hautainn Skrevet 25. november 2009 Del Skrevet 25. november 2009 Hei. Pcen min har fungert helt til nå. Etter en restart gikk det greit å logge inn, men det enste som vises på skrivebordet er bakgrunnen(wallpaper). CTRL+alt+delete fungerer, og explorer.exe vises forøvrig i "task-listen". Jeg har prøvd å starte explorer.exe på nytt, uten hell. Har i tillegg prøvd "windows point restore" via safe-mode uten at dette hjalp. Får opp skrivebordet med ikoner, startlinje etc. når jeg kjører i safe-mode. Driver forøvrig å scanner pcn min med avg, SAS og HJT. Poster logger så fort som mulig. Håper noen kan hjelpe meg, på forrhånd takk. Lenke til kommentar
Kris Skrevet 25. november 2009 Del Skrevet 25. november 2009 Høyreklikk > Vis skrivebordsikoner. Lenke til kommentar
hautainn Skrevet 25. november 2009 Forfatter Del Skrevet 25. november 2009 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:42:45, on 25.11.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16915) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Administrator\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Lokale innstillinger\Programdata\Google\Chrome\Application\chrome.exe C:\Programfiler\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programfiler\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programfiler\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programfiler\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programfiler\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programfiler\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [Apoint] C:\Programfiler\DellTPad\Apoint.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Programfiler\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [WinPatrol] C:\Programfiler\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [AVG8_TRAY] C:\Programfiler\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [AVGIDS] C:\Programfiler\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSUI.exe O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Programfiler\Tall Emu\Online Armor\oaui.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: AVGIDSAgent - AVG - C:\Programfiler\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe O23 - Service: AVGIDSWatcher - AVG - C:\Programfiler\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programfiler\Java\jre6\bin\jqs.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programfiler\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Programfiler\Tall Emu\Online Armor\OAcat.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programfiler\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia - C:\Programfiler\PC Connectivity Solution\ServiceLayer.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programfiler\Fellesfiler\SureThing Shared\stllssvr.exe O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Programfiler\Tall Emu\Online Armor\oasrv.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Programfiler\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programfiler\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- End of file - 7569 bytes Lenke til kommentar
hautainn Skrevet 25. november 2009 Forfatter Del Skrevet 25. november 2009 Mulig jeg lagde denne tråden i feil del-forum, hvis en moderator kan flytte tråden til Antivirus og Datasikkerhet. Malwarebytes' Anti-Malware 1.41 Databaseversjon: 3232 Windows 5.1.2600 Service Pack 3 (Safe Mode) 25.11.2009 21:07:11 mbam-log-2009-11-25 (21-07-10).txt Skanntype: Rask Skann Objekter skannet: 111992 Tid tilbakelagt: 10 minute(s), 23 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 112 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\WINDOWS\Temp\akl348.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\alw403.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\aqh376.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\awa5.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\ayr39C.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\bsc372.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\byu36F.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\bzu3DE.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\cmn388.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\cok386.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\crd10.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\cxa4.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\dde384.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\dnc380.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\drp389.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\dsy233.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\dvx38E.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\dwe383.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\eda4.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\esr537.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\evg461.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\fot53C.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\fqh379.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\ftc247.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\fuc381.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\gai37A.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\gdj341.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\hkn37B.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\hnj398.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\hoa392.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\hvc454.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\ich378.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\idj397.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\ihw3FC.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\ikn387.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\itg338.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\iuf374.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\iya6.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\jbp298.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\joa393.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\kdg463.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\kfy2F9.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\knt37E.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\ksa2.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\kua3.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\kve1E.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\lki469.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\lpa4.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\mas53A.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\modF.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\mxa3.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\mxw400.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\nba7.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\nnc246.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\nqa315.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\oba5.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\ojd373.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\ojl347.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\oma1.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\oya5.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\oyr538.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\pey37F.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\pnn4CE.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\ppa394.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\ptq37D.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\pua4.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\pxa4.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\qaa1.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\qcj340.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\qcw371.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\qea5.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\qma1.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\qou38D.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\qpa3.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\qsn28A.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\rzr39D.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\sgy390.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\shg375.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\sik385.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\sma1.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\sqp295.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\sve1D.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tlu370.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tpl399.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\trq37C.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\tve382.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\uol34A.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\upj277.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\uqa6.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\uwa3.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\uwx38F.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\uza3.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\vcg396.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\vfr35D.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\wlp296.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\wqa2.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\wsa2.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\xda3.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\xdv2DA.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\xka1.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\xku2D8.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\xsa2.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\xya5.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\yaa4.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\yas53B.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\yjn284.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\ynu3DF.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\yta2.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\ywy2FA.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\zae250.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\zna1.tmp (Worm.Parite) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\zpy391.tmp (Worm.Parite) -> Quarantined and deleted successfully. ComboFix 09-11-25.01 - Administrator 25.11.2009 21:13.2.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.1014.790 [GMT 1:00] Kjører fra: c:\documents and settings\Administrator\Mine dokumenter\Nedlastinger\ComboFix.exe AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A} . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-10-25 til 2009-11-25 ))))))))))))))))))))))))))))))))) . 2009-11-25 20:01 . 2009-11-25 20:01 -------- d--h--r- c:\documents and settings\Administrator\Siste 2009-11-25 19:27 . 2009-11-07 07:14 2064152 ----a-w- c:\documents and settings\All Users\Programdata\avg8\update\backup\avgcorex.dll 2009-11-25 19:27 . 2009-11-03 13:58 3513624 ----a-w- c:\documents and settings\All Users\Programdata\avg8\update\backup\avgui.exe 2009-11-25 19:27 . 2009-11-03 13:58 2028312 ----a-w- c:\documents and settings\All Users\Programdata\avg8\update\backup\avgtray.exe 2009-11-25 19:21 . 2009-11-25 19:21 -------- d-----w- c:\windows\system32\wbem\Repository 2009-11-25 17:31 . 2009-11-25 17:31 -------- d-----w- c:\programfiler\Goland 2009-11-24 12:18 . 2009-11-24 12:18 -------- d-----w- c:\documents and settings\Administrator\Programdata\Radmin Communication Client 2009-11-23 09:31 . 2009-11-23 09:59 -------- d-----w- c:\documents and settings\All Users\Programdata\OnlineArmor 2009-11-23 09:31 . 2009-11-23 09:31 -------- d-----w- c:\documents and settings\Administrator\Programdata\OnlineArmor 2009-11-23 09:30 . 2009-11-04 04:05 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys 2009-11-23 09:30 . 2009-11-04 04:05 29776 ----a-w- c:\windows\system32\drivers\OAnet.sys 2009-11-23 09:30 . 2009-11-04 04:05 219728 ----a-w- c:\windows\system32\drivers\OADriver.sys 2009-11-23 09:30 . 2009-11-23 09:30 -------- d-----w- c:\programfiler\Tall Emu 2009-11-21 16:22 . 2009-11-21 16:22 -------- d-----w- c:\programfiler\Fellesfiler\PCSuite 2009-11-21 16:22 . 2009-11-21 16:22 -------- d-----w- c:\programfiler\Fellesfiler\Nokia 2009-11-21 16:19 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys 2009-11-21 16:18 . 2009-11-21 16:19 -------- d-----w- c:\programfiler\PC Connectivity Solution 2009-11-21 16:16 . 2009-11-21 16:11 33646144 ----a-w- c:\documents and settings\All Users\Programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_nor.exe 2009-11-21 16:16 . 2009-11-21 16:16 95232 ----a-w- c:\documents and settings\All Users\Programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe 2009-11-21 16:16 . 2009-11-21 16:16 8192 ----a-w- c:\documents and settings\All Users\Programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe 2009-11-21 16:16 . 2009-11-21 16:16 61440 ----a-w- c:\documents and settings\All Users\Programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2009-11-21 16:16 . 2009-11-21 16:16 10240 ----a-w- c:\documents and settings\All Users\Programdata\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe 2009-11-20 16:07 . 2009-11-20 16:07 -------- d-----w- c:\documents and settings\Administrator\Programdata\CheckPoint 2009-11-20 13:15 . 2009-11-23 09:20 -------- d-----w- c:\programfiler\CheckPoint 2009-11-13 15:59 . 2009-11-24 19:07 -------- d-----w- c:\programfiler\HighGrow 2009-11-13 15:47 . 2009-11-13 15:47 1086810 ----a-w- c:\documents and settings\Administrator\Programdata\NoNameScript\downloads\HighGr30.EXE 2009-11-11 22:27 . 2009-11-14 11:25 -------- d-----w- c:\programfiler\Radmin Viewer 3 2009-11-11 22:26 . 2009-11-11 22:26 -------- d-----w- c:\documents and settings\Administrator\Lokale innstillinger\Programdata\Downloaded Installations 2009-11-08 14:39 . 2001-10-06 12:43 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys 2009-11-08 14:39 . 2001-10-06 12:43 6784 ----a-w- c:\windows\system32\drivers\serscan.sys 2009-11-08 14:37 . 2009-11-08 14:37 -------- d-----w- c:\programfiler\Fellesfiler\CANON 2009-11-08 14:33 . 2009-11-08 14:33 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information 2009-11-08 14:31 . 2008-06-30 20:20 94720 ----a-w- c:\documents and settings\All Users\Programdata\CanonBJ\IJPrinter\CNMWINDOWS\Canon MP620 series Printer\LanguageModules412\CNMlr9D.dll 2009-11-08 14:30 . 2008-04-13 10:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2009-11-08 14:30 . 2008-04-13 10:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2009-11-08 14:29 . 2008-04-13 10:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys 2009-11-08 14:29 . 2008-04-13 10:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2009-11-07 12:47 . 2009-11-07 12:47 -------- d-----w- c:\documents and settings\LocalService\Skrivebord 2009-11-03 22:00 . 2009-11-03 22:00 -------- d-----w- c:\documents and settings\LocalService\Programdata\TuneUp Software 2009-11-03 21:54 . 2009-10-30 14:08 29512 ----a-w- c:\windows\system32\TURegOpt.exe 2009-11-03 21:54 . 2009-10-30 14:01 30024 ----a-w- c:\windows\system32\uxtuneup.dll 2009-11-03 21:53 . 2009-11-03 21:54 -------- d-----w- c:\programfiler\TuneUp Utilities 2010 2009-11-03 21:53 . 2009-11-03 21:53 -------- d-sh--w- c:\documents and settings\All Users\Programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} 2009-10-30 19:07 . 2009-10-30 19:07 -------- d-----w- c:\programfiler\Runic Games 2009-10-30 17:50 . 2009-10-30 17:51 -------- d-----w- c:\documents and settings\Administrator\Lokale innstillinger\Programdata\Temp 2009-10-30 17:50 . 2009-10-30 17:51 -------- d-----w- c:\documents and settings\Administrator\Lokale innstillinger\Programdata\Google 2009-10-30 17:28 . 2009-10-30 17:28 2165 ----a-w- c:\documents and settings\Administrator\Programdata\.purple\certificates\x509\tls_peers\rsi.hotmail.com 2009-10-29 17:18 . 2009-10-29 17:18 -------- d-----w- c:\programfiler\Trend Micro 2009-10-27 19:18 . 2009-09-02 10:58 1107200 ----a-w- c:\documents and settings\All Users\Programdata\AVG Security Toolbar\IEToolbar.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-25 20:15 . 2009-05-14 08:02 74114 ----a-w- c:\windows\system32\perfc014.dat 2009-11-25 20:15 . 2009-05-14 08:02 432608 ----a-w- c:\windows\system32\perfh014.dat 2009-11-25 19:53 . 2009-11-25 19:53 -------- d-----w- c:\documents and settings\Administrator\Programdata\Malwarebytes 2009-11-25 19:53 . 2009-11-25 19:53 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2009-11-25 19:53 . 2009-11-25 19:53 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-11-25 19:20 . 2009-06-15 17:26 -------- d-----w- c:\documents and settings\Administrator\Programdata\foobar2000 2009-11-25 18:52 . 2009-06-15 12:03 -------- d-----w- c:\documents and settings\Administrator\Programdata\NoNameScript 2009-11-25 18:52 . 2009-06-15 11:21 -------- d-----w- c:\programfiler\mIRC 2009-11-25 18:52 . 2009-10-23 19:05 -------- d-----w- c:\documents and settings\Administrator\Programdata\gtk-2.0 2009-11-25 18:52 . 2009-06-15 23:23 -------- d-----w- c:\documents and settings\Administrator\Programdata\uTorrent 2009-11-25 18:49 . 2009-06-15 23:24 -------- d-----w- c:\programfiler\uTorrent 2009-11-25 18:24 . 2009-10-22 11:49 -------- d-----w- c:\documents and settings\Administrator\Programdata\.purple 2009-11-25 14:06 . 2009-10-16 18:35 -------- d-----w- c:\documents and settings\Administrator\Programdata\FileZilla 2009-11-25 11:00 . 2009-06-15 11:15 -------- d-----w- c:\documents and settings\All Users\Programdata\avg8 2009-11-23 08:03 . 2009-06-15 11:04 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2009-11-21 17:05 . 2009-06-18 17:30 -------- d-----w- c:\documents and settings\Administrator\Programdata\Spotify 2009-11-21 16:22 . 2009-08-25 14:21 -------- d-----w- c:\programfiler\Nokia 2009-11-21 16:11 . 2009-08-25 14:20 -------- d-----w- c:\documents and settings\All Users\Programdata\Installations 2009-11-21 00:49 . 2009-06-16 20:10 -------- d-----w- c:\programfiler\Teamspeak2_RC2 2009-11-20 19:13 . 2009-06-15 12:31 -------- d-----w- c:\programfiler\Warcraft III 2009-11-17 13:49 . 2009-06-15 15:07 38 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences.dat 2009-11-17 13:46 . 2009-09-02 12:57 63 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences2.dat 2009-11-15 19:56 . 2009-10-20 18:27 -------- d-----w- c:\programfiler\Garena 2009-11-14 16:19 . 2009-10-16 18:35 -------- d-----w- c:\programfiler\FileZilla FTP Client 2009-11-13 19:30 . 2009-07-10 00:37 -------- d-----w- c:\documents and settings\Administrator\Programdata\vlc 2009-11-11 21:44 . 2009-05-14 09:02 -------- d-----w- c:\documents and settings\All Users\Programdata\Microsoft Help 2009-11-08 14:43 . 2009-11-08 14:32 -------- d-----w- c:\programfiler\Canon 2009-11-08 14:32 . 2009-11-08 14:32 -------- d--h--w- c:\programfiler\CanonBJ 2009-11-08 14:31 . 2009-11-08 14:31 -------- d--h--w- c:\documents and settings\All Users\Programdata\CanonBJ 2009-11-07 12:47 . 2009-08-13 14:27 -------- d-----w- c:\programfiler\PokerTH 2009-11-03 21:53 . 2009-08-06 18:04 -------- d-----w- c:\documents and settings\All Users\Programdata\TuneUp Software 2009-10-27 19:18 . 2009-09-13 21:45 -------- d-----w- c:\documents and settings\All Users\Programdata\AVG Security Toolbar 2009-10-23 07:19 . 2009-10-23 07:19 2145 ----a-w- c:\documents and settings\Administrator\Programdata\.purple\certificates\x509\tls_peers\ows.messenger.msn.com 2009-10-22 11:50 . 2009-10-22 11:50 2141 ----a-w- c:\documents and settings\Administrator\Programdata\.purple\certificates\x509\tls_peers\omega.contacts.msn.com 2009-10-22 11:50 . 2009-10-22 11:50 2095 ----a-w- c:\documents and settings\Administrator\Programdata\.purple\certificates\x509\tls_peers\login.live.com 2009-10-22 11:49 . 2009-10-22 11:48 -------- d-----w- c:\programfiler\Pidgin 2009-10-19 20:18 . 2009-06-15 11:21 -------- d-----w- c:\documents and settings\Administrator\Programdata\mIRC 2009-10-16 17:16 . 2009-10-16 17:16 -------- d-----w- c:\programfiler\AviSynth 2.5 2009-10-16 17:15 . 2009-10-16 17:15 -------- d-----w- c:\programfiler\eRightSoft 2009-10-13 13:57 . 2009-10-13 13:57 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL 2009-10-13 13:57 . 2009-05-14 08:02 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS 2009-10-13 13:30 . 2009-10-13 13:30 -------- d-----w- c:\programfiler\RealVNC 2009-10-13 12:10 . 2009-10-13 12:10 -------- d-----w- c:\documents and settings\Administrator\Programdata\Radmin 2009-10-11 13:55 . 2009-10-11 13:55 -------- d-----w- c:\documents and settings\Administrator\Programdata\NeoDownloader 2009-10-11 13:55 . 2009-10-11 13:55 -------- d-----w- c:\programfiler\NeoDownloader 2009-10-06 10:52 . 2009-08-25 14:21 91136 ----a-w- c:\windows\system32\nmwcdcls.dll 2009-09-30 16:22 . 2009-09-30 16:22 -------- d-----w- c:\programfiler\Microsoft 2009-09-27 19:28 . 2009-09-26 12:14 -------- d-----w- c:\programfiler\Fellesfiler\Nero 2009-09-27 19:24 . 2009-09-26 12:14 -------- d-----w- c:\documents and settings\All Users\Programdata\Nero 2009-09-27 18:47 . 2009-09-26 12:32 -------- d-----w- c:\documents and settings\Administrator\Programdata\Nero 2009-09-15 15:06 . 2009-09-26 12:37 38208 ----a-w- c:\documents and settings\NeroMediaHomeUser.4\Programdata\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-09-15 15:06 . 2009-09-15 15:07 38208 ----a-w- c:\documents and settings\Administrator\Programdata\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-09-15 15:06 . 2009-09-15 15:07 38208 ----a-w- c:\documents and settings\Default User\Programdata\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-09-13 21:45 . 2009-09-13 21:45 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2009-09-13 21:45 . 2009-09-13 21:45 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-09-13 21:45 . 2009-09-13 21:45 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-09-13 21:45 . 2009-09-13 21:45 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-09-13 21:45 . 2009-09-13 21:45 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-09-11 14:20 . 2009-05-14 08:02 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 13:54 . 2009-11-25 19:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 13:53 . 2009-11-25 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-04 21:05 . 2009-05-14 08:02 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-31 07:16 . 2009-06-15 10:12 84888 ----a-w- c:\documents and settings\Administrator\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT 2009-08-29 07:32 . 2009-05-14 08:02 832512 ----a-w- c:\windows\system32\wininet.dll 2009-08-29 07:32 . 2009-05-14 08:01 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-08-29 07:32 . 2009-05-14 08:01 17408 ----a-w- c:\windows\system32\corpol.dll 2006-05-03 09:06 . 2009-10-16 17:15 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47 . 2009-10-16 17:15 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 12:30 . 2009-10-16 17:15 216064 --sh--r- c:\windows\system32\nbDX.dll . ------- Sigcheck ------- [-] 2009-10-13 . E2C86386C754D71726F6D1BD08CC6E0D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS [-] 2009-10-13 . E2C86386C754D71726F6D1BD08CC6E0D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\programfiler\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-09-02 10:58 1107200 ----a-w- c:\programfiler\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programfiler\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programfiler\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2008-04-14 1695232] "PC Suite Tray"="c:\programfiler\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\programfiler\DellTPad\Apoint.exe" [2007-07-02 159744] "SigmatelSysTrayApp"="c:\programfiler\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008] "Dell QuickSet"="c:\programfiler\Dell\QuickSet\quickset.exe" [2008-02-22 1245184] "WinPatrol"="c:\programfiler\BillP Studios\WinPatrol\winpatrol.exe" [2009-06-01 341312] "AVG8_TRAY"="c:\programfiler\AVG\AVG8\avgtray.exe" [2009-11-25 2029336] "AVGIDS"="c:\programfiler\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSUI.exe" [2009-07-22 1600008] "@OnlineArmor GUI"="c:\programfiler\Tall Emu\Online Armor\oaui.exe" [2009-11-04 6715080] "Malwarebytes Anti-Malware (reboot)"="c:\programfiler\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-11-04 923336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-09-13 21:45 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "RoxMediaDB9"=3 (0x3) "NeroMediaHomeService.4"=2 (0x2) "Nero BackItUp Scheduler 4.0"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Programfiler\\mIRC\\mirc.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\Programfiler\\Mozilla Firefox\\firefox.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\Spotify\\spotify.exe"= "c:\\Programfiler\\Warcraft III\\war3.exe"= "c:\\Programfiler\\3DO\\Heroes II Gold\\HEROES2W.EXE"= "c:\\Programfiler\\PokerTH\\pokerth.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgam.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgdiag.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgdiagex.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= "c:\\Programfiler\\AVG\\AVG8\\avgnsx.exe"= "c:\\Programfiler\\Warcraft III\\Warcraft III.exe"= "c:\\Programfiler\\Nero\\Nero MediaHome 4\\NMMediaServerService.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSErHr.sys [22.07.2009 16:23 25608] R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [13.09.2009 22:45 12552] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13.09.2009 22:45 108552] R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [23.11.2009 10:30 24656] R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [23.11.2009 10:30 29776] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13.07.2009 20:01 721904] S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13.09.2009 22:45 335240] S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [23.11.2009 10:30 219728] S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [13.09.2009 22:44 297752] S2 AVGIDSAgent;AVGIDSAgent;c:\programfiler\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe [22.07.2009 16:23 5641736] S2 AVGIDSWatcher;AVGIDSWatcher;c:\programfiler\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe [22.07.2009 16:23 571912] S2 OAcat;Online Armor Helper Service;c:\programfiler\Tall Emu\Online Armor\oacat.exe [23.11.2009 10:30 1282248] S2 SvcOnlineArmor;Online Armor;c:\programfiler\Tall Emu\Online Armor\oasrv.exe [23.11.2009 10:30 3421896] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programfiler\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [30.10.2009 15:05 1021256] S3 AVGIDSDriver;AVGIDSDriver;c:\programfiler\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSDriver.sys [22.07.2009 16:23 121352] S3 AVGIDSFilter;AVGIDSFilter;c:\programfiler\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSFilter.sys [22.07.2009 16:23 30216] S3 AVGIDSShim;AVGIDSShim;c:\programfiler\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys [22.07.2009 16:23 27232] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\ADMINI~1\LOKALE~1\Temp\MWB48.tmp --> c:\docume~1\ADMINI~1\LOKALE~1\Temp\MWB48.tmp [?] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [02.08.2005 22:10 32512] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programfiler\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 07:24 10064] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}] msiexec /fup {C8B0680B-CDAE-4809-9F91-387B6DE00F7C} [HKEY_CURRENT_USER\software\microsoft\active setup\installed components\>{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}] msiexec /fup {C8B0680B-CDAE-4809-9F91-387B6DE00F7C} . . ------- Tilleggsskanning ------- . IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Administrator\Programdata\Mozilla\Firefox\Profiles\d3nnyxia.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - prefs.js: keyword.URL - hxxp://no.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_no&p= FF - component: c:\programfiler\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\programfiler\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\programfiler\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\programfiler\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\programfiler\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\programfiler\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - plugin: c:\documents and settings\Administrator\Lokale innstillinger\Programdata\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\programfiler\Mozilla Firefox\plugins\np-mswmp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . - - - - TOMME PEKERE FJERNET - - - - AddRemove-CanonMyPrinter - c:\programfiler\Canon\MyPrinter\uninst.exe uninst.ini AddRemove-CanonSolutionMenu - c:\programfiler\Canon\SolutionMenu\uninst.exe uninst.ini AddRemove-Easy-PhotoPrint EX - c:\programfiler\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini AddRemove-foobar2000 - c:\programfiler\foobar2000\uninstall.exe _?=c:\programfiler\foobar2000 AddRemove-mIRC - c:\programfiler\mIRC\uninstall.exe _?=c:\programfiler\mIRC AddRemove-{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD} - c:\programfiler\DellTPad\Uninstap.exe ADDREMOVE AddRemove-{b679c80b-c22e-4980-9329-a6645fc0c20a} - c:\programfiler\Fellesfiler\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER=5M06-8361-59WP-P1EM-E7W1-04X8-UPHX-114X ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-25 21:16 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\ADMINI~1\LOKALE~1\Temp\MWB48.tmp" . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'explorer.exe'(368) c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll c:\windows\system32\PortableDeviceApi.dll . Tidspunkt ferdig: 2009-11-25 21:17 ComboFix-quarantined-files.txt 2009-11-25 20:17 Pre-Run: 4 945 653 760 byte ledig Post-Run: 4 912 492 544 byte ledig - - End Of File - - 0279F97EEDFAD3429AB185701ABD99AF Lenke til kommentar
norbat Skrevet 25. november 2009 Del Skrevet 25. november 2009 Får du startet i normal modus - hvis, oppdater mbam og kjør en ny rask skann. Lenke til kommentar
hautainn Skrevet 26. november 2009 Forfatter Del Skrevet 26. november 2009 Fikk startet i normal-modus. Når jeg prøver å oppdatere MBAM får jeg følgende error code: 732 (0,0) Forøvrig ble MBAM sist oppdatert i går, så jeg kjørte en ny hurtigscan i dag uten at det ble funnet noe. Jeg får heller ikke åpnet AVIRA control panel, altså jeg ser iconet nederst til høyre men får ikke opp noen meny/console når jeg prøver å åpne. Lenke til kommentar
norbat Skrevet 26. november 2009 Del Skrevet 26. november 2009 Ang. oppdatering av mbam, prøv følgende: 1. Kontrollpanel -> Alternativer for internett 2. Velg Tilkoblinger 3. Klikk LAN-innstillinger 4. Sett merke framfor "Identifiser innstillinger automatisk" Lenke til kommentar
hautainn Skrevet 26. november 2009 Forfatter Del Skrevet 26. november 2009 Ang. oppdatering av mbam, prøv følgende: 1. Kontrollpanel -> Alternativer for internett 2. Velg Tilkoblinger 3. Klikk LAN-innstillinger 4. Sett merke framfor "Identifiser innstillinger automatisk" Får fortsatt samme feilmelding. Lenke til kommentar
hautainn Skrevet 26. november 2009 Forfatter Del Skrevet 26. november 2009 Fikk omsider oppdatert. Malwarebytes' Anti-Malware 1.41 Databaseversjon: 3238 Windows 5.1.2600 Service Pack 3 26.11.2009 20:58:59 mbam-log-2009-11-26 (20-58-59).txt Skanntype: Rask Skann Objekter skannet: 113127 Tid tilbakelagt: 6 minute(s), 26 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Lenke til kommentar
norbat Skrevet 26. november 2009 Del Skrevet 26. november 2009 Hvordan kjører pc'n nå? Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå