NY logg av KIJONS

kijons · 30. januar 2009

ny logg av CombiFix

ComboFix 09-01-21.04 - Mia 2009-01-31 16:14:15.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.192 [GMT 1:00]

Kjører fra: c:\documents and settings\Mia\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

.

- REDUCED FUNCTIONALITY MODE -

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2008-12-28 til 2009-01-31 )))))))))))))))))))))))))))))))))

.

2009-01-31 16:08 . 2009-01-31 16:08 389,120 --a------ c:\windows\system32\CF3103.exe

2009-01-30 19:24 . 2009-01-30 19:23 410,984 --a------ c:\windows\system32\deploytk.dll

2009-01-30 19:24 . 2009-01-30 19:23 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-01-30 18:50 . 2003-06-19 01:31 17,920 --a------ c:\windows\system32\mdimon.dll

2009-01-30 18:50 . 2009-01-30 18:50 376 --a------ c:\windows\ODBC.INI

2009-01-30 18:49 . 2009-01-30 18:49 <DIR> d-------- c:\windows\SHELLNEW

2009-01-30 18:47 . 2009-01-30 18:47 <DIR> d-------- c:\program files\Microsoft.NET

2009-01-30 18:47 . 2009-01-30 18:47 <DIR> dr-h----- C:\MSOCache

2009-01-30 18:33 . 2009-01-30 18:33 <DIR> d-------- c:\windows\system32\scripting

2009-01-30 18:33 . 2009-01-30 18:33 <DIR> d-------- c:\windows\system32\en

2009-01-30 18:33 . 2009-01-30 18:33 <DIR> d-------- c:\windows\system32\bits

2009-01-30 18:33 . 2009-01-30 18:33 <DIR> d-------- c:\windows\l2schemas

2009-01-30 18:28 . 2009-01-30 18:34 <DIR> d-------- c:\windows\ServicePackFiles

2009-01-30 18:21 . 2009-01-30 18:21 <DIR> d-------- c:\program files\CCleaner

2009-01-30 18:13 . 2009-01-30 18:13 1,124 --a------ C:\delIndexDat.bat

2009-01-30 17:18 . 2008-10-16 21:38 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll

2009-01-30 17:18 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat

2009-01-30 17:18 . 2007-03-08 06:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui

2009-01-30 17:18 . 2008-10-16 21:38 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll

2009-01-30 17:18 . 2008-10-16 21:38 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll

2009-01-30 17:18 . 2008-10-16 21:38 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll

2009-01-30 17:18 . 2008-10-16 21:38 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll

2009-01-30 17:18 . 2008-10-16 21:38 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll

2009-01-30 17:18 . 2008-10-16 14:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe

2009-01-30 16:39 . 2008-06-13 12:05 272,128 --------- c:\windows\system32\drivers\bthport.sys

2009-01-30 16:39 . 2008-06-13 12:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys

2009-01-30 16:37 . 2008-08-14 11:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2009-01-30 16:37 . 2008-08-14 11:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-01-30 16:37 . 2008-08-14 10:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-01-30 16:37 . 2008-08-14 10:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2009-01-30 16:37 . 2008-09-15 13:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys

2009-01-30 16:34 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys

2009-01-30 16:34 . 2008-05-08 15:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys

2009-01-30 16:33 . 2008-04-11 20:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll

2009-01-30 16:33 . 2008-10-15 17:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

2009-01-30 16:33 . 2008-12-11 11:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys

2009-01-30 00:24 . 2009-01-30 00:24 443 --a------ c:\windows\wininit.ini

2009-01-29 23:45 . 2009-01-29 23:45 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2009-01-29 23:45 . 2009-01-29 23:45 <DIR> d-------- c:\documents and settings\Mia\Application Data\Malwarebytes

2009-01-29 23:45 . 2009-01-29 23:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-01-29 23:45 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2009-01-29 23:45 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2009-01-29 23:43 . 2009-01-29 23:43 <DIR> d-------- c:\program files\Opera

2009-01-29 23:16 . 2004-10-29 18:48 3,222,784 --a------ c:\windows\system32\drivers\w29n51.sys

2009-01-29 23:16 . 2004-10-15 10:20 458,752 --a------ c:\windows\system32\w29NCPA.dll

2009-01-29 23:16 . 2005-03-04 11:10 74,496 --a------ c:\windows\system32\drivers\Rtlnicxp.sys

2009-01-29 23:14 . 2005-04-05 05:25 160,768 --a------ c:\windows\system32\drivers\tifm21.sys

2009-01-29 23:12 . 2005-04-25 15:09 135,168 --a------ c:\windows\system32\drivers\ADIHdAud.sys

2009-01-29 23:10 . 2009-01-29 23:16 <DIR> d----c--- c:\windows\system32\DRVSTORE

2009-01-29 22:34 . 2009-01-29 22:34 <DIR> d-------- c:\program files\SUPERAntiSpyware

2009-01-29 22:34 . 2009-01-29 22:34 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

2009-01-29 22:34 . 2009-01-29 22:34 <DIR> d-------- c:\documents and settings\Mia\Application Data\SUPERAntiSpyware.com

2009-01-29 22:34 . 2009-01-29 22:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2009-01-29 22:18 . 2009-01-29 22:18 142,096 --a------ c:\windows\system32\drivers\tmcomm.sys

2009-01-29 22:00 . 2009-01-29 22:00 <DIR> d-------- c:\program files\Sophos

2009-01-29 21:14 . 2009-01-29 21:14 <DIR> d-------- c:\documents and settings\Mia\Application Data\Systweak

2009-01-29 20:47 . 2005-08-25 18:18 118,784 --a------ c:\windows\system32\MSSTDFMT.DLL

2009-01-29 20:47 . 2005-08-25 18:19 115,920 --a------ c:\windows\system32\MSINET.OCX

2009-01-29 19:36 . 2009-01-30 19:27 <DIR> d-------- c:\program files\Safer Networking

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-30 18:23 --------- d-----w c:\program files\Java

2009-01-29 17:47 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys

2009-01-29 17:47 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys

2009-01-29 17:47 10,520 ----a-w c:\windows\system32\avgrsstx.dll

2009-01-29 17:46 --------- d-----w c:\program files\AVG

2009-01-29 17:46 --------- d-----w c:\documents and settings\All Users\Application Data\avg8

2009-01-29 17:40 9,388 ----a-w c:\windows\system32\drivers\iaStor.PNF

2009-01-29 17:40 7,280 ----a-w c:\windows\system32\drivers\viamraid.PNF

2009-01-29 17:40 63,240 ----a-w c:\windows\system32\drivers\Si3112r.PNF

2009-01-29 17:40 6,984 ----a-w c:\windows\system32\drivers\SiSRaid.PNF

2009-01-29 17:40 20,152 ----a-w c:\windows\system32\drivers\INFCACHE.1

2009-01-29 17:40 12,432 ----a-w c:\windows\system32\drivers\adpu320.PNF

2009-01-29 17:40 12,204 ----a-w c:\windows\system32\drivers\nvraid.PNF

2009-01-29 17:40 10,828 ----a-w c:\windows\system32\drivers\iaAHCI.PNF

2009-01-29 17:20 --------- d-----w c:\program files\Yamicsoft

2009-01-29 17:12 --------- d-----w c:\program files\Trend Micro

2009-01-29 16:51 --------- d-----w c:\program files\microsoft frontpage

2009-01-29 16:50 --------- d-----w c:\program files\Common Files\Java

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll

2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll

.

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-15 1830128]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-30 136600]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-29 1601304]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-01-14 399504]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-01-29 18:47 10520 c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-29 325128]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-29 107272]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-01-29 15504]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]

R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-29 903960]

R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-29 298264]

R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-01-29 170640]

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2009-01-30 c:\windows\Tasks\Malwarebytes' Scheduled Update for Mia.job

- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-01-14 16:11]

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-31 16:14:29

Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket

skjulte filer: 0

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(680)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\Ati2evxx.dll

.

Tidspunkt ferdig: 2009-01-31 16:15:43

ComboFix-quarantined-files.txt 2009-01-31 15:15:41

Pre-Run: 73 528 971 264 bytes free

Post-Run: 73,520,365,568 bytes free

160 --- E O F --- 2009-01-30 17:40:51

kijons · 30. januar 2009

ny logg av Malware Anti

Malwarebytes' Anti-Malware 1.33

Databaseversjon: 1705

Windows 5.1.2600 Service Pack 3

31.01.2009 16:30:14

mbam-log-2009-01-31 (16-30-14).txt

Skanntype: Rask Skann

Objekter skannet: 44879

Tid tilbakelagt: 3 minute(s), 7 second(s)

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

Minneprosesser infisert: