Trenger hjelp til å få analysert logg fil

[ikkeno]

Har slitt en del med trojanske hester i det siste og har nå kjørt alt som står i stickyen. Hadde satt pris på litt hjelp til å gå gjennom loggfilene

 

ComboFix

 

ComboFix 09-07-14.08 - Stephane Forne 18.07.2007 9:14.1.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2568 [GMT 2:00]

Running from: c:\temp\ComboFix.exe

AV: avast! antivirus 4.8.1335 [VPS 090712-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows101120101465752.dat

c:\windows\freddy49.exe

 

.

((((((((((((((((((((((((( Files Created from 2007-06-18 to 2007-07-18 )))))))))))))))))))))))))))))))

.

 

2009-06-25 11:26 . 2009-06-25 11:26 -------- d-----w- c:\program files\SystemRequirementsLab

2009-06-25 11:25 . 2009-06-25 11:26 -------- d-----w- c:\documents and settings\Stephane Forne\Application Data\SystemRequirementsLab

2009-06-25 11:25 . 2009-06-25 11:25 207872 ----a-w- c:\documents and settings\Stephane Forne\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll

2009-06-25 11:25 . 2009-06-25 11:25 207872 ----a-w- c:\documents and settings\Stephane Forne\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll

2009-06-25 11:25 . 2009-06-25 11:25 207872 ----a-w- c:\documents and settings\Stephane Forne\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll

2009-06-25 11:25 . 2009-06-25 11:25 207872 ----a-w- c:\documents and settings\Stephane Forne\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll

2009-05-27 18:46 . 2009-05-27 18:46 -------- d-----w- c:\program files\GameSpy Arcade

2009-05-11 18:15 . 2009-07-02 20:30 -------- d-----w- C:\bilsalg

2009-05-02 15:33 . 2004-07-09 02:26 354816 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll

2009-05-02 15:33 . 2004-07-09 02:26 354816 ----a-w- c:\windows\system32\psisdecd.dll

2009-05-02 15:33 . 2004-07-09 02:26 52096 -c--a-w- c:\windows\system32\dllcache\msdv.sys

2009-05-02 15:33 . 2004-07-09 02:26 52096 ----a-w- c:\windows\system32\drivers\msdv.sys

2009-05-02 15:33 . 2004-07-09 02:26 15104 -c--a-w- c:\windows\system32\dllcache\mpe.sys

2009-05-02 15:33 . 2004-07-09 02:26 15104 ----a-w- c:\windows\system32\drivers\mpe.sys

2009-05-02 15:33 . 2004-07-09 02:26 11392 -c--a-w- c:\windows\system32\dllcache\bdasup.sys

2009-05-02 15:33 . 2004-07-09 02:26 11392 ----a-w- c:\windows\system32\drivers\bdasup.sys

2009-05-02 15:33 . 2002-08-29 01:41 31744 -c--a-w- c:\windows\system32\dllcache\pid.dll

2009-05-02 15:33 . 2002-12-11 22:14 46592 ----a-w- c:\windows\system32\dxdllreg.exe

2009-05-02 15:32 . 2009-05-02 15:33 -------- d--h--w- c:\windows\msdownld.tmp

2009-05-02 15:15 . 2009-05-02 15:15 -------- d-----w- c:\documents and settings\Stephane Forne\Games

2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr

2009-04-22 18:00 . 2009-04-22 20:00 -------- d-----w- c:\documents and settings\Stephane Forne\Application Data\DC++

2009-04-22 18:00 . 2009-04-22 18:00 -------- d-----w- c:\documents and settings\Stephane Forne\Local Settings\Application Data\DC++

2009-04-22 17:59 . 2009-04-22 17:59 -------- d-----w- c:\program files\DC++

2009-04-22 17:58 . 2009-04-22 17:59 12164552 ----a-w- c:\temp\DCPlusPlus-0.750.exe

2009-04-16 12:41 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll

2009-04-13 18:44 . 2009-04-23 15:31 -------- d-----w- c:\documents and settings\Stephane Forne\Local Settings\Application Data\wanted

2009-04-13 18:44 . 2009-04-13 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\wanted

2009-04-13 18:20 . 2009-04-13 18:20 418480 ----a-w- c:\windows\system32\wrap_oal.dll

2009-04-13 18:20 . 2009-04-13 18:20 115432 ----a-w- c:\windows\system32\OpenAL32.dll

2009-04-13 18:20 . 2009-04-13 18:20 -------- d-----w- c:\program files\OpenAL

2009-04-13 18:11 . 2009-04-13 18:11 -------- d-----w- c:\program files\WarnerBros

2009-04-12 10:31 . 2009-04-12 10:31 -------- d-----w- c:\documents and settings\Stephane Forne\Local Settings\Application Data\EA Games

2009-04-11 06:54 . 2009-04-11 06:54 -------- d-----w- c:\documents and settings\Stephane Forne\Local Settings\Application Data\Criterion Games

2009-04-11 06:49 . 2009-04-11 06:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts

2009-04-11 06:30 . 2008-10-10 02:52 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll

2009-04-11 06:29 . 2008-10-27 08:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll

2009-04-11 06:29 . 2008-10-27 08:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll

2009-04-11 06:29 . 2008-10-10 02:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll

2009-04-11 06:29 . 2008-10-10 02:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll

2009-04-11 06:29 . 2008-10-27 08:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll

2009-04-11 06:29 . 2008-10-27 08:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll

2009-04-11 06:29 . 2008-07-30 04:20 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll

2009-04-11 06:29 . 2008-07-30 04:20 509448 ----a-w- c:\windows\system32\XAudio2_2.dll

2009-04-11 06:29 . 2008-07-30 04:20 238088 ----a-w- c:\windows\system32\xactengine3_2.dll

2009-04-11 06:29 . 2008-07-10 09:01 467984 ----a-w- c:\windows\system32\d3dx10_39.dll

2009-04-11 06:29 . 2008-07-10 09:00 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll

2009-04-11 06:29 . 2008-07-10 09:00 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll

2009-03-30 06:43 . 2009-03-30 06:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2009-03-29 08:51 . 2009-03-29 08:51 547488 ----a-w- c:\temp\GoogleEarthPluginSetup.exe

2009-03-29 08:50 . 2009-03-29 08:50 547480 ----a-w- c:\temp\GoogleEarthSetup.exe

2009-03-29 07:27 . 2008-04-13 22:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys

2009-03-29 07:27 . 2008-04-13 22:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2009-03-28 08:40 . 2009-03-28 08:44 -------- d-----w- c:\documents and settings\Stephane Forne\Local Settings\Application Data\Deployment

2009-03-28 08:09 . 2009-03-28 08:09 69568 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2009-03-28 08:08 . 2009-03-28 08:08 -------- d-----w- c:\windows\system32\XPSViewer

2009-03-28 08:08 . 2009-03-28 08:08 -------- d-----w- c:\program files\MSBuild

2009-03-28 08:08 . 2009-03-28 08:08 -------- d-----w- c:\program files\Reference Assemblies

2009-03-28 08:07 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-03-28 08:07 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-03-28 08:07 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-03-28 08:07 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-03-28 08:07 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-03-28 08:07 . 2009-03-28 08:08 -------- d-----w- C:\6095f44acd7b8d38ec

2009-03-28 08:07 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-03-28 08:07 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-03-28 07:58 . 2009-03-28 07:58 335001 ----a-w- c:\temp\pid-simulator-v1.0.0.6.zip

2009-03-25 14:15 . 2009-03-26 16:19 33465 ----a-w- c:\temp\Zipped_DB.bin

2009-03-25 13:26 . 2004-11-10 15:27 49040 ----a-r- c:\windows\system32\drivers\ftser2k.sys

2009-03-25 13:26 . 2004-11-10 15:27 414208 ----a-r- c:\windows\system32\ftdiunin.exe

2009-03-25 13:26 . 2004-11-10 15:27 18101 ----a-r- c:\windows\system32\drivers\ftdibus.sys

2009-03-19 11:24 . 2006-04-05 17:38 110592 ----a-w- c:\documents and settings\Stephane Forne\Application Data\U3\temp\cleanup.exe

2009-03-19 11:22 . 2007-02-12 15:46 3096576 ---ha-w- c:\documents and settings\Stephane Forne\Application Data\U3\temp\Launchpad Removal.exe

2009-03-19 11:22 . 2007-07-15 12:21 -------- d-----w- c:\documents and settings\Stephane Forne\Application Data\U3

2009-02-05 16:16 . 2009-02-05 16:16 -------- d-----w- c:\program files\JRE

2009-01-25 18:18 . 2009-06-09 23:33 -------- d--h--w- c:\temp\sofie

2009-01-23 17:10 . 2009-05-01 16:05 -------- d-----w- c:\documents and settings\Stephane Forne\Application Data\Spotify

2009-01-23 17:10 . 2009-05-01 16:00 -------- d-----w- c:\documents and settings\Stephane Forne\Local Settings\Application Data\Spotify

2009-01-23 17:10 . 2009-01-23 17:10 -------- d-----w- c:\program files\Spotify

2009-01-23 17:10 . 2009-01-23 17:10 1521488 ----a-w- c:\temp\Spotify Installer.exe

2009-01-22 22:45 . 2009-01-22 22:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

2009-01-19 14:58 . 2009-01-19 14:58 6190628 ----a-w- c:\temp\fmsdisk01.exe

2008-12-13 18:41 . 2009-07-06 17:50 1 ----a-w- c:\documents and settings\Stephane Forne\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2008-12-13 17:40 . 2008-12-13 17:40 -------- d-----w- c:\documents and settings\Stephane Forne\Application Data\OpenOffice.org

2008-12-13 17:38 . 2009-02-05 16:16 -------- d-----w- c:\program files\OpenOffice.org 3

2008-12-13 14:01 . 2008-12-13 14:19 -------- d-----w- c:\documents and settings\Stephane Forne\.jenny

2008-12-10 07:45 . 2008-12-10 07:45 70936 ----a-w- c:\windows\system32\PhysXLoader.dll

2008-12-09 19:44 . 2008-12-09 19:44 -------- d-----w- c:\program files\iPod

2008-12-09 19:44 . 2008-12-09 19:44 -------- d-----w- c:\program files\iTunes

2008-12-09 19:44 . 2008-12-09 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-12-09 19:37 . 2008-12-09 19:37 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.0.2.20\SetupAdmin.exe

2008-12-09 10:29 . 2009-03-29 08:50 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

2008-12-09 10:29 . 2008-12-09 10:29 -------- d-----w- c:\windows\system32\IOSUBSYS

2008-12-04 07:28 . 2008-12-04 07:28 24344 ----a-w- c:\windows\system32\PhysXDevice.dll

2008-11-26 06:55 . 2008-11-26 06:55 288024 ----a-w- c:\windows\system32\PhysXCplUI.exe

2008-11-25 06:38 . 2008-11-25 06:38 288024 ----a-w- c:\windows\system32\PhysXCompatCplUI.exe

2008-11-23 15:01 . 2008-11-23 15:01 -------- d-----w- c:\documents and settings\Stephane Forne\Local Settings\Application Data\Activision

2008-11-23 14:33 . 2008-11-23 14:33 -------- d-----w- c:\program files\Activision

2008-11-20 19:19 . 2008-11-20 19:19 43872 ----a-w- c:\windows\system32\drivers\pxhelp20.sys

2008-11-17 18:28 . 2008-11-17 18:35 149286272 ----a-w- c:\temp\OOo_3.0.0_Win32Intel_install_wJRE_en-US.exe

2008-11-13 18:01 . 2008-11-13 18:02 -------- d-----w- c:\documents and settings\Stephane Forne\Application Data\Red Alert 3

2008-11-13 17:01 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2008-11-12 18:59 . 2008-11-12 20:12 81784537 ----a-w- c:\temp\178.24_geforce_winxp_32bit_english_whql.exe

2008-11-12 17:49 . 2008-11-12 17:49 -------- d-----w- c:\windows\Logs

2008-11-10 17:53 . 2008-11-10 18:20 186570347 ----a-w- c:\temp\VisiLogicSetup_7_0_1_full.exe

2008-11-05 15:30 . 2008-11-05 15:30 -------- d-----w- c:\program files\Bonjour

2008-10-21 16:47 . 2008-10-21 16:47 -------- d-----w- c:\windows\Sun

2008-10-16 19:08 . 2009-02-06 11:08 2189056 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2008-10-16 19:08 . 2009-02-06 11:06 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2008-10-16 19:08 . 2009-02-06 10:32 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2008-10-16 19:08 . 2009-02-07 17:02 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe

2008-10-07 19:53 . 2008-10-07 19:54 -------- d-----w- c:\program files\Java

2008-10-07 19:52 . 2008-10-07 19:52 -------- d-----w- c:\program files\Common Files\Java

2008-10-07 19:50 . 2008-10-07 19:50 382352 ----a-w- c:\temp\xpiinstall.exe

2008-10-07 07:13 . 2008-10-07 07:13 197912 ----a-w- c:\windows\system32\physxcudart_20.dll

2008-10-07 07:13 . 2008-10-07 07:13 58648 ----a-w- c:\windows\system32\AgCPanelTraditionalChinese.dll

2008-10-07 07:13 . 2008-10-07 07:13 58648 ----a-w- c:\windows\system32\AgCPanelSwedish.dll

2008-10-07 07:13 . 2008-10-07 07:13 58648 ----a-w- c:\windows\system32\AgCPanelSpanish.dll

2008-10-07 07:13 . 2008-10-07 07:13 58648 ----a-w- c:\windows\system32\AgCPanelSimplifiedChinese.dll

2008-10-07 07:13 . 2008-10-07 07:13 58648 ----a-w- c:\windows\system32\AgCPanelPortugese.dll

2008-10-07 07:13 . 2008-10-07 07:13 58648 ----a-w- c:\windows\system32\AgCPanelKorean.dll

2008-10-07 07:13 . 2008-10-07 07:13 58648 ----a-w- c:\windows\system32\AgCPanelJapanese.dll

2008-10-07 07:13 . 2008-10-07 07:13 58648 ----a-w- c:\windows\system32\AgCPanelGerman.dll

2008-10-07 07:13 . 2008-10-07 07:13 58648 ----a-w- c:\windows\system32\AgCPanelFrench.dll

2008-09-05 22:30 . 2008-09-05 22:30 241704 -c----w- c:\windows\system32\dllcache\wgaLogon.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-13 11:36 . 2007-07-18 06:56 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-07-13 11:36 . 2007-07-18 06:56 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-05-07 15:32 . 2008-04-14 03:41 345600 ----a-w- c:\windows\system32\localspl.dll

2009-04-29 04:56 . 2008-04-14 03:42 827392 ----a-w- c:\windows\system32\wininet.dll

2009-04-29 04:55 . 2008-04-14 03:41 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-04-17 12:26 . 2008-04-13 23:00 1847168 ----a-w- c:\windows\system32\win32k.sys

2009-04-15 14:51 . 2008-04-14 03:42 585216 ----a-w- c:\windows\system32\rpcrt4.dll

2009-04-13 18:11 . 2008-06-16 17:39 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-03-28 08:40 . 2008-06-16 18:09 16448 ----a-w- c:\documents and settings\Stephane Forne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-03-25 16:58 . 2008-11-12 20:28 -------- d-----w- c:\program files\Common Files\Unitronics

2009-03-06 14:22 . 2008-04-14 03:42 284160 ----a-w- c:\windows\system32\pdh.dll

2009-02-09 12:10 . 2008-04-14 03:41 729088 ----a-w- c:\windows\system32\lsasrv.dll

2009-02-09 12:10 . 2008-06-16 16:40 453120 ----a-w- c:\windows\system32\wbem\wmiprvsd.dll

2009-02-09 12:10 . 2008-06-16 16:40 473600 ----a-w- c:\windows\system32\wbem\fastprox.dll

2009-02-09 12:10 . 2008-04-14 03:42 401408 ----a-w- c:\windows\system32\rpcss.dll

2009-02-09 12:10 . 2008-04-14 03:41 617472 ----a-w- c:\windows\system32\advapi32.dll

2009-02-09 12:10 . 2008-04-14 03:41 714752 ----a-w- c:\windows\system32\ntdll.dll

2009-02-06 11:11 . 2008-04-14 03:42 110592 ----a-w- c:\windows\system32\services.exe

2009-02-06 11:06 . 2008-04-13 22:54 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe

2009-02-06 10:39 . 2001-08-23 12:00 35328 ----a-w- c:\windows\system32\sc.exe

2009-02-06 10:32 . 2008-04-14 00:01 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe

2009-02-06 10:10 . 2008-06-16 16:40 227840 ----a-w- c:\windows\system32\wbem\wmiprvse.exe

2009-02-05 20:11 . 2008-06-16 18:03 1256296 ----a-w- c:\windows\system32\aswBoot.exe

2009-02-05 20:08 . 2008-06-16 18:03 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-02-05 20:08 . 2008-06-16 18:03 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-02-05 20:07 . 2008-06-16 18:03 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-02-05 20:07 . 2008-06-16 18:03 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-02-05 20:06 . 2008-06-16 18:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-02-05 20:06 . 2008-06-16 18:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-02-05 20:05 . 2008-06-16 18:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-02-05 20:04 . 2008-06-16 18:03 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-02-03 19:59 . 2008-04-14 03:42 56832 ----a-w- c:\windows\system32\secur32.dll

2008-12-20 22:14 . 2008-04-14 03:42 1288192 ----a-w- c:\windows\system32\quartz.dll

2008-12-16 12:30 . 2008-04-14 03:42 354304 ----a-w- c:\windows\system32\winhttp.dll

2008-12-11 10:57 . 2008-04-13 22:45 333952 ----a-w- c:\windows\system32\drivers\srv.sys

2008-12-05 06:54 . 2008-04-14 03:42 144896 ----a-w- c:\windows\system32\schannel.dll

2008-11-12 20:28 . 2008-11-12 20:28 -------- d-----w- c:\program files\Unitronics

2008-10-24 11:21 . 2008-04-13 22:47 455296 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2008-10-23 12:36 . 2008-04-14 03:41 286720 ----a-w- c:\windows\system32\gdi32.dll

2008-10-16 13:13 . 2008-06-16 16:43 202776 ----a-w- c:\windows\system32\wuweb.dll

2008-10-16 13:13 . 2008-06-16 16:43 1809944 ----a-w- c:\windows\system32\wuaueng.dll

2008-10-16 13:12 . 2008-06-16 16:43 323608 ----a-w- c:\windows\system32\wucltui.dll

2008-10-16 13:12 . 2008-06-16 16:43 561688 ----a-w- c:\windows\system32\wuapi.dll

2008-10-16 13:09 . 2008-06-16 16:43 51224 ----a-w- c:\windows\system32\wuauclt.exe

2008-10-16 13:09 . 2008-04-14 03:41 92696 ----a-w- c:\windows\system32\cdm.dll

2008-10-16 13:09 . 2007-07-30 17:19 43544 ----a-w- c:\windows\system32\wups2.dll

2008-10-16 13:08 . 2008-06-16 16:43 34328 ----a-w- c:\windows\system32\wups.dll

2008-10-03 10:02 . 2008-04-14 03:42 247326 ----a-w- c:\windows\system32\strmdll.dll

2008-10-01 12:01 . 2008-08-11 10:02 32000 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2008-09-10 01:14 . 2008-04-14 03:42 1307648 ----a-w- c:\windows\system32\msxml6.dll

2008-09-04 17:15 . 2008-04-14 03:42 1106944 ----a-w- c:\windows\system32\msxml3.dll

2008-08-14 10:04 . 2008-04-13 22:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2008-07-07 20:26 . 2008-04-14 03:41 253952 ----a-w- c:\windows\system32\es.dll

2008-06-29 13:23 . 2008-06-16 17:22 -------- d-----w- c:\program files\Common Files\InstallShield

2008-06-24 16:43 . 2008-04-14 03:42 74240 ----a-w- c:\windows\system32\mscms.dll

2008-06-20 17:46 . 2008-04-14 03:42 245248 ----a-w- c:\windows\system32\mswsock.dll

2008-06-20 11:51 . 2008-04-13 22:50 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2008-06-20 11:08 . 2008-04-13 22:30 225856 ----a-w- c:\windows\system32\drivers\tcpip6.sys

2008-06-17 16:53 . 2008-06-16 16:45 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2008-06-17 15:12 . 2008-06-17 15:12 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf

2008-06-17 15:12 . 2008-06-17 15:12 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-06-16 18:09 . 2008-06-16 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers Headquarters

2008-06-16 18:06 . 2008-06-16 18:06 -------- d-----w- c:\program files\PC Drivers HeadQuarters

2008-06-16 18:03 . 2008-06-16 18:03 -------- d-----w- c:\program files\Alwil Software

2008-06-16 17:39 . 2008-06-16 17:39 -------- d-----w- c:\program files\SigmaTel

2008-06-16 16:45 . 2008-06-16 16:45 -------- d-----w- c:\program files\microsoft frontpage

2008-06-16 16:42 . 2008-06-16 16:42 21640 ----a-w- c:\windows\system32\emptyregdb.dat

2008-06-12 14:23 . 2008-06-16 16:40 956928 ----a-w- c:\windows\system32\msdtctm.dll

2008-06-12 14:23 . 2008-06-16 16:40 91648 ----a-w- c:\windows\system32\mtxoci.dll

2008-06-12 14:23 . 2008-06-16 16:40 428032 ----a-w- c:\windows\system32\msdtcprx.dll

2008-06-12 14:23 . 2008-06-16 16:40 161792 ----a-w- c:\windows\system32\msdtcuiu.dll

2008-06-12 14:23 . 2008-06-16 16:40 58880 ----a-w- c:\windows\system32\msdtclog.dll

2008-06-12 14:23 . 2008-04-14 03:42 66560 ----a-w- c:\windows\system32\mtxclu.dll

2008-06-10 05:28 . 2008-04-14 03:42 1028096 ----a-w- c:\windows\system32\WMNetmgr.dll

2008-06-10 04:52 . 2008-04-14 03:42 96768 ----a-w- c:\windows\system32\logagent.exe

2008-05-30 13:19 . 2008-11-12 17:50 507400 ----a-w- c:\windows\system32\XAudio2_1.dll

2008-05-30 13:18 . 2008-11-12 17:50 238088 ----a-w- c:\windows\system32\xactengine3_1.dll

2008-05-30 13:17 . 2008-11-12 17:50 65032 ----a-w- c:\windows\system32\XAPOFX1_0.dll

2008-05-30 13:17 . 2008-11-12 17:50 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll

2008-05-30 13:11 . 2008-11-12 17:50 467984 ----a-w- c:\windows\system32\d3dx10_38.dll

2008-05-30 13:11 . 2008-11-12 17:50 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll

2008-05-30 13:11 . 2008-11-12 17:50 1491992 ----a-w- c:\windows\system32\D3DCompiler_38.dll

2008-05-28 09:07 . 2008-05-28 09:07 111620 ----a-w- c:\windows\Fonts\opens___.ttf

2008-05-20 08:01 . 2008-06-16 17:52 288896 ----a-w- c:\windows\system32\drivers\yk51x86.sys

2008-05-12 15:17 . 2008-06-16 18:21 50576 ----a-w- c:\windows\system32\drivers\tcusb.sys

2008-05-09 10:53 . 2008-04-14 03:42 90112 ----a-w- c:\windows\system32\wshext.dll

2008-05-09 10:53 . 2008-04-14 03:42 430080 ----a-w- c:\windows\system32\vbscript.dll

2008-05-09 10:53 . 2008-04-14 03:42 172032 ----a-w- c:\windows\system32\scrrun.dll

2008-05-09 10:53 . 2008-04-14 03:42 180224 ----a-w- c:\windows\system32\scrobj.dll

2008-05-08 14:02 . 2008-04-13 22:25 203136 ----a-w- c:\windows\system32\drivers\rmcast.sys

2008-05-08 11:24 . 2008-04-14 03:42 155648 ----a-w- c:\windows\system32\wscript.exe

2008-05-07 09:07 . 2008-04-14 03:42 135168 ----a-w- c:\windows\system32\cscript.exe

2008-04-30 15:27 . 2008-06-16 17:52 442368 ----a-w- c:\windows\system32\NVUNINST.EXE

2008-04-17 12:12 . 2008-04-17 12:12 319456 ----a-w- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DIFxAPI.dll

2008-04-17 12:12 . 2008-04-17 12:12 15464 ----a-w- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspiWDM.sys

2008-04-17 12:12 . 2008-04-17 12:12 107368 ----a-w- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspi.dll

2008-04-17 12:12 . 2008-01-29 10:02 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2008-04-17 12:12 . 2008-01-29 10:01 15464 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2008-04-14 05:42 . 2008-06-16 18:29 74752 ----a-w- c:\windows\system32\storprop.dll

2008-04-14 05:41 . 2008-06-16 18:32 21504 ----a-w- c:\windows\system32\hidserv.dll

2009-06-15 20:24 . 2008-06-18 17:51 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"Google Update"="c:\documents and settings\Stephane Forne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]

"QuickTime Task"="c:\program files\QT Lite\QTTask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-02-22 1626112]

"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2008-02-22 86016]

"NvMediaCenter"="NvMCTray.dll" - c:\windows\system32\nvmctray.dll [2008-02-22 86016]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Windows Live Messenger.lnk - c:\windows\Installer\{B4C75EAB-B1B8-4120-B9AF-0852EAE4A434}\MsblIco.Exe [2008-6-17 29926]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=

"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Spill\\[PC] Test Drive Unlimited [PROPER] [RIP] [dopeman]\\TDU\\TestDriveUnlimited.exe"=

"c:\\Spill\\COD4\\iw3mp.exe"=

"c:\\Spill\\Medal of Honor\\UnrealEngine3\\Binaries\\MOHA.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Spill\\FarCry\\Far Cry 2\\bin\\FarCry2.exe"=

"c:\\Spill\\FarCry\\Far Cry 2\\bin\\FC2Launcher.exe"=

"c:\\Spill\\FarCry\\Far Cry 2\\bin\\FC2Editor.exe"=

"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=

"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Spill\\bounout paradise\\BurnoutLauncher.exe"=

"c:\\Spill\\bounout paradise\\BurnoutConfigTool.exe"=

"c:\\Spill\\bounout paradise\\BurnoutParadise.exe"=

"c:\\Program Files\\DC++\\DCPlusPlus.exe"=

"c:\\Documents and Settings\\Stephane Forne\\Games\\Tom Clancy's H.A.W.X\\HAWX.exe"=

"c:\\Documents and Settings\\Stephane Forne\\Games\\Tom Clancy's H.A.W.X\\HAWX_dx10.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16.06.2008 20:03 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.06.2008 20:03 20560]

R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [16.06.2008 20:21 235584]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [16.06.2008 20:21 7424]

S2 gupdate1c9b04b7253e4ca;Google Update Service (gupdate1c9b04b7253e4ca);c:\program files\Google\Update\GoogleUpdate.exe [29.03.2009 10:50 133104]

S3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;c:\windows\system32\drivers\OEM02Afx.sys [16.06.2008 20:21 141376]

S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [11.08.2008 12:02 32000]

.

Contents of the 'Scheduled Tasks' folder

 

2009-04-30 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]

 

2007-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 08:50]

 

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 08:50]

 

2009-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1364589140-2146809391-1003Core.job

- c:\documents and settings\Stephane Forne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 18:56]

 

2009-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1364589140-2146809391-1003UA.job

- c:\documents and settings\Stephane Forne\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 18:56]

.

- - - - ORPHANS REMOVED - - - -

 

HKCU-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe

HKLM-Run-Regedit32 - c:\windows\system32\regedit.exe

 

 

.

------- Supplementary Scan -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

FF - ProfilePath - c:\documents and settings\Stephane Forne\Application Data\Mozilla\Firefox\Profiles\e8l3spub.default\

FF - prefs.js: browser.startup.homepage - igoogle.com

FF - prefs.js: network.proxy.ssl - 83.138.169.229

FF - prefs.js: network.proxy.ssl_port - 3128

FF - prefs.js: network.proxy.type - 4

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\documents and settings\Stephane Forne\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin.dll

FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin2.dll

FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin3.dll

FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin4.dll

FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin5.dll

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-18 09:22

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-1606980848-1364589140-2146809391-1003\Software\SecuROM\License information*]

"datasecu"=hex:47,a7,bf,5d,4a,86,92,cf,f1,83,3a,ac,6d,20,5f,02,5a,32,57,1d,f7,

a6,d4,71,ee,bd,91,0f,25,00,a6,d6,cb,b8,9e,2e,9a,36,06,ff,05,13,a2,7f,96,3a,\

"rkeysecu"=hex:78,c4,c7,f3,02,8b,7d,f5,d9,b8,26,ac,db,7c,be,78

.

Completion time: 2007-07-18 9:24

ComboFix-quarantined-files.txt 2007-07-18 07:24

 

Pre-Run: 54 256 828 416 bytes free

Post-Run: 54 749 499 392 bytes free

 

374 --- E O F --- 2009-06-21 09:42

 

 

MBAM- Log

 

 

Malwarebytes' Anti-Malware 1.39

Database version: 2456

Windows 5.1.2600 Service Pack 3

 

18.07.2007 09:02:58

mbam-log-2007-07-18 (09-02-58).txt

 

Scan type: Quick Scan

Objects scanned: 84462

Time elapsed: 4 minute(s), 42 second(s)

 

Memory Processes Infected: 2

Memory Modules Infected: 0

Registry Keys Infected: 8

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 8

 

Memory Processes Infected:

C:\WINDOWS\pp10.exe (Worm.KoobFace) -> Unloaded process successfully.

C:\WINDOWS\ld12.exe (Worm.KoobFace) -> Unloaded process successfully.

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_CLASSES_ROOT\bhonew.bhoapp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\bhonew.bhoapp.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{967a494a-6aec-4555-9caf-fa6eb00acf91} (Rogue.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Rogue.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{5f920865-38c9-40da-8fcf-d9dc83f84ec5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{a8954909-1f0f-41a5-a7fa-3b376d69e226} (Rogue.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5f920865-38c9-40da-8fcf-d9dc83f84ec5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> Quarantined and deleted successfully.

 

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pp (Worm.KoobFace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Backdoor.Bot) -> Quarantined and deleted successfully.

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

C:\WINDOWS\pp10.exe (Worm.KoobFace) -> Quarantined and deleted successfully.

c:\documents and settings\stephane forne\start menu\Programs\Startup\rncsys32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\ld12.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

C:\Documents and Settings\Stephane Forne\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\Stephane Forne\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.

C:\WINDOWS10112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

c:\WINDOWS101120101464849.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

c:\WINDOWS\934fdfg34fgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.

 

Endret 18. juli 2009 av ikkeno

[norbat]

Ser rimelig greit ut dette. Fortsatt problemer med trojanere?

 

Kunne du ha sjekke hva som ligger i følgende mappe:

C:\6095f44acd7b8d38ec

 

Det er satt proxy i firefox. Er dette noe du kjenner til?

 

Ta en runde med CCleaner:

Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'.

Kjør også noen runder med 'Register'til det ikke finner flere feil. Si ja til å ta backup av registerfiler før du fikser feilene som finnes.

[ikkeno]

Har ikke sett noe til hestene enda så da håper jeg at jeg har klart å jage dem vekk. Kjørt CCleaner å fått fjernet en hel del.

 

I den mappen lå det et par filer. Aner ikke hva de er til