Hjälp med Combofixlogg.

[dawnil]

Har en kompis som fick virus. Han skrev såhär tidigare på ett forum som heter 'Fragbite'.

 

Jag lyckades dra på mig en massa virus häromdagen, satt och surfa sen helt plötsligt blir jag bombad av mitt antivirus som säger att jag har fått en massa trojaner och snart så börjar datorn leva sitt eget liv men jag lyckades få igång virussökning ( Jag har Norman som virusskydd om det skulle vara till hjälp) satte även igång Windows defender, de hittade lite virus då och då, jag har haft sökningar på under 2 dygn nu, men i morse så slutade de hitta virus men jag visste att jag hade saker kvar eftersom datorn går segt som fan osv. så jag laddade ner Search & Destroy eftersom det föreslogs i många trådar jag hittade här på forumet, iallafall så har jag kört det några gånger under dagen och nu så hände detta;

 

 

Vad ska jag göra för att få bort det och resterande(?) virus, är det bara att för att fortsätta scanna med S&D ? Hjälp mig Fragbite, bettan är för ung för att dö, jag skulle helst undvika att formatera men om det är den enda utvägen så..

 

Senare tipsade en användare honom att köra Combofix, så han körde combofix och postade loggen på forumet.

 

Detta är loggfilen. Vet inte om han ska göra en ny, för combofix kördes ej från skrivbordet.

 

[log]ComboFix 10-04-21.01 - Oskar 2010-04-21 19:51:39.1.1 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.46.1053.18.2047.1279 [GMT 2:00]

Körs från: c:\users\Oskar\Downloads\ComboFix.exe

AV: Norman Security Suite *On-access scanning disabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$recycle.bin\S-1-5-21-1307532614-2333989783-3201272283-1001

c:\$recycle.bin\S-1-5-21-2042753034-1467289626-1802997149-500

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500

c:\programdata\hpe7F66.dll

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat

c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

c:\programdata\sysReserve.ini

c:\recycler\S-1-5-21-0310094807-0345822620-726398263-6520

c:\recycler\S-1-5-21-1521607637-5285388494-464912118-0726

c:\recycler\S-1-5-21-4218476410-7288343200-372250428-9635

c:\recycler\S-1-5-21-4795337912-9965975642-026358667-5867

c:\recycler\S-1-5-21-4945764347-9987899753-584593946-5583

c:\recycler\S-1-5-21-7719421365-2059665178-786849677-9280

c:\recycler\S-1-5-21-9388638653-8902425135-076549946-8756

c:\recycler\S-1-5-21-9844542318-3799764509-834698863-2837

c:\users\oskar\appdata\local\temp\mlifef.dll

c:\users\oskar\appdata\local\temp\opomkh.dll

c:\users\Oskar\AppData\Roaming\Desktopicon

c:\users\Oskar\AppData\Roaming\Desktopicon\config.ini

c:\users\Oskar\AppData\Roaming\Desktopicon\eBayShortcuts.exe

c:\users\Oskar\AppData\Roaming\sdra64.exe

c:\users\Oskar\oashdihasidhasuidhiasdhiashdiuasdhasd

c:\windows\system32\hattric

 

----- BITS: Troligen infekterade webbplatser -----

 

hxxp://solaruploader.com

.

(((((((((((((((((((((((( Filer Skapade från 2010-03-21 till 2010-04-21 ))))))))))))))))))))))))))))))

.

 

2010-04-21 18:07 . 2010-04-21 18:07 -------- d-----w- c:\users\Oskar\AppData\Local\temp

2010-04-21 18:07 . 2010-04-21 18:07 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-04-21 16:51 . 2010-04-21 16:51 -------- d-----w- c:\users\Oskar\AppData\Roaming\Malwarebytes

2010-04-21 16:39 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-21 16:39 . 2010-04-21 16:39 -------- d-----w- c:\programdata\Malwarebytes

2010-04-21 16:39 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-21 16:39 . 2010-04-21 16:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-04-21 11:12 . 2010-04-21 13:58 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-04-21 11:12 . 2010-04-21 13:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2010-04-21 09:46 . 2010-04-21 09:46 62464 ---h--w- c:\users\Oskar\qww.exe

2010-04-21 09:46 . 2010-04-21 17:01 -------- d-sh--w- c:\users\Oskar\AppData\Roaming\lowsec

2010-04-19 21:25 . 2010-04-20 05:41 -------- d-----w- c:\users\Oskar\AppData\Roaming\E7DDAB5D8F10BC3F5EFF64CE28BB702B

2010-04-14 14:02 . 2010-01-13 18:23 97792 ----a-w- c:\windows\system32\cabview.dll

2010-04-14 14:01 . 2009-12-23 12:45 171520 ----a-w- c:\windows\system32\wintrust.dll

2010-03-28 18:44 . 2009-03-25 15:48 12200 ----a-w- c:\windows\system32\drivers\s1018whnt.sys

2010-03-28 18:44 . 2009-03-25 15:48 12200 ----a-w- c:\windows\system32\drivers\s1018wh.sys

2010-03-28 18:44 . 2009-03-25 15:48 26024 ----a-w- c:\windows\system32\drivers\s1018nd5.sys

2010-03-28 18:44 . 2009-03-25 15:48 15016 ----a-w- c:\windows\system32\drivers\s1018mdfl.sys

2010-03-28 18:44 . 2009-03-25 15:48 114728 ----a-w- c:\windows\system32\drivers\s1018mdm.sys

2010-03-28 18:44 . 2009-03-25 15:48 109864 ----a-w- c:\windows\system32\drivers\s1018unic.sys

2010-03-28 18:44 . 2009-03-25 15:48 106208 ----a-w- c:\windows\system32\drivers\s1018mgmt.sys

2010-03-28 18:44 . 2009-03-25 15:48 104744 ----a-w- c:\windows\system32\drivers\s1018obex.sys

2010-03-28 18:44 . 2009-03-25 15:48 86824 ----a-w- c:\windows\system32\drivers\s1018bus.sys

2010-03-28 18:44 . 2009-03-25 15:48 12200 ----a-w- c:\windows\system32\drivers\s1018cmnt.sys

2010-03-28 18:44 . 2009-03-25 15:48 12200 ----a-w- c:\windows\system32\drivers\s1018cm.sys

2010-03-28 18:44 . 2009-03-25 15:48 10792 ----a-w- c:\windows\system32\drivers\s1018cr.sys

2010-03-25 14:23 . 2010-02-12 10:49 293376 ----a-w- c:\windows\system32\browserchoice.exe

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-21 17:47 . 2008-10-25 13:58 -------- d-----w- c:\program files\Norman

2010-04-21 17:32 . 2009-03-13 13:35 -------- d-----w- c:\users\Oskar\AppData\Roaming\Spotify

2010-04-19 21:49 . 2008-10-27 09:12 1356 ----a-w- c:\users\Oskar\AppData\Local\d3d9caps.dat

2010-04-17 15:11 . 2008-10-26 17:48 -------- d-----w- c:\program files\Steam

2010-04-17 15:10 . 2008-10-26 17:48 -------- d-----w- c:\program files\Common Files\Steam

2010-04-15 14:30 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-04-15 14:24 . 2009-02-19 16:31 -------- d-----w- c:\programdata\Microsoft Help

2010-04-11 21:56 . 2008-12-06 14:13 -------- d-----w- c:\users\Oskar\AppData\Roaming\BitTorrent

2010-04-10 10:39 . 2007-09-26 06:04 480268 ----a-w- c:\windows\system32\perfh01D.dat

2010-04-10 10:39 . 2007-09-26 06:04 85522 ----a-w- c:\windows\system32\perfc01D.dat

2010-04-09 23:15 . 2008-10-26 21:08 -------- d-----w- c:\users\Oskar\AppData\Roaming\Skype

2010-04-09 22:17 . 2008-10-26 21:11 -------- d-----w- c:\users\Oskar\AppData\Roaming\skypePM

2010-03-29 16:05 . 2009-08-03 07:46 -------- d-----w- c:\programdata\Sony Ericsson

2010-03-29 16:05 . 2009-08-03 07:46 -------- d-----w- c:\program files\Sony Ericsson

2010-03-28 19:00 . 2007-12-12 18:10 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-03-09 16:54 . 2010-03-31 13:56 832512 ----a-w- c:\windows\system32\wininet.dll

2010-03-09 16:50 . 2010-03-31 13:56 56320 ----a-w- c:\windows\system32\iesetup.dll

2010-03-09 16:50 . 2010-03-31 13:56 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-03-09 16:50 . 2010-03-31 13:56 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll

2010-03-09 16:48 . 2010-03-31 13:56 72704 ----a-w- c:\windows\system32\admparse.dll

2010-03-09 14:17 . 2010-03-31 13:56 26624 ----a-w- c:\windows\system32\ieUnatt.exe

2010-03-09 12:43 . 2010-03-31 13:56 48128 ----a-w- c:\windows\system32\mshtmler.dll

2010-03-08 16:56 . 2009-09-22 16:50 -------- d-----w- c:\program files\Heroes of Newerth

2010-03-04 19:24 . 2010-04-14 14:03 434176 ----a-w- c:\windows\system32\vbscript.dll

2010-02-25 15:10 . 2008-10-25 13:49 72216 ----a-w- c:\users\Oskar\AppData\Local\GDIPFONTCACHEV1.DAT

2010-02-24 08:16 . 2009-10-02 23:45 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-02-23 11:30 . 2010-04-14 14:03 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-02-23 11:30 . 2010-04-14 14:03 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2010-02-23 11:30 . 2010-04-14 14:03 102912 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-20 23:54 . 2010-03-11 13:36 24064 ----a-w- c:\windows\system32\nshhttp.dll

2010-02-20 23:31 . 2010-03-11 13:36 31232 ----a-w- c:\windows\system32\httpapi.dll

2010-02-20 21:16 . 2010-03-11 13:36 398848 ----a-w- c:\windows\system32\drivers\http.sys

2010-02-18 14:34 . 2010-04-14 14:03 3504008 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-18 14:34 . 2010-04-14 14:03 3470216 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-18 14:34 . 2010-04-14 14:03 213896 ----a-w- c:\windows\system32\drivers\netio.sys

2010-02-18 14:19 . 2010-04-14 14:03 179712 ----a-w- c:\windows\system32\iphlpsvc.dll

2010-02-18 14:01 . 2010-04-14 14:03 167424 ----a-w- c:\windows\system32\tcpipcfg.dll

2010-02-18 13:56 . 2010-04-14 14:03 416768 ----a-w- c:\windows\system32\IKEEXT.DLL

2010-02-18 13:56 . 2010-04-14 14:03 543232 ----a-w- c:\windows\system32\FWPUCLNT.DLL

2010-02-18 13:55 . 2010-04-14 14:03 317440 ----a-w- c:\windows\system32\BFE.DLL

2010-02-18 12:04 . 2010-04-14 14:03 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys

2010-02-18 12:04 . 2010-04-14 14:03 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS

2010-02-18 11:51 . 2010-04-14 14:03 818688 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-02-18 11:51 . 2010-04-14 14:03 22016 ----a-w- c:\windows\system32\netiougc.exe

2010-02-18 11:50 . 2010-04-14 14:03 85504 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2010-02-12 17:14 . 2009-12-15 18:27 138504 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2010-02-12 17:13 . 2009-12-15 17:36 214488 ----a-w- c:\windows\system32\PnkBstrB.exe

2010-01-28 16:41 . 2008-11-13 17:21 4624 ----a-w- c:\users\Oskar\AppData\Roaming\wklnhst.dat

2010-01-25 12:58 . 2010-02-24 14:08 473088 ----a-w- c:\windows\system32\secproc_isv.dll

2010-01-25 12:58 . 2010-02-24 14:08 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-01-25 12:58 . 2010-02-24 14:08 154112 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-01-25 12:58 . 2010-02-24 14:08 472576 ----a-w- c:\windows\system32\secproc.dll

2010-01-25 12:56 . 2010-02-24 14:08 312320 ----a-w- c:\windows\system32\msdrm.dll

2010-01-25 08:36 . 2010-02-24 14:08 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2010-01-25 08:36 . 2010-02-24 14:08 515584 ----a-w- c:\windows\system32\RMActivate.exe

2010-01-25 08:36 . 2010-02-24 14:08 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-01-25 08:35 . 2010-02-24 14:08 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe

2010-01-23 08:05 . 2010-02-24 14:10 2048 ----a-w- c:\windows\system32\tzres.dll

2007-11-03 14:51 . 2007-11-03 14:09 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

 

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Not* Tomma poster & legitima standardposter visas inte.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-11-03 1006264]

"RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 4702208]

"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]

"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-27 23552]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"recinfo207"="c:\recinfo\RecInfo.exe" [2007-10-23 2764800]

"Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2009-10-07 189824]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 1501064]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-11 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-11 8530464]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-11 81920]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2007-05-11 01:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]

2009-10-07 13:52 323392 ----a-w- c:\program files\DNA\btdna.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient]

2010-01-30 14:46 1845248 ----a-w- c:\program files\Curse\CurseClient.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

2007-04-03 22:29 165784 ----a-w- c:\program files\DAEMON Tools\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2008-11-20 12:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Krait]

2006-01-24 09:38 147456 ----a-w- c:\program files\Razer\Krait\razerhid.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 15:44 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-02-26 18:46 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2008-11-04 09:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

2009-11-20 08:17 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2010-02-20 18:05 1217872 ----a-w- c:\program files\Steam\Steam.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-03-09 03:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

 

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-08-05 722416]

R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]

R3 GarenaPEngine;GarenaPEngine;c:\users\Oskar\AppData\Local\Temp\OIR3ED4.tmp [x]

R3 netr73;D-Link DWA-111 Wireless G USB Adapter Driver;c:\windows\system32\DRIVERS\netr73.sys [2007-01-31 256000]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcv32mf.sys [2009-10-09 23392]

R3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\Nvc\bin\nvcoas.exe [2009-10-07 197960]

R3 NVCScheduler;Norman Virus Control Scheduler;c:\program files\Norman\Npm\Bin\Nvcsched.exe [x]

R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]

R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]

R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]

R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]

R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]

R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]

R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]

R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]

R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]

R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]

R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]

R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]

R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]

R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]

R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2008-10-26 218624]

R4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [2009-06-26 85504]

S1 NGS;Norman General Security Driver;c:\program files\norman\ngs\bin\ngs.sys [2009-10-07 25032]

S1 NPROSEC;Norman Security driver;c:\program files\Norman\Ngs\Bin\nprosec.sys [2009-10-07 56136]

S2 Ndiskio;Ndiskio;c:\program files\Norman\Nse\bin\NDISKIO.SYS [2009-10-13 24168]

S2 NPROSECSVC;Norman Security service;c:\program files\Norman\Ngs\Bin\Nprosec.exe [2009-10-07 124232]

S2 NVOY;Norman Resource Provider;c:\program files\Norman\npm\bin\nvoy.exe [2009-10-07 128328]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\nse\bin\NSESVC.EXE [2009-11-23 283976]

S3 Scheduler;Norman Scheduler Service;c:\program files\Norman\Npm\Bin\scheduler.exe [2009-10-07 132424]

 

.

.

------- Extra genomsökning -------

.

uStart Page = hxxp://www.garena.com/portal/

IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Oskar\AppData\Roaming\Mozilla\Firefox\Profiles\48nmwo2d.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/watch?v=p7gjK3OgUM0&playnext_from=TL&videos=nUWAPwKyt_U

FF - prefs.js: keyword.URL -

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll

FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll

FF - plugin: c:\users\Oskar\AppData\Roaming\Mozilla\plugins\npoctoshape.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICY ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".se");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

 

HKCU-Run-Regedit32 - c:\windows\system32\regedit.exe

HKLM-Run-recinfo - RecInfo.exe

HKLM-Run-BVRPLiveUpdate - c:\program files\Avanquest update\Engine\Setup.exe

MSConfigStartUp-Hattric - c:\windows\system32\hattric\smss.exe

MSConfigStartUp-NCsoft Launcher - c:\program files\NCSoft\Launcher\NCLauncher.exe

MSConfigStartUp-VOIPlay - c:\program files\VOIPlay\voiplay.exe

AddRemove-{F0DA7B2E-5D3F-43DB-AAA6-8835296AEA12} - c:\program files\Norman\NVC\BIN\DelNVC5.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-21 20:07

Windows 6.0.6000 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GarenaPEngine]

"ImagePath"="\??\c:\users\Oskar\AppData\Local\Temp\OIR3ED4.tmp"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LÅSTA REGISTERNYCKLAR ---------------------

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Sluttid: 2010-04-21 20:12:51

ComboFix-quarantined-files.txt 2010-04-21 18:12

 

Före genomsökningen: 69 361 676 288 byte ledigt

Efter genomsökningen: 69 879 414 784 byte ledigt

 

- - End Of File - - A6BE1EFA102072BB4F98F513DD617C9D[/log]

[Cecilia]

ComboFix gör sitt jobb oavsett i vilken mapp det ligger.

 

Jag ser inget mer skadligt i loggen. Men allt syns inte i en ComboFix-logg. Skanna datorn online på

http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Om något hittas så spara loggen och klistra in i ditt svar.

 

Spara Gmer på Skrivbordet från:

http://www2.gmer.net/download.php

Den har ett slumpmässigt namn så notera vad programmet sparas som.

 

Dra ur internetanslutningen.

Stäng alla program, även antivirusprogram och brandvägg.

Starta det nedladdade programmet.

En första snabbskanning startar.

Om det kommer upp en WARNING som nämner ROOTKIT och frågar om "fully scan" så välj Nej/No. Spara loggen och klistra in i ditt svar. Gör inte mer.

 

Om frågan inte kommer så välj fliken Rootkit/Malware, kontrollera att allt är förbockat till höger utom Show All och andra partitioner än C:\. Tryck på Scan. Låt datorn stå ifred medan Gmer håller på.

Tryck på Save och spara resultatet på Skrivbordet.

Sätt igång antivirusprogram och brandvägg innan du ansluter till internet.

Klistra in resultatet i ditt svar.