bokhylle Skrevet 21. desember 2008 Del Skrevet 21. desember 2008 (endret) Kan noen ta en titt på disse loggene? Combofix ComboFix 08-12-21.02 - guav1ta 2008-12-22 0:42:56.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1396 [GMT 1:00] Kjører fra: c:\documents and settings\guav1ta\Desktop\ComboFix.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2008-11-21 til 2008-12-21 ))))))))))))))))))))))))))))))))) . 2008-12-22 00:13 . 2008-12-22 00:13 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-22 00:13 . 2008-12-22 00:13 <DIR> d-------- c:\documents and settings\guav1ta\Application Data\Malwarebytes 2008-12-22 00:13 . 2008-12-22 00:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-12-22 00:13 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-22 00:13 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-22 00:08 . 2008-12-22 00:08 <DIR> d-------- c:\program files\Yahoo! 2008-12-21 23:25 . 2008-12-21 23:25 142 --a------ c:\windows\system32\spupdsvc.inf 2008-12-21 23:24 . 2008-12-21 23:24 <DIR> d-------- c:\windows\LastGood 2008-12-17 17:18 . 2008-12-17 17:18 <DIR> d-------- c:\program files\Lavasoft 2008-12-17 17:18 . 2008-12-17 17:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2008-12-08 04:29 . 2008-12-08 04:29 244 --ah----- C:\sqmnoopt01.sqm 2008-12-08 04:29 . 2008-12-08 04:29 232 --ah----- C:\sqmdata01.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-21 23:05 --------- d-----w c:\documents and settings\guav1ta\Application Data\mIRC 2008-12-21 22:27 --------- d-----w c:\program files\Steam 2008-12-17 16:17 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-12-12 18:51 --------- d-----w c:\documents and settings\guav1ta\Application Data\Ventrilo 2008-12-11 02:03 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-11-18 15:03 --------- d-----w c:\documents and settings\guav1ta\Application Data\OpenOffice.org2 2008-11-16 02:53 --------- d-----w c:\program files\Nokia 2008-11-08 16:18 376,832 ----a-w c:\windows\system32\AegisI5Installer.exe 2008-11-08 16:18 21,361 ----a-w c:\windows\system32\drivers\AegisP.sys 2008-11-08 16:18 21,361 ----a-w c:\windows\AegisP.sys 2008-11-08 16:18 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\Intel 2008-11-08 16:18 --------- d-----w c:\documents and settings\NetworkService\Application Data\Intel 2008-11-08 16:18 --------- d-----w c:\documents and settings\LocalService\Application Data\Intel 2008-11-08 16:18 --------- d-----w c:\documents and settings\guav1ta\Application Data\Intel 2008-11-08 16:17 --------- d-----w c:\program files\Intel 2008-11-08 16:17 --------- d-----w c:\documents and settings\All Users\Application Data\Intel 2008-11-08 16:03 --------- d-----w c:\program files\Common Files\Adobe 2008-11-08 15:46 --------- d-----w c:\program files\Dell 2008-11-04 17:10 --------- d-----w c:\documents and settings\guav1ta\Application Data\Azureus 2008-11-01 11:42 --------- d-----w c:\program files\PPLive 2008-11-01 11:00 --------- d-----w c:\documents and settings\All Users\Application Data\PPLive 2008-11-01 10:57 --------- d-----w c:\documents and settings\All Users\Application Data\Jlcm 2008-10-31 15:27 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-31 15:25 --------- d-----w c:\program files\Common Files\InstallShield 2008-10-24 11:25 455,936 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-23 12:51 284,160 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 20:24 827,904 ----a-w c:\windows\system32\wininet.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll 2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll 2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-03-19 13:34 16,384 -csha-w c:\windows\system32\config\systemprofile\Cookies\index.dat 2008-03-19 13:34 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat 2008-03-19 13:34 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008031920080320\index.dat 2008-03-19 13:34 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-19 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-13 7700480] "JeticoPFStartup"="c:\program files\Jetico\Jetico Personal Firewall\fwsrv.exe" [2005-07-19 118784] "DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-05-07 159744] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824] "Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2007-05-14 1191936] "NVHotkey"="nvHotkey.dll" [2007-02-13 c:\windows\system32\nvhotkey.dll] "NvMediaCenter"="NvMCTray.dll" [2007-02-13 c:\windows\system32\nvmctray.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 12:41 294912 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= [HKLM\~\startupfolder\C:^Documents and Settings^guav1ta^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk] path=c:\documents and settings\guav1ta\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] --a------ 2004-03-12 21:43 81920 c:\program files\D-Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeathAdder] --a------ 2007-05-07 17:40 159744 c:\program files\Razer\DeathAdder\razerhid.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet] --a------ 2007-05-14 14:23 1191936 c:\program files\Dell\QuickSet\quickset.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] --a------ 2005-06-08 13:44 196608 c:\program files\Logitech\Video\ManifestEngine.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] --a--c--- 2005-06-08 14:24 458752 c:\program files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] --a--c--- 2005-06-08 14:14 217088 c:\program files\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2007-05-21 12:29 1694208 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services] --a------ 2008-05-22 14:59 156944 c:\documents and settings\guav1ta\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-23 22:01 385024 c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] --a--c--- 2007-05-10 10:22 405504 c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-10-08 17:03 1410296 c:\program files\Steam\steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a--c--- 2008-02-29 16:03 1481968 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-10-19 15:21 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a--c--- 2007-02-13 19:26 1622016 c:\windows\system32\nwiz.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Steam\\steamapps\\anette50\\counter-strike\\hl.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "e:\\Fredriks PC\\Spill\\PC-GAMES - Risk 2 (Tested)\\RISK2\\RISKII.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "e:\\Fredriks PC\\Spill\\cs. 1.6\\hl.exe"= "c:\\Program Files\\Steam\\steam.exe"= "c:\\Documents and Settings\\guav1ta\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"= "e:\\Fredriks PC\\Masse drit\\TVEN MIN\\SopCast\\adv\\SopAdver.exe"= "e:\\Fredriks PC\\Masse drit\\TVEN MIN\\SopCast\\SopCast.exe"= "e:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\PPLive\\PPLive.exe"= "e:\\Fredriks PC\\Spill\\Age of empires 2\\empires2.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Documents and Settings\\guav1ta\\Local Settings\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1223:UDP"= 1223:UDP:Windows Media Format SDK (wmplayer.exe) "1222:UDP"= 1222:UDP:Windows Media Format SDK (wmplayer.exe) "1225:UDP"= 1225:UDP:Windows Media Format SDK (wmplayer.exe) "1432:UDP"= 1432:UDP:Windows Media Format SDK (wmplayer.exe) "1433:UDP"= 1433:UDP:Windows Media Format SDK (wmplayer.exe) "1434:UDP"= 1434:UDP:Windows Media Format SDK (wmplayer.exe) R0 d346bus;d346bus;c:\windows\system32\DRIVERS\d346bus.sys [2008-07-07 156800] R0 d346prt;d346prt;c:\windows\system32\Drivers\d346prt.sys [2008-07-07 5248] R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-02-29 8944] R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-02-29 51440] R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2008-03-19 10880] S2 PSTRIP;PSTRIP;\??\c:\windows\system32\DRIVERS\PSTRIP.SYS [] S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2008-03-20 22752] S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096] *Newly Created Service* - CATCHME . . ------- Tilleggsskanning ------- . uStart Page = https://www.dnbnor.no/ uInternet Settings,ProxyOverride = *.local IE: E&ksporter til Microsoft Excel - e:\progra~1\Office12\EXCEL.EXE/3000 c:\windows\Downloaded Program Files\centrebetpokerlauncher.dll - O16 -: {1819853F-A3CA-4BC4-AD65-EC29D7448494} hxxp://centrebet.com/external/centrebet/static/activex/centrebetpokerlauncher.cab c:\windows\Downloaded Program Files\centrebetpokerlauncher.inf c:\windows\Downloaded Program Files\sysreqlab3.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.srtest.com/srl_bin/sysreqlab3.cab c:\windows\Downloaded Program Files\SysReqLab3.osd c:\windows\Downloaded Program Files\DyynoX.dll - O16 -: {4E218431-2F07-40BD-A9D3-035324C1F13F} hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB c:\windows\Downloaded Program Files\DyynoCAB.inf FF - ProfilePath - c:\documents and settings\guav1ta\Application Data\Mozilla\Firefox\Profiles\dk40mosx.default\ FF - plugin: c:\documents and settings\guav1ta\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\octoprogram-L03-NMS0810164_SUA_900\npoctoshape.dll FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll ATTENTION: FIREFOX POLICES IS IN FORCE c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-22 00:43:37 Windows 5.1.2600 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... d skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(944) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\System32\BCMLogon.dll c:\windows\system32\netprovcredman.dll . Tidspunkt ferdig: 2008-12-22 0:44:23 ComboFix-quarantined-files.txt 2008-12-21 23:44:09 ComboFix2.txt 2008-12-21 23:41:02 ComboFix3.txt 2008-12-21 23:20:56 ComboFix4.txt 2008-03-20 15:39:26 Pre-Run: 438 849 536 bytes free Post-Run: 427,184,128 bytes free 211 --- E O F --- 2008-12-21 22:25:38 HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:22:17, on 22.12.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20935) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe C:\Program Files\Razer\DeathAdder\razerhid.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Razer\DeathAdder\razerofa.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Steam\steam.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe E:\Program Files\mIRC\mirc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\guav1ta\Desktop\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dnbnor.no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www-config.strath.ac.uk/proxy.config R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe" O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://E:\PROGRA~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {1819853F-A3CA-4BC4-AD65-EC29D7448494} (CBPLauncher Class) - http://centrebet.com/external/centrebet/st...kerlauncher.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...018/flashax.cab O20 - AppInit_DLLs: O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing) O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing) O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-tjeneste (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 9482 bytes Malware Malwarebytes' Anti-Malware 1.31 Databaseversjon: 1456 Windows 5.1.2600 Service Pack 2 22.12.2008 00:16:48 mbam-log-2008-12-22 (00-16-48).txt Skanntype: Rask Skann Objekter skannet: 47780 Tid tilbakelagt: 2 minute(s), 17 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Tok sin tid med å få disse loggene inn i spoiler tag Endret 21. desember 2008 av bokhylle Lenke til kommentar
raWrz Skrevet 22. desember 2008 Del Skrevet 22. desember 2008 kan du oppdatere Mbam og hvis den finner noe nytt så poster du ny combofix logg Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå