[LØST]Sjekk av logger

[Entity extraction]

Hei

 

Kan noen sjekke om pcen min er ren. Fikk noe superantivirus 2009 i går, og er usikker på om jeg har fått det bort

 

 

ComboFix 08-09-05.02 - name 2008-09-07 8:24:34.1 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2461 [GMT 2:00]

Running from: O:\downloads from firefox\ComboFix.exe

* Resident AV is active

 

.

 

((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 )))))))))))))))))))))))))))))))

.

 

2008-09-07 08:23 . 2008-09-07 08:24 <DIR> d-------- C:\327882R2FWJFW

2008-09-07 08:15 . 2008-09-07 08:15 <DIR> d-------- C:\Users\name\AppData\Roaming\Malwarebytes

2008-09-07 08:15 . 2008-09-07 08:15 <DIR> d-------- C:\Users\All Users\Malwarebytes

2008-09-07 08:15 . 2008-09-07 08:15 <DIR> d-------- C:\ProgramData\Malwarebytes

2008-09-07 08:15 . 2008-09-07 08:15 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-09-07 08:15 . 2008-09-02 00:16 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys

2008-09-07 08:15 . 2008-09-02 00:16 17,200 --a------ C:\Windows\System32\drivers\mbam.sys

2008-09-07 08:11 . 2008-09-07 08:11 <DIR> d-------- C:\Program Files\CCleaner

2008-09-04 21:57 . 2008-09-04 21:57 0 --a------ C:\Users\All Users\PKP_DLbx.DAT

2008-09-04 21:57 . 2008-09-04 21:57 0 --a------ C:\ProgramData\PKP_DLbx.DAT

2008-09-04 21:56 . 2008-09-04 21:56 0 --a------ C:\Users\All Users\PKP_DLdy.DAT

2008-09-04 21:56 . 2008-09-04 21:56 0 --a------ C:\ProgramData\PKP_DLdy.DAT

2008-09-04 15:15 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll

2008-09-04 15:15 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll

2008-09-04 15:15 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll

2008-09-04 15:15 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll

2008-09-04 15:15 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll

2008-09-04 15:15 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe

2008-09-04 15:15 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll

2008-09-04 15:15 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll

2008-09-04 15:15 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe

2008-08-26 20:24 . 2008-08-26 20:24 <DIR> d-------- C:\Program Files\Photo!

2008-08-21 22:48 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll

2008-08-21 21:48 . 2008-08-21 21:48 <DIR> d-------- C:\Users\tore\AppData\Roaming\proDAD

2008-08-21 21:48 . 2008-08-21 21:48 <DIR> d-------- C:\Program Files\proDAD

2008-08-21 21:48 . 2008-08-21 21:48 <DIR> d-------- C:\Program Files\LooksBuilderSE

2008-08-21 21:48 . 2004-03-29 16:23 90,112 --a------ C:\Windows\unvise32.exe

2008-08-21 21:48 . 2007-12-12 19:02 0 --a------ C:\Windows\Graffiti5.2Pin.ini

2008-08-21 21:46 . 2008-08-21 21:46 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared

2008-08-21 21:45 . 2008-08-21 21:45 <DIR> d-------- C:\Program Files\Common Files\Pinnacle

2008-08-21 21:44 . 2008-08-21 21:44 <DIR> d-------- C:\Users\All Users\Pinnacle Studio Ultimate

2008-08-21 21:44 . 2008-08-21 21:44 <DIR> d-------- C:\ProgramData\Pinnacle Studio Ultimate

2008-08-21 21:43 . 2008-08-21 21:43 <DIR> d-------- C:\Users\All Users\Studio 12

2008-08-21 21:43 . 2008-08-21 21:43 <DIR> d-------- C:\Users\All Users\Pinnacle Studio Plus

2008-08-21 21:43 . 2008-08-21 21:43 <DIR> d-------- C:\ProgramData\Studio 12

2008-08-21 21:43 . 2008-08-21 21:43 <DIR> d-------- C:\ProgramData\Pinnacle Studio Plus

2008-08-21 21:43 . 2008-08-21 21:48 <DIR> d-------- C:\Program Files\Pinnacle

2008-08-21 21:43 . 2008-08-21 21:43 <DIR> d-------- C:\Program Files\Common Files\Yahoo!

2008-08-21 21:33 . 2008-08-21 21:46 <DIR> d-------- C:\Users\All Users\Pinnacle

2008-08-21 21:33 . 2008-08-21 21:46 <DIR> d-------- C:\ProgramData\Pinnacle

2008-08-20 22:06 . 2008-08-20 22:06 <DIR> d-------- C:\Users\All Users\FLEXnet

2008-08-20 22:06 . 2008-08-20 22:06 <DIR> d-------- C:\ProgramData\FLEXnet

2008-08-20 21:58 . 2008-08-20 21:58 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared

2008-08-20 21:57 . 2008-08-20 21:56 43,528 --------- C:\Windows\System32\drivers\PxHelp20.sys

2008-08-19 18:22 . 2008-08-19 18:22 <DIR> d-------- C:\tape-indices

2008-08-19 18:22 . 2008-08-19 18:22 36,864 --a------ C:\Windows\unslive.exe

2008-08-18 20:20 . 2008-08-22 17:25 <DIR> d-------- C:\Program Files\Boris FX, Inc

2008-08-18 20:20 . 2003-06-26 10:04 237,568 -ra------ C:\Windows\System32\qtmlClient.dll

2008-08-18 20:20 . 2003-07-01 16:49 69,632 --a------ C:\Windows\System32\MtxPreview.dll

2008-08-18 20:20 . 2003-07-01 16:49 49,152 --a------ C:\Windows\System32\MtxParhBFXPreview.dll

2008-08-18 20:20 . 2003-01-20 09:08 49,152 --a------ C:\Windows\System32\CvoAPI.dll

2008-08-18 20:20 . 2003-07-09 10:43 45,056 --a------ C:\Windows\System32\BFXSrcFilter.ax

2008-08-18 16:55 . 2008-08-18 16:55 <DIR> d-------- C:\Program Files\Vstplugins

2008-08-18 16:24 . 2008-08-19 20:15 <DIR> d-------- C:\Users\tore\AppData\Roaming\Publish Providers

2008-08-18 16:24 . 2008-08-31 09:10 <DIR> d-a------ C:\Users\All Users\TEMP

2008-08-18 16:24 . 2008-08-31 09:10 <DIR> d-a------ C:\ProgramData\TEMP

2008-08-18 16:19 . 2008-09-03 20:03 <DIR> d-------- C:\Users\name\AppData\Roaming\Sony

2008-08-18 16:19 . 2008-09-03 20:01 <DIR> d-------- C:\Users\All Users\Sony

2008-08-18 16:19 . 2008-09-03 20:01 <DIR> d-------- C:\ProgramData\Sony

2008-08-18 16:19 . 2008-08-20 21:53 <DIR> d-------- C:\Program Files\Sony

2008-08-18 16:18 . 2008-08-21 22:45 <DIR> d-------- C:\Program Files\Microsoft SQL Server

2008-08-18 16:17 . 2008-08-19 18:15 <DIR> d-------- C:\Program Files\Sony Setup

2008-08-09 19:46 . 2008-08-09 19:47 <DIR> d-------- C:\Movavi files

2008-08-09 19:40 . 2008-08-09 19:40 <DIR> d-------- C:\Users\tore\AppData\Roaming\zweitgeist

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-07 06:21 0 ----a-w C:\Windows\system32\drivers\lvuvc.hs

2008-09-05 08:04 --------- d-----w C:\Program Files\Common Files\Steam

2008-09-04 19:59 --------- d-----w C:\Users\tore\AppData\Roaming\Nikon

2008-09-04 19:57 --------- d-----w C:\ProgramData\Ultima_T15

2008-09-04 19:57 --------- d-----w C:\ProgramData\EnterNHelp

2008-09-04 19:57 --------- d-----w C:\Program Files\Common Files\Nikon

2008-08-28 17:35 --------- d-----w C:\Program Files\Common Files\Adobe

2008-08-27 20:14 --------- d-----w C:\Users\tore\AppData\Roaming\dvdcss

2008-08-26 18:22 20 ---h--w C:\Users\All Users\PKP_DLdu.DAT

2008-08-26 18:22 20 ---h--w C:\ProgramData\PKP_DLdu.DAT

2008-08-26 18:20 20 ---h--w C:\Users\All Users\PKP_DLdw.DAT

2008-08-26 18:20 20 ---h--w C:\ProgramData\PKP_DLdw.DAT

2008-08-22 15:26 --------- d-----w C:\Program Files\Canon

2008-08-22 15:25 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-08-22 15:25 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-08-21 22:19 --------- d-----w C:\Program Files\Windows Mail

2008-08-21 20:48 --------- d-----w C:\ProgramData\Microsoft Help

2008-08-21 20:44 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-08-18 14:18 --------- d-----w C:\Program Files\Microsoft.NET

2008-08-18 13:55 --------- d-----w C:\Users\tore\AppData\Roaming\ZoomBrowser EX

2008-08-06 21:09 --------- d-----w C:\ProgramData\DVD Shrink

2008-08-04 19:59 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll

2008-08-04 19:48 --------- d-----w C:\Program Files\DAEMON Tools Lite

2008-08-04 19:45 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys

2008-08-04 19:45 --------- d-----w C:\Users\tore\AppData\Roaming\DAEMON Tools

2008-08-03 19:43 --------- d-----w C:\ProgramData\Digital Light

2008-08-03 19:42 106,496 ----a-w C:\Windows\System32\ATL71.DLL

2008-08-03 19:42 --------- d-----w C:\ProgramData\Nikon

2008-08-03 19:42 --------- d-----w C:\ProgramData\Contextual Menu Items

2008-08-03 19:42 --------- d-----w C:\Program Files\Common Files\muvee Technologies

2008-07-23 18:56 --------- d-----w C:\Program Files\Java

2008-07-07 07:29 --------- d-----w C:\Program Files\ATI

2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll

2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll

2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll

2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll

2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL

2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-04-18 19:14 22,328 ----a-w C:\Users\tore\AppData\Roaming\PnkBstrK.sys

2008-04-13 06:25 174 --sha-w C:\Program Files\desktop.ini

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-17 171448]

"Steam"="g:\program files\steam\steam.exe" [2008-07-20 1271032]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]

"GrooveMonitor"="G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]

"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]

"RemoteControl"="g:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]

"LanguageShortcut"="g:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-03-14 54832]

"Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 413696]

"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

 

C:\Users\tore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-06-14 479232]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"TaskbarNoNotification"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax

"vidc.mjpg"= pvmjpg30.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"TCP Query User{ADA9EBA3-E46C-4D82-9FE3-A6AFC462523A}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer

"UDP Query User{9C0419A8-C3E8-4E57-AF43-65EA5CD0D663}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer

"TCP Query User{F7070B37-F540-47DD-A4A9-656B95FB5B03}C:\\users\\tore\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:C:\users\tore\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe

"UDP Query User{2A251AFA-C1BD-4CF0-8BC3-235989A7445A}C:\\users\\name\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:C:\users\tore\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe

"{9257668A-9831-4CCF-9FA8-543FD1ED017F}"= UDP:G:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{264BE8BC-B694-40B5-BC7C-3FA2F27C6654}"= TCP:G:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{114D91DC-E0B9-4E0A-AC5B-403C0F159F39}"= UDP:G:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{09F0E0F1-3A94-4041-933F-EAA8C75DB983}"= TCP:G:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{F2FBF8E7-A4F4-4BD8-9778-4B2B5C82684F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{DF92F0A7-BACB-4763-81C4-AFF7B23D53E7}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{FF8EDAB6-B7A6-416C-B22E-005D88F951F0}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA

"{4F38E8BE-4D50-4FFF-B1E0-FFA45D3EC9B7}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{D18C1FEF-A1E0-400C-9DA0-81D4ABD88A1E}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB

"{A92C47B1-A461-40D7-874C-EDE158D7E774}"= G:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD

"{FA4451BD-3A36-4D5B-8B4B-1ACD873E9011}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5

"{9755A11C-DC22-48D7-BC60-1789E255E671}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5

"{6F1704F3-5452-4E1D-B32B-55961245DDA6}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5

"{C746FBE0-8CB1-46FA-9ACA-89ABA49653E9}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5

"{ECDDB545-7323-4D69-84A9-6FA75A0710AB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{56734FE6-7D75-4741-8F5F-1C04B69CA6BE}"= UDP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client

"{ECADA80A-5100-4796-A579-7BB728E37B89}"= TCP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client

"TCP Query User{9EFD37AA-AB46-4698-BBDB-23C517B70E76}G:\\program files\\tmnationsforever\\tmforever.exe"= UDP:G:\program files\tmnationsforever\tmforever.exe:TmForever

"UDP Query User{D85A0607-6DEA-44BD-BBBB-A7F8A548C23D}G:\\program files\\tmnationsforever\\tmforever.exe"= TCP:G:\program files\tmnationsforever\tmforever.exe:TmForever

"{0041EB27-7C82-4DA4-B0C6-DFD857DFBC7A}"= UDP:990:LocalSubnet:LocalSubnet|IF={AA1299AB-97F1-480E-BF96-F809195A7995}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001

"{9162FFBE-19F4-426B-A44F-CAC853B8FE08}"= UDP:G:\Program Files\SEGA\Beijing 2008\Beijing.exe:Beijing 2008™

"{B8C6D26F-6D76-49D5-A547-4B53A15A8FD7}"= TCP:G:\Program Files\SEGA\Beijing 2008\Beijing.exe:Beijing 2008™

"TCP Query User{8AF4F4AB-323A-4A4D-837F-A773C7FF0897}C:\\program files\\sony\\vegas pro 8.0\\vegsrv80.exe"= UDP:C:\program files\sony\vegas pro 8.0\vegsrv80.exe:Sony Vegas Network Render Service Control

"UDP Query User{86844EB8-DF88-4560-B4FF-B997D55AE9C2}C:\\program files\\sony\\vegas pro 8.0\\vegsrv80.exe"= TCP:C:\program files\sony\vegas pro 8.0\vegsrv80.exe:Sony Vegas Network Render Service Control

"{5394D304-092D-4B39-9231-D7EF59B64D39}"= UDP:G:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager

"{ECA03D3B-8413-4D3C-88C6-EB96D0C4A6DF}"= TCP:G:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager

"{D837236F-2DA6-42BF-966C-1D9C63A40B80}"= UDP:G:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:Studio

"{20CA93CB-94AC-4A75-B3F9-012A82278B36}"= TCP:G:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:Studio

"{2F52B468-527A-471E-82B2-297945D26517}"= UDP:G:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:umi

"{2B7E158A-D839-4A8B-9BA3-7035DE7B5BED}"= TCP:G:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:umi

 

R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312]

R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};g:\Program Files\CyberLink\PowerDVD\000.fcl [2007-09-19 21:37 41456]

R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-06-03 3695104]

R3 Razerlow;Razerlow USB Filter Driver;C:\Windows\system32\Drivers\Razerlow.sys [2005-04-24 13225]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496]

S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]

S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-09-04 92656]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14ed432e-625e-11dd-b5c5-001e8c7dbd17}]

\shell\AutoRun\command - I:\Welcome.exe

 

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]

%SystemRoot%\system32\soundschemes.exe /AddRegistration

.

- - - - ORPHANS REMOVED - - - -

 

Toolbar-{6134A39A-C1EA-4E6F-B6D2-9ED5D9CC03B5} - (no file)

HKLM-Run-AAWTray - C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

 

 

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Users\tore\AppData\Roaming\Mozilla\Firefox\Profiles\1yj9lmmv.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-07 08:26:31

Windows 6.0.6001 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-09-07 8:27:42

ComboFix-quarantined-files.txt 2008-09-07 06:27:38

 

Pre-Run: 51,747,110,912 bytes free

Post-Run: 51,711,688,704 bytes free

 

228 --- E O F --- 2008-09-06 07:21:57

 

 

 

 

 

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - G:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "G:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [RemoteControl] "g:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "g:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [steam] "g:\program files\steam\steam.exe" -silent

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://G:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - G:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - G:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

 

--

End of file - 8216 bytes

 

 

 

 

Malwarebytes' Anti-Malware 1.26

Database versjon: 1122

Windows 6.0.6001 Service Pack 1

 

9/7/2008 8:41:56 AM

mbam-log-2008-09-07 (08-41-56).txt

 

Skanntype: Rask Skann

Objekter skannet: 46083

Tid tilbakelagt: 1 minute(s), 5 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

(Ingen mistenkelige filer funnet)

 

 

Endret 7. september 2008 av b@rgen

[r2d290]

Utifra det jeg kan se, er loggene rene for malware. Merker du noen problemer?

[Entity extraction]

nei, merker ikke noenting etter at jeg brukte de verktøyene som jeg fant en glimrende guide på i denne delen av forumet. Ønsket bare at noen som har mer greie enn meg på slike logger skulle ta en titt. (loggene sier ikke meg noe)

 

Tusen takk for hjelpen

[r2d290]

Combofix må avinstalleres.

 

Gå til Start > Kjør

Skriv følgende i boksen:

• combofix /u
  

PS: legg merke til mellomrommet mellom X og /u

 

Trykk Enter.

 

Denne kommandoen vil:

• Fjerne følgende:
  • ComboFix og dets tilhørende filer og mapper.
    VundoFix backups, hvis de eksisterer.
    Mappen C:\Deckard, hvis den eksisterer
    Mappen C:\OtMoveIt, hvis den eksisterer
    

  [*] Nullstille klokke-instillingene.

   

  [*] Skjule filetternavn hvis det er nødvendig.

   

  [*] Skjule System/Skjulte filer og mapper hvis det er nødvendig.

   

  [*] Nullstille systemgjennoprettingspunkter.

 

 

Dersom du mener at problemet med maskinen din er løst, kan du endre emnetittelen din, ved å trykke på i førsteposten din, og velge full endring. Øverst der emnetittelen din er, skriver du:

[LØST]

foran emnetittelen din.

 

Eks: [LØST] Har fått virus på maskinen

 

Dette vil være med på å holde forumet mer oversiktlig for supporterne, samt at nye folk som får samme problemet lettere vil finne en passende tråd å se i.

 

-Surf trygt-