08-04 13:46 . 2009-08-04 13:46 11264 ----a-w- c:\windows\system32\icardres.dll

2009-08-04 13:46 . 2009-08-04 13:46 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll

2009-08-04 13:46 . 2009-08-04 13:46 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2009-08-04 13:46 . 2009-08-04 13:46 326160 ----a-w- c:\windows\system32\PresentationHost.exe

2009-08-04 13:46 . 2009-08-04 13:46 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2009-08-04 13:44 . 2009-08-04 14:22 -------- d-----w- c:\programdata\NVIDIA

2009-08-04 13:44 . 2009-08-04 13:44 -------- d-----w- c:\program files\NVIDIA Corporation

2009-08-04 13:44 . 2009-08-04 14:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-08-04 13:43 . 2009-07-10 05:01 485920 ----a-w- c:\windows\system32\NVUNINST.EXE

2009-08-04 13:38 . 2009-08-04 13:38 -------- d-----w- c:\program files\Microsoft

2009-08-04 13:38 . 2009-08-04 13:38 -------- d-----w- c:\program files\Windows Live

2009-08-04 13:38 . 2009-08-04 13:38 -------- d-----w- c:\program files\Windows Live SkyDrive

2009-08-04 13:36 . 2009-08-04 13:36 96760 ----a-w- c:\windows\system32\dfshim.dll

2009-08-04 13:36 . 2009-08-04 13:36 41984 ----a-w- c:\windows\system32\netfxperf.dll

2009-08-04 13:36 . 2009-08-04 13:36 83968 ----a-w- c:\windows\system32\mscories.dll

2009-08-04 13:36 . 2009-08-04 13:36 282112 ----a-w- c:\windows\system32\mscoree.dll

2009-08-04 13:36 . 2009-08-04 13:36 158720 ----a-w- c:\windows\system32\mscorier.dll

2009-08-04 13:33 . 2009-08-04 13:33 -------- d-----w- c:\program files\Common Files\Windows Live

2009-08-04 13:30 . 2009-08-04 13:30 -------- d-----w- c:\program files\Common Files\Steam

2009-08-04 13:30 . 2009-08-04 14:56 -------- d-sh--w- c:\windows\Installer

2009-08-04 13:26 . 2009-08-04 13:26 1327104 ----a-w- c:\windows\system32\quartz.dll

2009-08-04 13:26 . 2009-08-04 13:26 99840 ----a-w- c:\windows\system32\poqexec.exe

2009-08-04 13:26 . 2009-08-04 13:26 633856 ----a-w- c:\windows\system32\user32.dll

2009-08-04 13:26 . 2009-08-04 13:26 1341440 ----a-w- c:\windows\system32\msxml6.dll

2009-08-04 13:26 . 2009-08-04 13:26 2048 ----a-w- c:\windows\system32\msxml6r.dll

2009-08-04 13:26 . 2009-08-04 13:26 750080 ----a-w- c:\windows\system32\qmgr.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-04 14:26 . 2006-11-21 05:16 79202 ----a-w- c:\windows\system32\perfc014.dat

2009-08-04 14:26 . 2006-11-21 05:16 476620 ----a-w- c:\windows\system32\perfh014.dat

2009-08-04 14:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-08-04 14:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar

2009-08-04 14:19 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat

2009-08-04 13:58 . 2009-08-04 13:58 3464704 ----a-w- c:\windows\system32\NlsData0013.dll

2009-08-04 13:56 . 2009-08-04 13:56 613888 ----a-w- c:\windows\system32\wpd_ci.dll

2009-08-04 13:51 . 2009-08-04 13:51 72704 ----a-w- c:\windows\system32\admparse.dll

2009-08-04 13:51 . 2009-08-04 13:51 827392 ----a-w- c:\windows\system32\wininet.dll

2009-08-04 13:51 . 2009-08-04 13:51 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-08-04 13:51 . 2009-08-04 13:51 48128 ----a-w- c:\windows\system32\mshtmler.dll

2009-08-04 13:51 . 2009-08-04 13:51 26624 ----a-w- c:\windows\system32\ieUnatt.exe

2009-08-04 13:51 . 2009-08-04 13:51 56320 ----a-w- c:\windows\system32\iesetup.dll

2009-08-04 13:02 . 2009-08-04 13:01 680 ----a-w- c:\users\Christian\AppData\Local\d3d9caps.dat

2009-08-04 13:01 . 2009-08-04 13:01 48600 ----a-w- c:\users\Christian\AppData\Local\GDIPFONTCACHEV1.DAT

2009-08-04 12:58 . 2009-08-04 12:58 31232 ----a-w- c:\windows\system32\wuapp.exe

2009-08-04 12:58 . 2009-08-04 12:58 162064 ----a-w- c:\windows\system32\wuwebv.dll

2009-08-04 12:58 . 2009-08-04 12:58 -------- d-sh--we c:\programdata\Start-meny

2009-08-04 12:58 . 2009-08-04 12:58 -------- d-sh--we c:\programdata\Skrivebord

2009-08-04 12:58 . 2009-08-04 12:58 -------- d-sh--we c:\programdata\Programdata

2009-08-04 12:58 . 2009-08-04 12:58 -------- d-sh--we c:\programdata\Maler

2009-08-04 12:58 . 2009-08-04 12:58 -------- d-sh--we c:\programdata\Favoritter

2009-08-04 12:58 . 2009-08-04 12:58 -------- d-sh--we c:\programdata\Dokumenter

2009-08-04 12:58 . 2009-08-04 12:58 -------- d-sh--we c:\program files\Fellesfiler

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="d:\program files\Steam\Steam.exe" [2009-08-04 1217784]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-02 1004136]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-04 2000152]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{93552B89-A6D4-45F4-AD34-523339EC51CC}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe

"{E6892A7C-1A4D-450B-8585-F5DAA24F69E3}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

"{25E14D7F-4AE5-486F-AC1D-BDC14B76A994}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [04.08.2009 16:27 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [04.08.2009 16:27 108552]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [04.08.2009 16:27 908056]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [04.08.2009 16:27 297752]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [14.07.2009 12:28 239648]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [04.08.2009 17:08 38160]

 

--- Andre tjenester/drivere lastet i minnet ---

 

*NewlyCreated* - AVGLDX86

*NewlyCreated* - AVGMFX86

*NewlyCreated* - AVGTDIX

*NewlyCreated* - DXGKRNL

*NewlyCreated* - MBAMSWISSARMY

.

.

------- Tilleggsskanning -------

.

FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\tfo77gio.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.catchgamer.no/?module=news

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: d:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: d:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll

FF - plugin: d:\program files\VideoLAN\VLC\npvlc.dll

 

---- FIREFOX POLICIES ----

d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

d:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

d:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

d:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

d:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

d:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

d:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

d:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

d:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-04 17:18

Windows 6.0.6000 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

Tidspunkt ferdig: 2009-08-04 17:20

ComboFix-quarantined-files.txt 2009-08-04 15:20

 

Pre-Run: 20 361 551 872 byte ledig

Post-Run: 20 342 624 256 byte ledig

 

279 --- E O F --- 2009-08-04 14:18

 

 

 

Endret av Kaizerlol
Lenke til kommentar

Videoannonse

Videoannonse
Annonse
snippsat

snippsat

Skrevet
Skrevet

Loggen ser bra ut.

 

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

 

Kjør CCleaner,scan nå med avg.

Finner den noe poster du korrekt vei(c:\...),så tar vi en vurdering av det.

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...