HeatSeeKinG Skrevet 9. mai 2011 Del Skrevet 9. mai 2011 Hei, har fått virus igjen Microsoft Security Essentials tar tydeligvis ikke alt. Har lagt ved en logg fra Combofix som vedlegg. Kan forøvrig noen gi meg noen tips på mitt "antivirus oppsett"? Firefox 4, Add-ons: -Add Block -No Script -Web of trust Microsoft Security Essentials for sanntidsbeskyttelse samt systemscan hver uke Windows XP brannmuren Oppdatert XP SP3 MBAM til fullstendig systemscan. Jeg har jo ett håp om jeg kan stoppe de fleste virus ved hjelp av No Script og Add Block i firefox... Fins det andre add-ons jeg burde ha til nettleseren min? På forhånd takk Lenke til kommentar
Datasmurfen Skrevet 9. mai 2011 Del Skrevet 9. mai 2011 (endret) Det ligger ingen combofix logger her. Jeg vil også se en HijackThis logg: Gjør følgende: Last ned 'HijackThis'. Lagre den i en permanent mappe, f.eks i C:\HJT\, dobbelklikk på HijackThis.exe, og trykk Do a system scan and save a logfile. Når Notisblokk-vinduet åpnes, trykker du Ctrl-A for å markere hele teksten, kopierer det Ctrl-C og limer det inn i din neste post på forumet Ctrl-V. Mesteparten av innholdet i lista er trygt. Ikke fiks noe enda. Du vil da få en logg tilsvarende den i spoiler nedenfor: Logfile of HijackThis v1.99.1 Scan saved at 17:06:11, on 08.09.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Programfiler\Logitech\Video\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programfiler\Java\jre1.5.0_07\bin\jusched.exe C:\Programfiler\Ahead\InCD\InCD.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Kenneth\Skrivebord\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://stealthy.foolishgames.net/news.php R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_07\bin\ssv.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Programfiler\Logitech\Video\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Programfiler\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Programfiler\RivaTuner v2.0 RC 16\RivaTuner.exe" /S O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programfiler\fellesfiler\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programfiler\Sygate\SPF\smc.exe[/code] Et tips: Legg loggfilene i [spoiler]<skriv loggfilen her>[/spoiler] Når du har gjort dette er det bare å vente på svar... Endret 9. mai 2011 av Datasmurfen. Lenke til kommentar
HeatSeeKinG Skrevet 9. mai 2011 Forfatter Del Skrevet 9. mai 2011 Beklager så mye. Trodde at Combofix loggen kom med som vedlegg. Legger den uansett inn i spoilerteksten her: ComboFix 11-05-08.04 - bruker 09.05.2011 16:35:50.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.47.1044.18.2014.1128 [GMT 2:00] Kjører fra: c:\documents and settings\bruker\Mine dokumenter\Nedlastinger\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\bruker\WINDOWS c:\windows\XSxS . . ((((((((((((((((((((((((((( Filer Opprettet Fra 2011-04-09 til 2011-05-09 ))))))))))))))))))))))))))))))))) . . 2011-05-09 14:21 . 2011-05-09 14:21 28752 ----a-w- c:\documents and settings\All Users\Programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A12642F-7CEC-45ED-8D16-BA30E329D636}\MpKsl37470587.sys 2011-05-09 14:21 . 2011-04-18 07:15 7071056 ----a-w- c:\documents and settings\All Users\Programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-05-09 14:21 . 2011-04-18 07:15 7071056 ----a-w- c:\documents and settings\All Users\Programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A12642F-7CEC-45ED-8D16-BA30E329D636}\mpengine.dll 2011-05-09 14:00 . 2011-05-09 14:00 -------- d-----w- c:\windows\LastGood 2011-05-09 12:07 . 2011-05-09 14:00 -------- d-----w- c:\windows\system32\CatRoot2 2011-05-08 12:49 . 2011-05-08 12:50 -------- d-----w- c:\documents and settings\All Users\Programdata\ElectricSheep 2011-05-08 12:49 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll 2011-05-08 12:49 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll 2011-05-08 11:55 . 2011-05-09 09:31 -------- d-----w- c:\documents and settings\bruker\Programdata\QuickScan 2011-05-08 11:33 . 2011-04-14 16:57 142296 ----a-w- c:\programfiler\Mozilla Firefox\components\browsercomps.dll 2011-05-08 11:33 . 2011-04-14 16:57 89048 ----a-w- c:\programfiler\Mozilla Firefox\libEGL.dll 2011-05-08 11:33 . 2011-04-14 16:57 781272 ----a-w- c:\programfiler\Mozilla Firefox\mozsqlite3.dll 2011-05-08 11:33 . 2011-04-14 16:57 465880 ----a-w- c:\programfiler\Mozilla Firefox\libGLESv2.dll 2011-05-08 11:33 . 2011-04-14 16:57 1874904 ----a-w- c:\programfiler\Mozilla Firefox\mozjs.dll 2011-05-08 11:33 . 2011-04-14 16:57 15832 ----a-w- c:\programfiler\Mozilla Firefox\mozalloc.dll 2011-05-08 11:33 . 2010-01-01 08:00 1974616 ----a-w- c:\programfiler\Mozilla Firefox\D3DCompiler_42.dll 2011-05-08 11:33 . 2010-01-01 08:00 1892184 ----a-w- c:\programfiler\Mozilla Firefox\d3dx9_42.dll 2011-05-08 02:52 . 2011-05-08 02:54 -------- d-----w- c:\documents and settings\All Users\Programdata\PCDr 2011-05-08 01:37 . 2011-05-08 01:37 -------- d-----w- c:\programfiler\Microsoft Security Client 2011-05-07 16:47 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-07 16:46 . 2011-05-07 16:47 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2011-05-07 16:46 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-07 15:22 . 2011-05-07 15:43 -------- d---a-w- c:\documents and settings\All Users\Programdata\TEMP 2011-05-07 15:18 . 2011-05-07 15:43 -------- d-----w- c:\documents and settings\All Users\Programdata\PC Tools 2011-05-07 14:39 . 2011-05-07 14:39 -------- d-----w- c:\documents and settings\Administrator\Programdata\Windows Search 2011-05-03 10:56 . 2011-05-03 10:56 -------- d-----w- c:\documents and settings\bruker\Lokale innstillinger\Programdata\GameTuts 2011-05-02 14:52 . 2011-05-02 14:53 -------- d-----w- c:\documents and settings\bruker\Programdata\Party Buffalo Drive Explorer 2011-05-02 14:52 . 2011-05-02 14:52 -------- d-----w- c:\documents and settings\bruker\Lokale innstillinger\Programdata\FATX_Browser 2011-05-02 13:39 . 2011-05-02 13:39 -------- d-----w- c:\documents and settings\bruker\Lokale innstillinger\Programdata\XboxMB 2011-05-02 13:39 . 2011-05-02 13:39 -------- d-----w- c:\programfiler\Xenocode 2011-05-02 13:39 . 2011-05-02 13:39 -------- d-----w- c:\documents and settings\bruker\Lokale innstillinger\Programdata\Xenocode 2011-04-30 20:11 . 2011-04-30 20:11 -------- d-----w- c:\programfiler\iPod 2011-04-30 20:02 . 2011-04-30 20:02 -------- d-----w- c:\programfiler\Bonjour . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\system32\dnssdX.dll 2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2011-03-07 05:33 . 2006-02-25 05:16 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:44 . 2006-02-25 13:00 434176 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:53 . 2006-02-25 12:59 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-02-18 15:36 . 2009-03-31 15:49 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-02-18 15:36 . 2008-08-28 16:31 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2011-02-17 18:55 . 2006-02-25 13:00 832512 ----a-w- c:\windows\system32\wininet.dll 2011-02-17 18:55 . 2006-02-25 13:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl 2011-02-17 18:55 . 2006-02-25 13:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2011-02-17 18:55 . 2006-02-25 12:59 17408 ------w- c:\windows\system32\corpol.dll 2011-02-17 13:18 . 2006-02-25 12:59 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-02-17 13:18 . 2006-02-25 12:59 357888 ----a-w- c:\windows\system32\drivers\srv.sys 2011-02-17 12:54 . 2008-05-05 05:25 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-02-17 11:44 . 2006-02-25 12:59 389120 ----a-w- c:\windows\system32\html.iec 2011-02-15 12:56 . 2006-02-25 12:59 290432 ----a-w- c:\windows\system32\atmfd.dll 2011-02-09 13:53 . 2006-02-25 13:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2006-02-25 12:59 186880 ----a-w- c:\windows\system32\encdec.dll 2011-04-14 16:57 . 2011-05-08 11:33 142296 ----a-w- c:\programfiler\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\programfiler\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "WMPNSCFG"="c:\programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288] "AirVideoServer"="c:\programfiler\AirVideoServer\AirVideoServer.exe" [2010-09-22 4923784] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-12-06 200704] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-12-06 208896] "SynTPLpr"="c:\programfiler\Synaptics\SynTP\SynTPLpr.exe" [2007-08-10 110592] "SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2007-08-10 512000] "TPFNF7"="c:\programfiler\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-11-29 59168] "TPHOTKEY"="c:\programfiler\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176] "TpShocks"="TpShocks.exe" [2007-11-22 181536] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248] "SoundMAXPnP"="c:\programfiler\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-10 8495104] "nwiz"="nwiz.exe" [2007-12-10 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-10 81920] "TVT Scheduler Proxy"="c:\programfiler\Fellesfiler\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940] "ISUSPM Startup"="c:\progra~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "AwaySch"="c:\programfiler\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688] "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 120368] "DiskeeperSystray"="c:\programfiler\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696] "ACTray"="c:\programfiler\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 413696] "ACWLIcon"="c:\programfiler\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 126976] "cssauth"="c:\programfiler\Lenovo\Client Security Solution\cssauth.exe" [2007-08-03 2630968] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304] "Message Center Plus"="c:\programfiler\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976] "AppleSyncNotifier"="c:\programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2010-10-06 149280] "Symantec PIF AlertEng"="c:\programfiler\Fellesfiler\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2008-01-29 583048] "QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2011-04-14 421160] "MSC"="c:\programfiler\Microsoft Security Client\msseces.exe" [2010-11-30 997408] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\FELLES~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 00:42 72208 ----a-w- c:\programfiler\Fellesfiler\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2007-03-14 20:17 89600 ----a-w- c:\windows\system32\psqlpwd.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] 2006-09-06 07:37 34344 ------w- c:\programfiler\Lenovo\HOTKEY\notifyf2.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2006-12-14 02:06 28672 ------w- c:\programfiler\Lenovo\HOTKEY\tphklock.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^BTTray.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\BTTray.lnk backup=c:\windows\pss\BTTray.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Digital Line Detect.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Digital Line Detect.lnk backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Hurtigstart for Adobe Reader.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Hurtigstart for Adobe Reader.lnk backup=c:\windows\pss\Hurtigstart for Adobe Reader.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Logitech SetPoint.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Windows Search.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^bruker^Start-meny^Programmer^Oppstart^Deer Hunter 2005 Registration.lnk] path=c:\documents and settings\bruker\Start-meny\Programmer\Oppstart\Deer Hunter 2005 Registration.lnk backup=c:\windows\pss\Deer Hunter 2005 Registration.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^bruker^Start-meny^Programmer^Oppstart^MagicDisc.lnk] path=c:\documents and settings\bruker\Start-meny\Programmer\Oppstart\MagicDisc.lnk backup=c:\windows\pss\MagicDisc.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^bruker^Start-meny^Programmer^Oppstart^OpenOffice.org 3.0.lnk] path=c:\documents and settings\bruker\Start-meny\Programmer\Oppstart\OpenOffice.org 3.0.lnk backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-01-11 21:16 39792 ----a-w- c:\programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2008-08-08 12:11 490952 ----a-w- c:\programfiler\DAEMON Tools Lite\daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2004-07-27 14:50 81920 ------w- c:\programfiler\Fellesfiler\Installshield\UpdateService\issch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-04-14 09:32 421160 ----a-w- c:\programfiler\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] 2008-02-29 01:12 76304 ----a-w- c:\windows\KHALMNPR.Exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 16:23 1695232 ------w- c:\programfiler\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 16:38 421888 ----a-w- c:\programfiler\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2011-01-26 15:05 15026056 ----a-r- c:\programfiler\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2011-02-14 23:05 1242448 ----a-w- c:\programfiler\Steam\Steam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2005-11-10 11:03 36975 ------w- c:\programfiler\Java\jre1.5.0_06\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-05-18 00:29 39408 ----a-w- c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2006-11-15 08:46 204288 ------w- c:\programfiler\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Apple Mobile Device"=2 (0x2) "iPod Service"=3 (0x3) "Bonjour Service"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Messenger\\msmsgs.exe"= "c:\\Programfiler\\Steam\\Steam.exe"= "c:\\Programfiler\\Spotify\\spotify.exe"= "c:\\Programfiler\\Mozilla Firefox\\firefox.exe"= "c:\\Programfiler\\VideoLAN\\VLC\\vlc.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Programfiler\\Counter-Strike 1.6\\hl.exe"= "c:\\Programfiler\\Logitech Touch Mouse Server\\iTouch-Server-Win.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\AirVideoServer\\AirVideoServer.exe"= "c:\\Programfiler\\Maxima-5.14.0\\wxMaxima\\wxMaxima.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Skype\\Phone\\Skype.exe"= "c:\\Programfiler\\EA GAMES\\Battlefield 2\\Bf2_w32ded.exe"= "c:\\Programfiler\\EA GAMES\\Battlefield 2\\BF2.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= "c:\\Programfiler\\Microsoft Games\\Age of Empires\\Empires.exe"= "c:\\Programfiler\\Age Of Empires 2 & The Conquerors Expansion - Full Game\\empires2.EXE"= "c:\\Programfiler\\Age Of Empires 2 & The Conquerors Expansion - Full Game\\Age2_x1\\age2_x1.exe"= "c:\\Programfiler\\Age Of Empires 2 & The Conquerors Expansion - Full Game\\age2_x1.exe"= "c:\\Programfiler\\Microsoft Games\\Age of Empires Expansion Trial\\empiresx.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "52280:TCP"= 52280:TCP:utorrent "52280:UDP"= 52280:UDP:utorrent "27000:UDP"= 27000:UDP:Steam 1 "27020:UDP"= 27020:UDP:steam 11 "27020:TCP"= 27020:TCP:steam2 "27050:TCP"= 27050:TCP:steam 22 "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.09.2008 18:18 717296] R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [16.10.2007 18:32 19504] R1 MpKsl37470587;MpKsl37470587;c:\documents and settings\All Users\Programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A12642F-7CEC-45ED-8D16-BA30E329D636}\MpKsl37470587.sys [09.05.2011 16:21 28752] R2 smihlp;SMI Helper Driver (smihlp);c:\programfiler\Fellesfiler\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [14.03.2007 22:10 11152] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\programfiler\Lenovo\Rescue and Recovery\rrpservice.exe [08.02.2007 13:11 569344] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22.05.2007 15:59 30336] S1 MpKslf5413126;MpKslf5413126;\??\c:\documents and settings\All Users\Programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E78CE71-7D0E-4E99-BF92-1C8336467BB7}\MpKslf5413126.sys --> c:\documents and settings\All Users\Programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E78CE71-7D0E-4E99-BF92-1C8336467BB7}\MpKslf5413126.sys [?] S1 MpKslfd0c639f;MpKslfd0c639f;\??\c:\documents and settings\All Users\Programdata\Microsoft\Microsoft Antimalware\Definition Updates\{30245982-D512-4886-A489-F9A315EF58F4}\MpKslfd0c639f.sys --> c:\documents and settings\All Users\Programdata\Microsoft\Microsoft Antimalware\Definition Updates\{30245982-D512-4886-A489-F9A315EF58F4}\MpKslfd0c639f.sys [?] S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"c:\programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?] S2 wmcmgc;Windows Management Configuration;c:\windows\System32\svchost.exe -k netsvcs [25.02.2006 15:00 14336] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [22.11.2010 20:39 18432] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [28.08.2008 18:31 41984] S3 wtsmpadap;Sesam Virtual Adapter;c:\windows\system32\DRIVERS\wtsmpadap.sys --> c:\windows\system32\DRIVERS\wtsmpadap.sys [?] S3 WtSmpFlt;Sesam Adapter;c:\windows\system32\DRIVERS\wtsmpflt.sys --> c:\windows\system32\DRIVERS\wtsmpflt.sys [?] . --- Andre tjenester/drivere lastet i minnet --- . *NewlyCreated* - MPKSL37470587 . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs wmcmgc wmcmgc . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) . 2011-05-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34] . 2011-05-09 c:\windows\Tasks\Google Software Updater.job - c:\programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-06 00:29] . 2011-05-09 c:\windows\Tasks\MP Scheduled Scan.job - c:\programfiler\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 10:26] . 2011-05-09 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-08-06 16:22] . 2011-05-09 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 20:18] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://lenovo.live.com uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send til &Bluetooth-enhet... - c:\programfiler\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm FF - ProfilePath - c:\documents and settings\bruker\Programdata\Mozilla\Firefox\Profiles\7bz7gsbl.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.escapistmagazine.com/ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-05-09 16:45 Windows 5.1.2600 Service Pack 3 NTFS . skanner skjulte prosesser ... . skanner skjulte autostart-oppføringer ... . HKCU\Software\Microsoft\Windows\CurrentVersion\Run AirVideoServer = c:\programfiler\AirVideoServer\AirVideoServer.exe? . skanner skjulte filer ... . skanning vellykket skjulte filer: 0 . ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- . [HKEY_USERS\S-1-5-21-469358549-1026899463-3026831977-1008\Software\SecuROM\License information*] "datasecu"=hex:48,45,d9,92,a9,8d,56,a7,3c,94,7a,5d,94,04,5f,95,d7,3a,02,92,6e, 3c,13,15,d1,35,b0,b0,1f,7f,6f,e0,23,af,cc,71,5d,11,fb,7a,b9,b7,a3,61,f3,15,\ "rkeysecu"=hex:8e,9b,92,c4,99,ca,56,c8,e4,2b,b2,7c,b1,45,1d,4b . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- . - - - - - - - > 'winlogon.exe'(992) c:\programfiler\fellesfiler\logishrd\bluetooth\LBTWlgn.dll c:\windows\system32\psqlpwd.dll c:\programfiler\fellesfiler\logishrd\bluetooth\LBTServ.dll c:\programfiler\ThinkVantage Fingerprint Software\homefus2.dll c:\programfiler\ThinkVantage Fingerprint Software\infra.dll c:\programfiler\ThinkVantage Fingerprint Software\homepass.dll c:\programfiler\ThinkVantage Fingerprint Software\bio.dll c:\programfiler\ThinkVantage Fingerprint Software\ps2css.dll c:\programfiler\ThinkVantage Fingerprint Software\remote.dll c:\programfiler\Lenovo\HOTKEY\tphklock.dll c:\programfiler\ThinkVantage Fingerprint Software\pscssint.dll c:\programfiler\ThinkVantage Fingerprint Software\crypto.dll c:\programfiler\Lenovo\HOTKEY\notifyf2.dll . - - - - - - - > 'explorer.exe'(3048) c:\windows\system32\nview.dll c:\windows\system32\NVWRSNO.DLL c:\programfiler\Windows Desktop Search\deskbar.dll c:\programfiler\Windows Desktop Search\nb-no\dbres.dll.mui c:\programfiler\Windows Desktop Search\dbres.dll c:\programfiler\Windows Desktop Search\wordwheel.dll c:\programfiler\Windows Desktop Search\nb-no\msnlExtRes.dll.mui c:\programfiler\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\nvwddi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Tidspunkt ferdig: 2011-05-09 16:47:29 ComboFix-quarantined-files.txt 2011-05-09 14:47 ComboFix2.txt 2011-02-10 23:45 ComboFix3.txt 2009-02-22 22:02 . Pre-Run: 39 479 136 256 byte ledig Post-Run: 41 219 883 008 byte ledig . - - End Of File - - 79BD93A98597EB12F2712F9D657916BD Lenke til kommentar
Lami Skrevet 10. mai 2011 Del Skrevet 10. mai 2011 Etter hva jeg kan se så ser alt fint ut. Visst du "pleier" å få virus i ny og ne vil jeg anbefale deg å skifte antivirus program. Et program som jeg har brukt lenge og har tatt alt jeg har støtt på er avast!. Ta å prøv det ut! Lenke til kommentar
HeatSeeKinG Skrevet 10. mai 2011 Forfatter Del Skrevet 10. mai 2011 Etter hva jeg kan se så ser alt fint ut. Visst du "pleier" å få virus i ny og ne vil jeg anbefale deg å skifte antivirus program. Et program som jeg har brukt lenge og har tatt alt jeg har støtt på er avast!. Ta å prøv det ut! takk Mitt største problem er at det ikke er bare meg som bruker PC'en. Broren min og kjæresten hans bruker ofte å låne PC'en fordi jeg har mye filmer, serier etc. I tillegg nekter jeg jo ikke å låne bort PC'en til kompiser som er på besøk. Det blir nok litt smålig å legge skylden på andre, for det kan no like godt være meg. Jeg er jo en flittig bruker av torrents etc. Jeg håper at jeg kan stoppe det meste ved hjelp av No Script og Add Block. PC'en er litt gammel, og grunen til at jeg liker MS Security essentials er fordi den bruker veldig lite ressurser:) -------------------------- Hvor kan jeg lære meg å analysere en slik combofix logg? Jeg føler meg temmelig god og trygg på XP. Jeg kan litt programering i XP. Jeg driver også å modder det som er av spill både på xbox 360 og PC. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå