PyrionZ Skrevet 1. februar 2009 Del Skrevet 1. februar 2009 Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Razer\DeathAdder\razerhid.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\tsnp325.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Razer\DeathAdder\razertra.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe C:\Program Files\Xfire\xfire.exe C:\Program Files\Razer\DeathAdder\razerofa.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\taskeng.exe C:\Program Files\Xfire\xfire.exe C:\Windows\system32\wuauclt.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Screamer Radio\screamer.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Windows\system32\SearchFilterHost.exe C:\Users\Markus\Desktop\Programmer\HJT.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/no/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: D - {5ED3E349-330C-3C2C-9C2E-2511B5541A5B} - C:\Windows\system32\xwr72241.dll (file missing) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.11\RivaTunerWrapper.exe" /S O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe O4 - HKLM\..\Run: [tsnp325] C:\Windows\tsnp325.exe O4 - HKLM\..\Run: [snp325] C:\Windows\vsnp325.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Prime95] D:\Programmer\p95v254\PRIME95.EXE O4 - HKCU\..\Run: [steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O13 - Gopher Prefix: O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 7073 bytes Pc'n jobber alt for mye, iforhold til vanlig! (ingen unødvendige programmer som går) Lenke til kommentar
norbat Skrevet 1. februar 2009 Del Skrevet 1. februar 2009 Det ligger en Vundo-rest i loggen, så kjør gjennom veiledningen. Loggene det spørres etter, poster du her i din egen tråd. Lenke til kommentar
PyrionZ Skrevet 1. februar 2009 Forfatter Del Skrevet 1. februar 2009 mbam logg: Malwarebytes' Anti-Malware 1.33 Databaseversjon: 1712 Windows 6.0.6000 02.02.2009 03:44:17 mbam-log-2009-02-02 (03-44-17).txt Skanntype: Rask Skann Objekter skannet: 45657 Tid tilbakelagt: 3 minute(s), 47 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 2 Registerverdier infisert: 1 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 1 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5ed3e349-330c-3c2c-9c2e-2511b5541a5b} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{5ed3e349-330c-3c2c-9c2e-2511b5541a5b} (Trojan.Vundo.H) -> Quarantined and deleted successfully. Registerverdier infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\snpstd3 (Spyware.OnlineGames) -> Quarantined and deleted successfully. Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\Windows\vsnpstd3.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully. Lenke til kommentar
PyrionZ Skrevet 1. februar 2009 Forfatter Del Skrevet 1. februar 2009 Får ikke kjørt combofix pga no rare feilmeldinger, men holder det med mbam loggen? Lenke til kommentar
norbat Skrevet 1. februar 2009 Del Skrevet 1. februar 2009 Hvilke meldinger er det du får når du prøver å kjøre combofix? Hent DDS.scr, legg det på skrivebordet og kjør programmet. Det lages to logger. Post den som heter dds.txt. Lenke til kommentar
PyrionZ Skrevet 1. februar 2009 Forfatter Del Skrevet 1. februar 2009 Skal prøve med combofix igjen, og se om det går nå. Her er loggen på dds: DDS (Ver_09-01-19.01) - NTFSx86 Run by Markus at 14:14:44,20 on 02.02.2009 Internet Explorer: 7.0.6000.16764 Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.47.1044.18.3326.2226 [GMT 1:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Razer\DeathAdder\razerhid.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\FixCamera.exe C:\Windows\vsnp325.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Razer\DeathAdder\razertra.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Program Files\Xfire\xfire.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Razer\DeathAdder\razerofa.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\PnkBstrB.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Windows\system32\taskeng.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Xfire\xfire.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Opera\Opera.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Markus\Desktop\dds.scr C:\Windows\system32\conime.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.daemonsearch.com/no/ uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Påloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033 uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [Prime95] d:\programmer\p95v254\PRIME95.EXE uRun: [steam] "c:\program files\valve\steam\steam.exe" -silent uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [skytel] Skytel.exe mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.11\RivaTunerWrapper.exe" /S mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [FixCamera] c:\windows\FixCamera.exe mRun: [tsnp325] c:\windows\tsnp325.exe mRun: [snp325] c:\windows\vsnp325.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" StartupFolder: c:\users\markus\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\users\markus\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\xfire.exe IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-16 325128] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-1 107272] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-9-3 8944] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 55024] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01v32.sys [2099-6-16 48128] R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2008-6-16 22784] R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-9-3 7408] R4 32663;32663;c:\windows\system32\32663.sys [2099-6-16 4096] R4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-6-16 903960] R4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-6-16 298264] S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [2008-11-25 10343168] =============== Created Last 30 ================ 2009-02-02 05:52 <DIR> --d----- c:\windows\$regcmp$ 2009-02-02 03:52 320,000 a------- c:\windows\system32\cmd.execf 2009-02-02 03:32 <DIR> --d----- c:\users\markus\appdata\roaming\Malwarebytes 2009-02-02 03:32 15,504 a------- c:\windows\system32\drivers\mbam.sys 2009-02-02 03:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-02 03:32 <DIR> --d----- c:\programdata\Malwarebytes 2009-02-02 03:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-02-02 03:32 <DIR> --d----- c:\progra~2\Malwarebytes 2009-02-01 00:54 107,272 a------- c:\windows\system32\drivers\avgtdix.sys 2009-01-31 23:10 <DIR> --d----- c:\programdata\Codemasters 2009-01-31 23:10 <DIR> --d----- c:\progra~2\Codemasters 2009-01-31 22:52 805,400 a----r-- c:\windows\system32\tmp4AA8.tmp 2009-01-31 22:52 805,400 a----r-- c:\windows\system32\tmp4A4A.tmp 2009-01-31 22:52 <DIR> --d----- c:\program files\OpenAL 2009-01-31 22:31 <DIR> --d----- c:\program files\Codemasters 2009-01-22 21:39 255,462,956 a------- c:\windows\MEMORY.DMP 2009-01-15 17:15 290,304 a------- c:\windows\system32\drivers\srv.sys 2009-01-15 09:37 42,320 a------- c:\windows\system32\xfcodec.dll 2009-01-09 21:45 <DIR> --d----- c:\program files\OLYMPUS 2009-01-09 21:44 <DIR> --d----- c:\program files\MSXML 4.0 2009-01-05 04:23 <DIR> --d----- c:\program files\BrainWave Generator ==================== Find3M ==================== 2009-02-02 04:30 137,688 a------- c:\windows\system32\drivers\PnkBstrK.sys 2009-02-02 04:30 202,040 a------- c:\windows\system32\PnkBstrB.exe 2009-02-02 04:04 476,620 a------- c:\windows\system32\perfh014.dat 2009-02-02 04:04 79,202 a------- c:\windows\system32\perfc014.dat 2009-02-01 00:55 10,520 a------- c:\windows\system32\avgrsstx.dll 2009-02-01 00:54 325,128 a------- c:\windows\system32\drivers\avgldx86.sys 2009-01-31 22:52 444,952 a------- c:\windows\system32\wrap_oal.dll 2009-01-31 22:52 109,080 a------- c:\windows\system32\OpenAL32.dll 2008-12-22 02:40 136,054,152 a------- c:\windows\system32\xa47661565.exe 2008-12-22 02:40 136,054,152 a------- c:\windows\system32\xa47657073.exe 2008-12-20 17:07 410,984 a------- c:\windows\system32\deploytk.dll 2008-12-15 16:23 5,935,720 a------- c:\windows\system32\libraryfiles.exe 2008-12-14 20:26 25,280 a------- c:\windows\system32\drivers\hamachi.sys 2008-12-13 14:41 174 a--sh--- c:\program files\desktop.ini 2008-11-25 16:59 86,016 a------- c:\windows\inf\infstor.dat 2008-11-25 16:59 51,200 a------- c:\windows\inf\infpub.dat 2008-11-25 16:59 86,016 a------- c:\windows\inf\infstrng.dat 2008-11-25 16:35 107,888 a------- c:\windows\system32\CmdLineExt.dll 2008-11-25 16:32 22,328 a------- c:\users\markus\appdata\roaming\PnkBstrK.sys 2008-11-25 16:31 2,250,024 a------- c:\windows\system32\pbsvc.exe 2008-11-24 03:06 129,520 -------- c:\windows\system32\pxafs.dll 2008-11-10 21:18 56 a---h--- c:\programdata\ezsidmv.dat 2008-11-10 21:18 56 a---h--- c:\progra~2\ezsidmv.dat 2008-06-17 21:36 665,600 a------- c:\windows\inf\drvindex.dat 2006-11-21 06:17 294,254 a------- c:\windows\inf\perflib414\perfi.dat 2006-11-21 06:17 294,254 a------- c:\windows\inf\perflib414\perfh.dat 2006-11-21 06:17 35,166 a------- c:\windows\inf\perflib414\perfd.dat 2006-11-21 06:17 35,166 a------- c:\windows\inf\perflib414\perfc.dat 2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib000\perfi.dat 2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib000\perfh.dat 2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib000\perfd.dat 2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib000\perfc.dat ============= FINISH: 14:15:56,04 =============== Lenke til kommentar
PyrionZ Skrevet 1. februar 2009 Forfatter Del Skrevet 1. februar 2009 Legger ved en sreenshot, Prep slutter og virke, så popper AVG opp med virus mld. Etter at jeg kjørte mbam, så har desktop bakgrunn forsvunnet, bilder kan ikke vises som miniatyr bilder med en gang jeg går inn på mappene, må trykke for å endre visning. da kommer de. Hva kommer det av? Lenke til kommentar
norbat Skrevet 1. februar 2009 Del Skrevet 1. februar 2009 Last ned ny Combofix Restart pc'n i sikker modus (tapp F8 under oppstart, velg sikker modus) Kjør Combofix Restart pc'n i normal modus og post loggen. Lenke til kommentar
PyrionZ Skrevet 1. februar 2009 Forfatter Del Skrevet 1. februar 2009 ComboFix 09-01-31.03 - Markus 2009-02-02 18:25:23.1 - NTFSx86 MINIMAL Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1044.18.3326.2787 [GMT 1:00] Kjører fra: c:\users\Markus\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-02 til 2009-02-02 ))))))))))))))))))))))))))))))))) . 2099-06-16 18:25 . 2099-06-16 17:30 <DIR> d-------- c:\windows\Panther 2099-06-16 18:24 . 2009-02-02 05:54 <DIR> d--hs---- C:\Boot 2099-06-16 18:24 . 2008-06-17 02:02 443,912 -rahs---- C:\bootmgr 2099-06-16 18:24 . 2099-06-16 18:24 8,192 -ra-s---- C:\BOOTSECT.BAK 2099-06-16 17:56 . 2099-06-16 17:56 4,096 --a------ c:\windows\System32\32663.sys 2099-06-16 17:56 . 2099-06-16 17:56 7 --a------ c:\windows\System32\CurrentName.dat 2099-06-16 17:50 . 2099-06-16 17:50 <DIR> d-------- c:\windows\System32\Attansic 2099-06-16 17:50 . 2007-03-15 15:41 48,128 --a------ c:\windows\System32\drivers\atl01v32.sys 2099-06-16 17:47 . 2008-06-16 18:13 <DIR> d-------- c:\program files\Realtek 2099-06-16 17:47 . 2009-01-31 22:31 <DIR> d--h----- c:\program files\InstallShield Installation Information 2099-06-16 17:45 . 2099-06-16 17:45 <DIR> d-------- c:\windows\ASUSInstAll 2099-06-16 17:39 . 2099-06-16 17:39 <DIR> d-------- c:\program files\Intel 2099-06-16 17:39 . 2099-06-16 17:39 <DIR> d-------- C:\Intel 2099-06-16 17:38 . 2008-06-16 18:16 13,013 --a------ c:\windows\Ascd_log.ini 2099-06-16 17:37 . 2008-06-16 18:03 12,760 --a------ c:\windows\Ascd_tmp.ini 2099-06-16 17:37 . 2006-10-11 12:33 10,288 --a------ c:\windows\System32\drivers\ASUSHWIO.SYS 2099-06-16 17:37 . 2006-10-18 22:44 7,680 --a------ c:\windows\System32\drivers\ASACPI.sys 2099-06-16 17:35 . 2006-11-02 13:35 <DIR> d-------- c:\users\Markus\AppData\Roaming\Media Center Programs 2099-06-16 17:27 . 2009-01-27 18:53 <DIR> d-------- c:\windows\System32\catroot2 2099-06-16 17:27 . 2008-10-29 18:59 <DIR> d-------- c:\windows\Debug 2009-02-02 05:52 . 2009-02-02 05:54 <DIR> d-------- c:\windows\$regcmp$ 2009-02-02 03:32 . 2009-02-02 03:32 <DIR> d-------- c:\users\Markus\AppData\Roaming\Malwarebytes 2009-02-02 03:32 . 2009-02-02 03:32 <DIR> d-------- c:\users\All Users\Malwarebytes 2009-02-02 03:32 . 2009-02-02 03:32 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-02-02 03:32 . 2009-02-02 03:32 <DIR> d-------- c:\progra~2\Malwarebytes 2009-02-02 03:32 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2009-02-02 03:32 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2009-02-01 00:54 . 2009-02-01 00:54 107,272 --a------ c:\windows\System32\drivers\avgtdix.sys 2009-01-31 23:10 . 2009-01-31 23:10 <DIR> d-------- c:\users\All Users\Codemasters 2009-01-31 23:10 . 2009-01-31 23:10 <DIR> d-------- c:\progra~2\Codemasters 2009-01-31 22:52 . 2009-01-31 22:52 <DIR> d-------- c:\program files\OpenAL 2009-01-31 22:52 . 2008-04-28 15:53 805,400 -ra------ c:\windows\System32\tmp4AA8.tmp 2009-01-31 22:52 . 2008-04-28 15:53 805,400 -ra------ c:\windows\System32\tmp4A4A.tmp 2009-01-31 22:31 . 2009-01-31 22:31 <DIR> d-------- c:\program files\Codemasters 2009-01-31 20:39 . 2009-01-31 20:39 <DIR> d-------- c:\users\Public\upload 2009-01-22 21:39 . 2009-01-22 21:40 255,462,956 --a------ c:\windows\MEMORY.DMP 2009-01-15 17:15 . 2008-12-16 04:14 290,304 --a------ c:\windows\System32\drivers\srv.sys 2009-01-15 09:37 . 2009-01-15 09:37 42,320 --a------ c:\windows\System32\xfcodec.dll 2009-01-09 21:45 . 2009-01-09 21:45 <DIR> d-------- c:\program files\OLYMPUS 2009-01-09 21:44 . 2009-01-09 21:44 <DIR> d-------- c:\program files\MSXML 4.0 2009-01-05 04:23 . 2009-01-05 04:30 <DIR> d-------- c:\program files\BrainWave Generator . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2099-06-16 16:47 315,392 ----a-w c:\windows\HideWin.exe 2099-06-16 16:47 --------- d-----w c:\program files\Common Files\InstallShield 2099-06-16 16:33 --------- d-sh--w c:\program files\Fellesfiler 2099-06-16 16:33 --------- d-sh--w c:\progra~2\Start-meny 2099-06-16 16:33 --------- d-sh--w c:\progra~2\Skrivebord 2099-06-16 16:33 --------- d-sh--w c:\progra~2\Programdata 2099-06-16 16:33 --------- d-sh--w c:\progra~2\Maler 2099-06-16 16:33 --------- d-sh--w c:\progra~2\Favoritter 2099-06-16 16:33 --------- d-sh--w c:\progra~2\Dokumenter 2009-02-02 03:30 202,040 ----a-w c:\windows\System32\PnkBstrB.exe 2009-02-02 03:30 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-02-01 21:39 --------- d-----w c:\users\Markus\AppData\Roaming\OpenOffice.org2 2009-01-31 23:55 10,520 ----a-w c:\windows\System32\avgrsstx.dll 2009-01-31 23:55 --------- d-----w c:\progra~2\avg8 2009-01-31 23:54 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-01-31 21:52 444,952 ----a-w c:\windows\System32\wrap_oal.dll 2009-01-31 21:52 109,080 ----a-w c:\windows\System32\OpenAL32.dll 2009-01-31 16:57 --------- d-----w c:\progra~2\Xfire 2009-01-28 06:13 --------- d-----w c:\users\Markus\AppData\Roaming\uTorrent 2009-01-27 20:16 --------- d-----w c:\users\Markus\AppData\Roaming\Skype 2009-01-27 18:30 --------- d-----w c:\users\Markus\AppData\Roaming\skypePM 2009-01-24 21:04 --------- d-----w c:\program files\ATI Technologies 2009-01-23 19:29 --------- d-----w c:\program files\Common Files\Adobe 2009-01-22 20:39 --------- d-----w c:\program files\Xfire 2009-01-22 17:48 --------- d-----w c:\program files\SUPERAntiSpyware 2009-01-22 17:47 --------- d-----w c:\users\Markus\AppData\Roaming\Xfire 2009-01-21 19:25 --------- d-----w c:\program files\Common Files\Steam 2009-01-16 12:12 --------- d-----w c:\program files\Windows Mail 2009-01-09 20:45 --------- d-----w c:\progra~2\Apple Computer 2009-01-02 23:21 --------- d-----w c:\program files\IDoser v4 2008-12-28 22:24 --------- d-----w c:\program files\Common Files\PX Storage Engine 2008-12-24 23:58 --------- d-----w c:\users\Markus\AppData\Roaming\LimeWire 2008-12-22 01:40 136,054,152 ----a-w c:\windows\System32\xa47661565.exe 2008-12-22 01:40 136,054,152 ----a-w c:\windows\System32\xa47657073.exe 2008-12-20 16:07 410,984 ----a-w c:\windows\System32\deploytk.dll 2008-12-20 16:07 --------- d-----w c:\program files\Java 2008-12-17 20:54 --------- d-----w c:\program files\Opera 2008-12-15 15:23 5,935,720 ----a-w c:\windows\System32\libraryfiles.exe 2008-12-14 19:36 --------- d-----w c:\users\Markus\AppData\Roaming\Hamachi 2008-12-14 19:27 --------- d-----w c:\program files\Hamachi 2008-12-14 19:26 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys 2008-12-14 18:38 --------- d-----w c:\program files\GameHouse 2008-12-13 18:21 --------- d-----w c:\program files\Photomatix 2008-12-13 13:41 174 --sha-w c:\program files\desktop.ini 2008-12-10 18:04 --------- d-----w c:\program files\Empire Interactive 2008-12-08 03:53 --------- d-----w c:\program files\The Guild 2 - Pirates of the European Seas 2008-12-08 00:40 --------- d-----w c:\program files\Registry Clean Expert 2008-12-02 14:28 --------- d-----w c:\program files\Futuremark 2008-11-25 15:35 107,888 ----a-w c:\windows\System32\CmdLineExt.dll 2008-11-25 15:32 22,328 ----a-w c:\users\Markus\AppData\Roaming\PnkBstrK.sys 2008-11-25 15:31 2,250,024 ----a-w c:\windows\System32\pbsvc.exe 2008-11-24 02:06 129,520 ------w c:\windows\System32\pxafs.dll 2008-11-10 20:18 56 ---ha-w c:\users\All Users\ezsidmv.dat 2008-11-10 20:18 56 ---ha-w c:\progra~2\ezsidmv.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-11-16 171464] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-22 1830128] "Prime95"="d:\programmer\p95v254\PRIME95.EXE" [2007-08-21 4530176] "Steam"="c:\program files\valve\steam\steam.exe" [2008-10-29 1410296] "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-11-07 95536] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-01 1601304] "DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600] "RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.11\RivaTunerWrapper.exe" [2008-09-16 24576] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440] "FixCamera"="c:\windows\FixCamera.exe" [2007-02-12 20480] "tsnp325"="c:\windows\tsnp325.exe" [2007-04-21 270336] "snp325"="c:\windows\vsnp325.exe" [2007-05-10 835584] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2008-11-07 54576] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 c:\windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2007-03-16 c:\windows\SkyTel.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] c:\users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-01-15 2993488] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-01-01 19:01 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll [HKLM\~\startupfolder\C:^Users^Markus^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk] path=c:\users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Prime95] --a------ 2007-08-21 23:28 4530176 d:\programmer\p95v254\PRIME95.EXE [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{FDF3CCF1-5D36-44C0-9C08-C581FF6F101A}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{C4185299-AFD0-4788-BB40-A06B705E2827}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe "{06161E0B-54B0-4209-8097-F2359DCAC77F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{C0F39E7B-D4C0-4A26-BB2B-73BAE6CC0A4D}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{493B3260-39E0-46C8-9DA7-38C67E0F6102}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{49865D5D-CBC9-43D1-AEA1-EF230DB5B8E4}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{2F20F942-DE9D-4E24-9E56-0F635787120B}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "TCP Query User{47DBD2AC-B8AC-4D05-BF92-445EE175A92C}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{90FDCB0C-E4F3-4621-9475-CAFB615C840F}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{E564670F-E6B1-4A6D-9F0B-0DD50E9FB7BE}c:\\program files\\winamp\\winamp.exe"= UDP:c:\program files\winamp\winamp.exe:Winamp "UDP Query User{83D13BF5-6037-486C-B1F9-470FCAE9E3BA}c:\\program files\\winamp\\winamp.exe"= TCP:c:\program files\winamp\winamp.exe:Winamp "{0F038492-E4DA-41A8-B6EA-9BAE331E4A13}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 "{3D40C08B-5C39-4495-91F9-CC797D6C54E2}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 "{92AD5290-FFDD-471C-ACE6-E8FC5F608917}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare "{DADFA76A-F4FC-4834-B260-C1C841D2BF0A}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare "{CC43C6C3-AE98-44C2-A3CE-EE81B570A96B}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{535E9B5F-806B-46ED-9293-80E70EA4DD6C}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{904C1430-7208-43D1-9515-D40713034E9C}"= UDP:c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe:VoipBuster "{8AA89DF6-DDB8-49C3-B4AA-752F5749BD69}"= TCP:c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe:VoipBuster "TCP Query User{DAE96515-5747-4412-A8AF-6B4B87DAB4BE}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire "UDP Query User{028940BD-C4E2-47C8-9DFA-0F194923F271}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire "TCP Query User{46972A79-BF73-4865-A27B-9F083F3EDF90}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire "UDP Query User{DD963497-228A-49AF-87E2-912AE6544B4A}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire "TCP Query User{254AF42B-0B37-4B1E-9912-AA0919AC2631}c:\\program files\\screamer radio\\screamer.exe"= UDP:c:\program files\screamer radio\screamer.exe:Screamer Radio "UDP Query User{85A376FB-CA89-4EA2-B8E5-7805884C31E9}c:\\program files\\screamer radio\\screamer.exe"= TCP:c:\program files\screamer radio\screamer.exe:Screamer Radio "{D127E42A-1C21-45AF-B072-98E6FD1A734C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{516727BE-AE1E-44AD-BAE5-7C89B3670F7D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "TCP Query User{81A1E2A8-FB62-4991-AAD9-0A4CA163227E}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "UDP Query User{7BEE4F39-DDB3-4BEB-A837-03BED83C9A2F}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "TCP Query User{F9D6EFA9-8AA4-4F5F-A40B-775BBC38C47E}c:\\users\\markus\\desktop\\counter-strike 1.6\\hl.exe"= UDP:c:\users\markus\desktop\counter-strike 1.6\hl.exe:hl.exe "UDP Query User{ACC6E36C-5754-4F19-A7F5-0E18BFC20803}c:\\users\\markus\\desktop\\counter-strike 1.6\\hl.exe"= TCP:c:\users\markus\desktop\counter-strike 1.6\hl.exe:hl.exe "TCP Query User{108C19CF-70E2-4E6F-BA52-480635B5CD4A}c:\\program files\\valve\\steam\\steamapps\\pyricon\\condition zero\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\pyricon\condition zero\hl.exe:Half-Life Launcher "UDP Query User{2A68E0FB-2692-44E6-B26C-2D56A2F4D8FC}c:\\program files\\valve\\steam\\steamapps\\pyricon\\condition zero\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\pyricon\condition zero\hl.exe:Half-Life Launcher "TCP Query User{63C9516F-61EC-4649-8BC0-F2213BE0673D}c:\\program files\\dc++\\dcplusplus.exe"= UDP:c:\program files\dc++\dcplusplus.exe:DC++ "UDP Query User{814FDB4F-2955-42C0-B5B8-21EFD86EF0F1}c:\\program files\\dc++\\dcplusplus.exe"= TCP:c:\program files\dc++\dcplusplus.exe:DC++ "TCP Query User{36FA1DF2-A32D-4937-8626-1C91996FEF6C}c:\\users\\markus\\desktop\\diverse\\counter-strike 1.6\\hl.exe"= UDP:c:\users\markus\desktop\diverse\counter-strike 1.6\hl.exe:hl.exe "UDP Query User{761619CA-616E-479A-B482-C7089DD734E2}c:\\users\\markus\\desktop\\diverse\\counter-strike 1.6\\hl.exe"= TCP:c:\users\markus\desktop\diverse\counter-strike 1.6\hl.exe:hl.exe "TCP Query User{ED426141-A8A3-4086-B616-8F525160B787}c:\\program files\\valve\\hl.exe"= UDP:c:\program files\valve\hl.exe:Half-Life Launcher "UDP Query User{8C5F8AEF-ACAB-4F95-B7C4-EEF699E5F33A}c:\\program files\\valve\\hl.exe"= TCP:c:\program files\valve\hl.exe:Half-Life Launcher "{F010D302-7B5C-4506-B5AF-FEDF4A213BB5}"= c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{6DAB4FA0-D68F-4C4B-BDBA-500BB656954A}c:\\program files\\valve\\steam\\steamapps\\pyricon\\team fortress 2\\hl2.exe"= UDP:c:\program files\valve\steam\steamapps\pyricon\team fortress 2\hl2.exe:hl2 "UDP Query User{B2981D4B-AA1B-4D86-A081-B224FBC62249}c:\\program files\\valve\\steam\\steamapps\\pyricon\\team fortress 2\\hl2.exe"= TCP:c:\program files\valve\steam\steamapps\pyricon\team fortress 2\hl2.exe:hl2 "TCP Query User{851AD50B-6E15-4530-8C23-F3CBBF4B4536}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{A3807BC6-7B75-49EA-AC09-E5C5BC88D90A}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser "{A97B3416-AF9B-449D-BACC-A675066075E9}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2 "{DD17E43F-166C-4214-B1CB-19A17DCCCA82}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2 "{463268DC-440C-4CDE-8EDE-7BD4D73D466C}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater "{37CEB607-8FDA-431C-B4AE-45026F77A6FD}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater "{6310E665-A356-47E6-99B0-6762CD0CE979}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor "{940BCCF2-3E77-40CA-BC07-B9F3A7E91D37}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor "{D0B352FF-8598-45B6-92F4-103D08104D88}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{2E94CD36-9173-45DA-B32F-CB8EFA98CDDD}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{9B5F09A1-2C7D-46A8-B5BE-A6DCABAA3315}c:\\program files\\valve\\steam\\steamapps\\pyricon\\day of defeat source\\hl2.exe"= UDP:c:\program files\valve\steam\steamapps\pyricon\day of defeat source\hl2.exe:hl2 "UDP Query User{77BCE582-ED95-4BFE-BE6B-870096CE3171}c:\\program files\\valve\\steam\\steamapps\\pyricon\\day of defeat source\\hl2.exe"= TCP:c:\program files\valve\steam\steamapps\pyricon\day of defeat source\hl2.exe:hl2 "TCP Query User{C66436DE-BEEF-4746-9510-A7C378E61436}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent "UDP Query User{ED2E82E1-602F-4CD0-8EF9-A3433EF5BC63}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent "TCP Query User{425081CE-6DD7-40A8-A623-11193FF41093}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire "UDP Query User{313AC24C-D69C-40C1-99F9-2BC5598B66B8}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire "TCP Query User{8F6AF44A-E890-428C-AB6B-F3A76FD818E6}d:\\spill\\lfs\\lfs.exe"= UDP:d:\spill\lfs\lfs.exe:LFS "UDP Query User{685A6D11-BCE5-4FE1-B1C9-1CF587B2213B}d:\\spill\\lfs\\lfs.exe"= TCP:d:\spill\lfs\lfs.exe:LFS "TCP Query User{0959DBA0-BAEE-4612-9775-E475E1C7EFF3}d:\\spill\\lfs\\lfs.exe"= UDP:d:\spill\lfs\lfs.exe:LFS "UDP Query User{6A2A0460-3EB1-4724-B39D-4678116B002A}d:\\spill\\lfs\\lfs.exe"= TCP:d:\spill\lfs\lfs.exe:LFS "TCP Query User{40C8FB08-C545-4006-964F-89DAFDBC4F1D}c:\\program files\\valve\\steam\\steamapps\\pyricon\\source sdk base\\hl2.exe"= UDP:c:\program files\valve\steam\steamapps\pyricon\source sdk base\hl2.exe:hl2 "UDP Query User{D4A63F6C-885A-4DD0-AEF9-7D4308F07D6F}c:\\program files\\valve\\steam\\steamapps\\pyricon\\source sdk base\\hl2.exe"= TCP:c:\program files\valve\steam\steamapps\pyricon\source sdk base\hl2.exe:hl2 "{6BB5ACCC-D43F-4BB4-BC93-2F5537AE820F}"= UDP:c:\program files\Codemasters\GRID\GRID.exe:GRID "{22CA8B6D-AED7-411E-946B-42CA4E395C12}"= TCP:c:\program files\Codemasters\GRID\GRID.exe:GRID [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R3 DAdderFltr;DeathAdder Mouse;c:\windows\System32\drivers\dadder.sys [2008-06-16 22784] S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-06-16 325128] S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-02-01 107272] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-09-03 8944] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-09-03 55024] S2 32663;32663;c:\windows\System32\32663.sys [2099-06-16 4096] S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-06-16 903960] S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-06-16 298264] S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\atl01v32.sys [2099-06-16 48128] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408] S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\System32\drivers\snp325.sys [2008-11-25 10343168] --- Andre tjenester/drivere lastet i minnet --- *NewlyCreated* - ECACHE [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{658bfb4c-46ae-11dd-9567-001e8c3368b9}] \shell\AutoRun\command - F:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7374f122-4180-1243-9f13-806e6f6e6963}] \shell\AutoRun\command - E:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2b6888d-c5f9-11dd-acaf-001e8c3368b9}] \shell\AutoRun\command - G:\Launch.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff180da1-bd90-11dd-ac1c-001e8c3368b9}] \shell\AutoRun\command - i:\portableapps\PortableAppsMenu\PortableAppsMenu.exe . - - - - TOMME PEKERE FJERNET - - - - HKLM-RunOnce-<NO NAME> - (no file) MSConfigStartUp-VoipBuster - c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.daemonsearch.com/no/ uInternet Settings,ProxyOverride = *.local . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-02 18:26:17 Windows 6.0.6000 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . Tidspunkt ferdig: 2009-02-02 18:27:15 ComboFix-quarantined-files.txt 2009-02-02 17:27:14 Pre-Run: 45,854,326,784 byte ledig Post-Run: 46,099,464,192 byte ledig 270 --- E O F --- 2009-01-31 17:00:25 Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå