tradhtare Skrevet 2. april 2009 Del Skrevet 2. april 2009 Malwarebytes fant ingenting. Dette er en annen maskin enn den forrige jeg fikk hjelp til, bare så det er klart. Combofix-logg: ComboFix 09-04-01.01 - Admin 2009-04-02 17:07:27.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.1982.865 [GMT 2:00] Kjører fra: c:\users\Admin\Downloads\ComboFix.exe AV: avast! antivirus 4.8.1296 [VPS 090118-0] *On-access scanning enabled* (Updated) * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-03-02 til 2009-04-02 ))))))))))))))))))))))))))))))))) . 2009-04-02 16:58 . 2006-03-03 00:42 73,728 --a------ C:\pv.exe 2009-04-02 16:53 . 2009-04-02 16:53 <DIR> d-------- c:\users\All Users\Malwarebytes 2009-04-02 16:53 . 2009-04-02 16:53 <DIR> d-------- c:\users\Admin\AppData\Roaming\Malwarebytes 2009-04-02 16:53 . 2009-04-02 16:53 <DIR> d-------- c:\programdata\Malwarebytes 2009-04-02 16:53 . 2009-04-02 16:53 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-04-02 16:53 . 2009-03-26 16:49 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2009-04-02 16:53 . 2009-03-26 16:49 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2009-04-02 16:51 . 2009-04-02 16:51 <DIR> d-------- c:\program files\Common Files\Adobe 2009-04-02 16:44 . 2009-04-02 16:43 410,984 --a------ c:\windows\System32\deploytk.dll 2009-04-02 16:42 . 2009-04-02 16:58 <DIR> d-------- c:\users\All Users\NOS 2009-04-02 16:42 . 2009-04-02 16:58 <DIR> d-------- c:\programdata\NOS 2009-04-02 16:42 . 2009-04-02 16:58 <DIR> d-------- c:\program files\NOS 2009-03-24 18:27 . 2009-03-24 18:53 <DIR> d-------- C:\My Documents 2009-03-23 15:20 . 2008-12-16 05:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL 2009-03-23 15:20 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys 2009-03-23 15:20 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll 2009-03-23 15:20 . 2008-12-16 07:31 7,680 --a------ c:\windows\System32\spwmp.dll 2009-03-23 15:20 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\msdxm.ocx 2009-03-23 15:20 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\dxmasf.dll 2009-03-17 12:21 . 2009-03-17 12:21 <DIR> d-------- c:\users\Administrator\AppData\Roaming\CyberLink 2009-03-17 12:20 . 2009-03-17 12:20 <DIR> d-------- c:\users\Administrator\AppData\Roaming\vlc 2009-03-17 12:20 . 2009-03-17 12:20 <DIR> d-------- c:\users\Administrator\AppData\Roaming\HP 2009-03-17 12:16 . 2009-03-17 12:16 <DIR> dr------- c:\users\Administrator\Searches 2009-03-17 12:15 . 2009-03-17 12:15 <DIR> dr------- c:\users\Administrator\Contacts 2009-03-17 12:14 . 2009-03-17 12:16 <DIR> dr------- c:\users\Administrator\Videos 2009-03-17 12:14 . 2009-03-17 12:16 <DIR> dr------- c:\users\Administrator\Saved Games 2009-03-17 12:14 . 2009-03-17 12:16 <DIR> dr------- c:\users\Administrator\Pictures 2009-03-17 12:14 . 2009-03-17 12:16 <DIR> dr------- c:\users\Administrator\Music 2009-03-17 12:14 . 2009-03-17 12:16 <DIR> dr------- c:\users\Administrator\Links 2009-03-17 12:14 . 2009-03-17 12:16 <DIR> dr------- c:\users\Administrator\Downloads 2009-03-17 12:14 . 2009-03-17 12:16 <DIR> dr------- c:\users\Administrator\Documents 2009-03-17 12:14 . 2006-11-02 14:37 <DIR> d-------- c:\users\Administrator\AppData\Roaming\Media Center Programs 2009-03-17 12:14 . 2009-03-17 12:16 <DIR> d--h----- c:\users\Administrator\AppData 2009-03-17 12:14 . 2009-03-17 12:16 <DIR> d-------- c:\users\Administrator . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-02 14:43 --------- d-----w c:\program files\Java 2009-04-02 13:38 1,748 ----a-w c:\users\Admin\AppData\Roaming\wklnhst.dat 2009-04-01 16:03 131,683 ----a-w c:\users\All Users\nvModes.dat 2009-04-01 16:03 131,683 ----a-w c:\programdata\nvModes.dat 2009-03-25 02:24 --------- d-----w c:\program files\Windows Mail 2009-03-25 02:15 --------- d-----w c:\program files\Microsoft SQL Server 2009-03-25 02:03 --------- d-----w c:\programdata\Microsoft Help 2009-02-23 01:58 --------- d-----w c:\users\Admin\AppData\Roaming\FrostWire 2009-02-22 23:39 --------- d-----w c:\users\Admin\AppData\Roaming\dvdcss 2009-02-21 12:48 --------- d-----w c:\program files\Microsoft 2009-02-21 12:47 --------- d-----w c:\program files\Windows Live 2009-02-19 18:12 --------- d-----w c:\programdata\NVIDIA 2009-02-17 22:12 115,323 ----a-w c:\users\Admin\AppData\Roaming\nvModes.dat 2009-02-06 18:59 308,104 ----a-w c:\windows\WLXPGSS.SCR 2009-02-06 17:08 55,280 ----a-w c:\windows\system32\drivers\fssfltr.sys 2009-02-06 16:00 --------- d-----w c:\program files\Opera 2009-02-02 16:42 --------- d-----w c:\program files\LimeWire 2009-02-01 13:09 34 ----a-w c:\users\Admin\jagex_runescape_preferences.dat 2009-01-31 20:32 34 ----a-w c:\users\Gjest\jagex_runescape_preferences.dat 2009-01-07 23:35 27,335 ----a-w c:\users\Gjest\AppData\Roaming\nvModes.dat 2008-11-25 16:41 174 --sha-w c:\program files\desktop.ini 2008-12-31 19:38 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-12-31 19:38 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-12-31 19:38 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2008-11-24 1784856] [HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}] 2008-11-24 00:03 1784856 --a------ c:\program files\ToggleEN\tbTogg.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2008-11-24 1784856] [HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\tbTogg.dll" [2008-11-24 1784856] [HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885400] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-11-17 1805552] "RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-20 39408] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-23 176128] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-02 148888] "CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] "BigDogPath"="c:\windows\VM_STI.EXE" [2004-06-09 40960] "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128] c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-05 393216] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=APSHook.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli ASWLNPkg [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Hurtigstart for Adobe Reader.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Hurtigstart for Adobe Reader.lnk backup=c:\windows\pss\Hurtigstart for Adobe Reader.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-10-01 18:57 289576 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-11-30 21:51 1410296 c:\program files\Valve\Steam\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{18D24A6C-63D2-4F63-AE0B-07AA31A15129}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play "{828F83F2-5D5A-4E44-9213-200BEDD58AA7}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "{25C864EF-DB2F-416A-9606-8B856D179373}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{1610B29A-689C-42A3-9188-30641EEC9F41}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{70C8D6FF-B96F-49F9-8190-F0494A4B8867}c:\\program files\\world of warcraft\\wow-1.12.0-engb-downloader.exe"= UDP:c:\program files\world of warcraft\wow-1.12.0-engb-downloader.exe:Blizzard Downloader "UDP Query User{C2ACE2D7-63F7-49E7-83B5-67B10F4DF0D8}c:\\program files\\world of warcraft\\wow-1.12.0-engb-downloader.exe"= TCP:c:\program files\world of warcraft\wow-1.12.0-engb-downloader.exe:Blizzard Downloader "TCP Query User{F1D185AA-2838-4F45-A537-7BA760CDFF85}c:\\program files\\world of warcraft\\wow-2.4.2-engb-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.4.2-engb-downloader.exe:Blizzard Downloader "UDP Query User{9224D165-70F8-4918-9B01-B7915EBBD616}c:\\program files\\world of warcraft\\wow-2.4.2-engb-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.4.2-engb-downloader.exe:Blizzard Downloader "{1F1A15DD-F750-403B-B7A4-191B2D75B838}"= UDP:6112:The Blizzard Downloader "{0BB0F36D-BF91-4489-867D-9E1830B8D815}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.3-to-3.0.2-enGB-Win-Final-downloader.exe:Blizzard Downloader "{5A7F8C3A-0667-4262-9EC5-4E7AE96EF8C2}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.3-to-3.0.2-enGB-Win-Final-downloader.exe:Blizzard Downloader "{7C4D9779-F47D-4F6C-8164-9D086885E6D4}"= UDP:3724:Blizzard Downloader: 3724 "TCP Query User{0549B1DF-2D36-47CE-B832-8B402AB012DF}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire "UDP Query User{7631B702-1FD1-4AC7-AD1A-00B8C77BA7C3}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire "TCP Query User{5C563E56-92B0-420C-9D5C-AAF4F6C9C93A}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{49665B06-2E03-4007-870A-84BC12D30D3D}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{8EE2775E-02EF-46A5-A1A6-8C55A8D4A97B}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "TCP Query User{F8FBAB29-4523-4331-BE4D-C2D2C0E6079B}c:\\program files\\valve\\steam\\steamapps\\robbikiller\\counter-strike\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\robbikiller\counter-strike\hl.exe:Half-Life Launcher "UDP Query User{D702B3FF-F2DC-433E-9E45-D9FB39EDA6EE}c:\\program files\\valve\\steam\\steamapps\\robbikiller\\counter-strike\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\robbikiller\counter-strike\hl.exe:Half-Life Launcher "TCP Query User{F00DFD7E-C229-495A-B6D9-B7CDDEC64BE2}c:\\program files\\valve\\steam\\steamapps\\robbikiller\\condition zero\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\robbikiller\condition zero\hl.exe:Half-Life Launcher "UDP Query User{58064C33-4B43-4FDF-84C7-3F3F304F053D}c:\\program files\\valve\\steam\\steamapps\\robbikiller\\condition zero\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\robbikiller\condition zero\hl.exe:Half-Life Launcher "TCP Query User{956D3C68-8878-4E19-87F6-8E0E1700B013}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC "UDP Query User{F6C911A3-5C6C-42A0-A149-C33C4CA20B82}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC "{9E045620-C06F-4E00-9D94-12B5AB3AA96C}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club "{97981188-03F0-480D-A05B-02F91599495C}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club "{C9A0BFE4-C11F-48C5-A38A-EA2D70D3F20C}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV "{47E7797A-2D21-4566-B2DE-D5A4FF6D1AA1}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV "TCP Query User{335DED07-FAFF-4480-9234-FD207693DDDE}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV "UDP Query User{AD8E395D-3BC7-4F22-AAC2-55F645762645}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV "{EB41932B-C471-4528-847A-53544C430ACA}"= UDP:9339:BlackJack Facebook "TCP Query User{FA5EE75B-9E49-47FD-9D9B-E912D25CDCA2}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= UDP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV "UDP Query User{DA27C9DD-F067-4998-8D1F-8B692D24DF4D}c:\\program files\\rockstar games\\grand theft auto iv\\gtaiv.exe"= TCP:c:\program files\rockstar games\grand theft auto iv\gtaiv.exe:Grand Theft Auto IV "TCP Query User{A9DB2CED-7C82-4FBC-8D12-A70B387D8720}c:\\users\\admin\\appdata\\local\\temp\\blizzard launcher temporary - e3af7b58\\launcher.exe"= UDP:c:\users\admin\appdata\local\temp\blizzard launcher temporary - e3af7b58\launcher.exe:launcher.exe "UDP Query User{B6EEB328-B934-4D00-BB16-5B86EBCCD95D}c:\\users\\admin\\appdata\\local\\temp\\blizzard launcher temporary - e3af7b58\\launcher.exe"= TCP:c:\users\admin\appdata\local\temp\blizzard launcher temporary - e3af7b58\launcher.exe:launcher.exe "TCP Query User{739B0C1E-C85C-4537-A4B5-D3436674F22B}c:\\users\\admin\\appdata\\local\\temp\\blizzard launcher temporary - 49ad0fd8\\launcher.exe"= UDP:c:\users\admin\appdata\local\temp\blizzard launcher temporary - 49ad0fd8\launcher.exe:launcher.exe "UDP Query User{B8757FDD-6272-4E62-B489-16DDD076CFFA}c:\\users\\admin\\appdata\\local\\temp\\blizzard launcher temporary - 49ad0fd8\\launcher.exe"= TCP:c:\users\admin\appdata\local\temp\blizzard launcher temporary - 49ad0fd8\launcher.exe:launcher.exe "{A924CC83-4CF3-4CCC-84C6-965585993197}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync "TCP Query User{23E100B5-80B1-48ED-B348-855A7FDE5C4A}c:\\program files\\frostwire\\frostwire.exe"= Disabled:UDP:c:\program files\frostwire\frostwire.exe:FrostWire "UDP Query User{1FEDEDD0-D554-4CFE-B3AB-A6A4B980E6C6}c:\\program files\\frostwire\\frostwire.exe"= Disabled:TCP:c:\program files\frostwire\frostwire.exe:FrostWire "TCP Query User{A07FD548-AAA7-45FF-8B28-CB3E3D1BCFC1}c:\\program files\\limewire\\limewire.exe"= Disabled:UDP:c:\program files\limewire\limewire.exe:LimeWire "UDP Query User{8FFFE288-37D2-4F32-864D-BB49933712C2}c:\\program files\\limewire\\limewire.exe"= Disabled:TCP:c:\program files\limewire\limewire.exe:LimeWire R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-10-17 111184] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-11-17 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-11-17 55024] R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2008-10-19 21504] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2008-10-19 21504] R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-10-17 20560] R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2008-10-17 51792] R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312] R2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2009-02-21 55280] R2 fsssvc;Windows Live Tryggere for familien;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360] R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [2009-04-02 38496] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASBroker ASChannel [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{850e10dd-d7a2-11dd-a4cd-001b24b1ffbe}] \shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . . ------- Tilleggsskanning ------- . mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NB_NO&c=73&bd=Pavilion&pf=laptop IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-02 17:20:17 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... c:\windows\system32\wbem\Performance\WmiApRpl_new.h 357 bytes skanning vellykket skjulte filer: 1 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'lsass.exe'(672) c:\program files\Bioscrypt\VeriSoft\bin\ASWLNPkg.dll c:\program files\Bioscrypt\VeriSoft\bin\ItMsg.dll - - - - - - - > 'Explorer.exe'(6056) c:\program files\Bioscrypt\VeriSoft\Bin\ItClient.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\System32\nvvsvc.exe c:\windows\System32\audiodg.exe c:\windows\System32\rundll32.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\System32\drivers\XAudio.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe c:\program files\Bioscrypt\VeriSoft\Bin\asghost.exe c:\windows\System32\conime.exe c:\program files\Alwil Software\Avast4\ashDisp.exe c:\windows\System32\rundll32.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\System32\wbem\unsecapp.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\windows\ehome\ehmsas.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe c:\windows\System32\dllhost.exe . ************************************************************************** . Tidspunkt ferdig: 2009-04-02 17:26:16 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-04-02 15:26:05 Pre-Run: 34 321 338 368 byte ledig Post-Run: 34,348,355,584 byte ledig 267 --- E O F --- 2009-03-31 08:06:47 Lenke til kommentar
norbat Skrevet 3. april 2009 Del Skrevet 3. april 2009 Beklager sein respons på tråden din. Loggen ser grei ut. Er det noe som tilsier at du er infisert eller var det bare en sjekk? Hvis ToggleEN Toolbar ikke er noe du må ha, avinstaller det. Lenke til kommentar
tradhtare Skrevet 3. april 2009 Forfatter Del Skrevet 3. april 2009 Det går helt fint. Du har vel et liv utenom å lese logger for folk, regner jeg med. Det var en generell sjekk, utløst av at lillebroren min sin msn fortsatt sender ut linker, og hadde grunn til å tro at det var fra denne pc'en, som er hans. Imidlertid ble linken sendt ut selv om hans msn var frakoblet, så egentlig aner jeg ikke hvilken pc det kom fra. Det er tre mulige. (Bare to, om vi trekker vekk sjansen for at det er den forrige du hjalp meg med. ) Lenke til kommentar
norbat Skrevet 3. april 2009 Del Skrevet 3. april 2009 Det broren din bør gjøre er å bytte passord på msn. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå