NevroMance Skrevet 19. desember 2009 Del Skrevet 19. desember 2009 Har fått et virus/en trojaner på dataen. Kjørte HijackThis og dette er loggen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:07:18, on 19.12.2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18865) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\DigitalPersona\Bin\DpAgent.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\AVG\AVG8\avgui.exe C:\Users\Marenkatt\Nedlastninger\HijackThis.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\STacSV.exe O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe -- End of file - 4351 bytes Programmer som installerte det heter GameZtar, men ligger ikke i legg til/fjern programmer. Kan noen hjelpe meg her? På forhånd takk. Lenke til kommentar
norbat Skrevet 19. desember 2009 Del Skrevet 19. desember 2009 Følg veiledningen Combofix-linken som ligger i veilednigen er for øyeblikket 'ute av drift'. Hent combofix herfra (aka kittyfix). Lenke til kommentar
NevroMance Skrevet 20. desember 2009 Forfatter Del Skrevet 20. desember 2009 (endret) Nå har jeg endelig fått kjørt de to programmene. MBAM Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.42 Databaseversjon: 3396 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18865 20.12.2009 11:26:25 mbam-log-2009-12-20 (11-26-25).txt Skanntype: Rask Skann Objekter skannet: 100052 Tid tilbakelagt: 8 minute(s), 33 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 5 Registernøkler infisert: 20 Registerverdier infisert: 2 Registerfiler infisert: 0 Mapper infisert: 14 Filer infisert: 29 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: C:\Program Files\Web Search Operator\4.1.0.1880\WSOCommon.dll (Adware.Agent) -> Delete on reboot. C:\Program Files\Web Search Operator\4.1.0.1880\FF\components\WSOFFAddOn.dll (Adware.Agent) -> Delete on reboot. C:\Program Files\Automated Content Enhancer\4.1.0.5240\ACECommon.dll (Adware.Agent) -> Delete on reboot. C:\Program Files\Automated Content Enhancer\4.1.0.5240\lri.dll (Adware.Agent) -> Delete on reboot. C:\Program Files\Automated Content Enhancer\4.1.0.5240\FF\components\ACEFFAddOn.dll (Adware.Agent) -> Delete on reboot. Registernøkler infisert: HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{565dd573-549e-4da9-8cd7-6ae3df25339a} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a72522ba-9ff3-4c83-abc6-9b476728a396} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c5762628-ae15-4ca6-96c4-b00dd17f3419} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{8141440e-08f0-4339-9959-5c31c6a69f23} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e63605fc-d583-4c81-867f-9457bdb3ea1b} (Adware.DoubleD) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: C:\Program Files\Web Search Operator (Adware.Agent) -> Delete on reboot. C:\Program Files\Web Search Operator\4.1.0.1880 (Adware.Agent) -> Delete on reboot. C:\Program Files\Web Search Operator\4.1.0.1880\Data (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Web Search Operator\4.1.0.1880\FF (Adware.Agent) -> Delete on reboot. C:\Program Files\Web Search Operator\4.1.0.1880\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Web Search Operator\4.1.0.1880\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Web Search Operator\4.1.0.1880\FF\components (Adware.Agent) -> Delete on reboot. C:\Program Files\Automated Content Enhancer (Adware.Agent) -> Delete on reboot. C:\Program Files\Automated Content Enhancer\4.1.0.5240 (Adware.Agent) -> Delete on reboot. C:\Program Files\Automated Content Enhancer\4.1.0.5240\Data (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Automated Content Enhancer\4.1.0.5240\FF (Adware.Agent) -> Delete on reboot. C:\Program Files\Automated Content Enhancer\4.1.0.5240\FF\chrome (Adware.Agent) -> Delete on reboot. C:\Program Files\Automated Content Enhancer\4.1.0.5240\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Automated Content Enhancer\4.1.0.5240\FF\components (Adware.Agent) -> Delete on reboot. Filer infisert: C:\Program Files\Automated Content Enhancer\4.1.0.5240\ACEIEAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Web Search Operator\4.1.0.1880\WSO.dll (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Web Search Operator\4.1.0.1880\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Web Search Operator\4.1.0.1880\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Web Search Operator\4.1.0.1880\WSOCommon.dll (Adware.Agent) -> Delete on reboot. C:\Program Files\Web Search Operator\4.1.0.1880\wsopx.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Web Search Operator\4.1.0.1880\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Web Search Operator\4.1.0.1880\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Web Search Operator\4.1.0.1880\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Web Search Operator\4.1.0.1880\FF\chrome\WSOAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Web Search Operator\4.1.0.1880\FF\chrome\content\WSOAddOn.js (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Web Search Operator\4.1.0.1880\FF\chrome\content\WSOAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Web Search Operator\4.1.0.1880\FF\components\WSOFFAddOn.dll (Adware.Agent) -> Delete on reboot. C:\Program Files\Web Search Operator\4.1.0.1880\FF\components\WSOFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Web Search Operator\4.1.0.1880\FF\components\WSOFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Automated Content Enhancer\4.1.0.5240\ACECommon.dll (Adware.Agent) -> Delete on reboot. C:\Program Files\Automated Content Enhancer\4.1.0.5240\ACEpx.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Automated Content Enhancer\4.1.0.5240\lri.dll (Adware.Agent) -> Delete on reboot. C:\Program Files\Automated Content Enhancer\4.1.0.5240\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Automated Content Enhancer\4.1.0.5240\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Automated Content Enhancer\4.1.0.5240\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Automated Content Enhancer\4.1.0.5240\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Automated Content Enhancer\4.1.0.5240\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Automated Content Enhancer\4.1.0.5240\FF\chrome\ACEAddOn.jar (Adware.Agent) -> Delete on reboot. C:\Program Files\Automated Content Enhancer\4.1.0.5240\FF\chrome\content\ACEAddOn.js (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Automated Content Enhancer\4.1.0.5240\FF\chrome\content\ACEAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Automated Content Enhancer\4.1.0.5240\FF\components\ACEFFAddOn.dll (Adware.Agent) -> Delete on reboot. C:\Program Files\Automated Content Enhancer\4.1.0.5240\FF\components\ACEFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files\Automated Content Enhancer\4.1.0.5240\FF\components\ACEFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully. Combofix/kittyFix: Klikk for å se/fjerne innholdet nedenfor ComboFix 09-12-19.01 - Marenkatt 20.12.2009 11:38:55.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.47.1044.18.3069.1966 [GMT 1:00] Kjører fra: c:\users\Marenkatt\Nedlastninger\KittyFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-1466668472-2088684639-1928790022-500 c:\$recycle.bin\S-1-5-21-391742007-3146315651-1998998222-500 . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-11-20 til 2009-12-20 ))))))))))))))))))))))))))))))))) . 2009-12-20 10:50 . 2009-12-20 10:50 -------- d-----w- c:\users\Marenkatt\AppData\Local\temp 2009-12-20 10:50 . 2009-12-20 10:50 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-12-20 10:10 . 2009-12-20 10:10 -------- d-----w- c:\users\Marenkatt\AppData\Roaming\Malwarebytes 2009-12-20 10:10 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-20 10:10 . 2009-12-20 10:10 -------- d-----w- c:\programdata\Malwarebytes 2009-12-20 10:10 . 2009-12-20 10:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-20 10:10 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-15 16:20 . 2009-11-26 07:13 2063640 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll 2009-12-15 16:20 . 2009-11-26 07:13 3514648 ----a-w- c:\programdata\avg8\update\backup\avgui.exe 2009-12-15 16:20 . 2009-11-26 07:13 2029336 ----a-w- c:\programdata\avg8\update\backup\avgtray.exe 2009-12-09 02:09 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll 2009-12-09 02:09 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll 2009-12-09 02:09 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys 2009-12-08 18:29 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll 2009-11-25 02:01 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll 2009-11-24 18:51 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll 2009-11-24 18:51 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-20 10:40 . 2008-06-07 01:57 589296 ----a-w- c:\windows\system32\perfh01D.dat 2009-12-20 10:40 . 2008-06-07 01:57 117296 ----a-w- c:\windows\system32\perfc01D.dat 2009-12-20 10:40 . 2008-06-07 01:49 76478 ----a-w- c:\windows\system32\perfc014.dat 2009-12-20 10:40 . 2008-06-07 01:49 452326 ----a-w- c:\windows\system32\perfh014.dat 2009-12-20 10:40 . 2008-06-07 01:41 80612 ----a-w- c:\windows\system32\perfc00B.dat 2009-12-20 10:40 . 2008-06-07 01:41 427118 ----a-w- c:\windows\system32\perfh00B.dat 2009-12-20 10:40 . 2008-06-07 01:33 77100 ----a-w- c:\windows\system32\perfc006.dat 2009-12-20 10:40 . 2008-06-07 01:33 454842 ----a-w- c:\windows\system32\perfh006.dat 2009-12-05 00:20 . 2008-06-07 04:54 -------- d-----w- c:\program files\Java 2009-12-03 20:26 . 2009-01-11 22:03 2802 ----a-w- c:\users\Marenkatt\AppData\Roaming\wklnhst.dat 2009-11-25 02:18 . 2009-01-06 23:10 -------- d-----w- c:\users\Marenkatt\AppData\Roaming\FrostWire 2009-11-21 06:40 . 2009-12-08 18:31 916480 ----a-w- c:\windows\system32\wininet.dll 2009-11-21 06:34 . 2009-12-08 18:31 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-11-21 06:34 . 2009-12-08 18:31 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-11-21 04:59 . 2009-12-08 18:31 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-11-19 09:32 . 2009-03-14 14:50 -------- d-----w- c:\users\Marenkatt\AppData\Roaming\Azureus 2009-11-18 22:38 . 2009-05-08 20:19 179 ----a-w- c:\users\Marenkatt\AppData\Roaming\Azureus\restart.bat 2009-11-18 22:35 . 2009-03-14 14:50 -------- d-----w- c:\program files\Vuze 2009-11-18 02:25 . 2009-11-18 02:25 -------- d-----w- c:\program files\Windows Portable Devices 2009-11-18 02:25 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-11-18 02:25 . 2009-11-18 02:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2009-11-02 21:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2009-11-02 21:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2009-11-02 21:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2009-11-02 21:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2009-11-02 21:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2009-11-02 21:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2009-11-02 19:42 . 2009-10-12 10:44 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-10-26 17:31 . 2009-10-19 20:19 -------- d-----w- c:\users\Marenkatt\AppData\Roaming\HpUpdate 2009-10-18 01:17 . 2008-12-20 16:53 101856 ----a-w- c:\users\Marenkatt\AppData\Local\GDIPFONTCACHEV1.DAT 2009-10-12 12:44 . 2009-10-12 12:44 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe 2009-10-12 10:54 . 2009-10-12 10:54 10134 ----a-r- c:\users\Marenkatt\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe 2009-10-12 10:31 . 2009-02-13 17:59 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-10-12 10:31 . 2009-02-13 17:59 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-10-12 10:31 . 2009-02-13 17:58 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-10-12 10:28 . 2009-06-04 14:58 680 ----a-w- c:\users\Marenkatt\AppData\Local\d3d9caps.dat 2009-10-11 03:17 . 2008-12-26 16:36 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-08 21:08 . 2009-11-18 02:01 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2009-10-08 21:08 . 2009-11-18 02:01 234496 ----a-w- c:\windows\system32\oleacc.dll 2009-10-08 21:07 . 2009-11-18 02:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2009-10-01 01:02 . 2009-11-18 02:05 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2009-10-01 01:02 . 2009-11-18 02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2009-10-01 01:02 . 2009-11-18 02:05 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2009-10-01 01:02 . 2009-11-18 02:05 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2009-10-01 01:02 . 2009-11-18 02:05 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2009-10-01 01:01 . 2009-11-18 02:05 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2009-10-01 01:01 . 2009-11-18 02:05 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2009-10-01 01:01 . 2009-11-18 02:05 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2009-10-01 01:01 . 2009-11-18 02:05 350208 ----a-w- c:\windows\system32\WPDSp.dll 2009-10-01 01:01 . 2009-11-18 02:05 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2009-10-01 01:01 . 2009-11-18 02:05 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll 2009-10-01 01:01 . 2009-11-18 02:05 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2009-09-25 02:10 . 2009-11-18 02:07 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2009-09-25 02:07 . 2009-11-18 02:07 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2009-09-25 02:04 . 2009-11-18 02:07 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2009-09-25 01:49 . 2009-11-18 02:07 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2009-09-25 01:48 . 2009-11-18 02:07 351232 ----a-w- c:\windows\system32\XpsPrint.dll 2009-09-25 01:38 . 2009-11-18 02:07 847360 ----a-w- c:\windows\system32\OpcServices.dll 2009-09-25 01:36 . 2009-11-18 02:07 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2009-09-25 01:35 . 2009-11-18 02:07 135680 ----a-w- c:\windows\system32\XpsRasterService.dll 2009-09-25 01:33 . 2009-11-18 02:07 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2009-09-25 01:33 . 2009-11-18 02:07 829440 ----a-w- c:\windows\system32\d3d10warp.dll 2009-09-25 01:33 . 2009-11-18 02:07 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2009-09-25 01:32 . 2009-11-18 02:07 252928 ----a-w- c:\windows\system32\dxdiag.exe 2009-09-25 01:31 . 2009-11-18 02:07 519680 ----a-w- c:\windows\system32\d3d11.dll 2009-09-25 01:31 . 2009-11-18 02:07 486912 ----a-w- c:\windows\system32\d3d10level9.dll 2009-09-25 01:31 . 2009-11-18 02:07 161280 ----a-w- c:\windows\system32\d3d10_1.dll 2009-09-25 01:31 . 2009-11-18 02:07 218112 ----a-w- c:\windows\system32\d3d10_1core.dll 2009-09-25 01:31 . 2009-11-18 02:07 1030144 ----a-w- c:\windows\system32\d3d10.dll 2009-09-25 01:31 . 2009-11-18 02:07 828928 ----a-w- c:\windows\system32\d2d1.dll 2009-09-25 01:30 . 2009-11-18 02:07 481792 ----a-w- c:\windows\system32\dxgi.dll 2009-09-25 01:30 . 2009-11-18 02:07 190464 ----a-w- c:\windows\system32\d3d10core.dll 2009-09-25 01:27 . 2009-11-18 02:07 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2009-09-25 01:27 . 2009-11-18 02:07 37888 ----a-w- c:\windows\system32\cdd.dll 2009-09-25 01:27 . 2009-11-18 02:07 793088 ----a-w- c:\windows\system32\FntCache.dll 2009-09-25 01:27 . 2009-11-18 02:07 1064448 ----a-w- c:\windows\system32\DWrite.dll 2009-09-24 22:54 . 2009-11-18 02:07 258048 ----a-w- c:\windows\system32\winspool.drv 2009-09-24 22:54 . 2009-11-18 02:07 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2009-09-24 22:54 . 2009-11-18 02:07 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2008-06-30 12:44 . 2008-12-20 18:17 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-09-08 21:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-08 279944] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-08 279944] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520] "EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-17 1033512] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504] "DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-03-13 699456] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-05-15 468264] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032] "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-02 554288] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-15 2043160] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-16 442433] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli DPPWDFLT [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):5b,09,b1,e1,00,5c,ca,01 R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\System32\drivers\Amddfltr.sys [27.09.2008 10:50 15416] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [13.02.2009 18:59 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [13.02.2009 18:59 108552] R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\AEstSrv.exe [27.09.2008 10:45 73728] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [13.02.2009 18:58 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [13.02.2009 18:58 297752] R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21.01.2008 03:23 21504] R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [19.03.2008 00:24 19456] R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [07.06.2008 05:46 341328] R2 vfsFPService;Validity Fingerprint Service;c:\windows\System32\vfsFPService.exe [27.03.2008 02:27 595248] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [07.06.2008 04:52 193840] R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [23.01.2008 22:23 52736] R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [01.04.2008 12:14 81296] R3 vfs101x;vfs101x;c:\windows\System32\drivers\vfs101x.sys [27.03.2008 02:28 40752] S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [26.12.2008 19:20 717296] S3 FontCache;Windows skriftbuffertjeneste;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21.01.2008 03:23 21504] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-02-26 21:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . ------- Tilleggsskanning ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nb_no&c=83&bd=Pavilion&pf=cnnb mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nb_no&c=83&bd=Pavilion&pf=cnnb uInternet Settings,ProxyOverride = *.local IE: &Søkefunksjon i AOL-verktrylinjen - c:\programdata\AOL\ieToolbar\resources\nb-NO\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Marenkatt\AppData\Roaming\Mozilla\Firefox\Profiles\yj699m8z.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q= FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-20 11:50 Windows 6.0.6002 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'lsass.exe'(680) c:\windows\system32\DPPWDFLT.dll - - - - - - - > 'Explorer.exe'(4036) c:\program files\DigitalPersona\Bin\DpoFeedb.dll . Tidspunkt ferdig: 2009-12-20 11:54:25 ComboFix-quarantined-files.txt 2009-12-20 10:54 Pre-Run: 98 538 024 960 byte ledig Post-Run: 98 582 786 048 byte ledig - - End Of File - - C66A9C95B8C725FBD788880194543D1F Takk for all hjelp! Endret 20. desember 2009 av NevroMance Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå