Raytee Skrevet 7. desember 2009 Del Skrevet 7. desember 2009 (endret) Hei, det var noe som begynte og installeres imenst jeg så film for noen timer siden, jeg fikk ikke helt med meg hva det var før jeg klikket på ''Avbryt'' i panikk xD, tror det sa noe om Microsoft C++ elns.. Så her er Combofix logg. ComboFix 09-12-06.09 - Rayte 07.12.2009 5:52.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.47.1033.18.3582.2858 [GMT 1:00] Kjører fra: c:\documents and settings\Rayte\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\AskSearch\bin\DefaultSearch.dll . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-11-07 til 2009-12-07 ))))))))))))))))))))))))))))))))) . 2009-12-07 04:40 . 2009-03-09 14:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll 2009-12-07 04:40 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll 2009-12-07 04:40 . 2009-03-09 14:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll 2009-12-07 04:40 . 2009-03-16 13:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2009-12-07 04:40 . 2009-03-16 13:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll 2009-12-07 04:40 . 2009-03-16 13:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll 2009-12-07 04:40 . 2009-03-16 13:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll 2009-12-07 04:40 . 2009-12-07 04:40 -------- d-----w- c:\windows\LastGood 2009-11-20 13:01 . 2009-08-29 07:36 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-11-20 13:01 . 2009-08-29 07:36 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-11-20 13:01 . 2009-08-29 07:36 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-11-20 13:01 . 2009-08-28 10:28 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe 2009-11-20 13:00 . 2009-08-29 07:36 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-11-20 13:00 . 2009-08-29 07:36 63488 -c----w- c:\windows\system32\dllcache\icardie.dll 2009-11-20 13:00 . 2009-08-29 07:36 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll 2009-11-20 13:00 . 2009-06-29 08:33 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat 2009-11-13 04:29 . 2009-11-18 07:42 -------- d-----w- c:\program files\World of Warcraft Public Test 2009-11-13 04:15 . 2009-11-13 04:22 -------- d-----w- c:\program files\3.0.1.8874 EU PTR Installer 2009-11-13 04:15 . 2009-11-13 04:15 1089312 ----a-w- c:\program files\WoW-3.0.1.8874-PTR-EU-Installer-downloader.exe 2009-11-12 06:37 . 2009-11-12 06:37 -------- d-----w- C:\found.004 2009-11-11 15:39 . 2009-11-23 21:48 79488 ----a-w- c:\documents and settings\Rayte\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-11-10 15:03 . 2009-11-10 15:03 -------- d-----w- c:\program files\Microsoft 2009-11-10 15:02 . 2009-11-10 15:02 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-11-09 08:40 . 2009-11-09 08:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-07 05:03 . 2009-01-11 17:14 -------- d-----w- c:\documents and settings\Rayte\Application Data\Skype 2009-12-07 04:42 . 2009-11-03 18:13 -------- d-----w- c:\documents and settings\Rayte\Application Data\vlc 2009-12-07 04:40 . 2009-02-07 15:26 -------- d-----w- c:\program files\Steam 2009-12-07 04:40 . 2009-02-10 18:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-12-07 04:15 . 2009-05-05 10:57 -------- d-----w- c:\documents and settings\Rayte\Application Data\dvdcss 2009-12-06 23:02 . 2009-01-11 17:16 -------- d-----w- c:\documents and settings\Rayte\Application Data\skypePM 2009-12-03 14:28 . 2009-01-11 16:12 -------- d-----w- c:\program files\World of Warcraft 2009-11-20 12:41 . 2009-02-21 12:14 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2009-11-20 12:40 . 2009-05-11 00:40 -------- d-----w- c:\program files\NCH Software 2009-11-20 12:40 . 2009-06-24 02:21 -------- d-----w- c:\program files\Image-Line 2009-11-20 12:39 . 2009-06-24 02:24 -------- d-----w- c:\program files\VstPlugins 2009-11-13 04:50 . 2009-01-11 16:10 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2009-11-12 09:05 . 2009-02-08 01:55 -------- d-----w- c:\program files\Full Tilt Poker 2009-11-09 08:02 . 2009-01-11 15:54 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-06-14 14:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320] "Steam"="c:\program files\steam\steam.exe" [2009-10-24 1217808] "BitComet"="c:\program files\BitLord\BitLord.exe" [2005-05-07 2224128] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-09-19 16844800] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-28 13516800] "nwiz"="nwiz.exe" [2008-02-28 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-28 86016] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936] "Tarantula"="c:\program files\Razer\Tarantula\razerhid.exe" [2007-05-07 159744] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-20 148888] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Air Mouse.lnk - c:\program files\Air Mouse\Air Mouse\Air Mouse.exe [2009-2-16 269824] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "AVP"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\BitLord\\BitLord.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Steam\\steamapps\\spacedog650\\counter-strike\\hl.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\World of Warcraft\\Repair.exe"= "c:\\Program Files\\TmNationsForever\\TmForever.exe"= "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Program Files\\World of Warcraft Public Test\\Launcher.exe"= "c:\\Documents and Settings\\Rayte\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"= "c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"= "c:\\Program Files\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"= "c:\\Program Files\\Air Mouse\\Air Mouse\\Air Mouse.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\World of Warcraft Public Test\\WoW-0.3.0.10522-enGB-ptr-downloader.exe"= "c:\\Program Files\\World of Warcraft Public Test\\WoW-0.3.0.10522-to-0.3.0.10554-enGB-ptr-downloader.exe"= "c:\\Program Files\\World of Warcraft Public Test\\WoW-0.3.0.10554-to-0.3.0.10571-enGB-ptr-downloader.exe"= "c:\\Program Files\\World of Warcraft Public Test\\WoW-0.3.0.10571-to-0.3.0.10596-enGB-ptr-downloader.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\batman arkham asylum - demo\\Binaries\\ShippingPC-BmGame.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "5353:TCP"= 5353:TCP:Adobe CSI CS4 "3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06.02.2009 13:23 106208] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [06.02.2009 13:24 93336] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [06.02.2009 13:23 727720] S2 gupdate1c9f6a870a66765;Googles oppdateringstjeneste (gupdate1c9f6a870a66765);c:\program files\Google\Update\GoogleUpdate.exe [26.06.2009 22:52 133104] S2 WCSvc;WCSvc;c:\program files\GRT\WClient\WCSvc.exe --> c:\program files\GRT\WClient\WCSvc.exe [?] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15.08.2008 04:46 284016] S3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [11.01.2009 16:54 47624] S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?] S3 TarFltr;Razer Tarantula USB Keyboard;c:\windows\system32\drivers\UsbFltr.sys [23.04.2009 03:27 45440] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [14.01.2009 18:24 39424] . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.sol.no/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=%s IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html FF - ProfilePath - c:\documents and settings\Rayte\Application Data\Mozilla\Firefox\Profiles\2wu3gnb0.default\ FF - prefs.js: network.proxy.type - 2 FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . - - - - TOMME PEKERE FJERNET - - - - HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe HKCU-Run-NCsoft Launcher - c:\program files\ncsoft\launcher\NCLauncher.exe Notify-avgrsstarter - avgrsstx.dll AddRemove-NVIDIA Drivers - c:\windows\system32\nvuninst.exe UninstallGUI AddRemove-Steam App 10 - c:\program files\Steam\steam.exe steam://uninstall/10 AddRemove-Steam App 240 - c:\program files\Steam\steam.exe steam://uninstall/240 AddRemove-Steam App 35020 - c:\program files\steam\steam.exe steam://uninstall/35020 AddRemove-sc09-NRK_MAIN - c:\games\Ski Challenge 2009 (NRK)\uninstall.exe sc09-NRK_MAIN ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-07 06:04 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . Tidspunkt ferdig: 2009-12-07 06:06 ComboFix-quarantined-files.txt 2009-12-07 05:06 ComboFix2.txt 2009-04-10 14:34 Pre-Run: 64 958 767 104 bytes free Post-Run: 64 936 144 896 bytes free - - End Of File - - 860053AC0CE6D834B5A0178C4129960F MBAM Malwarebytes' Anti-Malware 1.34 Databaseversjon: 1902 Windows 5.1.2600 Service Pack 2 26.07.2009 15:16:48 mbam-log-2009-07-26 (15-16-48).txt Skanntype: Rask Skann Objekter skannet: 62834 Tid tilbakelagt: 2 minute(s), 40 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Noe som ser skadelig ut? Takker (Søvnig nå i morgen timene så skrivefeil er det sikkert noen av xD) Edit: Surfet litt rundt nå så kom http://img36.imageshack.us/i/yryr.png/ Denne siden opp.. Så jeg tror jeg har noe som jeg ikke burde ha på PC'en =( Edit 2: Fikk enda en fake AV Skan :/ http://img19.imageshack.us/img19/561/yryry.jpg Endret 8. desember 2009 av Raytee Lenke til kommentar
norbat Skrevet 7. desember 2009 Del Skrevet 7. desember 2009 Oppdatert Malwarebytes og kjør en ny rask skann. Lenke til kommentar
Raytee Skrevet 7. desember 2009 Forfatter Del Skrevet 7. desember 2009 Malwarebytes' Anti-Malware 1.42 Databaseversjon: 3311 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 07.12.2009 22:01:14 mbam-log-2009-12-07 (22-01-14).txt Skanntype: Rask Skann Objekter skannet: 100342 Tid tilbakelagt: 3 minute(s), 31 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Oppdatert Mamb. Lenke til kommentar
norbat Skrevet 7. desember 2009 Del Skrevet 7. desember 2009 Bruk CCleaner til å tømme temp-filer: Last ned CCleaner. Start programmet. Gå til 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer......." Klikk på 'Renser' og deretter 'Kjør CCleaner'. Sjekk også om hosts-fila er 'normal': Kopier og lim inn dette i kjør-feltet (start->kjør): notepad %systemroot%\system32\drivers\etc\hosts En 'normal' hostsfil ser noe ala dette ut: # Copyright © 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost Lenke til kommentar
Raytee Skrevet 7. desember 2009 Forfatter Del Skrevet 7. desember 2009 Done, var ikke noe ''farlig'' på PC'en? =D Lenke til kommentar
norbat Skrevet 7. desember 2009 Del Skrevet 7. desember 2009 Har du fortsatt problemer med falsk av-skanning? Lenke til kommentar
Raytee Skrevet 7. desember 2009 Forfatter Del Skrevet 7. desember 2009 Falsk av-skanning? :S Lenke til kommentar
norbat Skrevet 7. desember 2009 Del Skrevet 7. desember 2009 http://img36.imageshack.us/i/yryr.png/ Lenke til kommentar
Raytee Skrevet 7. desember 2009 Forfatter Del Skrevet 7. desember 2009 Ohh, nei, det har bare skjedd 1 gang. Lenke til kommentar
norbat Skrevet 7. desember 2009 Del Skrevet 7. desember 2009 Da skulle alt være i orden Surf trygt Lenke til kommentar
Raytee Skrevet 7. desember 2009 Forfatter Del Skrevet 7. desember 2009 =D Tusen takk for hjelpen! Lenke til kommentar
Raytee Skrevet 8. desember 2009 Forfatter Del Skrevet 8. desember 2009 Fikk ny falsk AV-Skanning. http://img19.imageshack.us/img19/561/yryry.jpg Sikker på at alt er rent? Lenke til kommentar
norbat Skrevet 8. desember 2009 Del Skrevet 8. desember 2009 Sørg for å tømme cachen til nettleseren du benytter, oppdater mbam og kjør en ny rask skann og se om den finner noe av interesse. Last ned ny combofix og post loggen. (Loggene viser ingen filer knyttet til dette, så vi får lete litt ekstra for å se hva som evt. forårsaker dette) Benytter du trådløs ruter? Lenke til kommentar
Raytee Skrevet 11. desember 2009 Forfatter Del Skrevet 11. desember 2009 ComboFix: ComboFix 09-12-10.01 - Rayte 11.12.2009 7:36.5.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.47.1033.18.3582.2866 [GMT 1:00] Kjører fra: c:\documents and settings\Rayte\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-11-11 til 2009-12-11 ))))))))))))))))))))))))))))))))) . 2009-12-08 06:50 . 2009-12-08 06:50 -------- d-----w- c:\program files\ESET 2009-12-07 23:40 . 2009-12-07 23:40 -------- d-----w- c:\program files\AGEIA Technologies 2009-12-07 23:40 . 2009-12-07 23:40 -------- d-----w- c:\windows\system32\AGEIA 2009-12-07 04:40 . 2009-03-09 14:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll 2009-12-07 04:40 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll 2009-12-07 04:40 . 2009-03-09 14:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll 2009-12-07 04:40 . 2009-03-16 13:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll 2009-12-07 04:40 . 2009-03-16 13:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll 2009-12-07 04:40 . 2009-03-16 13:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll 2009-12-07 04:40 . 2009-03-16 13:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll 2009-11-20 13:01 . 2009-08-29 07:36 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-11-20 13:01 . 2009-08-29 07:36 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-11-20 13:01 . 2009-08-29 07:36 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-11-20 13:01 . 2009-08-28 10:28 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe 2009-11-20 13:00 . 2009-08-29 07:36 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-11-20 13:00 . 2009-08-29 07:36 63488 -c----w- c:\windows\system32\dllcache\icardie.dll 2009-11-20 13:00 . 2009-08-29 07:36 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll 2009-11-20 13:00 . 2009-06-29 08:33 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat 2009-11-13 04:29 . 2009-11-18 07:42 -------- d-----w- c:\program files\World of Warcraft Public Test 2009-11-13 04:15 . 2009-11-13 04:22 -------- d-----w- c:\program files\3.0.1.8874 EU PTR Installer 2009-11-13 04:15 . 2009-11-13 04:15 1089312 ----a-w- c:\program files\WoW-3.0.1.8874-PTR-EU-Installer-downloader.exe 2009-11-11 15:39 . 2009-11-23 21:48 79488 ----a-w- c:\documents and settings\Rayte\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-11 06:45 . 2009-01-11 17:14 -------- d-----w- c:\documents and settings\Rayte\Application Data\Skype 2009-12-11 06:30 . 2009-01-25 09:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-11 04:38 . 2009-02-07 15:26 -------- d-----w- c:\program files\Steam 2009-12-11 04:37 . 2009-01-11 17:16 -------- d-----w- c:\documents and settings\Rayte\Application Data\skypePM 2009-12-09 06:56 . 2009-01-11 16:12 -------- d-----w- c:\program files\World of Warcraft 2009-12-09 02:22 . 2009-02-08 01:55 -------- d-----w- c:\program files\Full Tilt Poker 2009-12-08 06:09 . 2009-11-03 18:13 -------- d-----w- c:\documents and settings\Rayte\Application Data\vlc 2009-12-07 23:40 . 2009-02-10 18:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-12-07 04:15 . 2009-05-05 10:57 -------- d-----w- c:\documents and settings\Rayte\Application Data\dvdcss 2009-12-03 15:14 . 2009-01-25 09:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-03 15:13 . 2009-01-25 09:58 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-20 12:40 . 2009-05-11 00:40 -------- d-----w- c:\program files\NCH Software 2009-11-20 12:39 . 2009-06-24 02:24 -------- d-----w- c:\program files\VstPlugins 2009-11-13 04:50 . 2009-01-11 16:10 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment 2009-11-10 15:03 . 2009-11-10 15:03 -------- d-----w- c:\program files\Microsoft 2009-11-10 15:02 . 2009-11-10 15:02 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-11-09 08:40 . 2009-11-09 08:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia 2009-11-09 08:02 . 2009-01-11 15:54 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-29 12:05 . 2009-09-29 12:05 96408 ----a-w- c:\windows\system32\drivers\epfwtdir.sys 2009-09-29 12:02 . 2009-09-29 12:02 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys 2009-09-29 11:56 . 2009-09-29 11:56 116008 ----a-w- c:\windows\system32\drivers\eamon.sys 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll . ((((((((((((((((((((((((((((( SnapShot@2009-12-07_05.04.00 ))))))))))))))))))))))))))))))))))))))))) . + 2009-12-11 04:37 . 2009-12-11 04:37 16384 c:\windows\Temp\Perflib_Perfdata_888.dat + 2009-04-28 08:55 . 2009-04-28 08:55 70936 c:\windows\system32\PhysXLoader.dll + 2008-12-04 08:28 . 2008-12-04 08:28 24344 c:\windows\system32\PhysXDevice.dll + 2008-10-07 08:13 . 2008-10-07 08:13 58648 c:\windows\system32\AgCPanelTraditionalChinese.dll + 2008-10-07 08:13 . 2008-10-07 08:13 58648 c:\windows\system32\AgCPanelSwedish.dll + 2008-10-07 08:13 . 2008-10-07 08:13 58648 c:\windows\system32\AgCPanelSpanish.dll + 2008-10-07 08:13 . 2008-10-07 08:13 58648 c:\windows\system32\AgCPanelSimplifiedChinese.dll + 2008-10-07 08:13 . 2008-10-07 08:13 58648 c:\windows\system32\AgCPanelPortugese.dll + 2008-10-07 08:13 . 2008-10-07 08:13 58648 c:\windows\system32\AgCPanelKorean.dll + 2008-10-07 08:13 . 2008-10-07 08:13 58648 c:\windows\system32\AgCPanelJapanese.dll + 2008-10-07 08:13 . 2008-10-07 08:13 58648 c:\windows\system32\AgCPanelGerman.dll + 2008-10-07 08:13 . 2008-10-07 08:13 58648 c:\windows\system32\AgCPanelFrench.dll + 2009-12-08 06:50 . 2009-12-08 06:50 10134 c:\windows\Installer\{85C70286-A56F-4834-BD24-B34EB76A93A2}\callmsi.exe + 2008-10-07 08:13 . 2008-10-07 08:13 197912 c:\windows\system32\physxcudart_20.dll + 2009-04-07 09:50 . 2009-04-07 09:50 288024 c:\windows\system32\PhysXCplUI.exe + 2009-04-07 09:50 . 2009-04-07 09:50 288024 c:\windows\system32\PhysXCompatCplUI.exe + 2008-10-07 08:13 . 2008-10-07 08:13 116977 c:\windows\system32\AGEIA\AG1021\diag.bin + 2008-10-07 08:13 . 2008-10-07 08:13 214629 c:\windows\system32\AGEIA\AG1021\app.bin + 2008-10-07 08:13 . 2008-10-07 08:13 119473 c:\windows\system32\AGEIA\AG1011\diag.bin + 2008-10-07 08:13 . 2008-10-07 08:13 199885 c:\windows\system32\AGEIA\AG1011\app.bin + 2009-12-08 06:50 . 2009-12-08 06:50 101480 c:\windows\Installer\{85C70286-A56F-4834-BD24-B34EB76A93A2}\egui.exe + 2009-12-08 06:50 . 2009-12-08 06:50 1130496 c:\windows\Installer\5833d.msi + 2009-12-07 23:40 . 2009-12-07 23:40 1500160 c:\windows\Installer\1804280.msi . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320] "Steam"="c:\program files\steam\steam.exe" [2009-10-24 1217808] "BitComet"="c:\program files\BitLord\BitLord.exe" [2005-05-07 2224128] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-09-19 16844800] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-29 1966080] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-28 13516800] "nwiz"="nwiz.exe" [2008-02-28 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-28 86016] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936] "Tarantula"="c:\program files\Razer\Tarantula\razerhid.exe" [2007-05-07 159744] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-20 148888] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "AVP"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\BitLord\\BitLord.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Steam\\steamapps\\spacedog650\\counter-strike\\hl.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\World of Warcraft\\Repair.exe"= "c:\\Program Files\\TmNationsForever\\TmForever.exe"= "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Program Files\\World of Warcraft Public Test\\Launcher.exe"= "c:\\Documents and Settings\\Rayte\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"= "c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"= "c:\\Program Files\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"= "c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\World of Warcraft Public Test\\WoW-0.3.0.10522-enGB-ptr-downloader.exe"= "c:\\Program Files\\World of Warcraft Public Test\\WoW-0.3.0.10522-to-0.3.0.10554-enGB-ptr-downloader.exe"= "c:\\Program Files\\World of Warcraft Public Test\\WoW-0.3.0.10554-to-0.3.0.10571-enGB-ptr-downloader.exe"= "c:\\Program Files\\World of Warcraft Public Test\\WoW-0.3.0.10571-to-0.3.0.10596-enGB-ptr-downloader.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\batman arkham asylum - demo\\Binaries\\ShippingPC-BmGame.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "5353:TCP"= 5353:TCP:Adobe CSI CS4 "3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.09.2009 13:02 108792] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [29.09.2009 13:05 96408] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [29.09.2009 13:03 735960] S2 gupdate1c9f6a870a66765;Googles oppdateringstjeneste (gupdate1c9f6a870a66765);c:\program files\Google\Update\GoogleUpdate.exe [26.06.2009 22:52 133104] S2 WCSvc;WCSvc;c:\program files\GRT\WClient\WCSvc.exe --> c:\program files\GRT\WClient\WCSvc.exe [?] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15.08.2008 04:46 284016] S3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [11.01.2009 16:54 47624] S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?] S3 TarFltr;Razer Tarantula USB Keyboard;c:\windows\system32\drivers\UsbFltr.sys [23.04.2009 03:27 45440] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [14.01.2009 18:24 39424] . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.sol.no/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=%s IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html FF - ProfilePath - c:\documents and settings\Rayte\Application Data\Mozilla\Firefox\Profiles\2wu3gnb0.default\ FF - prefs.js: network.proxy.type - 2 FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . - - - - TOMME PEKERE FJERNET - - - - URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-11 07:45 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'explorer.exe'(1600) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll . Tidspunkt ferdig: 2009-12-11 07:46:59 ComboFix-quarantined-files.txt 2009-12-11 06:46 ComboFix2.txt 2009-12-07 05:06 ComboFix3.txt 2009-04-10 14:34 Pre-Run: 57 178 689 536 bytes free Post-Run: 57 151 315 968 bytes free - - End Of File - - 768E99CF4015B53D8FEBF50B67EE577F Mbam: Malwarebytes' Anti-Malware 1.42 Databaseversjon: 3344 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 11.12.2009 07:50:52 mbam-log-2009-12-11 (07-50-52).txt Skanntype: Rask Skann Objekter skannet: 100382 Tid tilbakelagt: 2 minute(s), 36 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 0 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: (Ingen mistenkelige filer funnet) Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå