lknight Skrevet 2. februar 2011 Del Skrevet 2. februar 2011 (endret) får ikke startet noen programmer etter at jeg har kjørt ComboFix-scan. ikke engang notepad. jeg må restarte pc-en før jeg får startet noen programmer. hvorfor skjer det? har ikke vært borti det problemet ved tidligere Combofix-scans........ her er MBAM- og Combofix-loggene: MBAM: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5638 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 Wed 02.02.2011 01:36:37 mbam-log-2011-02-02 (01-36-37).txt Scan type: Quick scan Objects scanned: 143529 Time elapsed: 2 minute(s), 34 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Combofix: ComboFix 11-01-31.02 - oobie 02.02.2011 1:45.4.3 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3326.2546 [GMT 1:00] Running from: c:\users\oobie\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ((((((((((((((((((((((((( Files Created from 2011-01-02 to 2011-02-02 ))))))))))))))))))))))))))))))) . 2011-02-02 00:52 . 2011-02-02 00:52 -------- d-----w- c:\users\Public\AppData\Local\temp 2011-02-02 00:52 . 2011-02-02 00:52 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-01-28 15:10 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2851A0D0-EBB0-4C73-8638-6664B08F906B}\mpengine.dll 2011-01-27 14:47 . 2011-01-27 14:47 -------- d-----w- c:\program files\Microsoft ActiveSync 2011-01-27 14:46 . 2011-01-27 14:46 -------- d-----w- c:\program files\Microsoft.NET 2011-01-24 05:11 . 2011-01-24 05:19 -------- d-----w- c:\users\oobie\AppData\Roaming\WinFF 2011-01-24 05:11 . 2011-01-24 05:11 -------- d-----w- c:\program files\WinFF 2011-01-24 05:09 . 2011-01-24 05:09 -------- d-----w- c:\users\oobie\AppData\Roaming\Gui4Cli 2011-01-24 03:51 . 2011-01-24 03:51 -------- d-----w- c:\windows\system32\syncdb 2011-01-23 23:14 . 2011-01-23 23:16 -------- d-----w- c:\program files\CyberLink 2011-01-23 23:00 . 2011-01-23 23:00 -------- d-----w- c:\program files\MediaInfo 2011-01-23 21:32 . 2010-10-16 04:34 573440 ----a-w- c:\windows\system32\odbc32.dll 2011-01-23 21:32 . 2010-10-16 04:33 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll 2011-01-23 21:32 . 2010-10-16 04:33 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll 2011-01-23 21:32 . 2010-10-16 04:33 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2011-01-23 21:32 . 2010-10-16 04:33 208896 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll 2011-01-21 20:47 . 2011-01-21 20:47 83249512 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlcD611.tmp 2011-01-12 22:53 . 2011-01-12 22:53 -------- d-----w- c:\programdata\eSellerate 2011-01-12 22:53 . 2011-01-23 23:16 -------- d-----w- c:\programdata\SmartSound Software Inc 2011-01-12 22:53 . 2011-01-23 23:16 -------- d-----w- c:\program files\SmartSound Software 2011-01-12 19:27 . 2010-05-28 16:34 123392 ----a-w- c:\windows\system32\UnCasino_NOR.exe 2011-01-12 18:47 . 2006-02-22 13:41 35840 ----a-w- c:\windows\system32\MiniWebControl.ocx 2011-01-12 18:47 . 2011-01-13 13:19 -------- d-----w- c:\program files\BetsafeNorwegianEuro 2011-01-06 21:44 . 2009-06-22 18:08 90112 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMPRTPRC.DLL 2011-01-06 04:08 . 2011-01-06 04:08 -------- d-----w- c:\users\oobie\AppData\Local\Sony 2011-01-06 04:06 . 2011-01-06 04:06 -------- d-----w- c:\programdata\Sony 2011-01-06 04:06 . 2011-01-06 04:06 -------- d-----w- c:\program files\Sony 2011-01-06 03:35 . 2011-01-06 03:36 -------- d-----w- c:\users\oobie\AppData\Roaming\GetRightToGo 2011-01-06 03:33 . 2011-01-06 03:33 -------- d-----w- c:\users\oobie\AppData\Roaming\CleanMyPC Software 2011-01-06 03:33 . 2011-01-06 03:33 -------- d-----w- c:\program files\CleanMyPC 2011-01-06 03:28 . 2011-01-06 04:09 -------- d-----w- c:\users\oobie\AppData\Roaming\Sony 2011-01-06 02:30 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll 2011-01-06 02:30 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll 2011-01-06 02:30 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax 2011-01-06 02:30 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax 2011-01-06 02:30 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll 2011-01-06 02:30 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll 2011-01-06 01:56 . 2011-01-06 01:56 -------- d-----w- c:\users\oobie\AppData\Roaming\Publish Providers . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-20 17:09 . 2010-05-03 00:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-20 17:08 . 2010-05-03 00:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-19 04:15 . 2010-11-19 04:15 57344 ----a-r- c:\users\oobie\AppData\Roaming\Microsoft\Installer\{51FAC155-0705-4EA0-B00F-7955676627BF}\NewShortcut1_51FAC15507054EA0B00F7955676627BF.exe 2010-11-04 05:52 . 2010-12-27 23:12 978944 ----a-w- c:\windows\system32\wininet.dll 2010-11-04 05:48 . 2010-12-27 23:12 44544 ----a-w- c:\windows\system32\licmgr10.dll 2010-11-04 04:41 . 2010-12-27 23:12 386048 ----a-w- c:\windows\system32\html.iec 2010-11-04 04:08 . 2010-12-27 23:12 1638912 ----a-w- c:\windows\system32\mshtml.tlb . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\oobie\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\oobie\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\oobie\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AtiTrayTools"="c:\program files\ATI Tray Tools\atitray.exe" [2010-01-31 882688] "Registry Cleaner Scheduler"="c:\program files\CleanMyPC\Registry Cleaner\RCHelper.exe" [2009-10-20 1401096] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2010-06-06 126976] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-08 9267816] "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "StartCCC"="c:\program files\ATI\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-26 98304] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-21 23:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box] 2010-06-06 21:29 126976 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2010-12-20 17:08 443728 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-01 685816] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-03 135664] R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-04-29 26112] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-10 1343400] S1 atitray;atitray;c:\program files\ATI Tray Tools\atitray.sys [2009-11-25 19232] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 176128] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-27 6573568] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-27 229888] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-09-24 102416] S3 cxbu0wdm;OMNIKEY 3x21;c:\windows\system32\DRIVERS\cxbu0wdm.sys [2010-01-25 115712] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 20952] S3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\Drivers\DB3G.sys [2005-04-24 13225] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776] S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 17792] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . Contents of the 'Scheduled Tasks' folder 2011-02-02 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-05-03 01:39] 2011-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-03 01:39] 2011-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-03 01:39] . . ------- Supplementary Scan ------- . uStart Page = about:blank IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html Trusted Zone: buypass.no Trusted Zone: headit.no Trusted Zone: norsk-tipping.no DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} - hxxp://webc.monster.com/auth/controls/IlosoftImageUpload.dll FF - ProfilePath - c:\users\oobie\AppData\Roaming\Mozilla\Firefox\Profiles\3g0mt2dm.default\ FF - prefs.js: browser.startup.homepage - FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q= FF - Ext: Performer Optimum: [email protected] - d:\programs\Firefox\extensions\[email protected] FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\programs\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - d:\programs\Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - d:\programs\Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - d:\programs\Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - d:\programs\Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - d:\programs\Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - d:\programs\Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - d:\programs\Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - d:\programs\Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - d:\programs\Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} . . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(1268) c:\program files\ATI Tray Tools\raphook.dll c:\users\oobie\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll . Completion time: 2011-02-02 01:52:58 ComboFix-quarantined-files.txt 2011-02-02 00:52 ComboFix2.txt 2011-02-02 00:18 ComboFix3.txt 2011-02-01 00:32 ComboFix4.txt 2010-09-20 17:09 Pre-Run: 18,250,629,120 bytes free Post-Run: 18,204,467,200 bytes free - - End Of File - - B00E844B7FB18BA4AA57A35E0EB29F8F en annen ting som er litt merkelig.. jeg skulle overføre 2 simple programmer (.exe-filer) fra stasjonær til laptop, men når filene kom på laptopen så viste det seg at filene hadde malware..... og nå når jeg kjører MBAM og Combofix på min stasjonære, så finner de ingen malware på de programmene.. det var AVG-antivirus som fant malware på de aktuelle programmene. kanskje usb-porten er infisert, eller? hva anbefales det for meg å gjøre? Endret 2. februar 2011 av lknight Lenke til kommentar
norbat Skrevet 2. februar 2011 Del Skrevet 2. februar 2011 En systemgjenoppretting til en dato før probl. vil mest sannsynlig løse programproblemet. Ang. malwaren - Det kan være AVG som gir feil varsel. Du kan sjekke filene på virustotal.com Lenke til kommentar
lknight Skrevet 2. februar 2011 Forfatter Del Skrevet 2. februar 2011 ah. genial side det der må jeg si! bookmarket siden like greit. fungerte utrolig bra, tydeligvis. Resultat av søket: 4 av 43 (9.3%) scannere fant noe feil med filen: Commtouch 5.2.11.5 2011.02.02 W32/SecRisk-ProcessPatcher-Sml-based!Maximus F-Prot 4.6.2.117 2011.02.01 W32/SecRisk-ProcessPatcher-Sml-based!Maximus K7AntiVirus 9.80.3717 2011.02.02 Trojan VIPRE 8283 2011.02.02 RiskTool.Win32.ProcessPatcher.Sml!cobra (v) så filen HAR altså malware i seg, eller? er det denne linken jeg skal følge for å ta en systemgjenoppretting av Windows 7: http://www.sevenforums.com/tutorials/700-system-restore.html takk for hjelpa som vanlig, norbat! Lenke til kommentar
lknight Skrevet 3. februar 2011 Forfatter Del Skrevet 3. februar 2011 norbat? er filen noe virus..? Lenke til kommentar
norbat Skrevet 4. februar 2011 Del Skrevet 4. februar 2011 Ikke nødvendigvis. Hvilke .exe-filer var det du sjekket? Lenke til kommentar
lknight Skrevet 9. februar 2011 Forfatter Del Skrevet 9. februar 2011 (endret) det var .exe til et touhou-spill... (engelsk versjon) EDIT: finnes det noen AV-programmer som jeg kan bruke til å sjekke om jeg har malware og sånt, eller? Endret 9. februar 2011 av lknight Lenke til kommentar
norbat Skrevet 12. februar 2011 Del Skrevet 12. februar 2011 At AVG (og noen andre av-prog) reagerer på .exe-filene, kan være at de inneholder noen prosesser som ansees som risiko. Det behøver ikke å være malware. Mye tyder på at disse filene ikke utgjør noen risiko i og med at så få av-prog. detekterte de. Combofix-loggen viser ingen sport på malware. Du kan kjøre onlineskanneren til f.eks Bitdefender og se om den finner noe. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå