Kamelot Skrevet 20. oktober 2009 Del Skrevet 20. oktober 2009 Kan noen her sjekke disse loggene? Jeg tror ikke det skal være noe som er galt men det kan være greit med en sjekk Her er loggene: MBAM Malwarebytes' Anti-Malware 1.41 Databaseversjon: 3001 Windows 6.0.6002 Service Pack 2 20.10.2009 22:56:00 mbam-log-2009-10-20 (22-56-00).txt Skanntype: Rask Skann Objekter skannet: 85951 Tid tilbakelagt: 4 minute(s), 41 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 1 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\Users\Rune\Desktop\registryfix.exe (Rogue.Installer) -> Quarantined and deleted successfully. ComboFix ComboFix 09-10-19.04 - XXXX 20.10.2009 23:13.4.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.47.1044.18.3066.1987 [GMT 2:00] Kjører fra: c:\users\XXXX\Desktop\ComboFix.exe SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Installer\195e0b.msi c:\windows\Installer\195ee7.msi . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-09-20 til 2009-10-20 ))))))))))))))))))))))))))))))))) . 2009-10-20 21:19 . 2009-10-20 21:19 -------- d-----w- c:\users\XXXX\AppData\Local\temp 2009-10-20 21:19 . 2009-10-20 21:19 -------- d-----w- c:\users\Public\AppData\Local\temp 2009-10-20 21:19 . 2009-10-20 21:19 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-10-16 22:52 . 2009-10-16 23:14 -------- d-----w- c:\program files\RegistryFix8 2009-10-15 12:29 . 2009-10-15 12:29 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-10-15 12:29 . 2009-10-15 12:29 107368 ----a-r- c:\windows\system32\GEARAspi.dll 2009-10-15 12:29 . 2009-10-15 12:29 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys 2009-10-15 12:29 . 2009-10-15 14:10 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-10-15 12:29 . 2009-10-15 12:29 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-10-15 12:29 . 2009-10-15 12:29 -------- d-----w- c:\program files\Symantec 2009-10-15 12:29 . 2009-10-15 12:29 -------- d-----w- c:\program files\Norton 360 Premier Edition 2009-10-15 12:29 . 2009-10-15 12:29 -------- d-----w- c:\program files\NortonInstaller 2009-10-15 12:16 . 2009-10-15 12:16 -------- d-----w- c:\users\XXXX\AppData\Local\ICS 2009-10-14 12:48 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys 2009-10-14 11:04 . 2009-10-14 11:04 -------- d-----w- c:\programdata\F-Secure 2009-10-14 06:33 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2009-10-13 22:24 . 2009-10-13 22:24 -------- d-----w- c:\programdata\IObit 2009-09-22 14:45 . 2009-09-22 14:45 -------- d-----w- c:\program files\Garmin GPS Plugin 2009-09-22 14:29 . 2009-09-22 14:29 -------- d-----w- c:\programdata\GARMIN . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-20 21:05 . 2009-03-04 07:34 77126 ----a-w- c:\windows\system32\perfc014.dat 2009-10-20 21:05 . 2009-03-04 07:34 453556 ----a-w- c:\windows\system32\perfh014.dat 2009-10-20 20:56 . 2009-07-01 09:08 12 ----a-w- c:\windows\bthservsdp.dat 2009-10-20 03:50 . 2009-03-04 00:10 -------- d-----w- c:\program files\Common Files\Adobe 2009-10-15 13:18 . 2009-06-15 17:15 -------- d-----w- c:\users\XXXX\AppData\Roaming\SoftDMA 2009-10-15 13:06 . 2009-02-11 20:16 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-15 13:04 . 2009-03-04 00:11 -------- d-----w- c:\programdata\CyberLink 2009-10-15 12:57 . 2009-06-13 12:09 -------- d-----w- c:\users\xxxx\AppData\Roaming\PowerCinema 2009-10-15 12:55 . 2009-06-15 17:15 -------- d-----w- c:\users\XXXX\AppData\Roaming\CyberLink 2009-10-15 12:29 . 2009-10-15 12:29 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2009-10-15 12:29 . 2009-10-15 12:29 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2009-10-15 12:29 . 2009-06-13 12:36 -------- d-----w- c:\programdata\NortonInstaller 2009-10-15 12:22 . 2009-06-13 12:36 -------- d-----w- c:\programdata\Symantec 2009-10-14 06:41 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-10-13 22:24 . 2009-06-22 13:39 -------- d-----w- c:\program files\IObit 2009-09-22 19:14 . 2009-06-13 12:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-22 14:50 . 2009-08-27 14:45 -------- d-----w- c:\program files\Garmin 2009-09-22 14:29 . 2009-08-27 14:48 -------- d-----w- c:\users\XXXX\AppData\Roaming\GARMIN 2009-09-17 00:22 . 2009-09-17 00:22 -------- d-----w- c:\program files\Uniblue 2009-09-14 09:29 . 2009-10-14 06:34 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-09-10 16:48 . 2009-10-14 06:34 218624 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 12:54 . 2009-06-13 12:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 12:53 . 2009-06-13 12:40 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-09 11:55 . 2009-08-24 06:07 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-06 12:16 . 2009-08-04 18:26 -------- d-----w- c:\programdata\NOS 2009-09-05 07:13 . 2009-06-13 12:10 73520 ----a-w- c:\users\XXXX\AppData\Local\GDIPFONTCACHEV1.DAT 2009-09-04 20:01 . 2009-09-04 20:01 -------- d-----w- c:\users\XXXX\AppData\Roaming\OpenOffice.org 2009-09-04 18:52 . 2009-09-04 18:52 -------- d-----w- c:\program files\JRE 2009-09-04 18:51 . 2009-09-04 18:51 -------- d-----w- c:\program files\OpenOffice.org 3 2009-09-04 18:49 . 2009-06-14 16:20 -------- d-----w- c:\program files\Java 2009-09-04 11:41 . 2009-10-14 06:34 60928 ----a-w- c:\windows\system32\msasn1.dll 2009-09-03 21:45 . 2009-03-03 23:48 -------- d-----w- c:\program files\Acer GameZone 2009-09-03 21:16 . 2009-06-13 12:23 -------- d-----w- c:\programdata\eSobi 2009-09-03 20:35 . 2009-03-03 23:59 -------- d-----w- c:\programdata\Microsoft Help 2009-09-03 20:29 . 2009-03-04 00:22 -------- d-----w- c:\program files\Microsoft 2009-09-03 20:06 . 2009-09-03 20:06 -------- d-----w- c:\program files\VS Revo Group 2009-09-03 19:30 . 2009-09-03 19:30 0 ----a-w- c:\users\XXXX\AppData\Roaming\wklnhst.dat 2009-08-29 00:27 . 2009-09-03 13:48 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-29 00:14 . 2009-09-03 13:48 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-08-27 18:33 . 2009-08-27 18:32 -------- d-----w- c:\programdata\VIZ_MPS 2009-08-27 18:32 . 2009-08-27 18:32 -------- d-----w- c:\program files\Vizky 2009-08-27 14:45 . 2009-08-27 14:45 -------- d-----w- c:\program files\DIFX 2009-08-27 05:22 . 2009-10-14 06:34 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-27 05:17 . 2009-10-14 06:34 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-08-27 05:17 . 2009-10-14 06:34 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-08-27 03:42 . 2009-10-14 06:34 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-08-14 16:27 . 2009-09-09 10:48 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-08-14 15:53 . 2009-09-09 10:48 17920 ----a-w- c:\windows\system32\netevent.dll 2009-08-14 13:49 . 2009-09-09 10:48 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2009-08-14 13:49 . 2009-09-09 10:48 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2009-08-14 13:49 . 2009-09-09 10:48 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2009-08-14 13:49 . 2009-09-09 10:48 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2009-08-14 13:49 . 2009-09-09 10:48 19968 ----a-w- c:\windows\system32\ARP.EXE 2009-08-14 13:49 . 2009-09-09 10:48 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2009-08-14 13:49 . 2009-09-09 10:48 10240 ----a-w- c:\windows\system32\finger.exe 2009-08-14 13:48 . 2009-09-09 10:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2009-08-14 13:48 . 2009-09-09 10:48 105984 ----a-w- c:\windows\system32\netiohlp.dll 2009-08-04 12:34 . 2009-10-14 06:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-08-04 12:34 . 2009-10-14 06:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-10-27 10:05 40496 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoThumbnailCache"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):66,84,d8,3d,b1,fd,c9,01 R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [14.10.2009 14:48 28544] R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360305020.00B\SymEFA.sys [01.09.2009 01:08 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360305020.00B\BHDrvx86.sys [01.09.2009 01:08 259632] R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360305020.00B\cchpx86.sys [01.09.2009 01:08 482432] R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090916.003\IDSvix86.sys [15.10.2009 14:35 342576] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [26.05.2009 10:05 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26.05.2009 10:05 72944] R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [04.03.2009 02:13 75048] R2 mwlPSDFilter;mwlPSDFilter;c:\windows\System32\drivers\mwlPSDFilter.sys [09.10.2008 16:47 19504] R2 mwlPSDNServ;mwlPSDNServ;c:\windows\System32\drivers\mwlPSDNserv.sys [09.10.2008 16:47 16432] R2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\System32\drivers\mwlPSDVDisk.sys [09.10.2008 16:47 59952] R2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe [27.10.2008 12:05 306736] R2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\3.5.2.11\ccSvcHst.exe [15.10.2009 14:29 117640] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [23.09.2008 15:11 144632] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [16.10.2009 22:04 102448] R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [04.09.2008 06:12 223232] R3 PSI;PSI;c:\windows\System32\drivers\psi_mf.sys [17.06.2009 14:20 12648] R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360305020.00B\symndisv.sys [01.09.2009 01:08 48688] S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30.03.2009 16:28 1533808] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21.01.2008 04:23 179712] S3 cxbu0wdm;CardMan 3x21;c:\windows\System32\drivers\cxbu0wdm.sys [16.10.2006 08:30 92800] S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [13.06.2009 14:07 30192] S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [23.09.2008 15:11 50424] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [26.05.2009 10:05 7408] S4 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [13.06.2009 14:20 703008] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-10-20 c:\windows\Tasks\AWC AutoSweep.job - c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-07-03 13:35] 2009-10-20 c:\windows\Tasks\AWC Startup.job - c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-07-03 07:55] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&s=2&o=vp32&d=0609&m=aspire_7735 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksporter til Microsoft Excel Trusted Zone: buypass.no Trusted Zone: headit.no Trusted Zone: norsk-tipping.no DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab FF - ProfilePath - c:\users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\ba2630u6.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Vizky\npVizky.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-20 23:19 Windows 6.0.6002 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\3.5.2.11\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\3.5.2.11\diMaster.dll\" /prefetch:1" . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b9,78,bc,a7,29,27,22,40,87,73,bc,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b9,78,bc,a7,29,27,22,40,87,73,bc,\ [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Tidspunkt ferdig: 2009-10-20 23:20 ComboFix-quarantined-files.txt 2009-10-20 21:20 Pre-Run: 241 042 444 288 byte ledig Post-Run: 240 365 375 488 byte ledig - - End Of File - - 7FFB503C3FB96E39EE814995CFFA9EBA HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:22:33, on 20.10.2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\ccSvcHst.exe C:\Program Files\Secunia\PSI\psi.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\notepad.exe C:\Windows\system32\conime.exe C:\Windows\Explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_7735 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\IPSBHO.DLL O2 - BHO: Påloggingshjelp for Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\coIEPlg.dll O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O9 - Extra button: Blogg dette - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blogg dette i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O15 - Trusted Zone: http://*.buypass.no (HKLM) O15 - Trusted Zone: http://*.headit.no (HKLM) O15 - Trusted Zone: http://*.norsk-tipping.no (HKLM) O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlcm.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1245775300316 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\coIEPlg.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: MyWinLocker Service (MWLService) - EgisTec Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\ccSvcHst.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- End of file - 6542 bytes På forhånd takk. MVH Kamelot Lenke til kommentar
snippsat Skrevet 21. oktober 2009 Del Skrevet 21. oktober 2009 Ser bra ut. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Sjekk om software er oppdatert Secunia Lenke til kommentar
Kamelot Skrevet 21. oktober 2009 Forfatter Del Skrevet 21. oktober 2009 Bra. Takker for at du tok deg tid til å se på loggene, SNIPPSAT. Takktakk Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå