HeatSeeKinG Skrevet 11. februar 2011 Del Skrevet 11. februar 2011 Hei, Jeg har et spørsål angående antivirus programmer: Jeg gikk fra Norton Antivirus til Microsoft Seurity Essentials. Norton hadde 3 filer i karantene, hva har skjedd med disse etter at jeg slettet Norton og gikk over til MSE? MSE finner ingen skadelig programvare. Når et antivirus program setter et program/fil i karantene,hva skjer med viruset? Er det fortsatt i systemet? Kan eller vil det bli slettet?(gjelder Norton og MSE antivirus). Jeg har nettopp kjørt Malewarebytes' Anti-Malware scan Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Databaseversjon: 5735 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 11.02.2011 00:11:04 mbam-log-2011-02-11 (00-11-04).txt Skanntype: Hurtigsøk Objekter skannet: 184703 Tid tilbakelagt: 13 minutt(er), 49 sekund(er) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert 0 Minneprosesser infisert: (Ingen skadelige objekter funnet) Minnemoduler infisert: (Ingen skadelige objekter funnet) Registernøkler infisert: (Ingen skadelige objekter funnet) Registerverdier infisert: (Ingen skadelige objekter funnet) Registerfiler infisert: (Ingen skadelige objekter funnet) Mapper infisert: (Ingen skadelige objekter funnet) Filer infisert (Ingen skadelige objekter funnet) Har også lastet ned Combofix og kjørte en scan der også. ComboFix 11-02-09.05 - bruker 11.02.2011 0:24.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.2014.1001 [GMT 1:00] Kjører fra: c:\documents and settings\bruker\Mine dokumenter\Nedlastinger\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Programdata\Local C:\LOGDF.tmp c:\windows\system32\Thumbs.db . ((((((((((((((((((((((((((( Filer Opprettet Fra 2011-01-10 til 2011-02-10 ))))))))))))))))))))))))))))))))) . 2011-02-10 22:56 . 2011-02-10 22:56 -------- d-----w- c:\documents and settings\bruker\Programdata\Malwarebytes 2011-02-10 22:56 . 2011-02-10 22:56 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes 2011-02-10 22:50 . 2011-01-13 00:41 5890896 ----a-w- c:\documents and settings\All Users\Programdata\Microsoft\Microsoft Antimalware\Definition Updates\{30245982-D512-4886-A489-F9A315EF58F4}\mpengine.dll 2011-02-10 13:22 . 2008-11-07 17:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll 2011-02-09 21:51 . 2011-02-09 21:51 83249512 ----a-w- c:\programfiler\Fellesfiler\Windows Live\.cache\wlc11.tmp 2011-02-03 09:23 . 2011-01-13 00:41 5890896 ----a-w- c:\documents and settings\All Users\Programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-02-01 15:01 . 2011-02-06 14:34 -------- d-----w- c:\programfiler\Bridge Building Game 2011-02-01 14:43 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-02-01 14:39 . 2011-02-01 14:39 -------- d-----w- c:\programfiler\Microsoft Security Client 2011-01-21 14:44 . 2011-01-21 14:44 439296 ------w- c:\windows\system32\dllcache\shimgvw.dll 2011-01-17 08:13 . 2011-01-17 08:13 -------- d-----w- c:\programfiler\Maxima-5.14.0 2011-01-14 21:38 . 2011-01-14 21:38 -------- d-----w- c:\windows\Sun . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-01-21 14:44 . 2006-02-25 13:00 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2006-02-25 12:59 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 14:04 . 2006-02-25 12:59 1854976 ----a-w- c:\windows\system32\win32k.sys 2010-12-26 22:20 . 2008-08-29 22:46 139080 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-12-26 22:20 . 2009-06-14 17:01 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr 2010-12-26 22:20 . 2008-08-29 22:46 270240 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-12-22 12:34 . 2006-02-25 13:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 23:06 . 2006-02-25 13:00 832512 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 23:06 . 2006-02-25 13:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-12-20 23:06 . 2006-02-25 13:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl 2010-12-20 23:06 . 2006-02-25 12:59 17408 ------w- c:\windows\system32\corpol.dll 2010-12-20 17:25 . 2006-02-25 13:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2010-12-20 12:55 . 2006-02-25 12:59 389120 ----a-w- c:\windows\system32\html.iec 2010-12-20 10:52 . 2009-02-27 15:21 138056 ----a-w- c:\documents and settings\bruker\Programdata\PnkBstrK.sys 2010-12-20 10:51 . 2008-08-29 22:46 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0 2010-12-20 10:51 . 2008-08-29 22:45 75136 ----a-w- c:\windows\system32\PnkBstrA.exe 2010-12-09 15:15 . 2006-02-25 13:00 714240 ----a-w- c:\windows\system32\ntdll.dll 2010-12-09 15:14 . 2004-08-04 00:58 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-12-09 15:14 . 2006-02-25 12:59 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-12-09 14:30 . 2006-02-25 12:59 33280 ----a-w- c:\windows\system32\csrsrv.dll 2010-11-18 18:15 . 2006-02-25 05:16 81920 ----a-w- c:\windows\system32\isign32.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\programfiler\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "WMPNSCFG"="c:\programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288] "AirVideoServer"="c:\programfiler\AirVideoServer\AirVideoServer.exe" [2010-09-22 4923784] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-12-06 200704] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-12-06 208896] "SynTPLpr"="c:\programfiler\Synaptics\SynTP\SynTPLpr.exe" [2007-08-10 110592] "SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2007-08-10 512000] "TPFNF7"="c:\programfiler\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-11-29 59168] "TPHOTKEY"="c:\programfiler\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176] "TpShocks"="TpShocks.exe" [2007-11-22 181536] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248] "SoundMAXPnP"="c:\programfiler\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-10 8495104] "nwiz"="nwiz.exe" [2007-12-10 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-10 81920] "TVT Scheduler Proxy"="c:\programfiler\Fellesfiler\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940] "ISUSPM Startup"="c:\progra~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "AwaySch"="c:\programfiler\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688] "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 120368] "DiskeeperSystray"="c:\programfiler\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696] "ACTray"="c:\programfiler\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 413696] "ACWLIcon"="c:\programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 126976] "cssauth"="c:\programfiler\Lenovo\Client Security Solution\cssauth.exe" [2007-08-03 2630968] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304] "Message Center Plus"="c:\programfiler\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976] "AppleSyncNotifier"="c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2010-10-06 149280] "QuickTime Task"="c:\programfiler\QuickTime\qttask.exe" [2010-09-08 421888] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2010-11-17 421160] "Symantec PIF AlertEng"="c:\programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2008-01-29 583048] "MSC"="c:\programfiler\Microsoft Security Client\msseces.exe" [2010-11-30 997408] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 00:42 72208 ----a-w- c:\programfiler\Fellesfiler\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2007-03-14 20:17 89600 ----a-w- c:\windows\system32\psqlpwd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2006-09-06 07:37 34344 ------w- c:\programfiler\Lenovo\HOTKEY\notifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2006-12-14 02:06 28672 ------w- c:\programfiler\Lenovo\HOTKEY\tphklock.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^BTTray.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\BTTray.lnk backup=c:\windows\pss\BTTray.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Hurtigstart for Adobe Reader.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Hurtigstart for Adobe Reader.lnk backup=c:\windows\pss\Hurtigstart for Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Logitech SetPoint.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Windows Search.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^bruker^Start-meny^Programmer^Oppstart^Deer Hunter 2005 Registration.lnk] path=c:\documents and settings\bruker\Start-meny\Programmer\Oppstart\Deer Hunter 2005 Registration.lnk backup=c:\windows\pss\Deer Hunter 2005 Registration.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^bruker^Start-meny^Programmer^Oppstart^MagicDisc.lnk] path=c:\documents and settings\bruker\Start-meny\Programmer\Oppstart\MagicDisc.lnk backup=c:\windows\pss\MagicDisc.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^bruker^Start-meny^Programmer^Oppstart^OpenOffice.org 3.0.lnk] path=c:\documents and settings\bruker\Start-meny\Programmer\Oppstart\OpenOffice.org 3.0.lnk backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-01-11 21:16 39792 ----a-w- c:\programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2008-08-08 12:11 490952 ----a-w- c:\programfiler\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2004-07-27 14:50 81920 ------w- c:\programfiler\Fellesfiler\Installshield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-11-17 19:59 421160 ----a-w- c:\programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] 2008-02-29 01:12 76304 ----a-w- c:\windows\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 16:23 1695232 ------w- c:\programfiler\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-09-08 09:17 421888 ----a-w- c:\programfiler\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-12-03 15:46 14944136 ----a-r- c:\programfiler\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2010-09-24 16:14 1242448 ----a-w- c:\programfiler\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2005-11-10 11:03 36975 ------w- c:\programfiler\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-05-18 00:29 39408 ----a-w- c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2006-11-15 08:46 204288 ------w- c:\programfiler\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Apple Mobile Device"=2 (0x2) "iPod Service"=3 (0x3) "Bonjour Service"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\Programfiler\\Full Tilt Poker\\FullTiltPoker.exe"= "c:\\Programfiler\\Steam\\Steam.exe"= "c:\\Programfiler\\Spotify\\spotify.exe"= "c:\\Programfiler\\Opera\\opera.exe"= "c:\\Programfiler\\Mozilla Firefox\\firefox.exe"= "c:\\Programfiler\\Age Of Empires 2 & The Conquerors Expansion - Full Game\\age2_x1.exe"= "c:\\Programfiler\\VideoLAN\\VLC\\vlc.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Programfiler\\Counter-Strike 1.6\\hl.exe"= "c:\\Programfiler\\Logitech Touch Mouse Server\\iTouch-Server-Win.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\Steam\\steamapps\\fredrikmel\\counterstrike source beta\\hl2.exe"= "c:\\Programfiler\\AirVideoServer\\AirVideoServer.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "c:\\Programfiler\\Age Of Empires 2 & The Conquerors Expansion - Full Game\\Age2_x1\\age2_x1.exe"= "c:\\Programfiler\\Skype\\Phone\\Skype.exe"= "c:\\Programfiler\\Maxima-5.14.0\\wxMaxima\\wxMaxima.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "52280:TCP"= 52280:TCP:utorrent "52280:UDP"= 52280:UDP:utorrent "27000:UDP"= 27000:UDP:Steam 1 "27020:UDP"= 27020:UDP:steam 11 "27020:TCP"= 27020:TCP:steam2 "27050:TCP"= 27050:TCP:steam 22 "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.09.2008 17:18 717296] R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [16.10.2007 17:32 19504] R2 smihlp;SMI Helper Driver (smihlp);c:\programfiler\Fellesfiler\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [14.03.2007 21:10 11152] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\programfiler\Lenovo\Rescue and Recovery\rrpservice.exe [08.02.2007 12:11 569344] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22.05.2007 14:59 30336] S1 MpKslfd0c639f;MpKslfd0c639f;\??\c:\documents and settings\All Users\Programdata\Microsoft\Microsoft Antimalware\Definition Updates\{30245982-D512-4886-A489-F9A315EF58F4}\MpKslfd0c639f.sys --> c:\documents and settings\All Users\Programdata\Microsoft\Microsoft Antimalware\Definition Updates\{30245982-D512-4886-A489-F9A315EF58F4}\MpKslfd0c639f.sys [?] S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"c:\programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?] S2 wmcmgc;Windows Management Configuration;c:\windows\System32\svchost.exe -k netsvcs [25.02.2006 14:00 14336] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [22.11.2010 19:39 18432] S3 PCD5SRVC{DF187064-5DA14001-05040000};PCD5SRVC{DF187064-5DA14001-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PCDR5\PCD5SRVC.pkms [22.08.2007 20:12 25760] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [28.08.2008 17:31 41984] S3 wtsmpadap;Sesam Virtual Adapter;c:\windows\system32\DRIVERS\wtsmpadap.sys --> c:\windows\system32\DRIVERS\wtsmpadap.sys [?] S3 WtSmpFlt;Sesam Adapter;c:\windows\system32\DRIVERS\wtsmpflt.sys --> c:\windows\system32\DRIVERS\wtsmpflt.sys [?] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs wmcmgc wmcmgc . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2011-02-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34] 2011-02-10 c:\windows\Tasks\Google Software Updater.job - c:\programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-06 00:29] 2011-02-10 c:\windows\Tasks\MP Scheduled Scan.job - c:\programfiler\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26] 2011-02-10 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-08-06 16:22] 2011-02-10 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 20:18] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://lenovo.live.com uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send til &Bluetooth-enhet... - c:\programfiler\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\bruker\Programdata\Mozilla\Firefox\Profiles\7bz7gsbl.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.escapistmagazine.com/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programfiler\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\programfiler\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Battlefield Heroes Updater: [email protected] - %profile%\extensions\[email protected] FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: [email protected] - c:\programfiler\Java\jre6\lib\deploy\jqs\ff . - - - - TOMME PEKERE FJERNET - - - - Notify-ACNotify - ACNotify.dll MSConfigStartUp-MsnMsgr - c:\programfiler\MSN Messenger\msnmsgr.exe MSConfigStartUp-SpybotSD TeaTimer - c:\programfiler\Spybot - Search & Destroy\TeaTimer.exe AddRemove-Logitech Touch Mouse Server - c:\docume~1\bruker\LOKALE~1\Temp\uninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-11 00:39 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run AirVideoServer = c:\programfiler\AirVideoServer\AirVideoServer.exe? skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCD5SRVC{DF187064-5DA14001-05040000}] "ImagePath"="\??\c:\progra~1\PCDR5\PCD5SRVC.pkms" . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-469358549-1026899463-3026831977-1008\Software\SecuROM\License information*] "datasecu"=hex:48,45,d9,92,a9,8d,56,a7,3c,94,7a,5d,94,04,5f,95,d7,3a,02,92,6e, 3c,13,15,d1,35,b0,b0,1f,7f,6f,e0,23,af,cc,71,5d,11,fb,7a,b9,b7,a3,61,f3,15,\ "rkeysecu"=hex:8e,9b,92,c4,99,ca,56,c8,e4,2b,b2,7c,b1,45,1d,4b [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(1004) c:\programfiler\ThinkPad\ConnectUtilities\ACNotify.dll c:\programfiler\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\programfiler\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\programfiler\ThinkPad\ConnectUtilities\ACHelper.dll c:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll c:\windows\system32\psqlpwd.dll c:\programfiler\fellesfiler\logishrd\bluetooth\LBTServ.dll c:\programfiler\ThinkVantage Fingerprint Software\homefus2.dll c:\programfiler\ThinkVantage Fingerprint Software\infra.dll c:\programfiler\ThinkVantage Fingerprint Software\homepass.dll c:\programfiler\ThinkVantage Fingerprint Software\bio.dll c:\programfiler\ThinkVantage Fingerprint Software\ps2css.dll c:\programfiler\ThinkVantage Fingerprint Software\remote.dll c:\programfiler\Lenovo\HOTKEY\tphklock.dll c:\programfiler\ThinkVantage Fingerprint Software\pscssint.dll c:\programfiler\ThinkVantage Fingerprint Software\crypto.dll - - - - - - - > 'explorer.exe'(5628) c:\windows\system32\nview.dll c:\windows\system32\NVWRSNO.DLL c:\programfiler\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll c:\programfiler\Lenovo\Client Security Solution\tvt_passwordmanager.dll c:\programfiler\Lenovo\Client Security Solution\css_banner.dll c:\programfiler\Lenovo\Client Security Solution\csswait.dll c:\windows\system32\cssuserdatadispatcher.dll c:\programfiler\Lenovo\Client Security Solution\css_dlgcustompolicy.dll c:\windows\system32\tvttsp.dll c:\windows\system32\tcsrpc.dll c:\programfiler\Fellesfiler\Lenovo\tvt_think_res.dll c:\programfiler\Lenovo\Client Security Solution\css_think_res.dll c:\windows\system32\nvwddi.dll c:\programfiler\Windows Desktop Search\deskbar.dll c:\programfiler\Windows Desktop Search\nb-no\dbres.dll.mui c:\programfiler\Windows Desktop Search\dbres.dll c:\programfiler\Windows Desktop Search\wordwheel.dll c:\programfiler\Windows Desktop Search\nb-no\msnlExtRes.dll.mui c:\programfiler\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\programfiler\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\PDFShell.dll c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\PDFShell.NOR c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll c:\programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll c:\windows\System32\DLA\DLASHX_W.DLL c:\windows\system32\DLAAPI_W.DLL c:\windows\System32\DLA\DLACResW.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\programfiler\Microsoft Security Client\Antimalware\MsMpEng.exe c:\programfiler\ThinkPad\Bluetooth Software\bin\btwdins.exe c:\programfiler\Intel\Wireless\Bin\S24EvMon.exe c:\windows\system32\IPSSVC.EXE c:\programfiler\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe c:\programfiler\Fellesfiler\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\programfiler\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe c:\programfiler\Bonjour\mDNSResponder.exe c:\programfiler\Diskeeper Corporation\Diskeeper\DkService.exe c:\programfiler\Intel\Wireless\Bin\EvtEng.exe c:\programfiler\Fellesfiler\InterVideo\RegMgr\iviRegMgr.exe c:\programfiler\Java\jre6\bin\jqs.exe c:\programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\mdm.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\programfiler\Intel\Wireless\Bin\RegSrvc.exe c:\programfiler\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\programfiler\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\programfiler\Fellesfiler\Lenovo\tvt_reg_monitor_svc.exe c:\windows\System32\TPHDEXLG.exe c:\programfiler\Lenovo\Client Security Solution\tvttcsd.exe c:\programfiler\Lenovo\Rescue and Recovery\rrservice.exe c:\programfiler\Fellesfiler\Lenovo\Scheduler\tvtsched.exe c:\programfiler\Lenovo\Rescue and Recovery\ADM\IUService.exe c:\programfiler\Windows Media Player\WMPNetwk.exe c:\windows\system32\SearchIndexer.exe c:\programfiler\Fellesfiler\Lenovo\Logger\logmon.exe c:\programfiler\ThinkPad\ConnectUtilities\AcSvc.exe c:\programfiler\lenovo\system update\suservice.exe c:\windows\system32\wbem\wmiapsrv.exe c:\programfiler\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\windows\system32\TpShocks.exe c:\programfiler\Lenovo\HOTKEY\TPONSCR.exe c:\programfiler\Lenovo\Zoom\TpScrex.exe c:\windows\system32\RUNDLL32.EXE c:\windows\system32\rundll32.exe c:\programfiler\Lenovo\Client Security Solution\tvtpwm_tray.exe c:\programfiler\iPod\bin\iPodService.exe . ************************************************************************** . Tidspunkt ferdig: 2011-02-11 00:45:15 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2011-02-10 23:44 ComboFix2.txt 2009-02-22 22:02 Pre-Run: 4 342 419 456 byte ledig Post-Run: 9 136 381 952 byte ledig - - End Of File - - B4E20D4EB5460A143E751C3F716EADFD Er ikke helt sikker på om denne skulle vært slettet: windows\system32\Thumbs.db På forhånd takk til dere som tar dere tid til å hjelpe andre mennesker. Det står det i respekt av! Lenke til kommentar
norbat Skrevet 11. februar 2011 Del Skrevet 11. februar 2011 Når du avinstallerer Norton, fjernes filene som ligger i karantene fra pc'n. Når et AV-prog setter ei fil i karantene vil fila bli lagt i en egen mappe tilhørende AV-programmet. Fila vil også få endrete filendelsen, eks. virus.exe->virus.0xe eller virus.exe.vir e.l. Disse filene vil altså ikke ha noen program knyttet til seg slik at de ikke kan benyttes. Thumbs.db: Thumbs = Thumbnails = miniatyrbilder. File er en buffer av miniatyrbilder i en katalog. Den gjør at det går fortere å se miniatyrbildene når du ha satt mappevisning til dette. Loggene dine ser greie ut. 1 Lenke til kommentar
HeatSeeKinG Skrevet 11. februar 2011 Forfatter Del Skrevet 11. februar 2011 Når du avinstallerer Norton, fjernes filene som ligger i karantene fra pc'n. Når et AV-prog setter ei fil i karantene vil fila bli lagt i en egen mappe tilhørende AV-programmet. Fila vil også få endrete filendelsen, eks. virus.exe->virus.0xe eller virus.exe.vir e.l. Disse filene vil altså ikke ha noen program knyttet til seg slik at de ikke kan benyttes. Thumbs.db: Thumbs = Thumbnails = miniatyrbilder. File er en buffer av miniatyrbilder i en katalog. Den gjør at det går fortere å se miniatyrbildene når du ha satt mappevisning til dette. Loggene dine ser greie ut. Tusen takk for svar, må bare få si at du gjør en utrolig jobb her på diskusjon.no Det står i respekt av at du i det hele tatt gidder å bruke din egen fritid på å hjelpe andre med problemer! Synes faktisk du fortjener en hedersmedalje fra diskusjon.no! Takk for hjelpen 1 Lenke til kommentar
norbat Skrevet 13. februar 2011 Del Skrevet 13. februar 2011 Takk for hyggelige ord 2 Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå