Entity extraction Skrevet 7. september 2008 Del Skrevet 7. september 2008 (endret) Hei Kan noen sjekke om pcen min er ren. Fikk noe superantivirus 2009 i går, og er usikker på om jeg har fått det bort ComboFix 08-09-05.02 - name 2008-09-07 8:24:34.1 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2461 [GMT 2:00] Running from: O:\downloads from firefox\ComboFix.exe * Resident AV is active . ((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))) . 2008-09-07 08:23 . 2008-09-07 08:24 <DIR> d-------- C:\327882R2FWJFW 2008-09-07 08:15 . 2008-09-07 08:15 <DIR> d-------- C:\Users\name\AppData\Roaming\Malwarebytes 2008-09-07 08:15 . 2008-09-07 08:15 <DIR> d-------- C:\Users\All Users\Malwarebytes 2008-09-07 08:15 . 2008-09-07 08:15 <DIR> d-------- C:\ProgramData\Malwarebytes 2008-09-07 08:15 . 2008-09-07 08:15 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-07 08:15 . 2008-09-02 00:16 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys 2008-09-07 08:15 . 2008-09-02 00:16 17,200 --a------ C:\Windows\System32\drivers\mbam.sys 2008-09-07 08:11 . 2008-09-07 08:11 <DIR> d-------- C:\Program Files\CCleaner 2008-09-04 21:57 . 2008-09-04 21:57 0 --a------ C:\Users\All Users\PKP_DLbx.DAT 2008-09-04 21:57 . 2008-09-04 21:57 0 --a------ C:\ProgramData\PKP_DLbx.DAT 2008-09-04 21:56 . 2008-09-04 21:56 0 --a------ C:\Users\All Users\PKP_DLdy.DAT 2008-09-04 21:56 . 2008-09-04 21:56 0 --a------ C:\ProgramData\PKP_DLdy.DAT 2008-09-04 15:15 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll 2008-09-04 15:15 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll 2008-09-04 15:15 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll 2008-09-04 15:15 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll 2008-09-04 15:15 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll 2008-09-04 15:15 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe 2008-09-04 15:15 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll 2008-09-04 15:15 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll 2008-09-04 15:15 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe 2008-08-26 20:24 . 2008-08-26 20:24 <DIR> d-------- C:\Program Files\Photo! 2008-08-21 22:48 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll 2008-08-21 21:48 . 2008-08-21 21:48 <DIR> d-------- C:\Users\tore\AppData\Roaming\proDAD 2008-08-21 21:48 . 2008-08-21 21:48 <DIR> d-------- C:\Program Files\proDAD 2008-08-21 21:48 . 2008-08-21 21:48 <DIR> d-------- C:\Program Files\LooksBuilderSE 2008-08-21 21:48 . 2004-03-29 16:23 90,112 --a------ C:\Windows\unvise32.exe 2008-08-21 21:48 . 2007-12-12 19:02 0 --a------ C:\Windows\Graffiti5.2Pin.ini 2008-08-21 21:46 . 2008-08-21 21:46 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared 2008-08-21 21:45 . 2008-08-21 21:45 <DIR> d-------- C:\Program Files\Common Files\Pinnacle 2008-08-21 21:44 . 2008-08-21 21:44 <DIR> d-------- C:\Users\All Users\Pinnacle Studio Ultimate 2008-08-21 21:44 . 2008-08-21 21:44 <DIR> d-------- C:\ProgramData\Pinnacle Studio Ultimate 2008-08-21 21:43 . 2008-08-21 21:43 <DIR> d-------- C:\Users\All Users\Studio 12 2008-08-21 21:43 . 2008-08-21 21:43 <DIR> d-------- C:\Users\All Users\Pinnacle Studio Plus 2008-08-21 21:43 . 2008-08-21 21:43 <DIR> d-------- C:\ProgramData\Studio 12 2008-08-21 21:43 . 2008-08-21 21:43 <DIR> d-------- C:\ProgramData\Pinnacle Studio Plus 2008-08-21 21:43 . 2008-08-21 21:48 <DIR> d-------- C:\Program Files\Pinnacle 2008-08-21 21:43 . 2008-08-21 21:43 <DIR> d-------- C:\Program Files\Common Files\Yahoo! 2008-08-21 21:33 . 2008-08-21 21:46 <DIR> d-------- C:\Users\All Users\Pinnacle 2008-08-21 21:33 . 2008-08-21 21:46 <DIR> d-------- C:\ProgramData\Pinnacle 2008-08-20 22:06 . 2008-08-20 22:06 <DIR> d-------- C:\Users\All Users\FLEXnet 2008-08-20 22:06 . 2008-08-20 22:06 <DIR> d-------- C:\ProgramData\FLEXnet 2008-08-20 21:58 . 2008-08-20 21:58 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2008-08-20 21:57 . 2008-08-20 21:56 43,528 --------- C:\Windows\System32\drivers\PxHelp20.sys 2008-08-19 18:22 . 2008-08-19 18:22 <DIR> d-------- C:\tape-indices 2008-08-19 18:22 . 2008-08-19 18:22 36,864 --a------ C:\Windows\unslive.exe 2008-08-18 20:20 . 2008-08-22 17:25 <DIR> d-------- C:\Program Files\Boris FX, Inc 2008-08-18 20:20 . 2003-06-26 10:04 237,568 -ra------ C:\Windows\System32\qtmlClient.dll 2008-08-18 20:20 . 2003-07-01 16:49 69,632 --a------ C:\Windows\System32\MtxPreview.dll 2008-08-18 20:20 . 2003-07-01 16:49 49,152 --a------ C:\Windows\System32\MtxParhBFXPreview.dll 2008-08-18 20:20 . 2003-01-20 09:08 49,152 --a------ C:\Windows\System32\CvoAPI.dll 2008-08-18 20:20 . 2003-07-09 10:43 45,056 --a------ C:\Windows\System32\BFXSrcFilter.ax 2008-08-18 16:55 . 2008-08-18 16:55 <DIR> d-------- C:\Program Files\Vstplugins 2008-08-18 16:24 . 2008-08-19 20:15 <DIR> d-------- C:\Users\tore\AppData\Roaming\Publish Providers 2008-08-18 16:24 . 2008-08-31 09:10 <DIR> d-a------ C:\Users\All Users\TEMP 2008-08-18 16:24 . 2008-08-31 09:10 <DIR> d-a------ C:\ProgramData\TEMP 2008-08-18 16:19 . 2008-09-03 20:03 <DIR> d-------- C:\Users\name\AppData\Roaming\Sony 2008-08-18 16:19 . 2008-09-03 20:01 <DIR> d-------- C:\Users\All Users\Sony 2008-08-18 16:19 . 2008-09-03 20:01 <DIR> d-------- C:\ProgramData\Sony 2008-08-18 16:19 . 2008-08-20 21:53 <DIR> d-------- C:\Program Files\Sony 2008-08-18 16:18 . 2008-08-21 22:45 <DIR> d-------- C:\Program Files\Microsoft SQL Server 2008-08-18 16:17 . 2008-08-19 18:15 <DIR> d-------- C:\Program Files\Sony Setup 2008-08-09 19:46 . 2008-08-09 19:47 <DIR> d-------- C:\Movavi files 2008-08-09 19:40 . 2008-08-09 19:40 <DIR> d-------- C:\Users\tore\AppData\Roaming\zweitgeist . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-07 06:21 0 ----a-w C:\Windows\system32\drivers\lvuvc.hs 2008-09-05 08:04 --------- d-----w C:\Program Files\Common Files\Steam 2008-09-04 19:59 --------- d-----w C:\Users\tore\AppData\Roaming\Nikon 2008-09-04 19:57 --------- d-----w C:\ProgramData\Ultima_T15 2008-09-04 19:57 --------- d-----w C:\ProgramData\EnterNHelp 2008-09-04 19:57 --------- d-----w C:\Program Files\Common Files\Nikon 2008-08-28 17:35 --------- d-----w C:\Program Files\Common Files\Adobe 2008-08-27 20:14 --------- d-----w C:\Users\tore\AppData\Roaming\dvdcss 2008-08-26 18:22 20 ---h--w C:\Users\All Users\PKP_DLdu.DAT 2008-08-26 18:22 20 ---h--w C:\ProgramData\PKP_DLdu.DAT 2008-08-26 18:20 20 ---h--w C:\Users\All Users\PKP_DLdw.DAT 2008-08-26 18:20 20 ---h--w C:\ProgramData\PKP_DLdw.DAT 2008-08-22 15:26 --------- d-----w C:\Program Files\Canon 2008-08-22 15:25 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-22 15:25 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-08-21 22:19 --------- d-----w C:\Program Files\Windows Mail 2008-08-21 20:48 --------- d-----w C:\ProgramData\Microsoft Help 2008-08-21 20:44 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-08-18 14:18 --------- d-----w C:\Program Files\Microsoft.NET 2008-08-18 13:55 --------- d-----w C:\Users\tore\AppData\Roaming\ZoomBrowser EX 2008-08-06 21:09 --------- d-----w C:\ProgramData\DVD Shrink 2008-08-04 19:59 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll 2008-08-04 19:48 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-08-04 19:45 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys 2008-08-04 19:45 --------- d-----w C:\Users\tore\AppData\Roaming\DAEMON Tools 2008-08-03 19:43 --------- d-----w C:\ProgramData\Digital Light 2008-08-03 19:42 106,496 ----a-w C:\Windows\System32\ATL71.DLL 2008-08-03 19:42 --------- d-----w C:\ProgramData\Nikon 2008-08-03 19:42 --------- d-----w C:\ProgramData\Contextual Menu Items 2008-08-03 19:42 --------- d-----w C:\Program Files\Common Files\muvee Technologies 2008-07-23 18:56 --------- d-----w C:\Program Files\Java 2008-07-07 07:29 --------- d-----w C:\Program Files\ATI 2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll 2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll 2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll 2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll 2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL 2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-04-18 19:14 22,328 ----a-w C:\Users\tore\AppData\Roaming\PnkBstrK.sys 2008-04-13 06:25 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-17 171448] "Steam"="g:\program files\steam\steam.exe" [2008-07-20 1271032] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328] "GrooveMonitor"="G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792] "RemoteControl"="g:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216] "LanguageShortcut"="g:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-03-14 54832] "Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 413696] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] C:\Users\tore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-06-14 479232] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "TaskbarNoNotification"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax "vidc.mjpg"= pvmjpg30.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{ADA9EBA3-E46C-4D82-9FE3-A6AFC462523A}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer "UDP Query User{9C0419A8-C3E8-4E57-AF43-65EA5CD0D663}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer "TCP Query User{F7070B37-F540-47DD-A4A9-656B95FB5B03}C:\\users\\tore\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:C:\users\tore\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe "UDP Query User{2A251AFA-C1BD-4CF0-8BC3-235989A7445A}C:\\users\\name\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:C:\users\tore\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe "{9257668A-9831-4CCF-9FA8-543FD1ED017F}"= UDP:G:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{264BE8BC-B694-40B5-BC7C-3FA2F27C6654}"= TCP:G:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{114D91DC-E0B9-4E0A-AC5B-403C0F159F39}"= UDP:G:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{09F0E0F1-3A94-4041-933F-EAA8C75DB983}"= TCP:G:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{F2FBF8E7-A4F4-4BD8-9778-4B2B5C82684F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{DF92F0A7-BACB-4763-81C4-AFF7B23D53E7}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{FF8EDAB6-B7A6-416C-B22E-005D88F951F0}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{4F38E8BE-4D50-4FFF-B1E0-FFA45D3EC9B7}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{D18C1FEF-A1E0-400C-9DA0-81D4ABD88A1E}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{A92C47B1-A461-40D7-874C-EDE158D7E774}"= G:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD "{FA4451BD-3A36-4D5B-8B4B-1ACD873E9011}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{9755A11C-DC22-48D7-BC60-1789E255E671}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{6F1704F3-5452-4E1D-B32B-55961245DDA6}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{C746FBE0-8CB1-46FA-9ACA-89ABA49653E9}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{ECDDB545-7323-4D69-84A9-6FA75A0710AB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{56734FE6-7D75-4741-8F5F-1C04B69CA6BE}"= UDP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client "{ECADA80A-5100-4796-A579-7BB728E37B89}"= TCP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client "TCP Query User{9EFD37AA-AB46-4698-BBDB-23C517B70E76}G:\\program files\\tmnationsforever\\tmforever.exe"= UDP:G:\program files\tmnationsforever\tmforever.exe:TmForever "UDP Query User{D85A0607-6DEA-44BD-BBBB-A7F8A548C23D}G:\\program files\\tmnationsforever\\tmforever.exe"= TCP:G:\program files\tmnationsforever\tmforever.exe:TmForever "{0041EB27-7C82-4DA4-B0C6-DFD857DFBC7A}"= UDP:990:LocalSubnet:LocalSubnet|IF={AA1299AB-97F1-480E-BF96-F809195A7995}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001 "{9162FFBE-19F4-426B-A44F-CAC853B8FE08}"= UDP:G:\Program Files\SEGA\Beijing 2008\Beijing.exe:Beijing 2008™ "{B8C6D26F-6D76-49D5-A547-4B53A15A8FD7}"= TCP:G:\Program Files\SEGA\Beijing 2008\Beijing.exe:Beijing 2008™ "TCP Query User{8AF4F4AB-323A-4A4D-837F-A773C7FF0897}C:\\program files\\sony\\vegas pro 8.0\\vegsrv80.exe"= UDP:C:\program files\sony\vegas pro 8.0\vegsrv80.exe:Sony Vegas Network Render Service Control "UDP Query User{86844EB8-DF88-4560-B4FF-B997D55AE9C2}C:\\program files\\sony\\vegas pro 8.0\\vegsrv80.exe"= TCP:C:\program files\sony\vegas pro 8.0\vegsrv80.exe:Sony Vegas Network Render Service Control "{5394D304-092D-4B39-9231-D7EF59B64D39}"= UDP:G:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager "{ECA03D3B-8413-4D3C-88C6-EB96D0C4A6DF}"= TCP:G:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager "{D837236F-2DA6-42BF-966C-1D9C63A40B80}"= UDP:G:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:Studio "{20CA93CB-94AC-4A75-B3F9-012A82278B36}"= TCP:G:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:Studio "{2F52B468-527A-471E-82B2-297945D26517}"= UDP:G:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:umi "{2B7E158A-D839-4A8B-9BA3-7035DE7B5BED}"= TCP:G:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:umi R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312] R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};g:\Program Files\CyberLink\PowerDVD\000.fcl [2007-09-19 21:37 41456] R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-06-03 3695104] R3 Razerlow;Razerlow USB Filter Driver;C:\Windows\system32\Drivers\Razerlow.sys [2005-04-24 13225] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496] S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504] S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-09-04 92656] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14ed432e-625e-11dd-b5c5-001e8c7dbd17}] \shell\AutoRun\command - I:\Welcome.exe *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] %SystemRoot%\system32\soundschemes.exe /AddRegistration . - - - - ORPHANS REMOVED - - - - Toolbar-{6134A39A-C1EA-4E6F-B6D2-9ED5D9CC03B5} - (no file) HKLM-Run-AAWTray - C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Users\tore\AppData\Roaming\Mozilla\Firefox\Profiles\1yj9lmmv.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-07 08:26:31 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-09-07 8:27:42 ComboFix-quarantined-files.txt 2008-09-07 06:27:38 Pre-Run: 51,747,110,912 bytes free Post-Run: 51,711,688,704 bytes free 228 --- E O F --- 2008-09-06 07:21:57 O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [GrooveMonitor] "G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [RemoteControl] "g:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "g:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [steam] "g:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://G:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 8216 bytes Malwarebytes' Anti-Malware 1.26 Database versjon: 1122 Windows 6.0.6001 Service Pack 1 9/7/2008 8:41:56 AM mbam-log-2008-09-07 (08-41-56).txt Skanntype: Rask Skann Objekter skannet: 46083 Tid tilbakelagt: 1 minute(s), 5 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Endret 7. september 2008 av b@rgen Lenke til kommentar
r2d290 Skrevet 7. september 2008 Del Skrevet 7. september 2008 Utifra det jeg kan se, er loggene rene for malware. Merker du noen problemer? Lenke til kommentar
Entity extraction Skrevet 7. september 2008 Forfatter Del Skrevet 7. september 2008 nei, merker ikke noenting etter at jeg brukte de verktøyene som jeg fant en glimrende guide på i denne delen av forumet. Ønsket bare at noen som har mer greie enn meg på slike logger skulle ta en titt. (loggene sier ikke meg noe) Tusen takk for hjelpen Lenke til kommentar
r2d290 Skrevet 7. september 2008 Del Skrevet 7. september 2008 Combofix må avinstalleres. Gå til Start > Kjør Skriv følgende i boksen: combofix /u PS: legg merke til mellomrommet mellom X og /u Trykk Enter. Denne kommandoen vil: Fjerne følgende:ComboFix og dets tilhørende filer og mapper. VundoFix backups, hvis de eksisterer. Mappen C:\Deckard, hvis den eksisterer Mappen C:\OtMoveIt, hvis den eksisterer [*] Nullstille klokke-instillingene. [*] Skjule filetternavn hvis det er nødvendig. [*] Skjule System/Skjulte filer og mapper hvis det er nødvendig. [*] Nullstille systemgjennoprettingspunkter. Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full endring. Øverst der emnetittelen din er, skriver du: [LØST] foran emnetittelen din. Eks: [LØST] Har fått virus på maskinen Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i. -Surf trygt- Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå