computerr Skrevet 28. oktober 2010 Del Skrevet 28. oktober 2010 (endret) Her er da loggene fra tre pcer, tusen takk for all hjelp (Har lagt med et screencap bilde fra en MSE scanning for en stund siden, i tilfelle den kan være til hjelp) Logg #1 Malwarebytes' Anti-Malware 1.46www.malwarebytes.org Database version: 4975 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 28.10.2010 18:20:13 mbam-log-2010-10-28 (18-20-13).txt Scan type: Quick scan Objects scanned: 133625 Time elapsed: 9 minute(s), 2 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ComboFix 10-10-27.A3 - MITT NAVN 28.10.2010 19:08:04.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.1012.691 [GMT 2:00] Kjører fra: c:\documents and settings\MITT NAVN\Skrivebord\ComboFix.exe Command switches brukt :: c:\documents and settings\MITT NAVN\Skrivebord\WindowsXP-KB310994-SP2-Home-BootDisk-NOR.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-09-28 til 2010-10-28 ))))))))))))))))))))))))))))))))) . 2010-10-28 15:57 . 2010-09-15 02:50 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-10-21 12:05 . 2010-10-21 12:05 -------- d-----w- c:\documents and settings\MITT NAVN\Programdata\Malwarebytes 2010-10-21 12:04 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-21 12:04 . 2010-10-21 12:04 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes 2010-10-21 12:04 . 2010-10-21 12:04 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2010-10-21 12:04 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-19 17:16 . 2010-10-19 17:16 -------- d-----w- c:\programfiler\Alwil Software 2010-10-19 17:16 . 2010-10-19 17:16 -------- d-----w- c:\documents and settings\All Users\Programdata\Alwil Software 2010-10-19 15:45 . 2010-10-19 15:45 -------- d-----w- C:\b17a438f35344c869ba5 2010-10-19 15:45 . 2010-10-19 15:45 -------- d-----w- C:\9e4b5b9b8e20a16cd1530b1d3462ae 2010-10-19 15:45 . 2010-10-28 15:44 -------- d-----w- c:\documents and settings\MITT NAVN\Lokale innstillinger\Programdata\Temp 2010-10-19 15:44 . 2010-10-19 15:44 -------- d-----w- c:\documents and settings\NetworkService\Lokale innstillinger\Programdata\Google 2010-10-19 15:40 . 2010-10-19 15:41 -------- d-----w- c:\documents and settings\LocalService\Lokale innstillinger\Programdata\Google 2010-10-19 15:20 . 2008-04-16 03:00 221184 ----a-w- c:\windows\system32\wmpns.dll 2010-10-18 17:05 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2010-10-18 17:05 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll 2010-10-16 12:49 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-10-16 12:41 . 2008-06-14 17:36 272256 -c----w- c:\windows\system32\dllcache\bthport.sys 2010-10-16 12:41 . 2008-06-14 17:36 272256 ------w- c:\windows\system32\drivers\bthport.sys 2010-10-16 12:37 . 2010-04-28 18:15 2191744 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2010-10-16 12:37 . 2010-04-28 05:45 2068608 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe 2010-10-16 12:37 . 2010-04-28 05:45 2148352 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2010-10-16 12:37 . 2010-04-28 05:45 2026496 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2010-10-16 12:36 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-10-16 12:33 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2010-10-10 15:15 . 2010-10-10 15:15 -------- d-----w- c:\programfiler\Fellesfiler\Java 2010-10-10 15:15 . 2010-09-15 00:29 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-10-10 15:15 . 2010-10-28 15:56 -------- d-----w- c:\programfiler\Java 2010-10-10 15:13 . 2010-10-12 17:41 -------- d-----w- c:\programfiler\LimeWire 2010-10-10 15:05 . 2010-10-18 18:19 -------- d-----w- c:\documents and settings\MITT NAVN\Programdata\Spotify 2010-10-10 15:05 . 2010-10-18 17:06 -------- d-----w- c:\documents and settings\MITT NAVN\Lokale innstillinger\Programdata\Spotify 2010-10-10 15:05 . 2010-10-10 15:05 -------- d-----w- c:\programfiler\Spotify 2010-10-10 15:05 . 2010-10-10 15:05 -------- d-----w- c:\documents and settings\NetworkService\Start-meny . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-28 00:15 . 2004-09-21 21:28 3 ----a-w- c:\windows\HotFix.bat 2010-09-28 00:15 . 2004-06-26 00:13 139 ----a-w- c:\windows\HotFix2.bat 2010-09-27 15:47 . 2010-09-27 15:47 124 ----a-w- c:\windows\xUninstall.bat 2010-09-18 10:23 . 2008-04-16 03:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2008-04-16 03:00 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2008-04-16 03:00 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2008-04-16 03:00 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-09 13:34 . 2007-08-13 16:54 832512 ----a-w- c:\windows\system32\wininet.dll 2010-09-09 13:34 . 2008-04-16 03:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-09-09 13:34 . 2007-08-13 16:45 1830912 ----a-w- c:\windows\system32\inetcpl.cpl 2010-09-09 13:34 . 2008-04-16 03:00 17408 ----a-w- c:\windows\system32\corpol.dll 2010-09-08 15:58 . 2008-04-16 03:00 389120 ----a-w- c:\windows\system32\html.iec 2010-09-01 11:52 . 2008-04-16 03:00 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-09-01 07:57 . 2008-04-16 03:00 1852800 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:04 . 2008-04-16 03:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-27 05:55 . 2008-04-16 03:00 99840 ----a-w- c:\windows\system32\srvsvc.dll 2010-08-27 01:43 . 2010-08-13 16:44 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-08-26 13:39 . 2008-04-16 03:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-23 16:13 . 2008-04-16 03:00 617472 ----a-w- c:\windows\system32\comctl32.dll 2010-08-17 13:17 . 2008-04-16 03:00 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-16 08:45 . 2008-04-16 03:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}] 2010-09-27 15:44 157168 ----a-w- c:\documents and settings\All Users\Programdata\Partner\partner.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-27 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "M3000Mnt"="M3000Rmv.dll " [X] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752] "RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720] "AzMixerSel"="c:\programfiler\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248] "SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-16 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-16 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-16 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-16 455168] "LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768] "Google Desktop Search"="c:\programfiler\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-27 24064] "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2007-02-20 61440] "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984] "SunJavaUpdateSched"="c:\programfiler\Fellesfiler\Java\Java Update\jusched.exe" [2010-01-11 246504] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-16 15360] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ InterVideo WinCinema Manager.lnk - c:\programfiler\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-6-4 114688] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Spotify\\spotify.exe"= R3 M3000Srv;Acer Crystal Eye webcam Driver;c:\windows\system32\drivers\M3000KNT.sys [05.05.2008 18:01 254976] S2 gupdate;Googles oppdateringstjeneste (gupdate);c:\programfiler\Google\Update\GoogleUpdate.exe [19.10.2010 17:40 135664] S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\programfiler\Google\Google Desktop Search\GoogleDesktop.exe [27.09.2010 17:44 24064] S3 Partner Service;Partner Service;c:\documents and settings\All Users\Programdata\Partner\partner.exe [27.09.2010 17:44 110576] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programfiler\Google\Update\GoogleUpdate.exe [2010-10-19 15:40] 2010-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programfiler\Google\Update\GoogleUpdate.exe [2010-10-19 15:40] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&s=0&o=xph&d=0910&m=aoa150 mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&s=0&o=xph&d=0910&m=aoa150 IE: Google Sidewiki - c:\programfiler\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-10-28 19:11 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . Tidspunkt ferdig: 2010-10-28 19:12:39 ComboFix-quarantined-files.txt 2010-10-28 17:12 ComboFix2.txt 2010-10-28 16:34 Pre-Run: 144 808 726 528 byte ledig Post-Run: 144 803 766 272 byte ledig WindowsXP-KB310994-SP2-Home-BootDisk-NOR.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - A859119F88E5D54D6093F9457D789E40 LOGG #2 Malwarebytes' Anti-Malware 1.46www.malwarebytes.org Databaseversjon: 4977 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 28.10.2010 19:57:38 mbam-log-2010-10-28 (19-57-38).txt Skanntype: Hurtigsøk Objekter skannet: 134261 Tid tilbakelagt: 13 minutt(er), 7 sekund(er) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert 0 Minneprosesser infisert: (Ingen skadelige objekter funnet) Minnemoduler infisert: (Ingen skadelige objekter funnet) Registernøkler infisert: (Ingen skadelige objekter funnet) Registerverdier infisert: (Ingen skadelige objekter funnet) Registerfiler infisert: (Ingen skadelige objekter funnet) Mapper infisert: (Ingen skadelige objekter funnet) Filer infisert (Ingen skadelige objekter funnet) ComboFix 10-10-27.A3 - MITT NAVN 28.10.2010 20:22:44.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.1014.475 [GMT 2:00] Kjører fra: c:\documents and settings\MITT NAVN\Skrivebord\ComboFix.exe Command switches brukt :: c:\documents and settings\MITT NAVN\Skrivebord\WindowsXP-KB310994-SP2-Home-BootDisk-NOR.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-09-28 til 2010-10-28 ))))))))))))))))))))))))))))))))) . 2010-10-28 17:43 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-28 17:43 . 2010-10-28 17:43 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes 2010-10-28 17:43 . 2010-10-28 17:43 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2010-10-28 17:43 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-24 15:33 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2010-10-24 15:33 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll 2010-10-24 15:32 . 2010-10-24 15:32 -------- d-----w- c:\programfiler\iPod 2010-10-24 15:31 . 2010-10-24 15:33 -------- d-----w- c:\programfiler\iTunes 2010-10-24 15:31 . 2010-10-24 15:33 -------- d-----w- c:\documents and settings\All Users\Programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-10-24 15:31 . 2010-10-24 15:31 159744 ----a-w- c:\programfiler\Internet Explorer\Plugins\npqtplugin7.dll 2010-10-24 15:28 . 2010-10-24 15:28 -------- d-----w- c:\documents and settings\All Users\Programdata\Apple 2010-10-24 10:40 . 2010-10-24 10:40 -------- d-----w- c:\programfiler\Fellesfiler\Java 2010-10-24 10:39 . 2010-09-15 02:50 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-10-23 15:29 . 2010-09-15 00:29 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-10-23 15:29 . 2010-10-24 10:39 -------- d-----w- c:\programfiler\Java 2010-10-23 15:27 . 2010-10-27 14:10 -------- d-----w- c:\programfiler\LimeWire 2010-10-20 18:40 . 2010-10-20 18:40 -------- d-----w- c:\programfiler\SopCast 2010-10-20 16:45 . 2010-10-20 16:45 -------- d-----w- c:\programfiler\Veetle 2010-10-19 18:11 . 2010-10-19 18:11 -------- d-----w- c:\programfiler\Alwil Software 2010-10-19 18:11 . 2010-10-19 18:11 -------- d-----w- c:\documents and settings\All Users\Programdata\Alwil Software 2010-10-11 20:23 . 2010-10-11 20:23 -------- d-----w- c:\windows\system32\XPSViewer 2010-10-11 20:23 . 2010-10-11 20:23 -------- d-----w- c:\programfiler\MSBuild 2010-10-11 20:22 . 2010-10-11 20:22 -------- d-----w- c:\programfiler\Reference Assemblies 2010-10-11 20:22 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-10-11 20:21 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-10-11 20:21 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2010-10-11 20:21 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2010-10-11 20:21 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-10-11 20:21 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-10-11 20:21 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2010-10-11 20:21 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2010-10-11 20:21 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-10-11 20:21 . 2010-10-11 20:22 -------- d-----w- C:\619392037a027e4fd957 2010-10-11 19:31 . 2010-10-11 19:31 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2010-10-11 19:21 . 2010-10-11 19:22 -------- d-----w- C:\6c9147819ca61ca0be4d830f7a 2010-10-11 19:21 . 2010-10-11 19:29 -------- d-----w- C:\88a018c4b4bbb176a4 2010-10-11 18:53 . 2010-08-26 11:08 13312 -c----w- c:\windows\system32\dllcache\iecompat.dll 2010-10-11 18:50 . 2010-09-10 05:52 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-10-11 18:50 . 2010-09-10 05:52 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-10-11 18:50 . 2010-09-10 05:52 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-10-11 18:50 . 2010-09-10 05:52 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-10-11 18:50 . 2010-09-10 05:52 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-10-11 18:50 . 2010-09-10 05:52 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll 2010-10-11 18:50 . 2010-09-10 05:52 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-10-11 18:45 . 2010-10-11 18:49 -------- dc-h--w- c:\windows\ie8 2010-10-11 16:47 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2010-10-11 16:47 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll 2010-10-10 14:13 . 2010-10-10 14:15 -------- d-----w- c:\programfiler\Spotify 2010-10-10 13:54 . 2010-10-10 13:54 -------- d-----w- c:\programfiler\Media Player Classic - Home Cinema 2010-10-10 10:48 . 2010-10-11 19:04 -------- d-----w- c:\programfiler\Microsoft Silverlight 2010-10-10 10:47 . 2010-04-28 05:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys 2010-10-10 10:46 . 2010-10-10 10:46 -------- d-----w- c:\programfiler\Microsoft Sync Framework 2010-10-10 10:40 . 2010-10-10 10:40 -------- d-----w- c:\programfiler\Microsoft 2010-10-10 10:39 . 2010-04-16 17:16 4927864 ----a-w- c:\programfiler\Fellesfiler\Windows Live\.cache\61658c1a1cb6867\Silverlight.2.0.exe 2010-10-10 09:52 . 2010-10-10 09:52 -------- d-----w- c:\documents and settings\NetworkService\Lokale innstillinger\Programdata\Google 2010-10-10 09:48 . 2010-10-10 09:48 -------- d-----w- c:\documents and settings\LocalService\Lokale innstillinger\Programdata\Google 2010-10-10 09:41 . 2010-10-10 09:41 -------- d-----w- c:\programfiler\Driver Mender 2010-10-10 09:26 . 2010-10-19 20:01 -------- d-----w- c:\programfiler\Ask.com 2010-10-10 09:24 . 2010-10-10 09:24 -------- d-----w- c:\programfiler\uTorrent 2010-10-10 09:24 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-10-10 09:21 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-10-10 08:22 . 2010-10-10 08:22 -------- d-----w- c:\documents and settings\LocalService\Programdata\SACore 2010-10-10 08:18 . 2010-10-10 08:18 -------- d-----w- c:\documents and settings\NetworkService\Start-meny 2010-10-10 08:04 . 2001-10-06 11:36 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2010-10-10 08:04 . 2001-10-06 11:36 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2010-10-10 08:04 . 2008-04-15 12:00 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2010-10-10 08:04 . 2008-04-15 12:00 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2010-10-10 08:04 . 2008-04-15 12:00 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2010-10-10 08:04 . 2008-04-15 12:00 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2010-10-09 16:03 . 2010-10-09 16:03 -------- d-----w- c:\documents and settings\All Users\Programdata\Partner 2010-10-09 16:01 . 2010-10-09 16:01 -------- d-----w- c:\programfiler\ACER PATCH LTV2016 2010-10-09 16:01 . 2009-04-22 07:00 430080 ----a-w- c:\windows\system32\Packard Bell.scr 2010-10-09 16:00 . 2008-12-12 09:41 626688 ----a-w- c:\windows\Image.dll 2010-10-09 16:00 . 2008-02-25 09:13 4838 ----a-w- c:\windows\Suyin.reg 2010-10-09 16:00 . 2008-12-12 18:20 319488 ----a-w- c:\windows\Acer Crystal Eye webcam.exe 2010-10-09 15:56 . 2010-10-09 15:56 -------- d-----w- c:\programfiler\Fellesfiler\CyberLink 2010-10-09 15:54 . 2010-10-09 15:56 -------- d-----w- c:\programfiler\CyberLink 2010-10-09 15:49 . 2008-04-14 07:22 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll 2010-10-09 15:49 . 2008-04-14 07:22 21504 ----a-w- c:\windows\system32\hidserv.dll 2010-10-09 15:47 . 2008-03-10 10:18 57384 ----a-w- c:\windows\system32\drivers\btwhid.sys 2010-10-09 15:47 . 2009-03-19 13:19 991136 ----a-w- c:\windows\system32\drivers\btkrnl.sys 2010-10-09 15:47 . 2009-02-18 09:46 534312 ----a-w- c:\windows\system32\drivers\btaudio.sys 2010-10-09 15:47 . 2010-10-09 15:47 -------- d-----w- c:\programfiler\WIDCOMM 2010-10-09 15:47 . 2008-10-30 21:19 47272 ----a-w- c:\windows\system32\drivers\btwusb.sys 2010-10-09 15:47 . 2007-09-20 03:59 106557 ----a-w- c:\windows\system32\btw_ci.dll 2010-10-09 15:47 . 2008-09-26 00:30 91176 ----a-w- c:\windows\system32\drivers\btwsecfl.sys 2010-10-09 15:46 . 2010-10-09 15:47 -------- d---a-w- c:\windows\BTW 2010-10-09 15:44 . 2007-03-12 10:16 56080 ----a-w- c:\windows\system32\QtBtLib.dll 2010-10-09 15:44 . 2004-12-09 04:04 5120 ----a-w- c:\windows\system32\FILTRCOI.DLL 2010-10-09 15:44 . 2004-12-08 06:10 16896 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS 2010-10-09 15:44 . 2007-12-03 07:11 207368 ----a-w- c:\windows\UNINST32.EXE 2010-10-09 15:44 . 2010-10-09 15:44 -------- d-----w- c:\programfiler\Launch Manager 2010-10-09 15:42 . 2008-03-21 11:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll 2010-10-09 15:42 . 2010-10-09 15:42 -------- d-----w- c:\programfiler\Synaptics 2010-10-09 15:41 . 2009-02-27 08:21 205360 ----a-w- c:\windows\system32\drivers\SynTP.sys 2010-10-09 15:41 . 2009-02-27 08:21 120104 ----a-w- c:\windows\system32\SynTPCo4.dll 2010-10-09 15:41 . 2009-02-27 08:20 161064 ----a-w- c:\windows\system32\SynTPAPI.dll 2010-10-09 15:41 . 2009-02-27 08:20 206120 ----a-w- c:\windows\system32\SynCtrl.dll 2010-10-09 15:41 . 2009-02-27 08:20 169256 ----a-w- c:\windows\system32\SynCOM.dll 2010-10-09 15:41 . 2008-07-08 02:55 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll 2010-10-09 15:38 . 2010-10-09 15:47 -------- d---a-w- c:\windows\Dev1 2010-10-09 15:37 . 2010-10-14 09:02 -------- d-----w- c:\documents and settings\MITT NAVN . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-09 15:53 . 2009-04-29 06:27 29480 ----a-w- c:\windows\system32\msxml3a.dll 2010-10-09 15:53 . 2009-04-29 06:27 353576 ----a-w- c:\windows\system32\msvcr71.dll 2010-10-09 15:53 . 2009-04-29 06:27 505128 ----a-w- c:\windows\system32\msvcp71.dll 2010-10-09 15:41 . 2008-09-09 10:51 559 ----a-w- c:\windows\CLEANUP.CMD 2010-09-18 10:23 . 2009-04-29 14:42 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2009-04-29 14:42 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2009-04-29 14:42 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2009-04-29 14:42 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-10 05:52 . 2009-04-29 14:42 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:52 . 2009-04-29 14:42 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-10 05:52 . 2009-04-29 14:42 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-09-01 11:52 . 2009-04-29 14:42 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-09-01 07:57 . 2009-04-29 14:42 1852800 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:04 . 2009-04-29 14:42 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-27 05:55 . 2009-04-29 14:42 99840 ----a-w- c:\windows\system32\srvsvc.dll 2010-08-27 01:43 . 2008-05-05 05:25 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-08-26 13:39 . 2009-04-29 14:42 357248 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-23 16:13 . 2009-04-29 14:42 617472 ----a-w- c:\windows\system32\comctl32.dll 2010-08-17 13:17 . 2009-04-29 14:42 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-16 08:45 . 2009-04-29 14:42 590848 ----a-w- c:\windows\system32\rpcrt4.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}] 2010-10-09 16:03 157168 ----a-w- c:\documents and settings\All Users\Programdata\Partner\partner.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-09-28 20:44 1400712 ----a-w- c:\programfiler\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programfiler\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programfiler\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ProductReg"="c:\programfiler\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168] "swg"="c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-09 68856] "Google Update"="c:\documents and settings\MITT NAVN\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe" [2010-10-10 135664] "msnmsgr"="c:\programfiler\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2009-03-24 17567744] "AzMixerSel"="c:\programfiler\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-17 53248] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-01 137752] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-01 354840] "PersistenceThread"="c:\windows\system32\PersistenceThread.exe" [2009-05-01 92696] "SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2009-02-27 1434920] "LManager"="c:\programfiler\Launch Manager\LManager.exe" [2009-02-20 817672] "RemoteControl8"="c:\programfiler\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-10-17 91432] "PDVD8LanguageShortcut"="c:\programfiler\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472] "SunJavaUpdateSched"="c:\programfiler\Fellesfiler\Java\Java Update\jusched.exe" [2010-05-14 248552] "QuickTime Task"="c:\programfiler\QuickTime\QTTask.exe" [2010-09-08 421888] "iTunesHelper"="c:\programfiler\iTunes\iTunesHelper.exe" [2010-09-24 421160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Acer VCM.lnk - c:\programfiler\Acer\Acer VCM\AcerVCM.exe [2009-4-29 565248] BTTray.lnk - c:\programfiler\WIDCOMM\Bluetooth Software\BTTray.exe [2009-3-23 603488] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igdlogin] 2009-04-28 03:44 65536 ----a-w- c:\windows\system32\igdlogin.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Programfiler\\Acer\\Acer VCM\\VC.exe"= "c:\\Programfiler\\Spotify\\spotify.exe"= "c:\\Documents and Settings\\MITT NAVN\\Lokale innstillinger\\Programdata\\Google\\Chrome\\Application\\chrome.exe"= "c:\\Programfiler\\SopCast\\adv\\SopAdver.exe"= "c:\\Programfiler\\SopCast\\SopCast.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\iTunes\\iTunes.exe"= R2 RS_Service;Raw Socket Service;c:\programfiler\Acer\Acer VCM\RS_Service.exe [29.04.2009 09:14 237568] R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [29.04.2009 08:07 5096544] S2 gupdate;Googles oppdateringstjeneste (gupdate);c:\programfiler\Google\Update\GoogleUpdate.exe [10.10.2010 11:47 135664] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [29.04.2009 08:10 1684736] S3 Partner Service;Partner Service;c:\documents and settings\All Users\Programdata\Partner\partner.exe [09.10.2010 18:03 110576] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys --> c:\windows\system32\Drivers\RtsUStor.sys [?] S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?] S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [24.10.2010 17:29 41984] . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-10-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50] 2010-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\programfiler\Google\Update\GoogleUpdate.exe [2010-10-10 09:47] 2010-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\programfiler\Google\Update\GoogleUpdate.exe [2010-10-10 09:47] 2010-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3725260815-3813086739-568186159-1005Core.job - c:\documents and settings\MITT NAVN\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2010-10-10 09:47] 2010-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3725260815-3813086739-568186159-1005UA.job - c:\documents and settings\MITT NAVN\Lokale innstillinger\Programdata\Google\Update\GoogleUpdate.exe [2010-10-10 09:47] 2010-10-28 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\programfiler\Ask.com\UpdateTask.exe [2010-09-28 20:44] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&s=0&o=xph&d=1010&m=ao751h uInternet Connection Wizard,ShellNext = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&s=0&o=xph&d=1010&m=ao751h uInternet Settings,ProxyOverride = *.local IE: Google Sidewiki - c:\programfiler\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html IE: Send til &Bluetooth-enhet... - c:\programfiler\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send til Bluetooth - c:\programfiler\WIDCOMM\Bluetooth Software\btsendto_ie.htm . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-10-28 20:30 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'explorer.exe'(1360) c:\windows\system32\btmmhook.dll c:\windows\system32\webcheck.dll . Tidspunkt ferdig: 2010-10-28 20:34:19 ComboFix-quarantined-files.txt 2010-10-28 18:34 ComboFix2.txt 2010-10-28 18:14 Pre-Run: 111 750 639 616 byte ledig Post-Run: 111 739 670 528 byte ledig WindowsXP-KB310994-SP2-Home-BootDisk-NOR.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 57B40A547DE75570C8B501E8C52C97CC LOGG #3 Malwarebytes' Anti-Malware 1.46www.malwarebytes.org Databaseversjon: 4974 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18975 28.10.2010 17:09:50 mbam-log-2010-10-28 (17-09-50).txt Skanntype: Hurtigsøk Objekter skannet: 129694 Tid tilbakelagt: 8 minutt(er), 41 sekund(er) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert 0 Minneprosesser infisert: (Ingen skadelige objekter funnet) Minnemoduler infisert: (Ingen skadelige objekter funnet) Registernøkler infisert: (Ingen skadelige objekter funnet) Registerverdier infisert: (Ingen skadelige objekter funnet) Registerfiler infisert: (Ingen skadelige objekter funnet) Mapper infisert: (Ingen skadelige objekter funnet) Filer infisert (Ingen skadelige objekter funnet) ComboFix 10-10-27.A3 - MITT NAVN 28.10.2010 17:25:14.1.1 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.47.1033.18.2047.1394 [GMT 2:00] Kjører fra: c:\users\MITT NAVN\Desktop\ComboFix.exe SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-09-28 til 2010-10-28 ))))))))))))))))))))))))))))))))) . 2010-10-28 15:28 . 2010-10-28 15:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-10-28 15:07 . 2010-10-18 07:41 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E31B79B-9ADA-49DF-A8B1-54136DEC9833}\mpengine.dll 2010-10-21 15:09 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-21 15:09 . 2010-10-21 15:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-21 15:09 . 2010-10-21 15:09 -------- d-----w- c:\programdata\Malwarebytes 2010-10-21 15:09 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-19 16:10 . 2010-10-19 16:10 -------- d-----w- c:\programdata\Alwil Software 2010-10-19 16:10 . 2010-10-19 16:10 -------- d-----w- c:\program files\Alwil Software 2010-10-17 18:10 . 2010-10-17 18:10 -------- d-----w- c:\windows\PCHEALTH 2010-10-17 18:05 . 2010-10-17 18:12 -------- d-----w- c:\program files\Windows Live 2010-10-17 18:03 . 2010-10-18 14:01 -------- d-----w- c:\program files\Microsoft Silverlight 2010-10-17 11:59 . 2010-10-17 11:59 -------- d-----w- c:\program files\Windows Portable Devices 2010-10-17 11:53 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2010-10-17 11:53 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2010-10-17 11:53 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2010-10-17 11:51 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2010-10-17 11:51 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2010-10-17 11:51 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll 2010-10-15 15:10 . 2010-10-15 15:11 -------- d-----w- c:\program files\OpenOffice.org 3 2010-10-15 15:04 . 2010-10-15 15:04 -------- d-----w- c:\program files\Common Files\Windows Live 2010-10-15 13:07 . 2010-10-15 13:07 -------- d-----w- c:\windows\system32\ca-ES 2010-10-15 13:07 . 2010-10-15 13:07 -------- d-----w- c:\windows\system32\eu-ES 2010-10-15 13:07 . 2010-10-15 13:07 -------- d-----w- c:\windows\system32\vi-VN 2010-10-15 12:51 . 2010-10-15 12:51 -------- d-----w- c:\windows\system32\EventProviders 2010-10-15 12:49 . 2009-04-11 06:28 287744 ----a-w- c:\windows\system32\Wldap32.dll 2010-10-15 12:48 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll 2010-10-15 12:48 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll 2010-10-15 12:48 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll 2010-10-15 12:48 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll 2010-10-15 12:48 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe 2010-10-15 12:48 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll 2010-10-15 12:16 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-10-15 11:13 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin 2010-10-15 11:01 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll 2010-10-15 10:58 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-10-15 10:58 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll 2010-10-15 10:58 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll 2010-10-15 10:58 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2010-10-15 10:58 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll 2010-10-15 10:49 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll 2010-10-15 10:49 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll 2010-10-15 10:49 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2010-10-15 10:49 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2010-10-15 10:49 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL 2010-10-15 10:49 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll 2010-10-15 10:49 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll 2010-10-15 10:49 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe 2010-10-15 10:49 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2010-10-15 10:48 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll 2010-10-15 10:48 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys 2010-10-15 10:48 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-10-15 10:48 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll 2010-10-15 10:48 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-10-15 10:47 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-10-15 10:47 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-10-15 10:47 . 2010-06-17 18:08 10926592 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll 2010-10-15 10:47 . 2010-06-17 16:16 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe 2010-10-15 10:47 . 2010-01-29 15:40 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll 2010-10-15 10:47 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll 2010-10-15 10:47 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-10-15 10:47 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys 2010-10-15 10:47 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll 2010-10-15 10:47 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe 2010-10-15 10:47 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll 2010-10-15 10:46 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll 2010-10-15 10:46 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll 2010-10-15 10:46 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe 2010-10-15 10:46 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll 2010-10-15 10:46 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll 2010-10-15 10:46 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll 2010-10-15 10:46 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll 2010-10-15 10:46 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll 2010-10-15 10:41 . 2010-08-17 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2010-10-15 10:41 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll 2010-10-15 10:41 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll 2010-10-15 10:40 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-10-15 10:08 . 2010-10-15 10:08 -------- d-----w- C:\PerfLogs 2010-10-15 09:32 . 2010-10-15 09:33 -------- d-----w- C:\a7c0be01a6df863d524c1eddc7999a37 2010-10-15 09:30 . 2008-01-19 07:35 1217536 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2010-10-15 09:29 . 2008-01-19 07:36 259072 ----a-w- c:\windows\system32\upnphost.dll 2010-10-15 09:28 . 2008-01-19 07:36 30208 ----a-w- c:\windows\system32\werdiagcontroller.dll 2010-10-15 09:27 . 2008-01-19 07:36 357888 ----a-w- c:\windows\system32\wbemcomn.dll 2010-10-15 09:27 . 2008-01-19 07:34 102400 ----a-w- c:\windows\system32\wbem\mofinstall.dll 2010-10-15 09:27 . 2008-01-19 07:36 129536 ----a-w- c:\windows\system32\sqmapi.dll 2010-10-15 09:27 . 2008-01-19 07:36 139264 ----a-w- c:\windows\system32\SmiInstaller.dll 2010-10-15 09:27 . 2008-01-19 07:35 35328 ----a-w- c:\windows\system32\mspatcha.dll 2010-10-15 09:27 . 2008-01-19 07:34 305152 ----a-w- c:\windows\system32\msdelta.dll 2010-10-15 09:27 . 2008-01-19 07:34 258560 ----a-w- c:\windows\system32\dpx.dll 2010-10-15 03:40 . 2010-10-14 17:46 -------- d-----w- c:\windows\Panther 2010-10-14 23:13 . 2010-10-14 23:13 377344 ----a-w- c:\windows\system32\winhttp.dll 2010-10-14 23:10 . 2010-10-14 23:10 37888 ----a-w- c:\windows\system32\printcom.dll 2010-10-14 23:09 . 2010-10-14 23:09 14848 ----a-w- c:\windows\system32\wshrm.dll 2010-10-14 23:09 . 2010-10-14 23:09 43520 ----a-w- c:\windows\system32\msdxm.tlb 2010-10-14 23:09 . 2010-10-14 23:09 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2010-10-14 23:09 . 2010-10-14 23:09 18432 ----a-w- c:\windows\system32\amcompat.tlb 2010-10-14 23:08 . 2010-10-14 23:08 7680 ----a-w- c:\windows\system32\spwmp.dll 2010-10-14 23:08 . 2010-10-14 23:08 4096 ----a-w- c:\windows\system32\dxmasf.dll 2010-10-14 23:08 . 2010-10-14 23:08 107520 ----a-w- c:\program files\Windows Media Player\wmpshare.exe 2010-10-14 23:08 . 2010-10-14 23:08 4096 ----a-w- c:\windows\system32\msdxm.ocx 2010-10-14 23:08 . 2010-10-14 23:08 107520 ----a-w- c:\program files\Windows Media Player\wmpconfig.exe 2010-10-14 22:13 . 2010-10-14 22:13 72704 ----a-w- c:\windows\system32\fontsub.dll 2010-10-14 22:13 . 2010-10-14 22:13 23552 ----a-w- c:\windows\system32\lpk.dll 2010-10-14 22:13 . 2010-10-14 22:13 10240 ----a-w- c:\windows\system32\dciman32.dll 2010-10-14 22:07 . 2010-10-14 22:07 61440 ----a-w- c:\windows\system32\winipsec.dll 2010-10-14 22:07 . 2010-10-14 22:07 272896 ----a-w- c:\windows\system32\polstore.dll 2010-10-14 21:59 . 2010-10-14 21:59 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2010-10-14 21:59 . 2010-10-14 21:59 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2010-10-14 21:59 . 2010-10-14 21:59 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2010-10-14 21:59 . 2010-10-14 21:59 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2010-10-14 21:59 . 2010-10-14 21:59 105984 ----a-w- c:\windows\system32\netiohlp.dll 2010-10-14 21:59 . 2010-10-14 21:59 10240 ----a-w- c:\windows\system32\finger.exe 2010-10-14 21:59 . 2010-10-14 21:59 19968 ----a-w- c:\windows\system32\ARP.EXE 2010-10-14 21:59 . 2010-10-14 21:59 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2010-10-14 21:55 . 2010-10-14 21:55 127488 ----a-w- c:\windows\system32\L2SecHC.dll 2010-10-14 21:55 . 2010-10-14 21:55 68096 ----a-w- c:\windows\system32\wlanhlp.dll 2010-10-14 21:55 . 2010-10-14 21:55 65024 ----a-w- c:\windows\system32\wlanapi.dll 2010-10-14 21:55 . 2010-10-14 21:55 513536 ----a-w- c:\windows\system32\wlansvc.dll 2010-10-14 21:55 . 2010-10-14 21:55 302592 ----a-w- c:\windows\system32\wlansec.dll 2010-10-14 21:55 . 2010-10-14 21:55 293376 ----a-w- c:\windows\system32\wlanmsm.dll 2010-10-14 21:55 . 2010-10-14 21:55 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs 2010-10-14 21:54 . 2010-10-14 21:54 1401856 ----a-w- c:\windows\system32\msxml6.dll 2010-10-14 21:54 . 2010-10-14 21:54 2048 ----a-w- c:\windows\system32\msxml3r.dll 2010-10-14 21:54 . 2010-10-14 21:54 2048 ----a-w- c:\windows\system32\msxml6r.dll 2010-10-14 21:52 . 2010-10-14 21:52 218624 ----a-w- c:\windows\system32\msv1_0.dll 2010-10-14 21:51 . 2010-10-14 21:51 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-15 09:43 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll 2010-10-15 09:43 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll 2010-10-14 23:12 . 2010-10-14 23:12 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui 2010-10-14 20:26 . 2010-10-14 20:26 2560 ----a-w- c:\windows\apppatch\AcRes.dll 2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "Google Update"="c:\users\MITT NAVN\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-14 136176] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] c:\users\MI›TT NAVN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-10-28 17:28 Windows 6.0.6002 Service Pack 2 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . Tidspunkt ferdig: 2010-10-28 17:30:30 ComboFix-quarantined-files.txt 2010-10-28 15:30 Pre-Run: 153 599 057 920 bytes free Post-Run: 155 290 599 424 bytes free - - End Of File - - 04D7CF1419ACBB20AC2880C8D2AFE9A6 Endret 28. oktober 2010 av computerr Lenke til kommentar
Lednar Skrevet 29. oktober 2010 Del Skrevet 29. oktober 2010 Er det noe du har feil med, eller er dette bare en sjekk? Lenke til kommentar
computerr Skrevet 29. oktober 2010 Forfatter Del Skrevet 29. oktober 2010 (endret) Er det noe du har feil med, eller er dette bare en sjekk? Ingen feil jeg har merket (untatt perioder med frys og blåskjerm i en gammel vista maskin, men det er nok ikke virus) så er bare en sjekk (Har hatt litt virus for ikke så lenge siden og er ikke sikker om alt er fjernet). Har også lyst å få sjekket om det er rootkits på pcen. Endret 2. november 2010 av computerr Lenke til kommentar
computerr Skrevet 2. november 2010 Forfatter Del Skrevet 2. november 2010 Ingen som gidder å se gjennom ? Setter pris på om dere gidder Lenke til kommentar
norbat Skrevet 2. november 2010 Del Skrevet 2. november 2010 Heisann, Umiddelbart kan jeg ikke se noe malware i loggene dine. Hvis pc'ene kjører normalt så tror jeg du kan anse de som 'virusfri'. Lenke til kommentar
computerr Skrevet 3. november 2010 Forfatter Del Skrevet 3. november 2010 (endret) Heisann, Umiddelbart kan jeg ikke se noe malware i loggene dine. Hvis pc'ene kjører normalt så tror jeg du kan anse de som 'virusfri'. De kjører normalt ja, (untatt den stasjonære som fryser og får blåskjerm i perioder, men er gjerne fordi den er 4 år gammel, vista og reinstallert og formatert en del ganger?) men syntes prossessene ser litt mistenkelig ut, spesielt på den ene, hvor prosessen "conime.exe" kjører ... (kan ta screenshot hvis du vil/trenger å se?) Er det noen måte å sjekke nærmere på ? Vil disse loggene avsløre ALT, også rootkits? (har fått en liten paranoia mot det :s) En annen ting å se etter er de jeg har nevnt i denne posten. Da spesielt "Worm:Win32/Rimecud!inf". Endret 3. november 2010 av computerr Lenke til kommentar
norbat Skrevet 3. november 2010 Del Skrevet 3. november 2010 I de fleste tilfeller er conime.exe en legal Windowsfil, så jeg tro du ikke trenger å bekymre deg. Combofix avslører også rootkit. Den benytter bla. en scanner fra Gmer. Lenke til kommentar
computerr Skrevet 4. november 2010 Forfatter Del Skrevet 4. november 2010 (endret) I de fleste tilfeller er conime.exe en legal Windowsfil, så jeg tro du ikke trenger å bekymre deg. Er du sikker? For jeg har søkt litt rundt og noen steder hevder de at med mindre du har et "non western language" så skal den ikke være der... Legger forresten ved bilder av prossene fra de tre dataene jeg har lagt ut logger fra. (i samme rekkefølge som loggene er postet). Prosessene virker ganske mistenkelig, tror du, du kan sjekke om det er noe der som ikke skal være der`? (si ifra om du ikke kan lese, så skal jeg prøve å fikse det) ps. nå var ikke conime.exe der lengre.. takker for all tålmodighet med dette maset Endret 4. november 2010 av computerr Lenke til kommentar
norbat Skrevet 4. november 2010 Del Skrevet 4. november 2010 Conime.exe er som nevnt, i de fleste tilfeller, en legal Windowsfil og du finner den i C:\windows\system32 Hvilke av prosessene er det du finner mistenkelig? Ut fra mitt ståsted, finnes det ikke malware i det materiale du presenterer, så du kan senke skuldrene. Surf trygt! Lenke til kommentar
computerr Skrevet 5. november 2010 Forfatter Del Skrevet 5. november 2010 (endret) ok, tusen takk (: Kan jeg spørre om to siste ting? (tenker det er bedre å spørre her, enn å opprette enda en ny tråd) 1.Så tidligere har jeg hatt en orm som det sto beskrevet på microsofts sider, at den kopierer seg via autorun.inf når en USB fra en "removable drive" plugges inn. (hadde denne ormen og en del andre virus som jeg har beskrevet i en tidligere tråd, blant annet noen trojanere). Men jeg brukte da blant annet et minnekort (via en usb), en ekstern harddisk og en ipod nano 5g før MSE fant og fjernet denne ormen (minnekortet formaterte jeg). Og jeg sjekket gjennom de forksjellige driverne ved metoden illustrert i de to første bildene nedenfor. På denne metoden fant jeg da ingenting, heller ikke ved å scanne en del ganger med MSE. Det jeg lurer på er da, hvorfor fant jeg ikke noe. Betyr det at de ikke ble infisert (isåfall, hvordan kan det ha gått til?) Og er det en grundigere måte å sjekke det på? Grunnen til at jeg er så pirkete på dette er at jeg snart skal overføre noen bilder til familiemedlemmer, og da vil jeg absolutt ikke infisere dem... (Dersom jeg tar en og en av hver fil jeg trenger over til f.eks en skydrive, da kan ikke en evt. orm følge med vel? (men vil helst ikke gjøre dette, da jeg har flere tusen filer på harddisken.. ) ) 2.Så igår fikk jeg en email fra min bror sin hotmail, i den var det en lenke. Typisk spam melding med sannsynligvis virus i.. Dette er da en av pcene jeg postet logger fra (den andre loggen). Hvordan kan dette ha gått til? (han har brukt dataen i mellomtiden fra loggen ble postet til nå, men ikke gjort noe som kan gi han virus såvidt jeg vet) jeg har streket over emailen til de den ble sendt til, men det er folk fra kontaktlisten hans. (Untatt den jeg ikke har streket over. Han hadde den på msn, men den personen var ikke pålogget og det sto ikke noe navn, bare mailen.) ps. legg merke til at står "fra: msn.com" på slutten av infoen.. Endret 5. november 2010 av computerr Lenke til kommentar
norbat Skrevet 5. november 2010 Del Skrevet 5. november 2010 Det er ikke slik at om en orm kan infisere en usb-dings, så vil det skje. Hvis du ønsker å sjekke den eksterne hdd, kan du velge å kjøre en full skann med MBAM. Da får du mulighet til å skanne den eksterne hdd. Husk å oppdatere først. At det tilsynelatende kommer en spammail fra en kjent epostadresse betyr ikke at det faktisk blir sendt fra den epostadressen. Uansett bør man endre passord på epostkontoen sin i ny og ne. Lenke til kommentar
computerr Skrevet 6. november 2010 Forfatter Del Skrevet 6. november 2010 Det er ikke slik at om en orm kan infisere en usb-dings, så vil det skje. Hvis du ønsker å sjekke den eksterne hdd, kan du velge å kjøre en full skann med MBAM. Da får du mulighet til å skanne den eksterne hdd. Husk å oppdatere først. At det tilsynelatende kommer en spammail fra en kjent epostadresse betyr ikke at det faktisk blir sendt fra den epostadressen. Uansett bør man endre passord på epostkontoen sin i ny og ne. Tusen takk for svar! Skal skanne gjennom de eksterne og få det passordet byttet imorgen tror du forresten denne appen er til å stole på ? (fikk litt lyst å prøve den ut ) Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå