Gå til innhold

» Data » IKT-drift og sikkerhet

Logger til HJT, Combofix, MBAM som trenger en skjekk

Pizzaen

Av Pizzaen
24. september 2008 i IKT-drift og sikkerhet

Anbefalte innlegg

Pizzaen

Pizzaen

Skrevet 24. september 2008

- Del

Skrevet 24. september 2008

Hei Har lastet utrolig mye jeg ikke er sikker på i det siste så vill være helt sikker på at det ikke er noe i bakrunnen som driver og fanger opp tastetrykkene mine. Så her er noen logger:

MBAM

Malwarebytes' Anti-Malware 1.28

Database versjon: 1202

Windows 5.1.2600 Service Pack 3

24.09.2008 19:30:23

mbam-log-2008-09-24 (19-30-23).txt

Skanntype: Rask Skann

Objekter skannet: 49683

Tid tilbakelagt: 4 minute(s), 42 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

Mapper infisert:

(Ingen mistenkelige filer funnet)

Filer infisert:

(Ingen mistenkelige filer funnet)

Combofix:

ComboFix 08-09-24.01 - Vegard 2008-09-24 19:37:28.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1044.18.486 [GMT 2:00]

Running from: C:\Documents and Settings\Vegard\Skrivebord\Combofix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Vegard\Programdata\.#\MBX@D7C@202C548.###

C:\Documents and Settings\Vegard\Programdata\.#\MBX@D7C@202C558.###

C:\Documents and Settings\Vegard\Programdata\.#\MBX@D7C@202C578.###

C:\Documents and Settings\Vegard\Programdata\.#\MBX@D7C@202DD68.###

C:\Documents and Settings\Vegard\Programdata\.#\MBX@D7C@202FB18.###

C:\Documents and Settings\Vegard\Programdata\.#\MBX@E74@202C548.###

C:\Documents and Settings\Vegard\Programdata\.#\MBX@E74@202C558.###

C:\Documents and Settings\Vegard\Programdata\.#\MBX@E74@202C578.###

C:\Documents and Settings\Vegard\Programdata\.#\MBX@E74@202DD68.###

C:\Documents and Settings\Vegard\Programdata\.#\MBX@E74@202FB18.###

.

((((((((((((((((((((((((( Files Created from 2008-08-24 to 2008-09-24 )))))))))))))))))))))))))))))))

.

2008-09-24 19:24 . 2008-09-24 19:24 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware

2008-09-24 19:24 . 2008-09-24 19:24 <DIR> d-------- C:\Documents and Settings\Vegard\Programdata\Malwarebytes

2008-09-24 19:24 . 2008-09-24 19:24 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes

2008-09-24 19:24 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2008-09-24 19:24 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys

2008-09-24 19:10 . 2008-09-24 19:35 <DIR> dr-h----- C:\Documents and Settings\Vegard\Siste

2008-09-24 19:07 . 2008-09-24 19:07 <DIR> d-------- C:\Programfiler\Avira

2008-09-24 18:12 . 2008-09-24 18:51 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-09-24 18:11 . 2008-09-24 18:11 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-09-24 18:10 . 2008-09-24 18:10 <DIR> d-------- C:\Programfiler\Tall Emu

2008-09-24 18:10 . 2008-09-24 19:44 <DIR> d-------- C:\Documents and Settings\Vegard\Programdata\OnlineArmor

2008-09-24 18:10 . 2008-09-24 18:10 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\OnlineArmor

2008-09-24 18:10 . 2008-04-17 05:25 80,584 --a------ C:\WINDOWS\system32\drivers\OADriver.sys

2008-09-24 18:10 . 2008-04-17 05:25 32,456 --a------ C:\WINDOWS\system32\drivers\OAmon.sys

2008-09-24 18:10 . 2008-04-17 05:25 28,872 --a------ C:\WINDOWS\system32\drivers\oanet.sys

2008-09-23 16:54 . 2008-09-23 16:54 <DIR> d-------- C:\Programfiler\TeamViewer3

2008-09-23 16:47 . 2008-09-23 16:47 <DIR> d-------- C:\Documents and Settings\Vegard\Programdata\TeamViewer

2008-09-23 16:46 . 2008-09-23 16:46 <DIR> d-------- C:\Documents and Settings\Vegard\temp

2008-09-22 21:45 . 2008-09-23 14:42 <DIR> d-------- C:\Programfiler\Incomplete

2008-09-22 11:45 . 2008-05-21 20:25 23,352 --a------ C:\WINDOWS\system32\drivers\pnpcap.sys

2008-09-22 11:44 . 2008-09-22 11:44 <DIR> d-------- C:\Programfiler\Pure Networks

2008-09-22 11:44 . 2008-09-22 11:44 <DIR> d-------- C:\Programfiler\Fellesfiler\Pure Networks Shared

2008-09-22 11:44 . 2008-09-22 11:45 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Pure Networks

2008-09-22 11:44 . 2008-05-16 06:10 25,272 --a------ C:\WINDOWS\system32\drivers\purendis.sys

2008-09-22 11:44 . 2008-05-16 06:10 23,992 --a------ C:\WINDOWS\system32\drivers\pnarp.sys

2008-09-20 20:21 . 2008-09-20 21:59 <DIR> d-------- C:\Documents and Settings\Mamma\Programdata\dvdcss

2008-09-20 20:11 . 2008-09-20 20:11 <DIR> d-------- C:\Documents and Settings\Mamma\Programdata\Windows Search

2008-09-20 20:01 . 2008-09-20 20:01 <DIR> d-------- C:\Documents and Settings\Mamma\Programdata\vlc

2008-09-18 14:59 . 2008-09-18 14:59 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll

2008-09-18 14:59 . 2008-09-18 14:59 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll

2008-09-18 14:58 . 2007-09-07 14:55 12,744 --a------ C:\WINDOWS\system32\drivers\Entech64.sys

2008-09-18 14:58 . 2007-09-07 14:55 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd

2008-09-18 14:58 . 2001-11-19 20:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys

2008-09-18 14:56 . 2008-09-18 14:56 <DIR> d-------- C:\Programfiler\Futuremark

2008-09-17 21:52 . 2008-09-17 21:52 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Avg8

2008-09-17 20:19 . 2008-09-17 20:19 <DIR> d-------- C:\WINDOWS\system32\Futuremark

2008-09-17 20:19 . 2008-09-17 20:19 <DIR> d-------- C:\Programfiler\Fellesfiler\Futuremark Shared

2008-09-17 20:19 . 2008-05-29 12:33 27,672 -ra------ C:\WINDOWS\system32\drivers\Entech.sys

2008-09-17 20:13 . 2008-09-18 15:58 <DIR> d-------- C:\Programfiler\RivaTuner v2.11

2008-09-17 20:12 . 2008-09-17 20:12 <DIR> d--h----- C:\WINDOWS\PIF

2008-09-16 15:55 . 2008-09-16 15:55 <DIR> d-------- C:\Documents and Settings\Vegard\SystemRequirementsLab

2008-09-16 15:48 . 2008-09-16 15:48 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\LogMeIn

2008-09-16 10:05 . 2008-09-16 10:05 <DIR> d-------- C:\Documents and Settings\Vegard\Programdata\vlc

2008-09-15 19:15 . 2008-09-20 20:19 <DIR> dr-h----- C:\Documents and Settings\Mamma\Siste

2008-09-13 17:09 . 2008-09-13 17:09 52,664 --ah----- C:\WINDOWS\system32\mlfcache.dat

2008-09-13 14:36 . 2008-09-13 14:36 250 --a------ C:\WINDOWS\gmer.ini

2008-09-12 11:49 . 2008-09-12 11:49 <DIR> d-------- C:\Programfiler\Microsoft Silverlight

2008-09-12 11:28 . 2008-09-12 11:28 268 --ah----- C:\sqmdata01.sqm

2008-09-12 11:28 . 2008-09-12 11:28 244 --ah----- C:\sqmnoopt01.sqm

2008-09-12 09:25 . 2008-09-23 21:36 <DIR> d-------- C:\Programfiler\mIRC

2008-09-12 09:25 . 2008-09-24 17:58 <DIR> d-------- C:\Documents and Settings\Vegard\Programdata\mIRC

2008-09-11 21:17 . 2008-09-11 21:18 <DIR> d-------- C:\Programfiler\iTunes

2008-09-11 21:17 . 2008-09-11 21:17 <DIR> d-------- C:\Programfiler\iPod

2008-09-11 21:17 . 2008-09-11 21:18 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-09-11 21:16 . 2008-09-11 21:16 <DIR> d-------- C:\Programfiler\QuickTime

2008-09-07 14:53 . 2008-09-07 14:53 <DIR> d-------- C:\Documents and Settings\Mamma\Programdata\ESET

2008-09-07 14:53 . 2008-09-07 14:53 <DIR> d-------- C:\Documents and Settings\Mamma\Programdata\ATI

2008-09-07 14:52 . 2008-08-28 16:14 <DIR> dr------- C:\Documents and Settings\Mamma\Start-meny

2008-09-07 14:52 . 2008-08-28 16:14 <DIR> d--h----- C:\Documents and Settings\Mamma\Skrivere

2008-09-07 14:52 . 2008-09-21 20:02 <DIR> d-------- C:\Documents and Settings\Mamma\Skrivebord

2008-09-07 14:52 . 2008-09-20 20:21 <DIR> dr-h----- C:\Documents and Settings\Mamma\Programdata

2008-09-07 14:52 . 2008-09-07 14:53 <DIR> dr------- C:\Documents and Settings\Mamma\Mine dokumenter

2008-09-07 14:52 . 2008-08-28 14:38 <DIR> d--h----- C:\Documents and Settings\Mamma\Maler

2008-09-07 14:52 . 2008-09-24 19:40 <DIR> d--h----- C:\Documents and Settings\Mamma\Lokale innstillinger

2008-09-07 14:52 . 2008-09-07 14:53 <DIR> dr------- C:\Documents and Settings\Mamma\Favoritter

2008-09-07 14:52 . 2008-08-28 16:14 <DIR> d--h----- C:\Documents and Settings\Mamma\AndrMask

2008-09-07 14:52 . 2008-09-16 21:16 <DIR> d-------- C:\Documents and Settings\Mamma

2008-09-06 21:34 . 2008-09-06 21:34 <DIR> d-------- C:\Programfiler\Audacity

2008-09-06 17:00 . 2008-09-24 19:41 <DIR> d--hs---- C:\Documents and Settings\Vegard\Programdata\.#

2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx

2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

2008-09-06 11:35 . 2008-09-06 11:35 <DIR> d-------- C:\Programfiler\Defraggler

2008-09-06 11:08 . 2008-09-06 11:08 <DIR> d-------- C:\Documents and Settings\Vegard\Programdata\Launchy

2008-09-05 12:17 . 2008-09-05 12:18 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-08-31 19:54 . 2008-08-31 19:54 <DIR> d-------- C:\WINDOWS\Sun

2008-08-31 14:52 . 2008-08-31 16:06 <DIR> d-------- C:\Programfiler\Fellesfiler\AOL

2008-08-31 14:52 . 2008-08-31 14:52 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Viewpoint

2008-08-31 14:52 . 2008-08-31 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\AOL OCP

2008-08-31 14:52 . 2008-08-31 14:52 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\AOL

2008-08-31 14:52 . 2008-08-31 14:54 470 --ah----- C:\IPH.PH

2008-08-31 12:55 . 2008-08-31 12:55 317 --a------ C:\WINDOWS\game.ini

2008-08-31 12:46 . 2008-08-31 12:46 <DIR> d--hs---- C:\WINDOWS\ftpcache

2008-08-31 12:34 . 2008-08-31 12:34 <DIR> d-------- C:\Programfiler\DAMN NFO Viewer

2008-08-29 17:24 . 2008-08-29 17:24 <DIR> d-------- C:\Documents and Settings\Vegard\.thumbnails

2008-08-29 17:23 . 2008-09-23 18:34 <DIR> d-------- C:\Documents and Settings\Vegard\Programdata\gtk-2.0

2008-08-29 17:19 . 2008-08-29 17:19 <DIR> d-------- C:\Programfiler\GIMP-2.0

2008-08-29 17:19 . 2008-09-23 18:34 <DIR> d-------- C:\Documents and Settings\Vegard\.gimp-2.4

2008-08-29 13:52 . 2008-09-23 14:42 <DIR> d-------- C:\Documents and Settings\Vegard\Programdata\LimeWire

2008-08-29 12:31 . 2008-09-22 17:29 116 --a------ C:\WINDOWS\NeroDigital.ini

2008-08-29 12:17 . 2008-08-29 12:17 <DIR> d-------- C:\Documents and Settings\Vegard\Programdata\Windows Search

2008-08-29 11:42 . 2000-03-03 21:16 7,424 -ra------ C:\WINDOWS\system32\drivers\MMIOPORT.SYS

2008-08-29 11:39 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe

2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe

2008-08-29 10:17 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll

2008-08-29 10:17 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll

2008-08-29 10:17 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll

2008-08-28 21:13 . 2008-08-28 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\FLEXnet

2008-08-28 20:42 . 2008-08-28 20:42 <DIR> d-------- C:\Documents and Settings\Vegard\Programdata\ESET

2008-08-28 20:39 . 2008-08-28 20:39 <DIR> d-------- C:\Programfiler\ESET

2008-08-28 20:39 . 2008-08-28 20:39 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\ESET

2008-08-28 20:36 . 2008-08-28 20:36 <DIR> d-------- C:\Programfiler\Safari

2008-08-28 20:36 . 2008-08-28 20:36 <DIR> d-------- C:\Programfiler\Apple Software Update

2008-08-28 17:56 . 2008-08-28 17:56 <DIR> d-------- C:\Documents and Settings\Vegard\Programdata\Ahead

2008-08-28 17:55 . 2008-08-28 17:55 <DIR> d-------- C:\Programfiler\Nero

2008-08-28 17:55 . 2008-08-28 17:55 <DIR> d-------- C:\Programfiler\Fellesfiler\Ahead

2008-08-28 17:46 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll

2008-08-28 17:44 . 2008-08-28 17:44 <DIR> d-------- C:\Programfiler\Microsoft Works

2008-08-28 17:43 . 2008-08-28 17:43 <DIR> d-------- C:\Programfiler\Microsoft.NET

2008-08-28 17:41 . 2008-08-28 17:41 <DIR> d-------- C:\Programfiler\Microsoft Visual Studio 8

2008-08-28 17:40 . 2008-08-28 17:44 <DIR> d-------- C:\WINDOWS\SHELLNEW

2008-08-28 17:40 . 2008-08-28 17:40 <DIR> dr-h----- C:\MSOCache

2008-08-28 17:40 . 2008-09-12 11:52 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-08-28 17:11 . 2008-09-24 18:12 <DIR> d-------- C:\Documents and Settings\Vegard\Programdata\SUPERAntiSpyware.com

2008-08-28 17:11 . 2008-08-28 17:11 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-08-28 15:59 . 2008-08-28 17:44 <DIR> d-------- C:\Programfiler\MSBuild

2008-08-28 15:57 . 2008-08-28 15:57 <DIR> d-------- C:\WINDOWS\system32\XPSViewer

2008-08-28 15:57 . 2008-08-28 15:57 <DIR> d-------- C:\Programfiler\Reference Assemblies

2008-08-28 15:57 . 2007-09-27 10:48 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-08-28 15:57 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2008-08-28 15:51 . 2008-08-28 15:51 0 --a------ C:\WINDOWS\nsreg.dat

2008-08-28 15:49 . 2008-08-28 15:49 <DIR> d-------- C:\Programfiler\Realtek Sound Manager

2008-08-28 15:49 . 2008-08-28 15:49 <DIR> d-------- C:\Programfiler\Realtek AC97

2008-08-28 15:49 . 2008-08-28 15:49 <DIR> d-------- C:\Programfiler\AvRack

2008-08-28 15:48 . 2008-09-18 14:56 <DIR> d--h----- C:\Programfiler\InstallShield Installation Information

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-24 17:46 --------- d-----w C:\Documents and Settings\Vegard\Programdata\uTorrent

2008-09-24 17:44 --------- d-----w C:\Programfiler\Steam

2008-09-24 17:07 --------- d-----w C:\Documents and Settings\All Users\Programdata\Avira

2008-09-23 12:42 --------- d-----w C:\Programfiler\LimeWire

2008-09-11 19:16 --------- d-----w C:\Programfiler\Bonjour

2008-09-06 19:58 --------- d---a-w C:\Documents and Settings\All Users\Programdata\TEMP

2008-09-06 09:54 --------- d-----w C:\Programfiler\GCFScape

2008-08-31 14:06 --------- d-----w C:\Programfiler\DAEMON Tools Lite

2008-08-30 09:47 --------- d-----w C:\Documents and Settings\Vegard\Programdata\Apple Computer

2008-08-28 19:04 --------- d-----w C:\Programfiler\Unlocker

2008-08-28 15:04 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

2008-08-28 14:58 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple Computer

2008-08-28 14:56 --------- d-----w C:\Programfiler\Fraps

2008-08-28 14:56 --------- d-----w C:\Programfiler\Fellesfiler\Macrovision Shared

2008-08-28 14:52 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-08-28 14:52 --------- d-----w C:\Documents and Settings\Vegard\Programdata\DAEMON Tools

2008-08-28 14:47 --------- d-----w C:\Programfiler\Windows Live

2008-08-28 14:45 --------- dcsh--w C:\Programfiler\Fellesfiler\WindowsLiveInstaller

2008-08-28 14:45 --------- d-----w C:\Programfiler\Red Kawa

2008-08-28 14:45 --------- d-----w C:\Documents and Settings\All Users\Programdata\WLInstaller

2008-08-28 14:44 --------- d-----w C:\Programfiler\CodeStuff

2008-08-28 14:42 --------- d-----w C:\Programfiler\Fellesfiler\Apple

2008-08-28 14:42 --------- d-----w C:\Documents and Settings\All Users\Programdata\Apple

2008-08-28 14:41 --------- d-----w C:\Programfiler\VideoLAN

2008-08-28 14:40 --------- d-----w C:\Programfiler\uTorrent

2008-08-28 14:40 --------- d-----w C:\Programfiler\Java

2008-08-28 14:40 --------- d-----w C:\Programfiler\Globe Software

2008-08-28 14:40 --------- d-----w C:\Programfiler\CCleaner

2008-08-28 14:39 --------- d-----w C:\Programfiler\Fellesfiler\Java

2008-08-28 14:32 --------- d-----w C:\Documents and Settings\Vegard\Programdata\ATI

2008-08-28 14:32 --------- d-----w C:\Documents and Settings\All Users\Programdata\ATI

2008-08-28 14:29 --------- d-----w C:\Programfiler\Windows Desktop Search

2008-08-28 14:29 --------- d-----w C:\Documents and Settings\Vegard\Programdata\Windows Desktop Search

2008-08-28 14:23 --------- d-----w C:\Documents and Settings\All Users\Programdata\Office Genuine Advantage

2008-08-28 14:20 --------- d-----w C:\Programfiler\ATI Technologies

2008-08-28 12:42 --------- d-----w C:\Programfiler\microsoft frontpage

2008-08-28 12:40 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester

2008-08-28 12:40 --------- d-----w C:\Programfiler\Elektroniske tjenester

2008-08-28 12:38 --------- d-----w C:\Programfiler\Windows Media Connect 2

2008-08-01 06:38 3,266,560 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys

2008-08-01 05:40 9,928,704 ----a-w C:\WINDOWS\system32\atioglxx.dll

2008-08-01 04:58 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll

2008-08-01 04:33 425,984 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll

2008-08-01 04:32 311,296 ----a-w C:\WINDOWS\system32\ati2dvag.dll

2008-08-01 04:23 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll

2008-08-01 04:23 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll

2008-08-01 04:22 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll

2008-08-01 04:22 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe

2008-08-01 04:22 143,360 ----a-w C:\WINDOWS\system32\ati2evxx.dll

2008-08-01 04:21 573,440 ----a-w C:\WINDOWS\system32\ati2evxx.exe

2008-08-01 04:19 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL

2008-08-01 04:10 3,917,568 ----a-w C:\WINDOWS\system32\ati3duag.dll

2008-08-01 03:59 2,183,552 ----a-w C:\WINDOWS\system32\ativvaxx.dll

2008-08-01 03:46 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll

2008-08-01 03:42 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll

2008-08-01 03:40 35,328 ----a-w C:\WINDOWS\system32\atiadlxx.dll

2008-08-01 03:40 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll

2008-08-01 03:39 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll

2008-08-01 03:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll

2008-08-01 03:34 561,152 ----a-w C:\WINDOWS\system32\ati2cqag.dll

2008-07-31 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe

2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll

2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

"Steam"="c:\programfiler\steam\steam.exe" [2008-09-08 1271032]

"StatBar"="C:\Programfiler\Globe Software\StatBar\StatBar.exe" [2003-07-25 335872]

"uTorrent"="C:\Programfiler\uTorrent\uTorrent.exe" [2008-08-28 267056]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-24 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]

"OnlineArmor GUI"="C:\Programfiler\Tall Emu\Online Armor\oaui.exe" [2008-04-17 5545536]

"avgnt"="C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"SoundMan"="SOUNDMAN.EXE" [2005-10-24 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

C:\Documents and Settings\Vegard\Start-meny\Programmer\Oppstart\

iTunes.lnk - C:\Programfiler\iTunes\iTunes.exe [2008-09-08 14228264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll" [2008-04-17 671432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-09-24 18:51 352256 C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\uTorrent\\uTorrent.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Programfiler\\Bonjour\\mDNSResponder.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"C:\\Programfiler\\mIRC\\mirc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"67:UDP"= 67:UDP:DHCP Discovery Service

R1 OADevice;OADriver;C:\WINDOWS\system32\drivers\OADriver.sys [2008-04-17 80584]

R1 OAmon;OAmon;C:\WINDOWS\system32\drivers\OAmon.sys [2008-04-17 32456]

R1 OAnet;OAnet;C:\WINDOWS\system32\drivers\OAnet.sys [2008-04-17 28872]

R2 pnpcap;Pure Networks Packet Capture Driver;C:\WINDOWS\system32\DRIVERS\pnpcap.sys [2008-05-21 23352]

R2 SvcOnlineArmor;Online Armor;C:\Programfiler\Tall Emu\Online Armor\oasrv.exe [2008-04-17 5435968]

S2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Programfiler\Viewpoint\Common\ViewpointService.exe [ ]

S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\Shell\AutoRun\command - F:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7cb9d28-7505-11dd-a567-806d6172696f}]

\Shell\AutoRun\command - J:\Setup.exe

.

Contents of the 'Scheduled Tasks' folder

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-NWEReboot - (no file)

Notify-WgaLogon - (no file)

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Vegard\Programdata\Mozilla\Firefox\Profiles\5shtfd9y.default\

FF -: plugin - C:\Documents and Settings\Vegard\Programdata\Mozilla\Firefox\Profiles\5shtfd9y.default\extensions\[email protected]\plugins\npRACtrl.dll

FF -: plugin - C:\Programfiler\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - C:\Programfiler\Mozilla Firefox\plugins\npViewpoint.dll

FF -: plugin - C:\Programfiler\Viewpoint\Viewpoint Media Player\npViewpoint.dll

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-24 19:44:44

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]

"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\searchindexer.exe

C:\Programfiler\Fellesfiler\Pure Networks Shared\Platform\nmsrvc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\WINDOWS\system32\imapi.exe

.

**************************************************************************

.

Completion time: 2008-09-24 19:50:14 - machine was rebooted

ComboFix-quarantined-files.txt 2008-09-24 17:50:00

Pre-Run: 32 459 218 944 byte ledig

Post-Run: 32,468,439,040 byte ledig

323 --- E O F --- 2008-09-06 01:00:17

HJT:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:02:04, on 24.09.2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programfiler\Tall Emu\Online Armor\oasrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programfiler\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Programfiler\Fellesfiler\Pure Networks Shared\Platform\nmsrvc.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\System32\svchost.exe

C:\Programfiler\Tall Emu\Online Armor\oaui.exe

C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\programfiler\steam\steam.exe

C:\Programfiler\Globe Software\StatBar\StatBar.exe

C:\Programfiler\iTunes\iTunes.exe

C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Programfiler\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Programfiler\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\Programfiler\Globe Software\StatBar\StatBar.exe

C:\Documents and Settings\Vegard\Skrivebord\Ny mappe\fdssfdfsd.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.no

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger

O2 - BHO: Koblingshjelpeprogram for Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programfiler\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [startCCC] "C:\Programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Programfiler\Tall Emu\Online Armor\oaui.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "c:\programfiler\steam\steam.exe" -silent

O4 - HKCU\..\Run: [statBar] C:\Programfiler\Globe Software\StatBar\StatBar.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Programfiler\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKAL TJENESTE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETTVERKSTJENESTE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: iTunes.lnk = ?

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe

O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.ftwtv.com/UKooPlayer.ocx

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programfiler\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programfiler\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programfiler\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programfiler\Fellesfiler\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programfiler\iPod\bin\iPodService.exe

O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Programfiler\Fellesfiler\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Programfiler\Tall Emu\Online Armor\oasrv.exe

O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Programfiler\Viewpoint\Common\ViewpointService.exe (file missing)

--

End of file - 7517 bytes

Lenke til kommentar

Videoannonse

Annonse

norbat

norbat

Skrevet 24. september 2008

- Del

Skrevet 24. september 2008

Ser ikke noe malware i de loggene. Pc'n kjører ok?

Lenke til kommentar

Pizzaen

Pizzaen

Skrevet 24. september 2008

Forfatter

- Del

Skrevet 24. september 2008 (endret)

Ser ikke noe malware i de loggene. Pc'n kjører ok?

Ja, er ikke at pc'n kjører dårlig eller noe, men har lastet ned noe tull i går som jeg ikke vet var helt sikkert så derfor tenkte jeg at det var lurt og ta en skjekk Men så Combofix fjernet noe, hva var det?

Edit: Har enda en pc jeg skulle ha skjekket, skall jeg lage en ny tråd eller bruke denne?

Endret 24. september 2008 av Pizzaen

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå

Gå til emneliste

Populær nå
- Skal man selv avbryte sykemelding om man blir bedre under sykemelding? Selv om arbeidsgiver er grunnen 1 2
  
  Av Gjest b7a66...cc2, 15 timer siden i Jobb og karriere
  - 39 svar
  - 596 visninger
- Marius Borg Høiby og vold 1 2 3 4 66
  
  Av Gargantua, 15. august i Media
  - 1 302 svar
  - 63 954 visninger
Hvem er aktive 0 medlemmer
- Ingen innloggede medlemmer aktive

×

×

Opprett ny...