Gå til innhold

Noe mer muffens her( Logger inkl)

IcedInsanity

Anbefalte innlegg

IcedInsanity

IcedInsanity

Skrevet
Skrevet

Hei.

 

Åpnet en link fra en fyr på msn igår, da poppet det opp advarsler i alle ender.

 

Lite så eg at det stod på msn profilen hans at vi ikke måtte åpne linken som "han" sendte for det var virus.

 

Legger ved logger her og håper det ikke er mer rusk igjen....

 

 

Malwarebytes' Anti-Malware 1.35

Databaseversjon: 1917

Windows 6.0.6000

 

30.03.2009 15:09:24

mbam-log-2009-03-30 (15-09-24).txt

 

Skanntype: Rask Skann

Objekter skannet: 54486

Tid tilbakelagt: 7 minute(s), 11 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

(Ingen mistenkelige filer funnet)

 

 

 

ComboFix 09-03-29.04 - NorthShore 2009-03-30 15:17:03.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.502.189 [GMT 2:00]

Kjører fra: c:\users\NorthShore\Downloads\ComboFix.exe

.

 

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-02-28 til 2009-03-30 )))))))))))))))))))))))))))))))))

.

 

2009-03-30 15:00 . 2009-03-30 15:00 <DIR> d-------- c:\users\NorthShore\AppData\Roaming\Malwarebytes

2009-03-30 15:00 . 2009-03-30 15:00 <DIR> d-------- c:\users\All Users\Malwarebytes

2009-03-30 15:00 . 2009-03-30 15:00 <DIR> d-------- c:\programdata\Malwarebytes

2009-03-30 15:00 . 2009-03-26 16:49 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2009-03-30 15:00 . 2009-03-26 16:49 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2009-03-30 14:59 . 2009-03-30 15:00 <DIR> d-------- C:\Malwarebytes' Anti-Malware

2009-03-24 21:39 . 2009-03-24 21:59 <DIR> d-------- C:\Snes spill

2009-03-24 20:35 . 2009-03-25 13:25 <DIR> d-------- c:\users\NorthShore\AppData\Roaming\skypePM

2009-03-24 20:35 . 2009-03-24 20:35 56 --ah----- c:\users\All Users\ezsidmv.dat

2009-03-24 20:35 . 2009-03-24 20:35 56 --ah----- c:\programdata\ezsidmv.dat

2009-03-24 20:29 . 2009-03-25 16:22 <DIR> d-------- c:\users\All Users\Skype

2009-03-24 20:29 . 2009-03-25 16:22 <DIR> d-------- c:\programdata\Skype

2009-03-12 15:33 . 2009-02-09 03:59 2,028,032 --a------ c:\windows\System32\win32k.sys

2009-03-12 15:33 . 2008-11-27 06:42 269,824 --a------ c:\windows\System32\schannel.dll

2009-03-05 19:30 . 2009-03-05 19:30 <DIR> d-------- c:\users\NorthShore\AppData\Roaming\Apple Computer

2009-03-05 19:29 . 2009-03-25 16:26 <DIR> d----c--- c:\windows\System32\DRVSTORE

2009-03-05 19:26 . 2009-03-05 19:26 <DIR> d-------- c:\program files\Bonjour

2009-03-05 19:23 . 2009-03-25 16:27 <DIR> d-------- c:\users\All Users\Apple Computer

2009-03-05 19:23 . 2009-03-25 16:27 <DIR> d-------- c:\programdata\Apple Computer

2009-03-05 19:23 . 2009-03-05 19:25 <DIR> d-------- c:\program files\QuickTime

2009-03-05 19:20 . 2009-03-05 19:20 <DIR> d-------- c:\program files\Apple Software Update

2009-03-05 19:17 . 2009-03-05 19:17 <DIR> d-------- c:\users\All Users\Apple

2009-03-05 19:17 . 2009-03-05 19:17 <DIR> d-------- c:\programdata\Apple

2009-03-02 20:03 . 2009-03-02 20:03 107,272 --a------ c:\windows\System32\drivers\avgtdix.sys

2009-02-26 16:19 . 2008-12-16 06:00 8,147,968 --a------ c:\windows\System32\wmploc.DLL

2009-02-26 16:19 . 2008-12-16 07:53 7,680 --a------ c:\windows\System32\spwmp.dll

2009-02-26 16:19 . 2008-12-16 07:53 4,096 --a------ c:\windows\System32\msdxm.ocx

2009-02-26 16:19 . 2008-12-16 07:53 4,096 --a------ c:\windows\System32\dxmasf.dll

2009-02-25 17:36 . 2009-02-25 17:38 <DIR> d-------- C:\Mowi

2009-02-24 12:55 . 2009-03-24 13:14 <DIR> d-------- c:\users\All Users\Adobe

2009-02-24 12:54 . 2009-03-24 13:13 <DIR> d-------- c:\program files\Common Files\Adobe

2009-02-24 12:47 . 2009-02-25 13:18 <DIR> d-------- c:\users\All Users\NOS

2009-02-24 12:47 . 2009-02-25 13:18 <DIR> d-------- c:\programdata\NOS

2009-02-24 12:47 . 2009-02-25 13:18 <DIR> d-------- c:\program files\NOS

2009-02-17 10:08 . 2008-12-05 06:29 1,244,672 --a------ c:\windows\System32\mcmde.dll

2009-02-17 10:08 . 2008-12-05 06:29 428,032 --a------ c:\windows\System32\EncDec.dll

2009-02-17 10:08 . 2008-12-05 06:29 292,352 --a------ c:\windows\System32\psisdecd.dll

2009-02-17 10:08 . 2008-12-05 06:29 217,088 --a------ c:\windows\System32\psisrndr.ax

2009-02-17 10:08 . 2008-12-05 06:29 177,152 --a------ c:\windows\System32\mpg2splt.ax

2009-02-17 10:08 . 2008-12-05 06:29 80,896 --a------ c:\windows\System32\MSNP.ax

2009-02-17 10:08 . 2008-12-05 06:29 68,608 --a------ c:\windows\System32\Mpeg2Data.ax

2009-02-17 10:08 . 2008-12-05 06:29 57,856 --a------ c:\windows\System32\MSDvbNP.ax

2009-02-15 20:19 . 2009-02-26 16:36 <DIR> d-------- c:\program files\Microsoft Silverlight

2009-02-14 13:06 . 2007-03-08 01:51 129,784 --------- c:\windows\System32\pxafs.dll

2009-02-14 13:05 . 2009-02-14 13:08 <DIR> d-------- c:\users\NorthShore\AppData\Roaming\Winamp

2009-02-14 13:05 . 2009-02-14 13:07 <DIR> d-------- c:\program files\Winamp

2009-02-11 22:06 . 2009-01-15 06:16 826,368 --a------ c:\windows\System32\wininet.dll

2009-02-11 22:06 . 2009-01-15 06:16 56,320 --a------ c:\windows\System32\iesetup.dll

2009-02-11 22:06 . 2009-01-15 06:15 26,624 --a------ c:\windows\System32\ieUnatt.exe

2009-02-11 22:05 . 2009-01-15 06:15 1,831,424 --a------ c:\windows\System32\inetcpl.cpl

2009-02-11 22:05 . 2009-01-15 02:34 1,383,424 --a------ c:\windows\System32\mshtml.tlb

2009-02-10 16:51 . 2008-06-20 03:18 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll

2009-02-10 16:51 . 2008-06-20 03:17 622,080 --a------ c:\windows\System32\icardagt.exe

2009-02-10 16:51 . 2008-06-20 03:18 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll

2009-02-10 16:51 . 2008-06-20 03:17 97,800 --a------ c:\windows\System32\infocardapi.dll

2009-02-10 16:51 . 2008-06-20 03:18 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll

2009-02-10 16:51 . 2008-06-20 03:17 37,384 --a------ c:\windows\System32\infocardcpl.cpl

2009-02-10 16:51 . 2008-06-20 03:17 11,264 --a------ c:\windows\System32\icardres.dll

2009-02-10 16:50 . 2008-06-20 03:18 326,160 --a------ c:\windows\System32\PresentationHost.exe

2009-02-10 16:22 . 2009-02-10 16:50 26,099,712 --a------ c:\windows\ocsetup_install_NetFx3.etl

2009-02-10 16:22 . 2009-02-10 16:50 24,576 --a------ c:\windows\ocsetup_cbs_install_NetFx3.perf

2009-02-10 16:22 . 2009-02-10 16:50 8,192 --a------ c:\windows\ocsetup_cbs_install_NetFx3.dpx

2009-02-10 16:05 . 2008-07-27 20:00 282,112 --a------ c:\windows\System32\mscoree.dll

2009-02-10 16:05 . 2008-07-27 20:00 96,760 --a------ c:\windows\System32\dfshim.dll

2009-02-10 16:05 . 2008-07-27 20:00 41,984 --a------ c:\windows\System32\netfxperf.dll

2009-02-10 16:04 . 2008-07-27 20:00 158,720 --a------ c:\windows\System32\mscorier.dll

2009-02-10 16:04 . 2008-07-27 20:00 83,968 --a------ c:\windows\System32\mscories.dll

2009-02-10 16:03 . 2006-12-20 08:03 229,888 --a------ c:\windows\System32\msshsq.dll

2009-02-10 13:46 . 2009-02-10 13:43 410,984 --a------ c:\windows\System32\deploytk.dll

2009-02-10 12:46 . 2009-02-10 12:46 <DIR> d-------- c:\users\All Users\Windows Genuine Advantage

2009-02-07 13:02 . 2009-03-29 20:57 <DIR> d--h----- C:\$AVG8.VAULT$

2009-02-06 19:52 . 2009-02-06 19:52 49,504 --a------ c:\windows\System32\sirenacm.dll

2009-02-05 17:10 . 2009-03-25 22:41 <DIR> d-------- C:\Incomplete

2009-02-05 17:10 . 2009-03-25 22:41 <DIR> d-------- C:\Forst

2009-02-05 17:09 . 2009-03-25 22:43 <DIR> d-------- c:\users\NorthShore\AppData\Roaming\FrostWire

2009-02-05 16:56 . 2009-02-10 13:42 <DIR> d-------- c:\program files\Java

2009-02-05 16:56 . 2009-02-05 16:56 <DIR> d-------- c:\program files\Common Files\Java

2009-02-05 16:55 . 2009-02-05 17:09 <DIR> d-------- c:\program files\FrostWire

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-13 15:20 --------- d-----w c:\program files\Windows Mail

2009-03-02 18:04 --------- d-----w c:\programdata\avg8

2009-03-02 18:03 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys

2009-01-25 14:26 174 --sha-w c:\program files\desktop.ini

2009-01-25 13:41 537,600 ----a-w c:\windows\AppPatch\AcLayers.dll

2009-01-25 13:41 449,536 ----a-w c:\windows\AppPatch\AcSpecfc.dll

2009-01-25 13:41 2,560 ----a-w c:\windows\AppPatch\AcRes.dll

2009-01-25 13:41 2,144,256 ----a-w c:\windows\AppPatch\AcGenral.dll

2009-01-25 13:41 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll

2009-01-25 13:20 2,923,520 ----a-w c:\windows\explorer.exe

2009-01-15 04:16 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-02 1601304]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-10 136600]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"SoundMan"="SOUNDMAN.EXE" [2008-09-10 c:\windows\SOUNDMAN.EXE]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{520AF739-DE57-42A7-A8F3-FD1F7585949C}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe

"{67772803-39CA-476A-9C6E-FDAEBCE234A3}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

"TCP Query User{D3D0DF97-9334-4A3C-9BAA-79F7A26C06BE}c:\\program files\\frostwire\\frostwire.exe"= UDP:c:\program files\frostwire\frostwire.exe:FrostWire

"UDP Query User{B3CF2B24-E487-4C6E-A879-EAC96B030434}c:\\program files\\frostwire\\frostwire.exe"= TCP:c:\program files\frostwire\frostwire.exe:FrostWire

"TCP Query User{A4DFBEBB-EEBE-435E-A929-E82A2A1FCFB8}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver

"UDP Query User{1881EB05-151A-4BC9-8522-7ED4162FFF15}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver

"TCP Query User{1448758C-B40C-4C45-BD54-1220A36420A9}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application

"UDP Query User{2F3B2958-F0A1-4318-A6A4-4CDA110D0E8E}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application

"TCP Query User{53926FC1-F209-40B0-8FEB-E985140961E0}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{6609E0FC-C452-47C6-B5C6-B6114986DB91}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

"TCP Query User{6F2CCE01-DE18-45F7-BA28-3C80FB8FFE23}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts

"UDP Query User{72288ECA-3AFD-49CE-A036-CEE3DD41C1AB}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts

"{E6DE9911-C9BD-42A8-AC61-C5BF4A8297CA}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{449B2648-C519-4FF1-93A4-FC70C6C39F8F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-01-25 325128]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-03-02 107272]

R3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [2006-11-02 2589184]

 

--- Andre tjenester/drivere lastet i minnet ---

 

*Deregistered* - secdrv

*Deregistered* - Smb

*Deregistered* - spldr

*Deregistered* - srv

*Deregistered* - srv2

*Deregistered* - srvnet

*Deregistered* - swenum

*Deregistered* - Tcpip

*Deregistered* - tcpipreg

*Deregistered* - tdx

*Deregistered* - TermDD

*Deregistered* - tunmp

*Deregistered* - tunnel

*Deregistered* - umbus

*Deregistered* - VgaSave

*Deregistered* - volmgr

*Deregistered* - volmgrx

*Deregistered* - volsnap

*Deregistered* - Wanarpv6

*Deregistered* - Wdf01000

.

.

------- Tilleggsskanning -------

.

uInternet Settings,ProxyOverride = *.local

FF - ProfilePath - c:\users\NorthShore\AppData\Roaming\Mozilla\Firefox\Profiles\hawvs38w.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.darkthrone.com/overview?_msid=713282

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

 

**************************************************************************

 

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-30 15:22:12

Windows 6.0.6000 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

Tidspunkt ferdig: 2009-03-30 15:26:55

ComboFix-quarantined-files.txt 2009-03-30 13:26:45

 

Pre-Run: 53 999 656 960 byte ledig

Post-Run: 53,867,065,344 byte ledig

 

181 --- E O F --- 2009-03-27 12:37:24

 

 

 

Takker på forhånd :)

Lenke til kommentar

Videoannonse

Videoannonse
Annonse

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...