Gå til innhold

Trojanere: "Generic 17" & "Spamtool.fys"... Aaaargh.

Loffen^

Av Loffen^
i IKT-drift og sikkerhet

Anbefalte innlegg

Loffen^

Loffen^

Skrevet
Skrevet (endret)

Maskinen ble infected med spyware og trojanere mens jeg surfet i går. Har lastet ned diverse spyware og virus programmer "Anti-Malware, Spybot, Ad-Aware, HijackThis etc" og scannet flere ganger med alle progza... Har fått fjernet det meste av skiten.

 

 

 

Det eneste som ikke vil vekk er enkelte trojanere (Screenshot fra AVG):

 

avgtrojanerhelvete.jpg

 

Noen som har snøring på hvordan man får fjernet faenskapet? Takk.

Endret av -LoFFeN-

Videoannonse

Videoannonse
Annonse
snippsat

snippsat

Skrevet
Skrevet
Jeg av-innstalerte det tidligere, men jeg får fortsatt meldingen. Er det en bug eller hva?

Nei den kommer alltid bare gå videre.

Eller disable avg før du kjører combofix.

Loffen^

Loffen^

Skrevet
  • Forfatter
Skrevet (endret)

Kjørte nettopp Combofix...

 

Her er loggen;

 

 

ComboFix 10-05-29.05 - Administrator 31.05.2010 20:22:08.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.47.1044.18.2047.1669 [GMT 2:00]

Kjører fra: c:\documents and settings\Administrator\Skrivebord\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Administrator\Programdata\0200000067a56460922C.manifest

c:\documents and settings\Administrator\Programdata\0200000067a56460922O.manifest

c:\documents and settings\Administrator\Programdata\0200000067a56460922P.manifest

c:\documents and settings\Administrator\Programdata\0200000067a56460922S.manifest

c:\documents and settings\Administrator\Programdata\874FD3E427FF3CD4F3B05A781318146B

c:\documents and settings\Administrator\Programdata\874FD3E427FF3CD4F3B05A781318146B\enemies-names.txt

C:\Thumbs.db

c:\windows\Help\verifier.hlp

c:\windows\system32\msxsltsso.dll

 

Infisert kopi av c:\windows\system32\drivers\nvgts.sys ble funnet og desinfisert

Gjenopprettet kopi fra - Kitty had a snack :p

c:\windows\system32\grpconv.exe manglet

Gjenopprettet kopi fra - c:\system volume information\_restore{1F544196-4261-4292-90CC-19F6BDFC13F0}\RP693\A0084705.exe

 

Infisert kopi av c:\windows\system32\drivers\ndis.sys ble funnet og desinfisert

Gjenopprettet kopi fra - c:\system volume information\_restore{1F544196-4261-4292-90CC-19F6BDFC13F0}\RP693\A0084707.sys

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-04-28 til 2010-05-31 )))))))))))))))))))))))))))))))))

.

 

2010-05-31 18:27 . 2004-08-04 00:03 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe

2010-05-31 18:27 . 2004-08-04 00:03 39424 ----a-w- c:\windows\system32\grpconv.exe

2010-05-31 18:12 . 2010-05-31 18:15 -------- d--h--r- c:\documents and settings\Administrator\Siste

2010-05-30 22:33 . 2010-05-30 22:33 -------- dc-h--w- c:\documents and settings\All Users\Programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2010-05-30 21:39 . 2010-05-30 21:40 -------- d-----w- c:\windows\SxsCaPendDel

2010-05-30 21:09 . 2010-05-30 21:16 -------- d-----w- c:\programfiler\GridinSoft Trojan Killer

2010-05-30 13:55 . 2010-05-30 13:55 -------- d-----w- c:\programfiler\Trend Micro

2010-05-30 13:11 . 2010-05-30 13:11 -------- d-----w- c:\documents and settings\Administrator\Lokale innstillinger\Programdata\G DATA

2010-05-30 13:08 . 2010-05-30 13:08 -------- d-----r- c:\documents and settings\LocalService\Favoritter

2010-05-30 13:01 . 2010-05-30 23:24 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-05-30 12:51 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-05-30 12:51 . 2010-05-30 12:51 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-05-30 12:46 . 2010-05-30 22:33 -------- d-----w- c:\documents and settings\All Users\Programdata\Lavasoft

2010-05-30 02:46 . 2010-05-30 02:46 -------- d-----w- C:\$AVG

2010-05-30 02:35 . 2010-05-30 02:35 -------- d-----w- c:\programfiler\AVG

2010-05-30 02:35 . 2010-05-30 20:54 -------- d-----w- c:\documents and settings\All Users\Programdata\avg9

2010-05-30 01:59 . 2010-05-30 02:32 -------- d-----w- c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy

2010-05-30 01:59 . 2010-05-30 01:59 -------- d-----w- c:\programfiler\Spybot - Search & Destroy

2010-05-30 01:34 . 2010-05-30 01:34 -------- d-----w- c:\programfiler\SpywareBlaster

2010-05-30 00:53 . 2010-05-30 01:28 -------- d-----w- c:\documents and settings\Administrator\Lokale innstillinger\Programdata\qqtvafchw

2010-05-30 00:53 . 2010-05-30 21:16 -------- d-----w- c:\documents and settings\Administrator\Programdata\Street-Ads

2010-05-30 00:53 . 2010-05-30 00:53 -------- d-----w- c:\documents and settings\Administrator\Programdata\Sky-Banners

2010-05-30 00:53 . 2010-05-30 00:53 50981 ----a-w- c:\windows\system32\cfdccwliwvhjztv.exe

2010-05-30 00:52 . 2010-05-30 00:52 -------- d-----w- c:\programfiler\$NtUninstallWTF1012$

2010-05-17 22:30 . 2010-05-17 22:30 -------- d-----w- c:\programfiler\Fellesfiler\DivX Shared

2010-05-17 22:28 . 2010-05-17 22:30 -------- d-----w- c:\documents and settings\All Users\Programdata\DivX

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-31 18:27 . 2007-01-24 19:03 578048 ----a-w- c:\windows\system32\user32.dll

2010-05-31 18:12 . 2008-04-18 20:26 -------- d---a-w- c:\documents and settings\All Users\Programdata\TEMP

2010-05-30 22:33 . 2008-10-01 08:43 -------- d-----w- c:\programfiler\Lavasoft

2010-05-30 20:55 . 2008-11-17 19:20 -------- d-----w- c:\programfiler\Replay Media Catcher

2010-05-30 20:38 . 2008-10-01 08:43 -------- d-----w- c:\documents and settings\Administrator\Programdata\Lavasoft

2010-05-30 13:55 . 2010-05-30 13:55 388096 ----a-r- c:\documents and settings\Administrator\Programdata\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-05-30 13:06 . 2009-03-11 15:50 -------- d-----w- c:\programfiler\Google

2010-05-30 01:31 . 2010-05-30 01:31 12 ----a-w- c:\documents and settings\NetworkService\Programdata\vlsfdq.dat

2010-05-30 01:01 . 2009-06-30 17:51 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware

2010-05-30 01:00 . 2010-05-30 01:00 12 ----a-w- c:\windows\system32\config\systemprofile\Programdata\vlsfdq.dat

2010-05-30 00:28 . 2010-03-05 13:30 -------- d-----w- c:\documents and settings\Administrator\Programdata\uTorrent

2010-05-29 23:36 . 2008-04-19 21:37 218808 ----a-w- c:\windows\system32\PnkBstrB.exe

2010-05-29 20:19 . 2008-04-19 21:37 137256 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2010-05-24 23:01 . 2008-11-17 19:21 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll

2010-05-24 23:01 . 2008-11-17 19:21 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe

2010-05-24 23:01 . 2008-11-17 19:21 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL

2010-05-23 19:51 . 2009-10-27 17:00 -------- d-----w- c:\documents and settings\Administrator\Programdata\vlc

2010-05-17 22:28 . 2010-05-17 22:28 144696 ----a-w- c:\documents and settings\All Users\Programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe

2010-05-17 22:28 . 2010-05-17 22:30 1180952 ----a-w- c:\documents and settings\All Users\Programdata\DivX\Setup\DivXSetup.exe

2010-05-10 00:22 . 2008-04-18 20:55 -------- d-----w- c:\programfiler\SopCast

2010-04-29 13:39 . 2009-06-30 17:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 13:39 . 2009-06-30 17:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-21 16:21 . 2010-04-21 16:20 -------- d-----w- c:\documents and settings\All Users\Programdata\{784E3329-1B2A-421E-9427-596088B766F6}

2010-03-28 15:07 . 2002-09-16 12:00 93736 ----a-w- c:\windows\system32\perfc014.dat

2010-03-28 15:07 . 2002-09-16 12:00 482832 ----a-w- c:\windows\system32\perfh014.dat

2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll

2010-03-07 22:04 . 2009-08-02 22:01 139152 ----a-w- c:\documents and settings\Administrator\Programdata\PnkBstrK.sys

2010-03-07 22:04 . 2009-08-02 22:01 139152 ----a-w- c:\documents and settings\Administrator\Programdata\PnkBstrK.sys

2010-03-07 22:04 . 2010-03-07 22:04 794408 ----a-w- c:\windows\system32\pbsvc.exe

2010-03-06 15:50 . 2010-01-31 06:25 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe

2010-03-06 15:50 . 2008-04-19 21:37 75064 ----a-w- c:\windows\system32\PnkBstrA.exe

.

Infected c:\windows\system32\user32.dll hex repaired

 

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVIDIA nTune"="c:\programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 28160]

 

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\

Logitech SetPoint.lnk - c:\programfiler\Logitech\SetPoint\SetPoint.exe [2008-4-18 528384]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start-meny^Programmer^Oppstart^monymi32.exe]

path=c:\documents and settings\Administrator\Start-meny\Programmer\Oppstart\monymi32.exe

backup=c:\windows\pss\monymi32.exeStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start-meny^Programmer^Oppstart^monymi32.PIF]

path=c:\documents and settings\Administrator\Start-meny\Programmer\Oppstart\monymi32.PIF

backup=c:\windows\pss\monymi32.PIFStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^DualCoreCenter.lnk]

path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\DualCoreCenter.lnk

backup=c:\windows\pss\DualCoreCenter.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Orbit.lnk]

path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Orbit.lnk

backup=c:\windows\pss\Orbit.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2008-06-19 15:20 57344 ----a-w- c:\windows\ALCMTR.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

2009-04-19 00:15 321344 ----a-w- c:\programfiler\DNA\btdna.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2004-08-04 00:03 15360 ----a-w- c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2008-12-29 10:40 687560 ----a-w- c:\programfiler\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-04-12 22:46 1135912 ----a-w- c:\programfiler\DivX\DivX Update\DivXUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]

2005-07-22 21:25 28160 ----a-w- c:\windows\KHALMNPR.Exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2009-07-26 14:44 3883856 ----a-w- c:\programfiler\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2010-01-11 21:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]

2007-09-04 17:25 81920 ----a-w- c:\programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2010-01-11 21:17 110696 ----a-w- c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2008-05-27 08:50 413696 ----a-w- c:\programfiler\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2005-01-12 01:01 32768 ----a-w- c:\programfiler\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2009-02-03 16:32 18085888 ----a-w- c:\windows\RTHDCPL.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2008-02-22 02:25 144784 ----a-w- c:\programfiler\Java\jre1.6.0_05\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Telenor Online Start]

2006-11-30 12:51 178312 ----a-w- c:\programfiler\Telenor\Online Start\Telenor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"gupdate1c9a2613b991d6c"=2 (0x2)

"gusvc"=2 (0x2)

"avg9wd"=2 (0x2)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Programfiler\\uTorrent\\uTorrent.exe"=

"c:\\Programfiler\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [30.05.2010 14:51 64288]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programfiler\Lavasoft\Ad-Aware\AAWService.exe [04.02.2010 17:52 1314704]

S2 gupdate;Google Update Service (gupdate);c:\programfiler\Google\Update\GoogleUpdate.exe [22.04.2010 23:43 136176]

S2 wtsmpadapq;wtsmpadapq;\??\c:\windows\System32\DRIVERS\wtsmpadapq.sys --> c:\windows\System32\DRIVERS\wtsmpadapq.sys [?]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys [27.03.2009 23:40 1684736]

S3 cpuz126;cpuz126;\??\c:\docume~1\ADMINI~1\LOKALE~1\Temp\cpuz.sys --> c:\docume~1\ADMINI~1\LOKALE~1\Temp\cpuz.sys [?]

S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10.02.2007 05:29 29178224]

S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

S3 wtsmpadap;Sesam Virtual Adapter;c:\windows\system32\DRIVERS\wtsmpadap.sys --> c:\windows\system32\DRIVERS\wtsmpadap.sys [?]

S3 WtSmpFlt;Sesam Adapter;c:\windows\system32\DRIVERS\wtsmpflt.sys --> c:\windows\system32\DRIVERS\wtsmpflt.sys [?]

S4 arwdugid;arwdugid; [x]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [01.02.2009 17:58 717296]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

vvdsvc REG_MULTI_SZ vvdsvc

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2010-05-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\programfiler\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 23:09]

 

2010-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programfiler\Google\Update\GoogleUpdate.exe [2010-04-22 21:43]

 

2010-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programfiler\Google\Update\GoogleUpdate.exe [2010-04-22 21:43]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.vg.no/

uInternet Settings,ProxyOverride = local

IE: Post Image to Blog - c:\programfiler\ImageShackToolbar\ImageShackToolbar.dll/5003

IE: Tag This Image - c:\programfiler\ImageShackToolbar\ImageShackToolbar.dll/5002

IE: Transload Image to ImageShack - c:\programfiler\ImageShackToolbar\ImageShackToolbar.dll/5004

IE: Upload All Images to ImageShack - c:\programfiler\ImageShackToolbar\ImageShackToolbar.dll/5000

IE: Upload Image to ImageShack - c:\programfiler\ImageShackToolbar\ImageShackToolbar.dll/5001

FF - ProfilePath - c:\documents and settings\Administrator\Programdata\Mozilla\Firefox\Profiles\mhdrxnos.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.vg.no/

FF - plugin: c:\programfiler\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\programfiler\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\programfiler\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\programfiler\Veetle\Player\npvlc.dll

FF - plugin: c:\programfiler\Veetle\plugins\npVeetle.dll

FF - plugin: c:\programfiler\Veetle\VLCBroadcast\npvbp.dll

 

---- FIREFOX POLICIES ----

c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

.

- - - - TOMME PEKERE FJERNET - - - -

 

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-nwiz - nwiz.exe

SSODL-GootkitSSO-{58473E58-0932-4D66-BFBD-EAF6D5099CEA} - c:\windows\System32\msxsltsso.dll

Notify-avgrsstarter - avgrsstx.dll

MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe

MSConfigStartUp-MChk - c:\windows\system32\iomtjtjl.exe

MSConfigStartUp-nwiz - nwiz.exe

MSConfigStartUp-skb - eiqzvbdr.dll

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-31 20:29

Windows 5.1.2600 Service Pack 2 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

 

[HKEY_USERS\S-1-5-21-796845957-1770027372-725345543-500\Software\SecuROM\License information*]

"datasecu"=hex:89,17,df,30,2c,52,f6,5c,91,4c,99,ea,ed,cb,ea,e2,09,85,86,40,6a,

a9,c6,05,03,07,de,13,b4,0a,e0,ab,a4,95,c8,dd,8f,36,b3,d7,87,c0,d3,c3,ec,06,\

"rkeysecu"=hex:01,30,6d,4e,15,f1,77,83,b2,9c,29,96,47,bc,71,04

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'explorer.exe'(3324)

c:\programfiler\Logitech\SetPoint\GameHook.dll

c:\programfiler\Logitech\SetPoint\lgscroll.dll

c:\windows\system32\Audiodev.dll

c:\windows\system32\WMVCore.DLL

c:\windows\system32\WMASF.DLL

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\programfiler\Bonjour\mDNSResponder.exe

c:\programfiler\NVIDIA Corporation\nTune\nTuneService.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\WgaTray.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\RUNDLL32.EXE

c:\programfiler\Fellesfiler\Logitech\KHAL\KHALMNPR.EXE

c:\programfiler\Lavasoft\Ad-Aware\AAWTray.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2010-05-31 20:35:19 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2010-05-31 18:35

 

Pre-Run: 90 469 715 968 byte ledig

Post-Run: 90 450 444 288 byte ledig

 

WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noexecute=alwaysoff

 

- - End Of File - - C705E73DA9F542A0B4351923A0CCCB02

 

 

 

CF gjorde nok susen gitt. Maskinen virker raskere nå. Alle svchost untatt de "normale" er borte. Scannet også med Spybot or Anti-Malware nå nettopp. Finner ingen suspekte filer.

Endret av -LoFFeN-
snippsat

snippsat

Skrevet
Skrevet

Kopiere fet tekst under bildet->åpne notisblokk og lim inn.

Lagre på skrivebordet som CFScript.txt

Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt

60876047vu9.gif

 

Registry::

[-HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start-meny^Programmer^Oppstart^monymi32.exe]

[-HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start-meny^Programmer^Oppstart^monymi32.PIF]

 

Driver::

arwdugid

Loffen^

Loffen^

Skrevet
  • Forfatter
Skrevet (endret)

Done.

 

 

ComboFix 10-05-30.09 - Administrator 31.05.2010 22:41:31.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.47.1044.18.2047.1539 [GMT 2:00]

Kjører fra: c:\documents and settings\Administrator\Skrivebord\ComboFix.exe

Command switches brukt :: c:\documents and settings\Administrator\Skrivebord\CFScript.txt.txt

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

.

((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_ARWDUGID

-------\Service_arwdugid

 

 

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-04-28 til 2010-05-31 )))))))))))))))))))))))))))))))))

.

 

2010-05-31 20:38 . 2010-05-31 20:38 -------- d--h--r- c:\documents and settings\Administrator\Siste

2010-05-31 18:27 . 2004-08-04 00:03 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe

2010-05-31 18:27 . 2004-08-04 00:03 39424 ----a-w- c:\windows\system32\grpconv.exe

2010-05-30 22:33 . 2010-05-30 22:33 -------- dc-h--w- c:\documents and settings\All Users\Programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2010-05-30 22:33 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe

2010-05-30 21:39 . 2010-05-30 21:40 -------- d-----w- c:\windows\SxsCaPendDel

2010-05-30 21:09 . 2010-05-30 21:16 -------- d-----w- c:\programfiler\GridinSoft Trojan Killer

2010-05-30 13:55 . 2010-05-30 13:55 388096 ----a-r- c:\documents and settings\Administrator\Programdata\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-05-30 13:55 . 2010-05-30 13:55 -------- d-----w- c:\programfiler\Trend Micro

2010-05-30 13:11 . 2010-05-30 13:11 -------- d-----w- c:\documents and settings\Administrator\Lokale innstillinger\Programdata\G DATA

2010-05-30 13:08 . 2010-05-30 13:08 -------- d-----r- c:\documents and settings\LocalService\Favoritter

2010-05-30 13:01 . 2010-05-30 23:24 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-05-30 12:51 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-05-30 12:51 . 2010-05-30 12:51 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-05-30 12:46 . 2010-05-30 22:33 -------- d-----w- c:\documents and settings\All Users\Programdata\Lavasoft

2010-05-30 02:46 . 2010-05-30 02:46 -------- d-----w- C:\$AVG

2010-05-30 02:35 . 2010-05-30 02:35 -------- d-----w- c:\programfiler\AVG

2010-05-30 02:35 . 2010-05-30 20:54 -------- d-----w- c:\documents and settings\All Users\Programdata\avg9

2010-05-30 01:59 . 2010-05-30 02:32 -------- d-----w- c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy

2010-05-30 01:59 . 2010-05-30 01:59 -------- d-----w- c:\programfiler\Spybot - Search & Destroy

2010-05-30 01:34 . 2010-05-30 01:34 -------- d-----w- c:\programfiler\SpywareBlaster

2010-05-30 00:53 . 2010-05-30 01:28 -------- d-----w- c:\documents and settings\Administrator\Lokale innstillinger\Programdata\qqtvafchw

2010-05-30 00:53 . 2010-05-30 21:16 -------- d-----w- c:\documents and settings\Administrator\Programdata\Street-Ads

2010-05-30 00:53 . 2010-05-30 00:53 -------- d-----w- c:\documents and settings\Administrator\Programdata\Sky-Banners

2010-05-30 00:53 . 2010-05-30 00:53 50981 ----a-w- c:\windows\system32\cfdccwliwvhjztv.exe

2010-05-30 00:52 . 2010-05-30 00:52 -------- d-----w- c:\programfiler\$NtUninstallWTF1012$

2010-05-17 22:28 . 2010-05-17 22:28 144696 ----a-w- c:\documents and settings\All Users\Programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe

2010-05-17 22:28 . 2010-05-17 22:30 -------- d-----w- c:\documents and settings\All Users\Programdata\DivX

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-31 18:27 . 2007-01-24 19:03 578048 ----a-w- c:\windows\system32\user32.dll

2010-05-31 18:12 . 2008-04-18 20:26 -------- d---a-w- c:\documents and settings\All Users\Programdata\TEMP

2010-05-30 22:33 . 2008-10-01 08:43 -------- d-----w- c:\programfiler\Lavasoft

2010-05-30 20:55 . 2008-11-17 19:20 -------- d-----w- c:\programfiler\Replay Media Catcher

2010-05-30 20:38 . 2008-10-01 08:43 -------- d-----w- c:\documents and settings\Administrator\Programdata\Lavasoft

2010-05-30 13:06 . 2009-03-11 15:50 -------- d-----w- c:\programfiler\Google

2010-05-30 01:31 . 2010-05-30 01:31 12 ----a-w- c:\documents and settings\NetworkService\Programdata\vlsfdq.dat

2010-05-30 01:01 . 2009-06-30 17:51 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware

2010-05-30 01:00 . 2010-05-30 01:00 12 ----a-w- c:\windows\system32\config\systemprofile\Programdata\vlsfdq.dat

2010-05-30 00:28 . 2010-03-05 13:30 -------- d-----w- c:\documents and settings\Administrator\Programdata\uTorrent

2010-05-29 23:36 . 2008-04-19 21:37 218808 ----a-w- c:\windows\system32\PnkBstrB.exe

2010-05-29 20:19 . 2008-04-19 21:37 137256 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2010-05-24 23:01 . 2008-11-17 19:21 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll

2010-05-24 23:01 . 2008-11-17 19:21 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe

2010-05-24 23:01 . 2008-11-17 19:21 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL

2010-05-23 19:51 . 2009-10-27 17:00 -------- d-----w- c:\documents and settings\Administrator\Programdata\vlc

2010-05-10 00:22 . 2008-04-18 20:55 -------- d-----w- c:\programfiler\SopCast

2010-04-29 13:39 . 2009-06-30 17:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 13:39 . 2009-06-30 17:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-21 16:21 . 2010-04-21 16:20 -------- d-----w- c:\documents and settings\All Users\Programdata\{784E3329-1B2A-421E-9427-596088B766F6}

2010-03-28 15:07 . 2002-09-16 12:00 93736 ----a-w- c:\windows\system32\perfc014.dat

2010-03-28 15:07 . 2002-09-16 12:00 482832 ----a-w- c:\windows\system32\perfh014.dat

2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll

2010-03-07 22:04 . 2009-08-02 22:01 139152 ----a-w- c:\documents and settings\Administrator\Programdata\PnkBstrK.sys

2010-03-07 22:04 . 2009-08-02 22:01 139152 ----a-w- c:\documents and settings\Administrator\Programdata\PnkBstrK.sys

2010-03-07 22:04 . 2010-03-07 22:04 794408 ----a-w- c:\windows\system32\pbsvc.exe

2010-03-06 15:50 . 2010-01-31 06:25 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe

2010-03-06 15:50 . 2008-04-19 21:37 75064 ----a-w- c:\windows\system32\PnkBstrA.exe

.

 

((((((((((((((((((((((((((((( SnapShot@2010-05-31_18.29.20 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-05-31 20:33 . 2010-05-31 20:33 16384 c:\windows\Temp\Perflib_Perfdata_fc.dat

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVIDIA nTune"="c:\programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 28160]

 

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\

Logitech SetPoint.lnk - c:\programfiler\Logitech\SetPoint\SetPoint.exe [2008-4-18 528384]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^DualCoreCenter.lnk]

path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\DualCoreCenter.lnk

backup=c:\windows\pss\DualCoreCenter.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Orbit.lnk]

path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Orbit.lnk

backup=c:\windows\pss\Orbit.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2008-06-19 15:20 57344 ----a-w- c:\windows\ALCMTR.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

2009-04-19 00:15 321344 ----a-w- c:\programfiler\DNA\btdna.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2004-08-04 00:03 15360 ----a-w- c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2008-12-29 10:40 687560 ----a-w- c:\programfiler\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2010-04-12 22:46 1135912 ----a-w- c:\programfiler\DivX\DivX Update\DivXUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]

2005-07-22 21:25 28160 ----a-w- c:\windows\KHALMNPR.Exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2009-07-26 14:44 3883856 ----a-w- c:\programfiler\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2010-01-11 21:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]

2007-09-04 17:25 81920 ----a-w- c:\programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2010-01-11 21:17 110696 ----a-w- c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2008-05-27 08:50 413696 ----a-w- c:\programfiler\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2005-01-12 01:01 32768 ----a-w- c:\programfiler\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2009-02-03 16:32 18085888 ----a-w- c:\windows\RTHDCPL.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2008-02-22 02:25 144784 ----a-w- c:\programfiler\Java\jre1.6.0_05\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Telenor Online Start]

2006-11-30 12:51 178312 ----a-w- c:\programfiler\Telenor\Online Start\Telenor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"gupdate1c9a2613b991d6c"=2 (0x2)

"gusvc"=2 (0x2)

"avg9wd"=2 (0x2)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Programfiler\\uTorrent\\uTorrent.exe"=

"c:\\Programfiler\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [30.05.2010 14:51 64288]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programfiler\Lavasoft\Ad-Aware\AAWService.exe [04.02.2010 17:52 1314704]

S2 gupdate;Google Update Service (gupdate);c:\programfiler\Google\Update\GoogleUpdate.exe [22.04.2010 23:43 136176]

S2 wtsmpadapq;wtsmpadapq;\??\c:\windows\System32\DRIVERS\wtsmpadapq.sys --> c:\windows\System32\DRIVERS\wtsmpadapq.sys [?]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys [27.03.2009 23:40 1684736]

S3 cpuz126;cpuz126;\??\c:\docume~1\ADMINI~1\LOKALE~1\Temp\cpuz.sys --> c:\docume~1\ADMINI~1\LOKALE~1\Temp\cpuz.sys [?]

S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\programfiler\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10.02.2007 05:29 29178224]

S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]

S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

S3 wtsmpadap;Sesam Virtual Adapter;c:\windows\system32\DRIVERS\wtsmpadap.sys --> c:\windows\system32\DRIVERS\wtsmpadap.sys [?]

S3 WtSmpFlt;Sesam Adapter;c:\windows\system32\DRIVERS\wtsmpflt.sys --> c:\windows\system32\DRIVERS\wtsmpflt.sys [?]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [01.02.2009 17:58 717296]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

vvdsvc REG_MULTI_SZ vvdsvc

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2010-05-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\programfiler\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 23:09]

 

2010-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programfiler\Google\Update\GoogleUpdate.exe [2010-04-22 21:43]

 

2010-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programfiler\Google\Update\GoogleUpdate.exe [2010-04-22 21:43]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.vg.no/

uInternet Settings,ProxyOverride = local

IE: Post Image to Blog - c:\programfiler\ImageShackToolbar\ImageShackToolbar.dll/5003

IE: Tag This Image - c:\programfiler\ImageShackToolbar\ImageShackToolbar.dll/5002

IE: Transload Image to ImageShack - c:\programfiler\ImageShackToolbar\ImageShackToolbar.dll/5004

IE: Upload All Images to ImageShack - c:\programfiler\ImageShackToolbar\ImageShackToolbar.dll/5000

IE: Upload Image to ImageShack - c:\programfiler\ImageShackToolbar\ImageShackToolbar.dll/5001

FF - ProfilePath - c:\documents and settings\Administrator\Programdata\Mozilla\Firefox\Profiles\mhdrxnos.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.vg.no/

FF - plugin: c:\programfiler\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\programfiler\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\programfiler\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\programfiler\Veetle\Player\npvlc.dll

FF - plugin: c:\programfiler\Veetle\plugins\npVeetle.dll

FF - plugin: c:\programfiler\Veetle\VLCBroadcast\npvbp.dll

 

---- FIREFOX POLICIES ----

c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-31 22:45

Windows 5.1.2600 Service Pack 2 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

 

[HKEY_USERS\S-1-5-21-796845957-1770027372-725345543-500\Software\SecuROM\License information*]

"datasecu"=hex:89,17,df,30,2c,52,f6,5c,91,4c,99,ea,ed,cb,ea,e2,09,85,86,40,6a,

a9,c6,05,03,07,de,13,b4,0a,e0,ab,a4,95,c8,dd,8f,36,b3,d7,87,c0,d3,c3,ec,06,\

"rkeysecu"=hex:01,30,6d,4e,15,f1,77,83,b2,9c,29,96,47,bc,71,04

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'explorer.exe'(2956)

c:\programfiler\Logitech\SetPoint\GameHook.dll

c:\programfiler\Logitech\SetPoint\lgscroll.dll

c:\windows\system32\Audiodev.dll

c:\windows\system32\WMVCore.DLL

c:\windows\system32\WMASF.DLL

.

Tidspunkt ferdig: 2010-05-31 22:46:57

ComboFix-quarantined-files.txt 2010-05-31 20:46

ComboFix2.txt 2010-05-31 18:35

 

Pre-Run: 90 372 321 280 byte ledig

Post-Run: 90 341 097 472 byte ledig

 

- - End Of File - - 349B1298F8CD11F85CE39F67D30EFF3C

 

 

 

Endret av -LoFFeN-
snippsat

snippsat

Skrevet
Skrevet

Da ser det bra ut.

 

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

 

Sjekk om software er oppdatert Secunia

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...