baltakatt Skrevet 3. september 2009 Del Skrevet 3. september 2009 Kan noen være så vennlig å se over denne loggen? Har i det siste fått noen irriterende popups som tydelig kommer fra steder med onde hensikter, får beskjed om jeg må foreta et virussøk selv om det er fra et nettsted/program jeg aldri har installert. Har søkt med malwarebytes, adaware, spybot search and destroy og AVG free - finner ingenting mistenkelig. Her er loggen: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:29:11, on 03.09.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Syncrosoft\POS\H2O\cledx.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe C:\Windows\System32\mobsync.exe C:\Program Files\uTorrent\uTorrent.exe C:\Users\Knut\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Knut\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Knut\Documents\Downloads\driverscanner.exe C:\Users\Knut\AppData\Local\Temp\miaAE1A.tmp\DriverScanner_Setup.exe C:\Users\Knut\Documents\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://no.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETTVERKSTJENESTE') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- End of file - 5258 bytes Lenke til kommentar
norbat Skrevet 3. september 2009 Del Skrevet 3. september 2009 Kommer popupene opp i forbindelse med noen spesielle nettsider du besøker evt. har 'programmet' et navn? Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Hent Combofix, og legg det på skrivebordet Kjør combofix.exe, og følg veiledningen. Du må ikke klikke på vinduet mens programmet kjører. Post loggfilen fra combofix (c:\combofix.txt) Lenke til kommentar
baltakatt Skrevet 3. september 2009 Forfatter Del Skrevet 3. september 2009 Takk for raskt svar! Kommer ikke på noen spesielle sider, helt tilfeldig. Husker ikke navnet, men noe slikt som "you must run a viruscheck with anti-virus8" eller noe sånn. Har vært 2 forskjellige linker til nettsteder/antivirusprogram. Har nå renset med crapcleaner og kjørt combofix. Her er loggen derfra: ComboFix 09-09-03.02 - Knut 03.09.2009 23:31.1.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.3070.2064 [GMT 2:00] Kjører fra: c:\users\Knut\Documents\Downloads\ComboFix.exe SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Knut\AppData\Roaming\.# c:\windows\Installer\442f0d.msi . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-08-03 til 2009-09-03 ))))))))))))))))))))))))))))))))) . 2009-09-03 11:54 . 2009-09-03 11:54 -------- d-----w- c:\users\Knut\AppData\Roaming\Intel 2009-09-03 11:54 . 2009-09-03 11:54 -------- d-----w- c:\users\TxR\Roaming 2009-09-03 11:54 . 2009-09-03 11:54 -------- d-----w- c:\users\systemprofile\Roaming 2009-09-03 11:54 . 2009-09-03 11:54 -------- d-----w- c:\users\RegBack\Roaming 2009-09-03 11:54 . 2009-09-03 11:54 -------- d-----w- c:\users\Public\Roaming 2009-09-03 11:54 . 2009-09-03 11:54 -------- d-----w- c:\users\Knut\Roaming 2009-09-03 11:54 . 2009-09-03 11:54 -------- d-----w- c:\users\Journal\Roaming 2009-09-03 11:54 . 2009-09-03 11:54 -------- d-----w- c:\users\Default\Roaming 2009-09-03 11:54 . 2009-09-03 11:54 -------- d-----w- c:\programdata\Roaming 2009-09-03 11:53 . 2009-09-03 11:53 -------- d-----w- c:\program files\Cisco 2009-09-03 11:53 . 2009-09-03 11:53 -------- d-----w- c:\program files\Common Files\Intel 2009-09-03 11:53 . 2009-09-03 11:53 -------- d-----w- c:\programdata\Intel 2009-09-03 11:46 . 2009-09-03 11:46 -------- d-----w- c:\program files\SystemRequirementsLab 2009-09-03 11:46 . 2009-09-03 11:46 -------- d-----w- c:\users\Knut\SystemRequirementsLab 2009-09-03 11:29 . 2009-09-03 11:32 -------- d-----w- c:\programdata\DriverScanner 2009-09-03 11:29 . 2009-09-03 11:29 -------- d-----w- c:\users\Knut\AppData\Roaming\Uniblue 2009-09-03 11:29 . 2009-09-03 11:29 -------- d-----w- c:\program files\Uniblue 2009-09-03 11:27 . 2009-09-03 11:29 -------- dc-h--w- c:\programdata\{66E2F539-12B6-4870-A500-7689CDE75C5E} 2009-09-03 07:37 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-09-03 07:37 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-30 01:09 . 2009-08-30 01:09 -------- d-----w- c:\users\Knut\AppData\Roaming\Malwarebytes 2009-08-30 01:09 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-30 01:09 . 2009-08-30 01:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-30 01:09 . 2009-08-30 01:09 -------- d-----w- c:\programdata\Malwarebytes 2009-08-30 01:09 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-25 22:06 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll 2009-08-13 21:50 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll 2009-08-13 21:50 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll 2009-08-13 21:50 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll 2009-08-13 21:50 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll 2009-08-13 21:50 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-08-13 21:50 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll 2009-08-13 21:50 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll 2009-08-13 21:50 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe 2009-08-12 11:42 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll 2009-08-12 11:42 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll 2009-08-12 11:42 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-08-12 11:42 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll 2009-08-12 11:42 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2009-08-12 11:42 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-08-12 11:42 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-08-12 11:42 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-03 21:24 . 2008-09-06 11:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2009-09-03 11:56 . 2008-09-29 16:42 -------- d-----w- c:\users\Knut\AppData\Roaming\uTorrent 2009-09-03 11:56 . 2008-01-21 06:14 77322 ----a-w- c:\windows\system32\perfc014.dat 2009-09-03 11:56 . 2008-01-21 06:14 455230 ----a-w- c:\windows\system32\perfh014.dat 2009-09-03 11:53 . 2008-04-21 12:38 -------- d-----w- c:\program files\Intel 2009-08-21 23:34 . 2009-07-12 14:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-08-21 23:34 . 2009-07-12 14:10 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-08-21 23:34 . 2009-07-12 14:10 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-08-12 21:44 . 2008-04-21 13:43 -------- d-----w- c:\programdata\Microsoft Help 2009-08-12 21:43 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-08-04 18:59 . 2009-08-04 18:59 -------- d-----w- c:\program files\Common Files\Tmp 2009-08-04 18:53 . 2009-08-04 18:53 -------- d-----w- c:\program files\Common Files\Melodyne plugin 2009-08-04 18:53 . 2009-07-10 15:59 -------- d-----w- c:\program files\Celemony 2009-07-31 11:23 . 2008-09-06 14:16 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-30 19:05 . 2008-09-06 11:05 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-07-21 21:52 . 2009-07-29 16:46 915456 ----a-w- c:\windows\system32\wininet.dll 2009-07-21 21:47 . 2009-07-29 16:46 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-07-21 21:47 . 2009-07-29 16:46 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-07-21 21:07 . 2009-07-21 21:07 -------- d-----w- c:\users\Knut\AppData\Roaming\Waves Preferences 2009-07-21 21:07 . 2009-07-21 21:07 -------- d-----w- c:\users\Knut\AppData\Roaming\Waves 2009-07-21 21:05 . 2009-07-21 21:05 -------- d-----w- c:\users\Knut\AppData\Roaming\Waves Audio 2009-07-21 21:04 . 2009-07-21 21:03 -------- d-----w- c:\program files\Waves 2009-07-21 20:13 . 2009-07-29 16:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-07-19 22:00 . 2009-07-19 22:00 -------- d-----w- c:\program files\Trend Micro 2009-07-15 12:01 . 2009-07-15 12:01 -------- d-----w- c:\program files\RoomEQWizard 2009-07-14 17:47 . 2009-07-14 17:47 -------- d-----w- c:\program files\Common Files\Native Instruments 2009-07-14 17:47 . 2008-10-25 12:24 -------- d-----w- c:\program files\Native Instruments 2009-07-12 14:10 . 2009-07-12 14:10 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-07-12 14:10 . 2008-08-29 17:15 -------- d-----w- c:\programdata\avg8 2009-07-12 14:03 . 2008-08-29 17:00 103024 ----a-w- c:\users\Knut\AppData\Local\GDIPFONTCACHEV1.DAT 2009-07-12 12:41 . 2008-04-21 13:45 -------- d-----w- c:\program files\Microsoft Works 2009-07-12 11:19 . 2008-04-21 12:44 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-10 22:33 . 2009-07-10 22:33 -------- d-----w- c:\users\Knut\AppData\Roaming\TuneUp Software 2009-07-10 22:33 . 2009-07-10 22:33 -------- d-----w- c:\programdata\TuneUp Software 2009-07-10 22:32 . 2009-07-10 22:32 -------- d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357} 2009-06-15 15:24 . 2009-07-15 10:45 156672 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 15:20 . 2009-07-15 10:45 72704 ----a-w- c:\windows\system32\fontsub.dll 2009-06-15 15:20 . 2009-07-15 10:45 10240 ----a-w- c:\windows\system32\dciman32.dll 2009-06-15 12:52 . 2009-07-15 10:45 289792 ----a-w- c:\windows\system32\atmfd.dll 2009-06-09 17:29 . 2009-01-26 16:08 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-06-08 10:07 . 2009-06-08 10:07 232200 ----a-w- c:\windows\system32\PDBoot.exe 2009-06-08 08:00 . 2009-06-08 08:00 71696 ----a-w- c:\windows\system32\drivers\DefragFs.sys 2002-07-31 17:55 . 2009-07-06 13:34 104 --sh--w- c:\windows\WSYS049.SYS . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-01-03 00:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 213936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-21 2007832] "NvSvc"="c:\windows\system32\nvsvc.dll" [2008-03-11 92704] "H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exeautocheck autochk *lsdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler "Google Update"="c:\users\Knut\AppData\Local\Google\Update\GoogleUpdate.exe" /c "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" "Microsoft Office Outlook"=c:\progra~1\MICROS~2\Office12\OUTLOOK.EXE /recycle [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "eDataSecurity Loader"=c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe "Ad-Watch"=c:\program files\Lavasoft\Ad-Aware\AAWTray.exe "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" "NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit "WarReg_PopUp"=c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe "PLFSet"=rundll32.exe c:\windows\PLFSet.dll,PLFDefSetting "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3299291290-3855906575-1555639816-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{D6EB025C-264A-4349-93AA-A98818E10573}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{812B39C9-7515-4921-A349-1E307BBE42BA}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{37A48DD9-55F4-42A1-B529-F7E56777BD64}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver "UDP Query User{9E52E7D0-8EF4-4E7C-A8E8-DB1A0F75DEE0}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver "TCP Query User{46A4BC2F-B1AD-414F-952C-CA16DD755116}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application "UDP Query User{F8CF3553-1F88-42F5-B2EC-AD9B2693BDFE}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application "TCP Query User{A3047695-85A4-4F6A-B74D-2CFA55505257}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{299AE7A3-5FAD-4CCC-A7A6-0E4B8EEC7F7C}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser "{9B5C972A-5A4D-4FAD-A0D5-507B24D30618}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{646A33DD-5093-411B-A2FD-513B7A9BDAB6}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{BCB73726-44AA-4C65-A298-93C9E17CDD0B}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent "UDP Query User{6A5FE588-A433-437F-BB5C-139182A07C80}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent "TCP Query User{5459792C-6619-4B2A-894C-BFEB8C07DDF1}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver "UDP Query User{A0E1823D-37C1-470A-8B09-4419F96E33E3}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver "TCP Query User{8E076F38-2FBB-450C-99A8-6EACBE91FD1E}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application "UDP Query User{025A9F2E-4A32-42D1-9CA4-59F0EEED7EDC}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application "{76EEBFC1-3FE1-4D85-B165-A2F32ED0323C}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{852DA6B9-2635-4A6F-8A9C-CA752E11E5C8}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{439D6A99-118F-4DC3-A5AF-EAE2401C3992}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{B7A2C55C-0EDC-4865-8B38-E64EC1889442}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{12B4A6EA-9939-4573-B105-584D3E7F0F9C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{6A52BA85-DFE6-4F05-A09B-DA8F82D2E6B4}"= Disabled:UDP:c:\program files\Sports Interactive\Football Manager 2009 Demo\fm.exe:Football Manager 2009 Demo "{5770875C-8AD3-4087-86E9-4E465EE0AE16}"= Disabled:TCP:c:\program files\Sports Interactive\Football Manager 2009 Demo\fm.exe:Football Manager 2009 Demo "{43CB96C8-4905-473A-B290-79221C3204C2}"= UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009 "{24DB518D-093D-4798-83EB-C4CE8C9BA225}"= TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009 "TCP Query User{DB80B80E-837F-4BA8-9344-0D7E378DB0A7}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= UDP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime "UDP Query User{A2EF4324-B694-492D-A0E3-4B168280013D}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= TCP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime "{981C82E1-6D1A-4FDE-B707-030A41E038DE}"= UDP:c:\program files\Spotify\spotify.exe:Spotify "{2C4691D6-D317-4C26-A33E-27E06BA139DA}"= TCP:c:\program files\Spotify\spotify.exe:Spotify "{2CEC1437-5761-4D26-97A8-2156D921F9E0}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{42B93500-D73A-4748-B316-211939891656}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe "TCP Query User{012FABD2-D419-44A8-9B94-2B28ED5AA3FD}c:\\users\\knut\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:c:\users\knut\appdata\local\google\chrome\application\chrome.exe:chrome.exe "UDP Query User{8A184BAD-FAC4-4810-A152-C746122BDD42}c:\\users\\knut\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:c:\users\knut\appdata\local\google\chrome\application\chrome.exe:chrome.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "DefaultOutboundAction"= 0 (0x0) "DefaultInboundAction"= 1 (0x1) R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [28.04.2009 21:25 64160] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [12.07.2009 16:10 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [12.07.2009 16:10 108552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12.07.2009 16:10 297752] R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\System32\drivers\AtiHdmi.sys [20.02.2009 07:17 95760] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [21.04.2008 23:10 179712] R3 CLEDX;Team H2O CLEDX service;c:\windows\System32\drivers\cledx.sys [24.10.2008 10:57 33792] R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [28.05.2009 22:41 4233728] R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [21.04.2008 23:10 43008] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18.01.2009 23:34 1029456] S4 gupdate1c9b0667545aab5;Google Update Service (gupdate1c9b0667545aab5);c:\program files\Google\Update\GoogleUpdate.exe [29.03.2009 14:04 133104] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-01-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 19:07] 2009-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 12:03] 2009-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-29 12:03] 2009-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3299291290-3855906575-1555639816-1000Core.job - c:\users\Knut\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-03 06:35] 2009-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3299291290-3855906575-1555639816-1000UA.job - c:\users\Knut\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-03 06:35] . . ------- Tilleggsskanning ------- . uStart Page = about:blank mStart Page = hxxp://no.intl.acer.yahoo.com IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-03 23:36 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EverestDriver] "ImagePath"="\??\c:\users\Knut\Documents\Downloads\kerneld.wnt" . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-3299291290-3855906575-1555639816-1000\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE] "GameDir"="c:\\Users\\Knut\\Documents\\Sports Interactive\\Football Manager 2009\\games" "ShortlistDir"="c:\\Users\\Knut\\Documents\\Sports Interactive\\Football Manager 2009\\shortlists" "ScreenshotsDir"="c:\\Users\\Knut\\Documents\\Sports Interactive\\Football Manager 2009" "SaveDir"="c:\\Users\\Knut\\Documents\\Sports Interactive\\Football Manager 2009\\" "HistoryDir"="c:\\Users\\Knut\\Desktop\\FM Genie Scout 2009 XE\\History Points" "LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2009\\data\\updates\\update-910\\db\\910\\lang_db.dat" "LastSaveGame"="" "Language"="English" "LoadLangDB"=dword:00000001 "CompressHistoryPoints"=dword:00000000 "HighlightedAttributes"=dword:00000000 "MinCondition"=dword:00000050 "SkinName"="Champions League" "LastUpdateCheck"=dword:00000000 "HighQualityGUI"=dword:00000001 "AutomaticallyUpdateCheck"=dword:00000001 "AdvancedGeneration"=dword:00000000 "TranslateStaffSkills"=dword:00000001 "TranslatePlayerSkills"=dword:00000001 "TranslatePositions"=dword:00000001 "ShowHistory"=dword:00000001 "Version"=dword:00000066 "UniqueID"="B4-8200-EF2F" "Currency"=dword:00000056 "UseProxy"=dword:00000000 "ProxyHost"="" "ProxyPort"="" "UseAuthentication"=dword:00000000 "UserName"="" "UserPassword"="" [HKEY_USERS\S-1-5-21-3299291290-3855906575-1555639816-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6B8E1334-39B5-0889-2256-D8A6D3F7353F}*] "danfmgfd"=hex:64,62,6f,70,68,67,69,65,68,6e,66,6e,6b,63,6d,68,65,66,65,63,63, 69,6f,6c,67,66,70,70,66,68,61,65,6e,6d,66,62,70,66,6e,65,00,00 "iacpfjeagjpfgigbjg"=hex:6b,61,67,69,66,6e,65,62,6f,6c,6b,6e,66,70,68,6c,6e,6b, 61,64,62,6a,00,00 "hamphapahgigehdl"=hex:6b,61,67,69,66,6e,65,62,6f,6c,6b,6e,66,70,68,6c,6e,6b, 61,64,62,6a,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Tidspunkt ferdig: 2009-09-03 23:38 ComboFix-quarantined-files.txt 2009-09-03 21:38 Pre-Run: 91 148 496 896 byte ledig Post-Run: 91 102 265 344 byte ledig 290 --- E O F --- 2009-09-03 08:40 Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå