Gå til innhold

Kan noen sjekke disse loggene...LØST

kattami

Av kattami
i IKT-drift og sikkerhet

Anbefalte innlegg

kattami

kattami

Skrevet
Skrevet (endret)

Og fortelle meg hva jeg skal gjøre. Tror jeg har Virtumondo. :ermm:

 

Hjt logg

Klikk for å se/fjerne innholdet nedenfor

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [LG Intelligent Update] "C:\Program Files\lg_swupdate\giljabistart.exe" Gilautouc

O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

O13 - Gopher Prefix:

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Automatisk LiveUpdate-planlegging (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Evil Driver Daemon (NishService) - Unknown owner - C:\Program Files\LG Software\System Control Manager\edd.exe

O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

 

--

End of file - 7312 bytes

 

 

Combofix logg

Klikk for å se/fjerne innholdet nedenforComboFix 08-08-30.03 - Morten 2008-08-31 20:30:35.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.1813 [GMT 2:00]

Running from: C:\Users\Morten\Downloads\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Users\Morten\AppData\Local\Temp\lsmusmkq.dll

C:\Users\Morten\AppData\Local\Temp\updivesm.dll

 

.

((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-31 )))))))))))))))))))))))))))))))

.

 

2008-08-31 19:21 . 2008-08-31 19:23 <DIR> d-------- C:\Users\All Users\Lavasoft

2008-08-31 19:21 . 2008-08-31 19:23 <DIR> d-------- C:\ProgramData\Lavasoft

2008-08-31 19:21 . 2008-08-31 19:21 <DIR> d-------- C:\Program Files\Lavasoft

2008-08-31 16:28 . 2008-08-31 16:28 <DIR> d-------- C:\Users\Morten\AppData\Roaming\SUPERAntiSpyware.com

2008-08-31 16:28 . 2008-08-31 16:28 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com

2008-08-31 16:28 . 2008-08-31 16:28 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com

2008-08-31 16:28 . 2008-08-31 16:28 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-08-31 16:27 . 2008-08-31 19:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-08-22 13:03 . 2008-08-31 13:13 <DIR> d-a------ C:\Users\All Users\TEMP

2008-08-22 13:03 . 2008-08-31 13:13 <DIR> d-a------ C:\ProgramData\TEMP

2008-08-22 13:02 . 2008-08-31 13:12 <DIR> d-------- C:\Program Files\SpywareBlaster

2008-08-22 13:02 . 2005-08-25 19:18 118,784 --a------ C:\Windows\System32\MSSTDFMT.DLL

2008-08-15 03:02 . 2008-07-16 01:48 2,048 --a------ C:\Windows\System32\tzres.dll

2008-08-14 22:46 . 2008-06-27 05:54 826,368 --a------ C:\Windows\System32\wininet.dll

2008-08-14 22:46 . 2008-06-19 05:25 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL

2008-08-14 22:46 . 2008-06-19 05:25 272,896 --a------ C:\Windows\System32\polstore.dll

2008-08-14 22:46 . 2008-04-19 10:13 268,800 --a------ C:\Windows\System32\es.dll

2008-08-14 22:46 . 2008-06-19 05:25 61,440 --a------ C:\Windows\System32\winipsec.dll

2008-08-14 22:46 . 2008-06-19 05:25 28,672 --a------ C:\Windows\System32\FwRemoteSvr.dll

2008-08-14 15:01 . 2008-08-14 15:02 <DIR> d-------- C:\Program Files\Java

2008-08-14 15:00 . 2008-08-14 15:00 <DIR> d-------- C:\Program Files\Common Files\Java

2008-08-12 12:55 . 2008-08-12 16:05 27,430 --a------ C:\Users\Morten\AppData\Roaming\nvModes.dat

2008-08-12 12:55 . 2008-08-12 12:55 414 --a------ C:\Windows\Disney.ini

2008-08-12 12:54 . 2008-08-12 12:54 <DIR> d-------- C:\Program Files\Disney Interactive

2008-08-12 12:54 . 1998-07-30 17:43 305,152 --a------ C:\Windows\IsUn0414.exe

2008-08-11 18:56 . 2005-04-14 16:33 3,638 --ah----- C:\Windows\ps.ico

2008-08-11 17:38 . 2008-08-11 17:38 <DIR> d-------- C:\Windows\PCHEALTH

2008-08-11 17:33 . 2008-08-11 17:38 <DIR> d-------- C:\Program Files\Windows Live

2008-08-11 17:33 . 2008-08-11 17:38 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-08-10 12:40 . 2008-08-10 12:40 <DIR> d-------- C:\Users\Morten\AppData\Roaming\dvdcss

2008-08-09 22:27 . 2008-08-11 17:36 <DIR> d-------- C:\Users\All Users\WLInstaller

2008-08-09 22:27 . 2008-08-11 17:36 <DIR> d-------- C:\ProgramData\WLInstaller

2008-08-09 19:40 . 2008-08-09 19:40 <DIR> d-------- C:\Users\All Users\Google

2008-08-09 19:40 . 2008-08-09 19:40 <DIR> d-------- C:\Program Files\Google

2008-08-09 19:40 . 2008-08-06 15:27 499,712 --a------ C:\Windows\System32\msvcp71.dll

2008-08-09 19:40 . 2008-08-06 15:29 348,160 --a------ C:\Windows\System32\msvcr71.dll

2008-08-09 19:39 . 2008-08-09 19:39 <DIR> d-------- C:\Windows\System32\Adobe

2008-08-09 18:45 . 2008-08-09 18:45 <DIR> d-------- C:\Users\Morten\AppData\Roaming\vlc

2008-08-09 17:40 . 2008-08-09 17:40 <DIR> d-------- C:\Program Files\VideoLAN

2008-08-09 17:37 . 2008-08-31 12:50 <DIR> d-------- C:\Users\Morten\AppData\Roaming\uTorrent

2008-08-09 17:37 . 2008-08-09 17:37 <DIR> d-------- C:\Program Files\uTorrent

2008-08-09 15:30 . 2008-08-09 15:30 194,560 --a------ C:\Windows\System32\WebClnt.dll

2008-08-09 15:30 . 2008-08-09 15:30 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys

2008-08-09 15:28 . 2008-08-09 15:28 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys

2008-08-09 15:28 . 2008-08-09 15:28 41,984 --a------ C:\Windows\System32\drivers\monitor.sys

2008-08-09 15:27 . 2008-08-09 15:27 3,505,720 --a------ C:\Windows\System32\ntkrnlpa.exe

2008-08-09 15:27 . 2008-08-09 15:27 3,471,928 --a------ C:\Windows\System32\ntoskrnl.exe

2008-08-09 15:27 . 2008-08-09 15:27 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys

2008-08-09 15:27 . 2008-08-09 15:27 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys

2008-08-09 15:27 . 2008-08-09 15:27 110,136 --a------ C:\Windows\System32\drivers\ataport.sys

2008-08-09 15:27 . 2008-08-09 15:27 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys

2008-08-09 15:27 . 2008-08-09 15:27 21,560 --a------ C:\Windows\System32\drivers\atapi.sys

2008-08-09 15:27 . 2008-08-09 15:27 17,976 --a------ C:\Windows\System32\drivers\intelide.sys

2008-08-09 15:26 . 2008-08-09 15:26 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys

2008-08-09 15:26 . 2008-08-09 15:26 216,632 --a------ C:\Windows\System32\drivers\netio.sys

2008-08-09 15:26 . 2008-08-09 15:26 167,424 --a------ C:\Windows\System32\tcpipcfg.dll

2008-08-09 15:26 . 2008-08-09 15:26 24,064 --a------ C:\Windows\System32\netcfg.exe

2008-08-09 15:26 . 2008-08-09 15:26 22,016 --a------ C:\Windows\System32\netiougc.exe

2008-08-09 15:23 . 2008-08-09 15:23 1,585,664 --a------ C:\Windows\System32\setupapi.dll

2008-08-09 15:23 . 2008-08-09 15:23 220,160 --a------ C:\Windows\System32\drivers\bthport.sys

2008-08-09 15:23 . 2008-08-09 15:23 181,760 --a------ C:\Windows\System32\fsquirt.exe

2008-08-09 15:23 . 2008-08-09 15:23 29,184 --a------ C:\Windows\System32\drivers\BTHUSB.SYS

2008-08-09 15:23 . 2008-08-09 15:23 19,456 --a------ C:\Windows\System32\drivers\bthenum.sys

2008-08-09 15:21 . 2008-08-09 15:21 2,027,008 --a------ C:\Windows\System32\win32k.sys

2008-08-09 15:21 . 2008-08-09 15:21 296,448 --a------ C:\Windows\System32\gdi32.dll

2008-08-09 15:21 . 2008-08-09 15:21 223,232 --a------ C:\Windows\System32\WMASF.DLL

2008-08-09 15:21 . 2008-08-09 15:21 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys

2008-08-09 15:21 . 2008-08-09 15:21 14,848 --a------ C:\Windows\System32\wshrm.dll

2008-08-09 15:21 . 2008-08-09 15:21 9,728 --a------ C:\Windows\System32\LAPRXY.DLL

2008-08-09 15:21 . 2008-08-09 15:21 2,048 --a------ C:\Windows\System32\asferror.dll

2008-08-09 15:20 . 2008-08-09 15:20 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-08-09 15:20 . 2008-08-09 15:20 1,686,528 --a------ C:\Windows\System32\gameux.dll

2008-08-09 15:20 . 2008-08-09 15:20 11,776 --a------ C:\Windows\System32\sbunattend.exe

2008-08-09 15:19 . 2008-08-09 15:19 1,327,104 --a------ C:\Windows\System32\quartz.dll

2008-08-09 15:19 . 2008-08-09 15:19 130,048 --a------ C:\Windows\System32\drivers\srv2.sys

2008-08-09 15:19 . 2008-08-09 15:19 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys

2008-08-09 15:19 . 2008-08-09 15:19 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys

2008-08-09 15:19 . 2008-08-09 15:19 83,968 --a------ C:\Windows\System32\dnsrslvr.dll

2008-08-09 15:19 . 2008-08-09 15:19 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys

2008-08-09 15:19 . 2008-08-09 15:19 24,576 --a------ C:\Windows\System32\dnscacheugc.exe

2008-08-09 15:18 . 2008-08-09 15:18 1,244,672 --a------ C:\Windows\System32\mcmde.dll

2008-08-09 15:18 . 2008-08-09 15:18 428,032 --a------ C:\Windows\System32\EncDec.dll

2008-08-09 15:18 . 2008-08-09 15:18 292,352 --a------ C:\Windows\System32\psisdecd.dll

2008-08-09 15:18 . 2008-08-09 15:18 218,624 --a------ C:\Windows\System32\psisrndr.ax

2008-08-09 15:18 . 2008-08-09 15:18 80,896 --a------ C:\Windows\System32\MSNP.ax

2008-08-09 15:18 . 2008-08-09 15:18 68,608 --a------ C:\Windows\System32\Mpeg2Data.ax

2008-08-09 15:18 . 2008-08-09 15:18 57,856 --a------ C:\Windows\System32\MSDvbNP.ax

2008-08-08 18:34 . 2008-08-08 18:34 <DIR> d-------- C:\Program Files\EzManual

2008-08-08 18:13 . 2008-08-08 18:13 <DIR> d-------- C:\Users\Morten\AppData\Roaming\PeerNetworking

2008-08-08 18:12 . 2008-08-08 18:12 <DIR> d-------- C:\Windows\System32\Macromed

2008-08-08 18:09 . 2008-08-08 18:11 <DIR> d-------- C:\Temp

2008-08-08 17:55 . 2008-08-08 17:55 1,712,984 --a------ C:\Windows\System32\wuaueng.dll

2008-08-08 17:55 . 2008-08-08 17:55 1,524,224 --a------ C:\Windows\System32\wucltux.dll

2008-08-08 17:55 . 2008-08-08 17:55 53,080 --a------ C:\Windows\System32\wuauclt.exe

2008-08-08 17:55 . 2008-08-08 17:55 43,352 --a------ C:\Windows\System32\wups2.dll

2008-08-08 17:54 . 2008-08-08 17:54 549,720 --a------ C:\Windows\System32\wuapi.dll

2008-08-08 17:54 . 2008-08-08 17:54 163,000 --a------ C:\Windows\System32\wuwebv.dll

2008-08-08 17:54 . 2008-08-08 17:54 80,896 --a------ C:\Windows\System32\wudriver.dll

2008-08-08 17:54 . 2008-08-08 17:54 33,624 --a------ C:\Windows\System32\wups.dll

2008-08-08 17:54 . 2008-08-08 17:54 31,232 --a------ C:\Windows\System32\wuapp.exe

2008-08-08 17:50 . 2008-08-08 18:05 <DIR> d-------- C:\Program Files\Norton AntiVirus

2008-08-08 17:49 . 2008-08-08 18:00 <DIR> d-------- C:\Program Files\Symantec

2008-08-08 17:49 . 2008-08-08 18:00 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS

2008-08-08 17:49 . 2008-08-08 18:00 10,671 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT

2008-08-08 17:49 . 2008-08-08 18:00 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF

2008-08-08 17:47 . 2008-08-31 16:14 <DIR> d-------- C:\Users\All Users\Symantec

2008-08-08 17:47 . 2008-08-31 16:14 <DIR> d-------- C:\ProgramData\Symantec

2008-08-08 17:47 . 2008-08-08 18:05 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared

2008-08-08 17:43 . 2008-08-08 17:43 <DIR> dr------- C:\Users\Morten\Searches

2008-08-08 17:43 . 2008-08-11 21:20 <DIR> dr------- C:\Users\Morten\Contacts

2008-08-08 17:39 . 2008-08-08 17:43 <DIR> dr------- C:\Users\Morten\Videos

2008-08-08 17:39 . 2008-08-08 19:48 <DIR> dr------- C:\Users\Morten\Saved Games

2008-08-08 17:39 . 2008-08-24 18:29 <DIR> dr------- C:\Users\Morten\Pictures

2008-08-08 17:39 . 2008-08-08 17:43 <DIR> dr------- C:\Users\Morten\Music

2008-08-08 17:39 . 2008-08-08 17:43 <DIR> dr------- C:\Users\Morten\Links

2008-08-08 17:39 . 2008-08-31 20:29 <DIR> dr------- C:\Users\Morten\Downloads

2008-08-08 17:39 . 2008-08-11 17:40 <DIR> dr------- C:\Users\Morten\Documents

2008-08-08 17:39 . 2006-11-02 14:37 <DIR> d-------- C:\Users\Morten\AppData\Roaming\Media Center Programs

2008-08-08 17:39 . 2008-08-08 17:43 <DIR> d--h----- C:\Users\Morten\AppData

2008-08-08 17:39 . 2008-08-12 16:05 <DIR> d-------- C:\Users\Morten

2008-08-08 17:34 . 2008-08-08 17:34 <DIR> dr------- C:\Windows\System32\config\systemprofile\Contacts

2008-07-03 01:18 . 2008-07-03 01:18 <DIR> d-------- C:\Windows\lgpslog

2008-07-03 01:13 . 2008-07-03 01:13 <DIR> d-------- C:\Program Files\Synaptics

2008-07-03 01:13 . 2001-01-08 03:30 413,760 --a------ C:\Windows\System32\MPG4C32.dll

2008-07-03 01:13 . 2000-04-25 01:14 239,888 --a------ C:\Windows\System32\mpg4ds32.ax

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-15 01:08 --------- d-----w C:\Program Files\Windows Mail

2008-08-09 13:43 174 --sha-w C:\Program Files\desktop.ini

2008-08-09 13:38 --------- d-----w C:\Program Files\Windows Sidebar

2008-08-09 13:31 28,344 ----a-w C:\Windows\system32\drivers\battc.sys

2008-08-09 13:31 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys

2008-08-09 13:31 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys

2008-08-09 13:31 2,923,520 ----a-w C:\Windows\explorer.exe

2008-08-09 13:31 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys

2008-08-09 13:31 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys

2008-08-09 13:22 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys

2008-08-09 13:22 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys

2008-08-09 13:22 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys

2008-08-09 13:22 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys

2008-08-09 13:22 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys

2008-08-09 13:22 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys

2008-08-09 13:22 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys

2008-08-09 13:20 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-08-09 13:20 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-08-09 13:20 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll

2008-08-09 13:20 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-08-09 13:20 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-08-09 13:17 --------- d-----w C:\Program Files\lg_swupdate

2008-07-30 15:42 23,888 ----a-w C:\Windows\system32\drivers\COH_Mon.sys

2008-07-30 15:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf

2008-07-30 15:28 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat

2008-07-02 23:13 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-07-02 23:13 --------- d-----w C:\Program Files\LG Software

2008-07-02 23:10 --------- d-----w C:\Program Files\Intel

2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-08-09 15:20 1232896]

"CollaborationHost"="C:\Windows\system32\p2phost.exe" [2006-11-02 14:35 191488]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-09 19:40 171448]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 23:34 1576176]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LG Intelligent Update"="C:\Program Files\lg_swupdate\giljabistart.exe" [2008-08-08 18:10 251184]

"MGSysCtrl"="C:\Program Files\LG Software\System Control Manager\MGSysCtrl.exe" [2007-11-12 20:32 569344]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-28 18:06 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-28 18:06 8497696]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-28 18:06 81920]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 04:02 174616]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 00:23 869936]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"RtHDVCpl"="RtHDVCpl.exe" [2007-09-11 01:20 4702208 C:\Windows\RtHDVCpl.exe]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.I420"= emYUV.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{FE5BCAC3-1F8D-4FE0-8B80-B36143FF5F89}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{A73EA65D-3439-4436-986F-C5C9D47CCEDF}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{82FF7468-163D-4655-A243-FB5AAAF9C841}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R0 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys [2007-04-03 20:04]

R0 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sd.sys [2007-04-03 02:11]

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080828.001\IDSvix86.sys [2008-07-16 18:53]

R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 11:02]

R2 NishService;Evil Driver Daemon;C:\Program Files\LG Software\System Control Manager\edd.exe [2007-08-24 00:37]

R3 DCamUSBET;ET USB 2760 Camera;C:\Windows\system32\DRIVERS\etDevice.sys [2007-07-20 18:50]

R3 FiltUSBET;ET USB Device Lower Filter;C:\Windows\system32\DRIVERS\etFilter.sys [2007-06-14 17:09]

R3 MGHwCtrl;MGHwCtrl;C:\Windows\system32\drivers\MGHwCtrl.sys [2006-12-22 15:21]

R3 ScanUSBET;ET USB Still Image Capture Device;C:\Windows\system32\DRIVERS\etScan.sys [2007-07-23 21:55]

R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 14:13]

S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 17:42]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

.

Contents of the 'Scheduled Tasks' folder

.

- - - - ORPHANS REMOVED - - - -

 

HKLM-Run-etMonitor - C:\Windows\etMon.exe

ShellExecuteHooks-{7BC6B793-BBAA-4EED-9E56-8CBFA6F5BB03} - C:\Windows\system32\byXNhfFV.dll

 

 

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.startsiden.no/

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-31 20:34:04

Windows 6.0.6000 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Windows\System32\audiodg.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Windows\System32\agrsmsvc.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

C:\Program Files\O2Micro Oz128 Driver\o2flash.exe

C:\Windows\System32\conime.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\System32\wbem\unsecapp.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

.

**************************************************************************

.

Completion time: 2008-08-31 20:37:11 - machine was rebooted

ComboFix-quarantined-files.txt 2008-08-31 18:36:59

 

Pre-Run: 68,175,929,344 byte ledig

Post-Run: 68,071,030,784 byte ledig

 

278 --- E O F --- 2008-08-20 18:54:44

 

 

Noe mer jeg trenger?

Endret av kattami
Lenke til kommentar

Videoannonse

Videoannonse
Annonse
norbat

norbat

Skrevet
Skrevet

Start hjt, velg "Do a system scan only", sett merke framfor følgende linje og klikk Fix checked:

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

 

Loggene ser forøvrig fine ut.

 

Du kan fjerne combofix ved å skrive combofix /u i kjør-feltet (start->kjør/søk)

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...