Har hatt problem med trojaner / digital protection. Er det nå løst?

[sutrekoppen]

Fikk noe drit kalt digital protection på pc'en. Den dreiv og varsla i tide og utyde at her var det drit på pc'en og anbefalte at jeg sporenstreks installerte programmet.

 

Nå kjørte jeg Malwarebytes og Combofix og ble kvitt problemet (i den forstand at det ikke lenger poppa opp i tide og utide), men er usikker på om det ligger igjen noe drit på pc'en. Kan noen sjekke disse loggene. Pretty please with sugar on top....

 

Logg Malwarebytes

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Databaseversjon: 4056

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

01.05.2010 16:59:56

mbam-log-2010-05-01 (16-59-56).txt

 

Skanntype: Hurtigsøk

Objekter skannet: 148358

Tid tilbakelagt: 8 minutt(er), 6 sekund(er)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 2

Registerverdier infisert: 0

Registerfiler infisert: 2

Mapper infisert: 2

Filer infisert 25

 

Minneprosesser infisert:

(Ingen skadelige objekter funnet)

 

Minnemoduler infisert:

(Ingen skadelige objekter funnet)

 

Registernøkler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Digital Protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Digital Protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

(Ingen skadelige objekter funnet)

 

Registerfiler infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Mapper infisert:

C:\Program Files\Digital Protection (Rogue.DigitalProtection) -> Delete on reboot.

C:\Documents and Settings\nostjoha\Start Menu\Programs\Digital Protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully.

 

Filer infisert

C:\Program Files\Digital Protection\about.ico (Rogue.DigitalProtection) -> Quarantined and deleted successfully.

C:\Program Files\Digital Protection\activate.ico (Rogue.DigitalProtection) -> Quarantined and deleted successfully.

C:\Program Files\Digital Protection\buy.ico (Rogue.DigitalProtection) -> Quarantined and deleted successfully.

C:\Program Files\Digital Protection\dig.db (Rogue.DigitalProtection) -> Quarantined and deleted successfully.

C:\Program Files\Digital Protection\digext.dll (Rogue.DigitalProtection) -> Delete on reboot.

C:\Program Files\Digital Protection\dighook.dll (Rogue.DigitalProtection) -> Quarantined and deleted successfully.

C:\Program Files\Digital Protection\help.ico (Rogue.DigitalProtection) -> Quarantined and deleted successfully.

C:\Program Files\Digital Protection\scan.ico (Rogue.DigitalProtection) -> Quarantined and deleted successfully.

C:\Program Files\Digital Protection\settings.ico (Rogue.DigitalProtection) -> Quarantined and deleted successfully.

C:\Program Files\Digital Protection\Uninstall.exe (Rogue.DigitalProtection) -> Quarantined and deleted successfully.

C:\Program Files\Digital Protection\update.ico (Rogue.DigitalProtection) -> Quarantined and deleted successfully.

C:\Documents and Settings\nostjoha\Start Menu\Programs\Digital Protection\About.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.

C:\Documents and Settings\nostjoha\Start Menu\Programs\Digital Protection\Activate.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.

C:\Documents and Settings\nostjoha\Start Menu\Programs\Digital Protection\Buy.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.

C:\Documents and Settings\nostjoha\Start Menu\Programs\Digital Protection\Digital Protection Support.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.

C:\Documents and Settings\nostjoha\Start Menu\Programs\Digital Protection\Digital Protection.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.

C:\Documents and Settings\nostjoha\Start Menu\Programs\Digital Protection\Scan.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.

C:\Documents and Settings\nostjoha\Start Menu\Programs\Digital Protection\Settings.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.

C:\Documents and Settings\nostjoha\Start Menu\Programs\Digital Protection\Update.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.

C:\Documents and Settings\nostjoha\Application Data\Microsoft\Internet Explorer\Quick Launch\Digital Protection.LNK (Rogue.DigitalProtection) -> Quarantined and deleted successfully.

C:\Documents and Settings\nostjoha\Desktop\Digital Protection.LNK (Rogue.DigitalProtection) -> Quarantined and deleted successfully.

C:\Documents and Settings\nostjoha\Local Settings\Temp\dhdhtrdhdrtr5y (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\nostjoha\Desktop\nudetube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.

C:\Documents and Settings\nostjoha\Desktop\pornotube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.

C:\Documents and Settings\nostjoha\Desktop\youporn.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.

 

 

 

Logg Combofix

 

ComboFix 10-04-30.03 - noStJoha 01.05.2010 17:13:47.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.47.1033.18.3036.2175 [GMT 2:00]

Kjører fra: c:\documents and settings\nostjoha\Desktop\ComboFix.exe

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

c:\documents and settings\nostjoha\Desktop\Digital Protection Support.lnk

c:\program files\WindowsUpdate

 

----- BITS: Mulige infiserte sider -----

 

hxxp://NOSMSW301:80

hxxp://nosusw401.no.adroot.net

.

((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_PRAGMAcpciorjuxx

-------\Service_PRAGMAcpciorjuxx

 

 

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-04-01 til 2010-05-01 )))))))))))))))))))))))))))))))))

.

 

2010-05-01 13:43 . 2010-05-01 13:43 -------- d-----w- c:\program files\Enigma Software Group

2010-05-01 13:41 . 2010-05-01 13:48 -------- d-----w- c:\windows\61D3AAE1D5214CD7939B37813DE8F955.TMP

2010-05-01 13:19 . 2010-05-01 13:19 -------- d-----w- c:\documents and settings\nostjoha\Application Data\Malwarebytes

2010-05-01 13:19 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-01 13:19 . 2010-05-01 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-05-01 13:19 . 2010-05-01 13:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-01 13:19 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-01 11:41 . 2010-05-01 14:08 -------- d-----w- C:\QUARANTINE

2010-04-29 18:45 . 2010-04-29 18:45 655360 ----a-w- c:\documents and settings\nostjoha\Application Data\Spotify\Gracenote\gnsdk_sdkmanager.dll

2010-04-29 18:45 . 2010-04-29 18:45 282624 ----a-w- c:\documents and settings\nostjoha\Application Data\Spotify\Gracenote\gnsdk_musicid_file.dll

2010-04-29 18:45 . 2010-04-29 18:45 208896 ----a-w- c:\documents and settings\nostjoha\Application Data\Spotify\Gracenote\gnsdk_dsp.dll

2010-04-28 10:16 . 2001-08-17 19:36 5632 ----a-w- c:\windows\system32\ptpusb.dll

2010-04-28 10:16 . 2008-04-14 02:42 159232 ----a-w- c:\windows\system32\ptpusd.dll

2010-04-28 10:16 . 2008-04-13 21:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2010-04-28 10:16 . 2008-04-13 21:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2010-04-27 18:58 . 2010-04-27 19:00 -------- d-----w- c:\documents and settings\notrgrov\Local Settings\Application Data\Microsoft

2010-04-27 18:58 . 2009-10-08 02:00 -------- d-----w- c:\documents and settings\notrgrov\Local Settings\Application Data\Microsoft Help

2010-04-16 07:59 . 2010-04-16 07:59 -------- d-----w- c:\program files\QuickTime

2010-04-16 07:59 . 2010-04-16 07:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2010-04-07 18:23 . 2010-04-07 18:24 -------- d-----w- c:\documents and settings\nostjoha\Application Data\U3

2010-04-07 08:41 . 2010-04-07 08:41 -------- d-----w- c:\documents and settings\nostjoha\Local Settings\Application Data\Identities

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-01 15:25 . 2009-10-09 12:30 -------- d-----w- c:\documents and settings\nostjoha\Application Data\Skype

2010-05-01 15:03 . 2009-10-09 12:32 -------- d-----w- c:\documents and settings\nostjoha\Application Data\skypePM

2010-05-01 13:41 . 2009-10-08 13:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-05-01 12:33 . 2009-10-08 13:41 117760 ----a-w- c:\documents and settings\nostjoha\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-05-01 11:49 . 2009-10-08 20:34 -------- d-----w- c:\documents and settings\nostjoha\Application Data\Spotify

2010-04-30 06:03 . 2009-10-08 13:40 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-04-29 22:22 . 2010-02-05 12:39 -------- d-----w- c:\documents and settings\nostjoha\Application Data\vlc

2010-04-29 16:31 . 2009-11-09 08:19 345920 ----a-w- c:\windows\system32\nvModes.dat

2010-04-27 19:01 . 2010-04-27 19:01 -------- d-----w- c:\documents and settings\notrgrov\Application Data\EMC

2010-04-21 14:40 . 2010-02-04 12:09 290960 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2010-04-15 08:35 . 2009-10-07 13:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-04-12 09:53 . 2010-02-04 13:11 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-04-09 05:28 . 2009-12-07 18:16 -------- d-----w- c:\program files\thriXXX

2010-03-31 00:19 . 2009-10-09 05:41 -------- d-----w- c:\documents and settings\nostjoha\Application Data\dvdcss

2010-03-10 06:15 . 2009-08-13 19:43 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-03-08 20:11 . 2010-03-08 20:11 50354 ----a-w- c:\documents and settings\nostjoha\Application Data\Facebook\uninstall.exe

2010-03-08 20:11 . 2010-03-08 20:11 -------- d-----w- c:\documents and settings\nostjoha\Application Data\Facebook

2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\documents and settings\nostjoha\Application Data\Facebook\axfbootloader.dll

2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\nostjoha\Application Data\Facebook\npfbplugin_1_0_3.dll

2010-02-25 06:24 . 2009-08-13 19:43 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-24 11:57 . 2009-08-13 19:43 457216 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr

2010-02-16 12:50 . 2008-08-14 10:39 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 12:12 . 2008-08-14 10:09 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-12 04:27 . 2009-08-13 19:43 100864 ----a-w- c:\windows\system32\6to4svc.dll

2010-02-11 11:36 . 2009-08-13 19:43 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys

2010-02-10 17:09 . 2010-02-10 17:09 39064 ---ha-w- c:\windows\system32\mlfcache.dat

2010-02-04 12:09 . 2010-02-04 12:09 348256 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\Structure2010\9.0\1033\ResourceCache.dll

2010-02-04 12:03 . 2010-02-04 12:03 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ExOAAgent.exe"="c:\program files\EMC SourceOne\Offline Access\ExOAAgent.exe" [2009-02-07 868352]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-08 39408]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]

"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\62acfdcf-6190-4b6b-8b54-30eb1a70a95d.exe" [2009-09-15 1998576]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-09 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-09 178712]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-09 150040]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1040384]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.Exe" [2008-10-14 82224]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-02-18 177720]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-01-16 136512]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 112216]

"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-10-08 122368]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-10-16 1044480]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13537280]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-10-28 1657448]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]

"DameWare MRC Agent"="c:\windows\system32\DWRCST.exe" [2008-09-16 78848]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2009-10-8 6144]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2004-8-16 118784]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoMSAppLogo5ChannelNotify"= 1 (0x1)

"NoWelcomeScreen"= 1 (0x1)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"ForceStartMenuLogOff"= 1 (0x1)

"NoWelcomeScreen"= 1 (0x1)

"NoSimpleStartMenu"= 1 (0x1)

"NoSMBalloonTip"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-329068152-2111687655-725345543-18523\Scripts\Logon\0\0]

"Script"=%LOGONSERVER%\NETLOGON\NETLOGON.BAT

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-329068152-2111687655-725345543-19679\Scripts\Logon\0\0]

"Script"=%LOGONSERVER%\NETLOGON\NETLOGON.BAT

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-329068152-2111687655-725345543-22686\Scripts\Logon\0\0]

"Script"=%LOGONSERVER%\NETLOGON\NETLOGON.BAT

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Danware Data\\NetOp Remote Control\\Host\\NHSTW32.EXE"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [07.10.2009 23:39 24064]

R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [15.02.2007 19:00 26624]

R1 NHostNT1;NetOp Driver 1 ver. 9.21 (2008277);c:\windows\system32\drivers\NHOSTNT1.SYS [07.10.2009 15:51 102544]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [15.09.2009 11:42 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15.09.2009 11:42 61440]

R2 NetOp Host for NT Service;NetOp Helper ver. 9.21 (2008277);c:\program files\Danware Data\NetOp Remote Control\Host\NHOSTSVC.EXE [07.10.2009 15:51 1492904]

R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [27.10.2009 07:49 5233256]

R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [23.10.2009 15:44 90112]

R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [07.10.2009 23:39 476672]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [07.10.2009 16:09 222512]

R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [07.02.2007 19:00 3712]

R3 dwVSCD;NetOp Virtual Smart Card Driver;c:\windows\system32\drivers\dwvscd.sys [03.10.2008 09:21 16696]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [13.08.2009 21:40 240344]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [13.08.2009 21:40 41216]

R3 NHOSTNT3;NetOp Driver 3 ver. 9.21 (2008277) (NHOSTNT3);c:\windows\system32\drivers\NHOSTNT3.SYS [07.10.2009 15:51 10280]

R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [07.10.2009 23:39 47616]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15.09.2009 11:42 12872]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [23.10.2009 15:44 27632]

S2 gupdate;Googles oppdateringstjeneste (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31.01.2010 22:47 135664]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [13.08.2009 21:40 149600]

S3 STUSB2Ir;SigmaTel USB 2.0 IrDA Bridge;c:\windows\system32\drivers\stusb2ir.sys [19.10.2009 23:04 40056]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [13.08.2009 21:43 14336]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

WINRM REG_MULTI_SZ WINRM

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2010-04-30 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

 

2010-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 20:46]

 

2010-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 20:46]

.

.

------- Tilleggsskanning -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uStart Page = hxxp://starnet.ncc.no/

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: adroot.net\nohpsw401.no

Trusted Zone: homeserver.com\vogj

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: ncc.no

Trusted Zone: ncc.se

Trusted Zone: adroot.net\nohpsw401.no

Trusted Zone: homeserver.com\vogj

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: ncc.no

Trusted Zone: ncc.se

DPF: {640373B0-6978-4FA5-A9FC-420ECBBC61C7} - hxxp://www.rambollproject.no/Afv/Service/dll/zkitlib.dll

FF - ProfilePath - c:\documents and settings\nostjoha\Application Data\Mozilla\Firefox\Profiles\tdmeyl5q.default\

FF - prefs.js: browser.startup.homepage - hxxp://starnet.ncc.no/

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\documents and settings\nostjoha\Application Data\Facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\documents and settings\nostjoha\Application Data\Mozilla\Firefox\Profiles\tdmeyl5q.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - TOMME PEKERE FJERNET - - - -

 

HKCU-Run-Polar Sync - (no file)

ActiveSetup-{2572AF46-3628-6C34-2B28-6BDC45FC141A} - msiexec

AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-01 17:22

Windows 5.1.2600 Service Pack 3 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Polar Sync = ?:\program files\polar\polar sync\?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

 

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'winlogon.exe'(1440)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

 

- - - - - - - > 'explorer.exe'(2396)

c:\windows\system32\WININET.dll

c:\program files\NVIDIA Corporation\nView\nview.dll

c:\program files\NVIDIA Corporation\nView\NVWRSNO.DLL

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\windows\System32\SCardSvr.exe

c:\program files\LSI SoftModem\agrsmsvc.exe

c:\program files\Cisco Systems\VPN Client\cvpnd.exe

c:\windows\SYSTEM32\DWRCS.EXE

c:\program files\McAfee\Common Framework\FrameworkService.exe

c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe

c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe

c:\program files\McAfee\Common Framework\naPrdMgr.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\CDBurnerXP\NMSAccessU.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe

c:\windows\system32\CCM\CcmExec.exe

c:\windows\system32\msiexec.exe

c:\program files\McAfee\Common Framework\McTray.exe

c:\windows\system32\RUNDLL32.EXE

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\windows\system32\rundll32.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

c:\program files\McAfee\Common Framework\McScript_InUse.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2010-05-01 17:27:36 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2010-05-01 15:27

 

Pre-Run: 129 812 058 112 bytes free

Post-Run: 130 916 851 712 byte ledig

 

WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

- - End Of File - - 531411BDCED1DBB2A962DB44F6AB8373

 

 

Endret 2. mai 2010 av sutrekoppen

[sutrekoppen]

Anyone...?

[norbat]

Hva ligger i denne mappa: c:\program files\thriXXX ?

[sutrekoppen]

Hva ligger i denne mappa: c:\program files\thriXXX ?

 

Gammel moro. Herved sletta

 

Noe annet som ser mistenkelig ut? Hvis ikke kan jeg kanskje anse dette som ok?