Gå til innhold

MBAM og combofix logger, noen som ser problem i combofix?

abooAyoob

Av abooAyoob
i IKT-drift og sikkerhet

Anbefalte innlegg

abooAyoob

abooAyoob

Skrevet
Skrevet

Litt bakgrunn:

 

Satt sammen en ny pc for litt siden. Den kjører fint, men jeg får hele tiden beskjed om at en nettverkskabel er koblet fra, og nette kjører supertregt og stopper opp helt innimellom. Dette kom bare første kvelden, og ble så borte. Så en dag koblet jeg fra strømmen til ruteren, og koblet til igjen, så skjedde det samme. Men jeg mistenker at det er noe virus for jeg får ikke oppdatert avira antivirus. Kjører også commodo firewall, på windows xp 32 bit.

 

Kan noen se på loggene og si om man ser noe der?

 

Combofix:

--------------------------------------------------------------------------------------

ComboFix 09-08-10.06 - Admin 13.08.2009 17:00.1.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.47.1044.18.3327.2847 [GMT 2:00]

Kjører fra: c:\documents and settings\Admin\Skrivebord\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

.

 

((((((((((((((((((((((((((( Filer Opprettet Fra 2009-07-13 til 2009-08-13 )))))))))))))))))))))))))))))))))

.

 

2009-08-13 14:43 . 2009-08-13 14:43 -------- d-----w- c:\documents and settings\Admin\Programdata\Malwarebytes

2009-08-13 14:43 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-13 14:43 . 2009-08-13 14:43 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes

2009-08-13 14:43 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-13 14:43 . 2009-08-13 14:43 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware

2009-08-12 17:23 . 2009-08-12 17:23 -------- d-----w- c:\windows\ServicePackFiles

2009-08-01 17:02 . 2009-08-01 17:02 -------- d-----w- c:\programfiler\uTorrent

2009-08-01 17:01 . 2009-08-07 19:37 -------- d-----w- c:\documents and settings\Admin\Programdata\uTorrent

2009-07-29 05:10 . 2009-07-03 17:01 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2009-07-29 05:10 . 2009-07-03 17:01 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2009-07-28 22:00 . 2009-07-29 23:08 -------- d-----w- c:\documents and settings\Admin\Programdata\DeepBurner

2009-07-28 22:00 . 2009-07-28 22:00 -------- d-----w- c:\programfiler\Astonsoft

2009-07-28 09:45 . 2009-07-29 19:19 -------- d-----w- c:\documents and settings\Admin\Programdata\vlc

2009-07-28 09:10 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll

2009-07-28 09:10 . 2009-07-28 09:10 -------- d-----w- c:\programfiler\Microsoft Works

2009-07-28 09:09 . 2009-07-28 09:09 -------- d-----w- c:\programfiler\MSBuild

2009-07-28 09:09 . 2009-07-28 09:09 -------- d-----w- c:\programfiler\Microsoft.NET

2009-07-28 09:07 . 2009-07-28 09:07 -------- d-----w- c:\programfiler\Microsoft Visual Studio 8

2009-07-28 09:06 . 2009-07-28 09:09 -------- d-----w- c:\windows\SHELLNEW

2009-07-28 09:06 . 2009-07-28 09:06 -------- d-----w- c:\documents and settings\Admin\Lokale innstillinger\Programdata\Microsoft Help

2009-07-28 09:06 . 2009-08-12 23:22 -------- d-----w- c:\documents and settings\All Users\Programdata\Microsoft Help

2009-07-28 09:06 . 2009-07-28 09:06 -------- d--h--r- C:\MSOCache

2009-07-27 14:36 . 2001-10-06 12:02 5632 ----a-w- c:\windows\system32\ptpusb.dll

2009-07-27 14:36 . 2004-08-03 23:03 159232 ----a-w- c:\windows\system32\ptpusd.dll

2009-07-27 14:36 . 2004-08-03 20:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2009-07-27 14:36 . 2004-08-03 20:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2009-07-27 12:42 . 2009-07-27 13:10 -------- d-----w- c:\documents and settings\Andre\Lokale innstillinger\Programdata\Adobe

2009-07-26 22:42 . 2009-07-27 01:22 -------- d-----w- c:\documents and settings\Andre\Programdata\vlc

2009-07-26 22:40 . 2009-07-26 22:40 -------- d-----w- c:\programfiler\VideoLAN

2009-07-25 22:24 . 2004-08-03 21:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys

2009-07-25 16:14 . 2009-07-03 17:01 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-07-25 16:14 . 2009-07-03 17:01 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-07-25 16:14 . 2009-07-03 17:01 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2009-07-25 16:14 . 2009-07-19 16:48 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll

2009-07-25 14:26 . 2004-08-04 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll

2009-07-25 13:59 . 2009-07-25 13:59 -------- d-----w- c:\documents and settings\Andre\Lokale innstillinger\Programdata\Mozilla

2009-07-25 13:56 . 2009-07-25 13:56 -------- d-----w- c:\documents and settings\Andre\Lokale innstillinger\Programdata\Identities

2009-07-25 13:56 . 2009-08-02 08:05 68456 ----a-w- c:\documents and settings\Andre\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT

2009-07-25 13:56 . 2009-07-25 13:56 -------- d-----w- c:\documents and settings\Andre\Programdata\ATI

2009-07-25 13:56 . 2009-07-25 13:56 -------- d-----w- c:\documents and settings\Andre\Lokale innstillinger\Programdata\ATI

2009-07-25 11:53 . 2009-07-25 11:53 -------- d-----w- c:\windows\Sun

2009-07-25 11:50 . 2009-07-25 11:50 -------- d-----w- c:\programfiler\Java

2009-07-25 11:48 . 2009-07-25 11:51 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-07-25 11:48 . 2009-07-25 11:50 152576 ----a-w- c:\documents and settings\Admin\Programdata\Sun\Java\jre1.6.0_14\lzma.dll

2009-07-25 11:44 . 2009-07-25 11:44 0 ----a-w- c:\windows\nsreg.dat

2009-07-25 11:44 . 2009-07-25 11:44 -------- d-----w- c:\documents and settings\Admin\Lokale innstillinger\Programdata\Mozilla

2009-07-25 11:40 . 2009-07-25 11:40 -------- d-----w- c:\documents and settings\All Users\Programdata\ATI

2009-07-25 11:40 . 2009-07-25 11:40 -------- d-----w- c:\documents and settings\Admin\Programdata\ATI

2009-07-25 11:40 . 2009-07-25 11:40 -------- d-----w- c:\documents and settings\Admin\Lokale innstillinger\Programdata\ATI

2009-07-25 11:40 . 2009-07-25 11:40 0 ----a-w- c:\windows\ativpsrm.bin

2009-07-25 11:39 . 2009-07-25 11:39 -------- d-----w- c:\programfiler\My Company Name

2009-07-25 11:35 . 2009-07-25 11:35 9158 ----a-r- c:\documents and settings\Admin\Programdata\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe

2009-07-25 11:35 . 2009-07-25 11:35 -------- d-----w- c:\programfiler\Fellesfiler\ATI Technologies

2009-07-25 11:33 . 2008-07-02 19:38 89600 ----a-r- c:\windows\system32\drivers\AtiHdmi.sys

2009-07-25 11:32 . 2008-08-30 04:01 307200 ----a-r- c:\windows\system32\atiiiexx.dll

2009-07-25 11:32 . 2008-08-30 03:59 425984 ----a-r- c:\windows\system32\ATIDEMGX.dll

2009-07-25 11:32 . 2008-08-30 03:19 887724 ----a-r- c:\windows\system32\ativva6x.dat

2009-07-25 11:32 . 2008-08-30 03:19 3107788 ----a-r- c:\windows\system32\ativva5x.dat

2009-07-25 11:32 . 2008-08-30 03:19 3107788 ----a-r- c:\windows\system32\ativvaxx.dat

2009-07-25 11:32 . 2008-08-14 18:40 176214 ----a-r- c:\windows\system32\atiicdxx.dat

2009-07-25 11:32 . 2009-07-25 11:37 -------- d-----w- c:\programfiler\ATI Technologies

2009-07-25 11:26 . 2009-07-25 11:26 -------- d-----w- c:\documents and settings\Admin\Lokale innstillinger\Programdata\Google

2009-07-25 11:22 . 2009-07-25 11:23 -------- d-----w- c:\documents and settings\Admin\Lokale innstillinger\Programdata\Adobe

2009-07-25 11:22 . 2009-07-25 11:22 -------- d-----w- c:\programfiler\Fellesfiler\Adobe

2009-07-25 10:42 . 2009-07-25 11:11 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-07-25 10:33 . 2009-07-25 10:33 -------- d-----w- c:\documents and settings\Andre\Lokale innstillinger\Programdata\Google

2009-07-25 10:33 . 2009-07-25 10:33 -------- d-----w- c:\programfiler\Google

2009-07-25 10:33 . 2009-07-25 10:33 1886320 ----a-w- c:\documents and settings\All Users\Programdata\NOS\Adobe_Downloads\GoogleToolbarInstaller_en_signed.exe

2009-07-25 10:33 . 2009-07-25 10:33 1914000 ----a-w- c:\documents and settings\All Users\Programdata\NOS\Adobe_Downloads\install_flash_player_ax.exe

2009-07-25 10:33 . 2009-07-25 11:20 -------- d-----w- c:\documents and settings\All Users\Programdata\NOS

2009-07-25 10:33 . 2009-07-25 11:20 -------- d-----w- c:\programfiler\NOS

2009-07-25 10:32 . 2009-07-25 10:32 -------- d-sh--w- c:\documents and settings\Andre\PrivacIE

2009-07-24 20:56 . 2009-07-24 20:56 -------- d-----w- c:\windows\system32\KB905474

2009-07-24 20:56 . 2009-03-10 20:26 1432960 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe

2009-07-24 20:56 . 2009-03-10 20:18 454024 ----a-w- c:\windows\system32\KB905474\wgasetup.exe

2009-07-24 20:52 . 2009-07-24 20:52 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache

2009-07-24 20:51 . 2009-07-24 20:51 -------- d-sh--w- c:\documents and settings\Admin\PrivacIE

2009-07-24 20:37 . 2009-07-24 20:37 -------- d-sh--w- c:\documents and settings\Admin\IETldCache

2009-07-24 20:33 . 2009-07-24 22:54 -------- d-----w- c:\windows\system32\CatRoot_bak

2009-07-24 20:33 . 2009-07-29 23:18 -------- d-----w- c:\windows\ie8updates

2009-07-24 20:31 . 2009-07-24 20:32 -------- dc-h--w- c:\windows\ie8

2009-07-24 20:31 . 2009-07-24 20:32 -------- d-----w- c:\windows\system32\nb-NO

2009-07-24 20:31 . 2008-06-14 18:00 272256 -c----w- c:\windows\system32\dllcache\bthport.sys

2009-07-24 20:31 . 2008-06-14 18:00 272256 ------w- c:\windows\system32\drivers\bthport.sys

2009-07-24 20:31 . 2009-02-09 11:53 2017792 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe

2009-07-24 20:31 . 2009-02-09 11:53 2059520 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe

2009-07-24 20:31 . 2009-02-09 11:53 2182272 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe

2009-07-24 20:31 . 2009-02-09 11:53 2138112 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe

2009-07-24 20:30 . 2008-10-24 11:10 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2009-07-24 20:23 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-07-24 20:16 . 2009-08-12 17:23 -------- d--h--w- c:\windows\$hf_mig$

2009-07-23 21:54 . 2009-07-30 13:17 68456 ----a-w- c:\documents and settings\Admin\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT

2009-07-23 21:53 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-07-23 21:53 . 2009-03-24 14:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-07-23 21:53 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-07-23 21:53 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-07-23 21:53 . 2009-07-23 21:53 -------- d-----w- c:\programfiler\Avira

2009-07-23 21:53 . 2009-07-23 21:53 -------- d-----w- c:\documents and settings\All Users\Programdata\Avira

2009-07-23 11:08 . 2009-07-23 11:44 -------- d-----w- c:\documents and settings\All Users\Programdata\Comodo

2009-07-23 11:08 . 2009-07-23 11:08 86976 ----a-w- c:\windows\system32\drivers\inspect.sys

2009-07-23 11:08 . 2009-07-23 11:08 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2009-07-23 11:08 . 2009-07-23 11:08 179792 ----a-w- c:\windows\system32\guard32.dll

2009-07-23 11:08 . 2009-07-23 11:08 132040 ----a-w- c:\windows\system32\drivers\cmdguard.sys

2009-07-23 11:08 . 2009-07-23 11:08 -------- d-----w- c:\programfiler\COMODO

2009-07-23 10:39 . 2009-07-23 10:39 -------- d-sh--w- c:\documents and settings\Admin\UserData

2009-07-23 10:00 . 2004-08-03 21:15 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys

2009-07-23 10:00 . 2004-08-03 20:58 7552 ----a-w- c:\windows\system32\drivers\MSKSSRV.sys

2009-07-23 10:00 . 2004-08-03 20:58 4992 ----a-w- c:\windows\system32\drivers\MSPQM.sys

2009-07-23 10:00 . 2004-08-03 20:58 5376 ----a-w- c:\windows\system32\drivers\MSPCLOCK.sys

2009-07-23 10:00 . 2006-08-01 15:02 49152 ------r- c:\windows\system32\ChCfg.exe

2009-07-23 10:00 . 2009-07-23 10:00 -------- d-----w- c:\windows\system32\RTCOM

2009-07-23 10:00 . 2004-08-03 23:03 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll

2009-07-23 10:00 . 2004-08-03 23:03 4096 ----a-w- c:\windows\system32\ksuser.dll

2009-07-23 10:00 . 2004-08-03 21:08 60288 -c--a-w- c:\windows\system32\dllcache\drmk.sys

2009-07-23 10:00 . 2004-08-03 21:08 60288 ----a-w- c:\windows\system32\drivers\drmk.sys

2009-07-23 09:54 . 2009-07-23 09:54 -------- d-----w- c:\windows\system32\drivers\system32

2009-07-23 09:54 . 2009-07-23 09:54 -------- d-----w- c:\windows\system32\drivers\INF

2009-07-23 09:52 . 2009-07-23 09:52 -------- d-----w- c:\windows\ASUSInstAll

2009-07-23 09:49 . 2009-07-23 09:50 -------- dc----w- c:\windows\system32\DRVSTORE

2009-07-23 09:49 . 2009-07-23 09:49 -------- d-----w- c:\programfiler\Intel

2009-07-23 09:49 . 2008-03-26 03:15 53248 ----a-r- c:\windows\system32\CSVer.dll

2009-07-23 09:49 . 2009-07-23 09:49 -------- d-----w- C:\Intel

2009-07-20 21:59 . 2004-08-13 10:56 5810 ----a-r- c:\windows\system32\drivers\ASACPI.sys

2009-07-20 21:59 . 2007-12-28 15:22 10296 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-25 20:13 . 2009-07-19 22:44 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-07-25 11:44 . 2004-08-04 12:00 66876 ----a-w- c:\windows\system32\perfc014.dat

2009-07-25 11:44 . 2004-08-04 12:00 396894 ----a-w- c:\windows\system32\perfh014.dat

2009-07-25 11:39 . 2009-07-23 09:59 -------- d--h--w- c:\programfiler\InstallShield Installation Information

2009-07-25 11:25 . 2009-07-23 09:59 -------- d-----w- c:\programfiler\Fellesfiler\InstallShield

2009-07-23 10:02 . 2009-07-23 10:02 -------- d-----w- c:\programfiler\ASUS

2009-07-23 09:59 . 2009-07-23 09:59 -------- d-----w- c:\programfiler\Realtek

2009-07-23 09:59 . 2009-07-23 09:59 315392 ----a-w- c:\windows\HideWin.exe

2009-07-19 22:45 . 2009-07-19 22:45 -------- d-----w- c:\programfiler\microsoft frontpage

2009-07-19 22:44 . 2009-07-19 22:44 -------- d-----w- c:\programfiler\Elektroniske tjenester

2009-07-19 22:43 . 2009-07-19 22:43 -------- d-----w- c:\programfiler\Fellesfiler\Tjenester

2009-07-19 22:42 . 2009-07-19 22:42 21704 ----a-w- c:\windows\system32\emptyregdb.dat

2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 00:18 . 2004-08-04 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-03 17:01 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-25 18:38 . 2004-08-04 12:00 95744 ----a-w- c:\windows\system32\mqsec.dll

2009-06-25 18:38 . 2004-08-04 12:00 517120 ----a-w- c:\windows\system32\mqsnap.dll

2009-06-25 18:38 . 2004-08-04 12:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll

2009-06-25 18:38 . 2004-08-04 12:00 472576 ----a-w- c:\windows\system32\mqutil.dll

2009-06-25 18:38 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\mqtrig.dll

2009-06-25 18:38 . 2004-08-04 12:00 177152 ----a-w- c:\windows\system32\mqrt.dll

2009-06-25 18:38 . 2004-08-04 12:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll

2009-06-25 18:38 . 2004-08-04 12:00 661504 ----a-w- c:\windows\system32\mqqm.dll

2009-06-25 18:38 . 2004-08-04 12:00 47104 ----a-w- c:\windows\system32\mqdscli.dll

2009-06-25 18:38 . 2004-08-04 12:00 225280 ----a-w- c:\windows\system32\mqoa.dll

2009-06-25 18:38 . 2004-08-04 12:00 16896 ----a-w- c:\windows\system32\mqise.dll

2009-06-25 18:38 . 2004-08-04 12:00 138240 ----a-w- c:\windows\system32\mqad.dll

2009-06-22 11:49 . 2004-08-04 12:00 19968 ----a-w- c:\windows\system32\mqbkup.exe

2009-06-22 11:49 . 2004-08-04 12:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe

2009-06-22 11:49 . 2004-08-04 12:00 4608 ----a-w- c:\windows\system32\mqsvc.exe

2009-06-22 11:48 . 2004-08-04 12:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys

2009-06-16 14:55 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:55 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-15 11:33 . 2004-08-04 12:00 76800 ----a-w- c:\windows\system32\telnet.exe

2009-06-15 11:33 . 2004-08-04 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-10 14:26 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 06:32 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-05 07:55 . 2009-07-19 22:42 655872 ----a-w- c:\windows\system32\mstscax.dll

2009-06-03 19:28 . 2004-08-04 12:00 1293824 ----a-w- c:\windows\system32\quartz.dll

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-25 39408]

"MSMSGS"="c:\programfiler\Messenger\msmsgs.exe" [2004-08-03 1667584]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-05-14 5958656]

"COMODO Internet Security"="c:\programfiler\COMODO\COMODO Internet Security\cfp.exe" [2009-07-23 1793808]

"avgnt"="c:\programfiler\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"StartCCC"="c:\programfiler\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]

"SunJavaUpdateSched"="c:\programfiler\Java\jre6\bin\jusched.exe" [2009-07-25 148888]

"GrooveMonitor"="c:\programfiler\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-03-26 16859136]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\guard32.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programfiler\\Messenger\\msmsgs.exe"=

"c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Programfiler\\uTorrent\\uTorrent.exe"=

 

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [23.07.2009 12:02 150568]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [23.07.2009 13:08 132040]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [23.07.2009 13:08 25160]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programfiler\Avira\AntiVir Desktop\sched.exe [23.07.2009 23:53 108289]

R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [25.07.2009 13:33 89600]

R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [23.07.2009 12:02 36864]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2009-08-13 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-07-24 20:18]

.

.

------- Tilleggsskanning -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

FF - ProfilePath - c:\documents and settings\Admin\Programdata\Mozilla\Firefox\Profiles\13pfanbj.default\

 

---- FIREFOX POLICIES ----

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\programfiler\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\programfiler\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\programfiler\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\programfiler\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-13 17:01

Windows 5.1.2600 Service Pack 2 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'winlogon.exe'(796)

c:\windows\system32\guard32.dll

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'lsass.exe'(852)

c:\windows\system32\guard32.dll

 

- - - - - - - > 'explorer.exe'(1344)

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

.

Tidspunkt ferdig: 2009-08-13 17:02

ComboFix-quarantined-files.txt 2009-08-13 15:02

 

Pre-Run: 43 261 825 024 byte ledig

Post-Run: 43 506 737 152 byte ledig

 

WindowsXP-KB310994-SP2-Pro-BootDisk-NOR.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

308 --- E O F --- 2009-08-12 17:23

------------------------------------------------------------------------------------------

 

MBAM:

---------------------------------------------

 

Malwarebytes' Anti-Malware 1.40

Databaseversjon: 2615

Windows 5.1.2600 Service Pack 2

 

13.08.2009 16:46:08

mbam-log-2009-08-13 (16-46-08).txt

 

Skanntype: Rask Skann

Objekter skannet: 93540

Tid tilbakelagt: 1 minute(s), 49 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 0

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

(Ingen mistenkelige filer funnet)

 

Registerverdier infisert:

(Ingen mistenkelige filer funnet)

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

(Ingen mistenkelige filer funnet)

--------------------------------------------------

Lenke til kommentar

Videoannonse

Videoannonse
Annonse

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...