Logg, hva gjøre videre?

screenman · 16. august 2010

Combofix loggen:

ComboFix 10-08-15.04 - knuafd 16.08.2010 21:39:55.1.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.3036.2714 [GMT 2:00]

Kjører fra: c:\documents and settings\knuafd\Skrivebord\ComboFix.exe

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

.

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\knuafd\LOKALE~1\Temp\install_flash_player.exe

c:\documents and settings\knuafd\Lokale innstillinger\Programdata\Windows Server

c:\documents and settings\knuafd\Lokale innstillinger\Programdata\Windows Server\admin.txt

c:\documents and settings\knuafd\Lokale innstillinger\Programdata\Windows Server\flags.ini

c:\documents and settings\knuafd\Lokale innstillinger\Programdata\Windows Server\server.dat

c:\documents and settings\knuafd\Lokale innstillinger\Programdata\Windows Server\uses32.dat

c:\windows\nmintflg.dll

Infisert kopi av c:\windows\system32\drivers\kbdclass.sys ble funnet og desinfisert

Gjenopprettet kopi fra - Kitty had a snack

c:\windows\system32\winlogon.exe . . . er infisert!!

c:\windows\explorer.exe . . . er infisert!!

.

((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_SSHNAS

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-07-16 til 2010-08-16 )))))))))))))))))))))))))))))))))

.

2010-08-16 19:23 . 2010-08-16 19:23 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-16 19:07 . 2010-08-16 19:07 -------- d-----w- c:\documents and settings\knuafd\Programdata\Malwarebytes

2010-08-16 19:07 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-16 19:07 . 2010-08-16 19:07 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware

2010-08-16 19:07 . 2010-08-16 19:07 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes

2010-08-16 19:07 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-16 17:58 . 2010-08-16 17:58 -------- d-----w- c:\documents and settings\knuafd\Programdata\52D2BD9AB4377DB02F15DC837CD19077

2010-08-16 17:10 . 2010-08-16 17:46 -------- d-----w- c:\documents and settings\knuafd\Programdata\uTorrent

2010-08-16 17:00 . 2010-08-16 17:00 -------- d-----w- c:\documents and settings\knuafd\Programdata\Python-Eggs

2010-08-16 17:00 . 2010-08-16 17:06 -------- d-----w- c:\documents and settings\knuafd\Programdata\BitLord

2010-08-16 17:00 . 2010-08-16 17:07 -------- d-----w- c:\programfiler\BitLord 1.2

2010-08-16 16:38 . 2010-08-16 16:39 -------- d-----w- c:\documents and settings\knuafd\Lokale innstillinger\Programdata\BearShare

2010-08-16 14:17 . 2010-08-16 14:44 -------- d-----w- c:\documents and settings\knuafd\Lokale innstillinger\Programdata\iMesh

2010-08-16 14:16 . 2010-08-16 14:16 -------- d-----w- c:\documents and settings\knuafd\Lokale innstillinger\Programdata\PackageAware

2010-08-16 14:06 . 1998-01-23 09:22 304128 ----a-w- c:\windows\IsUninst.exe

2010-08-16 14:05 . 2010-08-16 14:05 -------- d-----w- c:\documents and settings\knuafd\WINDOWS

2010-08-16 01:17 . 2010-08-16 01:22 -------- d-----w- c:\documents and settings\knuafd\Programdata\Azureus

2010-08-16 00:50 . 2010-08-16 01:09 -------- d-----w- c:\documents and settings\knuafd\Programdata\FrostWire

2010-08-16 00:50 . 2010-08-16 01:08 -------- d-----w- c:\programfiler\FrostWire

2010-08-10 20:49 . 2010-08-10 20:49 -------- d--h--w- c:\documents and settings\All Users\Programdata\CanonBJ

2010-08-10 20:49 . 2007-10-21 18:00 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP97.DLL

2010-08-10 20:49 . 2007-10-21 18:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD97.DLL

2010-08-10 20:49 . 2007-10-21 18:00 223744 ----a-w- c:\windows\system32\CNMLM97.DLL

2010-08-10 20:45 . 2008-04-13 09:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys

2010-08-10 20:45 . 2008-04-13 09:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2010-07-31 19:20 . 2010-07-31 19:20 -------- d-----w- c:\documents and settings\Programdata

2010-07-31 17:05 . 2010-07-31 17:05 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-07-19 19:34 . 2010-08-16 17:32 -------- d-----w- c:\documents and settings\All Users\Programdata\Norton

2010-07-19 19:34 . 2010-08-16 18:37 -------- d-----w- c:\programfiler\NortonInstaller

2010-07-19 19:07 . 2010-07-19 19:07 -------- d-----w- c:\documents and settings\knuafd\Lokale innstillinger\Programdata\Opera

2010-07-19 19:07 . 2010-07-19 19:35 -------- d-----w- c:\programfiler\Opera

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-16 19:01 . 2009-05-05 10:05 -------- d-----w- c:\programfiler\Symantec AntiVirus

2010-08-16 17:33 . 2009-05-05 10:05 -------- d-----w- c:\programfiler\Symantec

2010-08-16 14:15 . 2010-05-30 15:03 -------- d-----w- c:\programfiler\LimeWire

2010-08-16 14:05 . 2009-05-05 08:46 -------- d-----w- c:\programfiler\Fellesfiler\InstallShield

2010-08-16 01:17 . 2010-08-16 01:17 310208 ----a-w- c:\documents and settings\knuafd\Programdata\Azureus\plugins\mlab\ShaperProbeC.exe

2010-08-10 21:11 . 2010-05-10 07:36 -------- d-----w- c:\documents and settings\knuafd\Programdata\LingDys

2010-08-02 14:22 . 2010-08-02 14:22 503808 ----a-w- c:\documents and settings\knuafd\Programdata\Sun\Java\Deployment\cache\6.0\46\f84c6ae-5f3e11f4-n\msvcp71.dll

2010-08-02 14:22 . 2010-08-02 14:22 499712 ----a-w- c:\documents and settings\knuafd\Programdata\Sun\Java\Deployment\cache\6.0\46\f84c6ae-5f3e11f4-n\jmc.dll

2010-08-02 14:22 . 2010-08-02 14:22 348160 ----a-w- c:\documents and settings\knuafd\Programdata\Sun\Java\Deployment\cache\6.0\46\f84c6ae-5f3e11f4-n\msvcr71.dll

2010-07-24 09:17 . 2010-06-30 00:55 -------- d-----w- c:\programfiler\ToggleNO

2010-07-24 09:13 . 2010-07-01 23:45 -------- d-----w- c:\programfiler\MP3 Music Search

2010-07-19 19:34 . 2009-05-05 10:05 -------- d-----w- c:\documents and settings\All Users\Programdata\Symantec

2010-07-19 18:00 . 2010-05-19 14:22 -------- d-----w- c:\programfiler\Google

2010-07-02 02:41 . 2010-05-21 09:14 -------- d-----w- c:\documents and settings\knuafd\Programdata\Audacity

2010-07-01 23:59 . 2010-07-01 23:56 -------- d-----w- c:\documents and settings\knuafd\Programdata\MP3Torpedo

2010-07-01 23:56 . 2010-07-01 23:56 -------- d-----w- c:\programfiler\Download_Energy

2010-07-01 23:56 . 2010-07-01 23:56 -------- d-----w- c:\documents and settings\All Users\Programdata\MP3Torpedo

2010-07-01 02:06 . 2010-07-01 01:09 -------- d-----w- c:\documents and settings\knuafd\Programdata\vlc

2010-06-30 11:22 . 2010-06-30 11:22 52224 ----a-w- c:\documents and settings\knuafd\Programdata\Mozilla\Firefox\Profiles\fplcvtj8.default\extensions\{af543a13-f8e6-4423-a4ac-1cc0475ecb44}\components\FFExternalAlert.dll

2010-06-30 11:22 . 2010-06-30 11:22 101376 ----a-w- c:\documents and settings\knuafd\Programdata\Mozilla\Firefox\Profiles\fplcvtj8.default\extensions\{af543a13-f8e6-4423-a4ac-1cc0475ecb44}\components\RadioWMPCore.dll

2010-06-30 01:41 . 2010-06-30 01:41 -------- d-----w- c:\documents and settings\All Users\Programdata\NortonInstaller

2010-06-30 00:58 . 2010-06-30 00:58 -------- d-----w- c:\documents and settings\knuafd\Programdata\dvdcss

2010-06-30 00:49 . 2010-06-30 00:49 -------- d-----w- c:\programfiler\VideoLAN

2010-06-29 13:07 . 2009-05-05 17:13 79648 ----a-w- c:\windows\system32\perfc014.dat

2010-06-29 13:07 . 2009-05-05 17:13 444036 ----a-w- c:\windows\system32\perfh014.dat

2010-06-23 14:34 . 2010-06-23 14:34 501936 ----a-w- c:\documents and settings\All Users\Programdata\Google\Google Toolbar\Update\gtb83.tmp.exe

2010-06-09 21:42 . 2010-06-09 21:42 0 ----a-w- c:\windows\nsreg.dat

2010-06-09 06:45 . 2009-05-05 08:00 203502 ----a-w- c:\windows\system32\nvModes.dat

2010-05-21 12:14 . 2010-05-09 16:03 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-19 14:24 . 2010-05-19 14:24 56 ---ha-w- c:\windows\system32\ezsidmv.dat

.

------- Sigcheck -------

[-] 2008-04-14 . AEFE2DCCD50E4993A5F57234DFA1F45A . 506880 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 3391A9D0130B635E426846D3151E28BB . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\programfiler\Ask.com\GenericAskToolbar.dll" [2010-03-28 1196936]

"{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\programfiler\Messenger_Plus_Live\tbMes1.dll" [2010-05-26 2515552]

"{af543a13-f8e6-4423-a4ac-1cc0475ecb44}"= "c:\programfiler\ToggleNO\tbTogg.dll" [2010-06-13 2734688]

"{ad708c09-d51b-45b3-9d28-4eba2681febf}"= "c:\programfiler\Download_Energy\tbDown.dll" [2010-05-20 2675296]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

[HKEY_CLASSES_ROOT\clsid\{af543a13-f8e6-4423-a4ac-1cc0475ecb44}]

[HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9b339f6e-ddcd-401b-8764-230adbd01761}]

2010-05-26 09:22 2515552 ----a-w- c:\programfiler\Messenger_Plus_Live\tbMes1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ad708c09-d51b-45b3-9d28-4eba2681febf}]

2010-05-20 13:35 2675296 ----a-w- c:\programfiler\Download_Energy\tbDown.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{af543a13-f8e6-4423-a4ac-1cc0475ecb44}]

2010-06-13 17:10 2734688 ----a-w- c:\programfiler\ToggleNO\tbTogg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-03-28 10:11 1196936 ----a-w- c:\programfiler\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\programfiler\Messenger_Plus_Live\tbMes1.dll" [2010-05-26 2515552]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programfiler\Ask.com\GenericAskToolbar.dll" [2010-03-28 1196936]

"{af543a13-f8e6-4423-a4ac-1cc0475ecb44}"= "c:\programfiler\ToggleNO\tbTogg.dll" [2010-06-13 2734688]

"{ad708c09-d51b-45b3-9d28-4eba2681febf}"= "c:\programfiler\Download_Energy\tbDown.dll" [2010-05-20 2675296]

[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{af543a13-f8e6-4423-a4ac-1cc0475ecb44}]

[HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{9B339F6E-DDCD-401B-8764-230ADBD01761}"= "c:\programfiler\Messenger_Plus_Live\tbMes1.dll" [2010-05-26 2515552]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programfiler\Ask.com\GenericAskToolbar.dll" [2010-03-28 1196936]

"{AF543A13-F8E6-4423-A4AC-1CC0475ECB44}"= "c:\programfiler\ToggleNO\tbTogg.dll" [2010-06-13 2734688]

"{AD708C09-D51B-45B3-9D28-4EBA2681FEBF}"= "c:\programfiler\Download_Energy\tbDown.dll" [2010-05-20 2675296]

[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{af543a13-f8e6-4423-a4ac-1cc0475ecb44}]

[HKEY_CLASSES_ROOT\clsid\{ad708c09-d51b-45b3-9d28-4eba2681febf}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\programfiler\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"AdobeUpdater"="c:\programfiler\Fellesfiler\Adobe\Updater5\AdobeUpdater.exe" [2010-05-05 2356088]

"swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-19 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-16 186904]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-18 13594624]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-18 86016]

"nwiz"="nwiz.exe" [2009-03-18 1657376]

"SoundMAXPnP"="c:\programfiler\Analog Devices\Core\smax4pnp.exe" [2008-12-11 1044480]

"QlbCtrl.exe"="c:\programfiler\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-02-18 177720]

"SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]

"WatchDog"="c:\programfiler\InterVideo\DVD Check\DVDCheck.exe" [2008-05-23 197904]

"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2009-01-05 413696]

"TkBellExe"="c:\programfiler\Fellesfiler\Real\Update_OB\realsched.exe" [2009-05-05 198160]

"Windows Defender"="c:\programfiler\Windows Defender\MSASCui.exe" [2006-11-03 866584]

"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-05-05 148888]

"ccApp"="c:\programfiler\Fellesfiler\Symantec Shared\ccApp.exe" [2008-06-24 53096]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2008-09-30 125368]

"Acrobat Assistant 8.0"="c:\programfiler\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]

"Malwarebytes Anti-Malware (reboot)"="c:\programfiler\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\

Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2010-5-4 295606]

Adobe Acrobat Synchronizer.lnk - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]

DVD Check.lnk - c:\programfiler\InterVideo\DVD Check\DVDCheck.exe [2009-5-5 197904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-489248529-1699838375-1845911597-358966\Scripts\Logon\0\0]

"Script"=Sym2Server.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [28.03.2008 10:14 24064]

R2 WinDefend;Windows Defender;c:\programfiler\Windows Defender\MsMpEng.exe [03.11.2006 19:19 13592]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [27.03.2008 11:42 238736]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [04.04.2007 19:16 41216]

S2 ATService;AuthenTec Fingerprint Service;c:\programfiler\Fingerprint Sensor\AtService.exe [12.06.2008 12:21 1164536]

S2 gupdate;Googles oppdateringstjeneste (gupdate);c:\programfiler\Google\Update\GoogleUpdate.exe [19.05.2010 16:23 135664]

S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\programfiler\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [11.12.2008 07:08 3575808]

S2 SavRoam;SAVRoam;c:\programfiler\Symantec AntiVirus\SavRoam.exe [30.09.2008 17:41 116664]

S2 slugmpeu; for tastaturklasseController;c:\windows\System32\svchost.exe -k netsvcs [05.05.2009 19:13 14336]

S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [12.06.2008 14:40 477696]

S3 Com4QLBEx;Com4QLBEx;c:\programfiler\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [05.05.2009 10:56 222512]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programfiler\Fellesfiler\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [17.07.2010 15:20 102448]

S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [05.05.2009 11:00 47616]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [05.05.2009 19:13 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

slugmpeu

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2010-08-10 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programfiler\Google\Update\GoogleUpdate.exe [2010-05-19 14:23]

2010-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programfiler\Google\Update\GoogleUpdate.exe [2010-05-19 14:23]

2010-08-16 c:\windows\Tasks\MP Scheduled Scan.job

- c:\programfiler\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2010-08-16 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\programfiler\Ask.com\UpdateTask.exe [2010-03-28 10:11]

2010-08-16 c:\windows\Tasks\updater.exe.job

- c:\programfiler\Kunnskapsforlaget\Ordnett Pluss\updater.exe [2009-06-17 13:48]

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2088657

uInternet Settings,ProxyOverride = *.local

IE: Append to existing PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\programfiler\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki - c:\programfiler\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

FF - ProfilePath - c:\documents and settings\knuafd\Programdata\Mozilla\Firefox\Profiles\fplcvtj8.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2088657&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - ToggleNO Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2088657&SearchSource=13

FF - prefs.js: network.proxy.type - 2

FF - component: c:\documents and settings\knuafd\Programdata\Mozilla\Firefox\Profiles\fplcvtj8.default\extensions\{af543a13-f8e6-4423-a4ac-1cc0475ecb44}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\knuafd\Programdata\Mozilla\Firefox\Profiles\fplcvtj8.default\extensions\{af543a13-f8e6-4423-a4ac-1cc0475ecb44}\components\RadioWMPCore.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

FF - plugin: c:\programfiler\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - TOMME PEKERE FJERNET - - - -

HKCU-Run-Wmevejiq - c:\windows\nmintflg.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-16 21:48

Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket

skjulte filer: 0

**************************************************************************

.

Tidspunkt ferdig: 2010-08-16 21:53:02 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2010-08-16 19:53

Pre-Run: 136 985 767 936 byte ledig

Post-Run: 140 711 432 192 byte ledig

WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 6A48DD1E6CEA7B7AA3C2710A3FB89B66

MBAM loggen:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Databaseversjon: 4437

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

16.08.2010 21:15:57

mbam-log-2010-08-16 (21-15-57).txt

Skanntype: Hurtigsøk

Objekter skannet: 154231

Tid tilbakelagt: 5 minutt(er), 17 sekund(er)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 59

Registerverdier infisert: 3

Registerfiler infisert: 0

Mapper infisert: 13

Filer infisert 28

Minneprosesser infisert:

(Ingen skadelige objekter funnet)

Minnemoduler infisert:

(Ingen skadelige objekter funnet)

Registernøkler infisert:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5d1579d7-8cb0-47f2-8cf9-371aa907fb4d} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{5d1579d7-8cb0-47f2-8cf9-371aa907fb4d} (Trojan.BHO.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\gnucdna.core (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{2850bdc7-2330-4e31-9fa0-88268846539a} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{0be385a3-85a5-4722-b677-68dae891ff21} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{272c0d60-0561-4c83-b3db-eb0a71f9d2eb} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{284477e4-a7cb-4055-9e1b-0ea7cba28945} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{70ca4938-6a0f-4641-a9a9-c936e4c1e7de} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7468213e-010e-4ec6-a17d-642e909ba7ec} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{89dc33a2-f86f-42a1-8b5f-d4d1943efc9c} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{a916af3c-976d-4358-8736-95bea0b5fd2c} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{b86f4810-19a9-4050-9ac9-b5cf60b5799a} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{bb5b7e14-f8b4-4365-a24d-f4965c33e1ee} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{be45f056-e005-437b-be88-23acf70b0b6a} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{c13d4627-02f5-4b03-897a-bf6a90022dd2} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{c636f1fc-6ae4-4e6a-90ab-6d61d821a0dd} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{cb971ac0-6408-40da-a540-92f9f256f51f} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d5694dfe-43b6-4e05-aa29-8c556c968973} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e2032ec2-a9ac-4ed7-9bdb-ebecacf076f2} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{ebab4a71-8c34-461a-b57d-dd041d439555} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f06fea43-0cc3-4bf6-a85b-5efb1c07aa4b} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{fc94a0f7-9c7c-4ae2-9106-5c212332b209} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{f02c0ae1-d796-42c9-81e1-084d88f79b8e} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport2.hbax (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport2.hbax.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport2.hbinfoband (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport2.hbinfoband.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport2.iebutton (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport2.iebutton.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport2.iebuttona (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport2.iebuttona.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport2.rprtctrl (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\shoppingreport2.rprtctrl.1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{030c9927-10fc-4169-97a2-55becd5d88d8} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{0eb3f101-224a-4b2b-9e5b-df720857529c} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{a1f1ecd3-4806-44c6-a869-f0dadf11c57c} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3e2dfd6a-4e20-4d4c-aa8b-e1f9dbef3c80} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{714e0876-fcee-49ce-a429-b9ad8aefcb56} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{dd15bcc0-5fe9-4690-a957-99fa60ed9d26} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{b035ba6b-57cd-4f72-b545-65be465fcaf6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{d44fd6f0-9746-484e-b5c4-c66688393872} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{f244a744-534d-4a46-855f-c0c7e9f27daa} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258c9770-1713-4021-8d7e-1f184a2bd754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{258c9770-1713-4021-8d7e-1f184a2bd754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bdea95cf-f0e6-41e0-bd3d-b00f39a4e939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{db38e21a-0133-419d-92ad-ecdfd5244d6d} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eb620c54-e229-4942-87ce-e717109fc8c6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{db38e21a-0133-419d-92ad-ecdfd5244d6d} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{eb620c54-e229-4942-87ce-e717109fc8c6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Cydoor (AdWare.Cydoor) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\ZE18MW23GY (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BARDISCOVER_SERVICE (Adware.BarDiscover) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.

Registerverdier infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ze18mw23gy (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\746933 (Rogue.SecurityTool) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\GnucDNA.dll (Adware.WhenU) -> Quarantined and deleted successfully.

Registerfiler infisert:

(Ingen skadelige objekter funnet)

Mapper infisert:

C:\Documents and Settings\knuafd\Programdata\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

C:\Documents and Settings\knuafd\Programdata\ShoppingReport2\cs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

C:\Documents and Settings\knuafd\Programdata\ShoppingReport2\cs\db (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

C:\Documents and Settings\knuafd\Programdata\ShoppingReport2\cs\dwld (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

C:\Documents and Settings\knuafd\Programdata\ShoppingReport2\cs\report (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

C:\Documents and Settings\knuafd\Programdata\ShoppingReport2\cs\res1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

C:\Programfiler\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7} (Adware.BarDiscover) -> Quarantined and deleted successfully.

C:\Programfiler\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\chrome (Adware.BarDiscover) -> Quarantined and deleted successfully.

C:\Programfiler\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\defaults (Adware.BarDiscover) -> Quarantined and deleted successfully.

C:\Programfiler\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\defaults\preferences (Adware.BarDiscover) -> Quarantined and deleted successfully.

C:\Programfiler\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

C:\Programfiler\ShoppingReport2\Bin (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

C:\Programfiler\ShoppingReport2\Bin\2.7.12 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

Filer infisert

c:\WINDOWS\system32\ipzakpm.dll (Trojan.BHO.H) -> Delete on reboot.

C:\Documents and Settings\knuafd\Lokale innstillinger\Temp\Cmx.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\knuafd\Lokale innstillinger\Programdata\746933.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\GnucDNA.dll (Adware.WhenU) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\sshnas21.dll (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\knuafd\Lokale innstillinger\Temp\156.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\knuafd\Lokale innstillinger\Temp\158.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.

C:\Documents and Settings\knuafd\Lokale innstillinger\Temp\Cmv.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\knuafd\Lokale innstillinger\Temp\Cmw.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\knuafd\Lokale innstillinger\Temp\e.exe (Spyware.Passwords) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\BARB6.tmp\upgrade.exe (Adware.BarDiscover) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\kibc.tmp\setup.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.

C:\WINDOWS\Cnosoa.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

C:\Documents and Settings\knuafd\Programdata\ShoppingReport2\cs\Config.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

C:\Documents and Settings\knuafd\Programdata\ShoppingReport2\cs\db\Aliases.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

C:\Documents and Settings\knuafd\Programdata\ShoppingReport2\cs\db\Sites.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

C:\Documents and Settings\knuafd\Programdata\ShoppingReport2\cs\dwld\WhiteList.xip (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

C:\Documents and Settings\knuafd\Programdata\ShoppingReport2\cs\report\aggr_storage.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

C:\Documents and Settings\knuafd\Programdata\ShoppingReport2\cs\report\send_storage.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

C:\Documents and Settings\knuafd\Programdata\ShoppingReport2\cs\res1\WhiteList.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

C:\Programfiler\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\chrome.manifest (Adware.BarDiscover) -> Quarantined and deleted successfully.

C:\Programfiler\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\install.rdf (Adware.BarDiscover) -> Quarantined and deleted successfully.

C:\Programfiler\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\chrome\bardiscover.jar (Adware.BarDiscover) -> Quarantined and deleted successfully.

C:\Programfiler\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E7}\defaults\preferences\prefs.js (Adware.BarDiscover) -> Quarantined and deleted successfully.

C:\Programfiler\ShoppingReport2\Uninst.exe (Adware.ShoppingReport2) -> Quarantined and deleted successfully.

C:\Documents and Settings\knuafd\Start-meny\Programmer\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Noen som kan hjelpe meg? Jeg hadde pc'n i sikkert modus da jeg gjorde dette, så jeg ve ikke om viruset (Security Tool) er forsvunnet nå, siden jeg ikke har sjekket enda Burde det være forsvunnet nå? Eller hva skal jeg ellers gjøre videre?

screenman · 16. august 2010