Gå til innhold

Mulig virus? svhost oppfører seg rart.


Anbefalte innlegg

Slitt en stund med virus og kjørte MBAM og Combofix. Combofix fant noe, men lurer på om maskinen min ennå er infisert. Jeg legger ved en logg fra brannmuren min som vedlegg, fra etter at jeg hadde kjørt MBAM og Combofix.

 

 

edit: lastet opp ny brannmurlogg.

 

 

 

MBAM logg

 

 

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Databaseversjon: 5098

 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

 

12.11.2010 07:53:28

mbam-log-2010-11-12 (07-53-28).txt

 

Skanntype: Hurtigsøk

Objekter skannet: 146210

Tid tilbakelagt: 8 minutt(er), 56 sekund(er)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert 0

 

Minneprosesser infisert:

(Ingen skadelige objekter funnet)

 

Minnemoduler infisert:

(Ingen skadelige objekter funnet)

 

Registernøkler infisert:

(Ingen skadelige objekter funnet)

 

Registerverdier infisert:

(Ingen skadelige objekter funnet)

 

Registerfiler infisert:

(Ingen skadelige objekter funnet)

 

Mapper infisert:

(Ingen skadelige objekter funnet)

 

Filer infisert

(Ingen skadelige objekter funnet)

 

 

 

 

Combofix logg:

 

ComboFix 10-11-11.01 - eivind stasjonær 12.11.2010 8:09.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.47.1044.18.2046.994 [GMT 1:00]

Kjører fra: c:\users\eivind stasjonær\Downloads\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Install.exe

c:\windows\7Loader.TAG

 

Infisert kopi av c:\windows\system32\userinit.exe ble funnet og desinfisert

Gjenopprettet kopi fra - c:\combofix\HarddiskVolumeShadowCopy7_!Windows!System32!userinit.exe

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-10-12 til 2010-11-12 )))))))))))))))))))))))))))))))))

.

 

2010-11-12 07:32 . 2010-11-12 07:38 -------- d-----w- c:\users\eivind stasjonær\AppData\Local\temp

2010-11-12 07:32 . 2010-11-12 07:32 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-11-12 07:00 . 2010-11-12 07:01 -------- d-----w- C:\32788R22FWJFW

2010-11-12 06:44 . 2010-11-12 06:44 -------- d-----w- c:\users\eivind stasjonær\AppData\Roaming\Malwarebytes

2010-11-12 06:43 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-12 06:43 . 2010-11-12 06:43 -------- d-----w- c:\programdata\Malwarebytes

2010-11-12 06:43 . 2010-11-12 06:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-12 06:43 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-12 06:42 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E0BC36C9-BE84-4BA0-A8C6-714D19E6268E}\mpengine.dll

2010-11-11 21:42 . 2010-11-12 07:18 -------- d-----w- c:\users\eivind stasjonær\AppData\Roaming\foobar2000

2010-11-11 18:33 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll

2010-11-11 18:33 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll

2010-11-11 18:33 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll

2010-11-11 18:33 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll

2010-11-06 02:45 . 2010-11-06 02:45 -------- d-----w- C:\BigFishGamesCache

2010-11-05 17:18 . 2010-11-05 17:18 -------- d-----w- c:\program files\Exact Audio Copy

2010-10-31 13:08 . 2010-10-31 13:08 -------- d-----w- c:\programdata\ATI

2010-10-31 13:08 . 2010-10-31 13:08 -------- d-----w- c:\program files\ATI Stream

2010-10-25 15:53 . 2010-10-25 15:53 -------- d-----w- c:\users\eivind stasjonær\AppData\Local\Emerald Editor Community

2010-10-25 15:53 . 2010-10-25 15:53 -------- d-----w- c:\program files\Emerald Editor Community

2010-10-21 11:06 . 2010-10-21 11:06 -------- d-----w- c:\program files\1C Company

2010-10-19 04:18 . 2010-10-19 04:18 -------- d-----w- c:\users\eivind stasjonær\AppData\Local\Apps

2010-10-19 04:18 . 2010-10-19 04:19 -------- d-----w- c:\users\eivind stasjonær\AppData\Local\Deployment

2010-10-18 08:51 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys

2010-10-18 08:50 . 2010-09-01 02:34 2327552 ----a-w- c:\windows\system32\win32k.sys

2010-10-18 08:50 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys

2010-10-18 08:50 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll

2010-10-18 08:50 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-10-18 08:50 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-10-18 08:50 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe

2010-10-18 08:50 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll

2010-10-18 08:50 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll

2010-10-18 08:50 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll

2010-10-18 08:50 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll

2010-10-18 08:43 . 2010-08-27 05:30 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll

2010-10-16 06:22 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-10-16 06:22 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-10-16 06:22 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-10-16 06:22 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-10-16 06:22 . 2010-09-07 14:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2010-10-16 06:22 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr

2010-10-16 06:22 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe

2010-10-16 06:22 . 2010-10-16 06:22 -------- d-----w- c:\programdata\Alwil Software

2010-10-16 06:22 . 2010-10-16 06:22 -------- d-----w- c:\program files\Alwil Software

2010-10-16 06:19 . 2010-10-16 06:19 -------- d-----w- c:\users\eivind stasjonær\AppData\Local\ACD Systems

2010-10-16 06:19 . 2010-10-16 06:19 -------- d-----w- c:\users\eivind stasjonær\AppData\Roaming\ACD Systems

2010-10-16 06:18 . 2010-10-18 08:49 -------- d-----w- c:\program files\Common Files\ACD Systems

2010-10-16 06:18 . 2010-10-16 06:18 10368 ----a-w- c:\windows\system32\drivers\pfc.sys

2010-10-16 06:13 . 2010-10-16 06:13 -------- d-----w- c:\windows\Downloaded Installations

2010-10-15 09:26 . 2010-10-15 09:26 -------- d-----w- c:\program files\URUSoft

2010-10-15 04:34 . 2010-10-15 04:34 388096 ----a-r- c:\users\eivind stasjonær\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-10-15 04:34 . 2010-10-15 04:34 -------- d-----w- c:\program files\Trend Micro

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-19 10:41 . 2010-05-01 18:35 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-10-15 04:34 . 2010-10-15 04:34 388096 ----a-r- c:\users\eivind stasjonær\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-10-15 04:34 . 2010-10-15 04:34 388096 ----a-r- c:\users\eivind stasjonær\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-09-29 02:25 . 2010-09-29 02:25 6472192 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2010-09-29 01:56 . 2010-09-29 01:56 16201728 ----a-w- c:\windows\system32\atioglxx.dll

2010-09-29 01:55 . 2010-09-29 01:55 143360 ----a-w- c:\windows\system32\atiapfxx.exe

2010-09-29 01:55 . 2010-04-07 02:16 536576 ----a-w- c:\windows\system32\aticfx32.dll

2010-09-29 01:51 . 2010-09-29 01:51 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll

2010-09-29 01:51 . 2010-09-29 01:51 380928 ----a-w- c:\windows\system32\atieclxx.exe

2010-09-29 01:50 . 2010-09-29 01:50 176128 ----a-w- c:\windows\system32\atiesrxx.exe

2010-09-29 01:49 . 2010-09-29 01:49 159744 ----a-w- c:\windows\system32\atitmmxx.dll

2010-09-29 01:49 . 2010-09-29 01:49 356352 ----a-w- c:\windows\system32\atipdlxx.dll

2010-09-29 01:49 . 2010-09-29 01:49 278528 ----a-w- c:\windows\system32\Oemdspif.dll

2010-09-29 01:49 . 2010-09-29 01:49 11776 ----a-w- c:\windows\system32\atimuixx.dll

2010-09-29 01:49 . 2010-09-29 01:49 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2010-09-29 01:46 . 2009-07-13 22:09 3953152 ----a-w- c:\windows\system32\atidxx32.dll

2010-09-29 01:28 . 2010-04-07 01:40 4077568 ----a-w- c:\windows\system32\atiumdag.dll

2010-09-29 01:27 . 2010-09-29 01:27 46080 ----a-w- c:\windows\system32\aticalrt.dll

2010-09-29 01:27 . 2010-09-29 01:27 44032 ----a-w- c:\windows\system32\aticalcl.dll

2010-09-29 01:26 . 2010-09-29 01:26 4407808 ----a-w- c:\windows\system32\aticaldd.dll

2010-09-29 01:22 . 2010-04-07 01:46 52736 ----a-w- c:\windows\system32\coinst.dll

2010-09-29 01:22 . 2010-04-07 01:21 3460096 ----a-w- c:\windows\system32\atiumdva.dll

2010-09-29 01:15 . 2010-09-29 01:15 241664 ----a-w- c:\windows\system32\atiadlxx.dll

2010-09-29 01:14 . 2010-09-29 01:14 12800 ----a-w- c:\windows\system32\atiglpxx.dll

2010-09-29 01:14 . 2010-09-29 01:14 19968 ----a-w- c:\windows\system32\atigktxx.dll

2010-09-29 01:14 . 2010-09-29 01:14 228352 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2010-09-29 01:14 . 2010-04-07 01:22 30720 ----a-w- c:\windows\system32\atiuxpag.dll

2010-09-29 01:13 . 2010-04-07 01:22 28672 ----a-w- c:\windows\system32\atiu9pag.dll

2010-09-29 01:12 . 2010-09-29 01:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2010-09-29 01:09 . 2010-09-29 01:09 52736 ----a-w- c:\windows\system32\atimpc32.dll

2010-09-29 01:09 . 2010-09-29 01:09 52736 ----a-w- c:\windows\system32\amdpcom32.dll

2010-09-21 00:25 . 2010-09-21 00:24 522928 ----a-w- c:\windows\system32\SpoonUninstall.exe

2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-08-27 18:32 . 2010-08-27 18:32 294912 ----a-w- c:\windows\system32\ATIODE.exe

2010-08-16 10:41 . 2010-08-16 10:41 101904 ----a-w- c:\windows\system32\drivers\AtihdW73.sys

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-02-04 14:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

 

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

 

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-09-26 328056]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-26 8546848]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll c:\windows\System32\guard32.dll

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk

backup=c:\windows\pss\Ralink Wireless Utility.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

2008-06-11 20:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]

2008-06-12 00:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-09-17 12:22 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]

2010-02-22 02:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]

2010-03-04 12:31 311296 ----a-w- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-06-27 16:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]

2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]

2008-12-03 20:15 218408 ----a-w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe

 

R2 gupdate;Googles oppdateringstjeneste (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 136176]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]

R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2009-12-21 43520]

R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 19968]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [2009-12-21 43520]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-28 1343400]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-06 691696]

S1 aswSP;aswSP; [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 224240]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 30112]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-29 176128]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2009-07-20 27648]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-09-29 6472192]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-09-29 228352]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-08-16 101904]

S3 rt61x86;RT61 Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr61.sys [2009-06-02 368128]

 

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2010-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 04:48]

 

2010-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 04:48]

.

.

------- Tilleggsskanning -------

.

IE: &Block This Image (ABP) - c:\program files\Adblock Pro\blockimg.html

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\users\eivind stasjonær\AppData\Roaming\Mozilla\Firefox\Profiles\phax1ihk.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - component: c:\program files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll

FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - TOMME PEKERE FJERNET - - - -

 

HKCU-Run-AdobeBridge - (no file)

HKCU-Run-Radio365Agent - (no file)

 

 

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

 

[HKEY_USERS\S-1-5-21-1647584874-2863481535-2437137713-1000\Software\SecuROM\License information*]

"datasecu"=hex:83,0d,68,3e,d5,44,cb,2a,ba,4b,ea,ad,05,01,97,3a,52,2f,95,d3,5c,

f1,5b,a7,de,a0,66,71,23,31,e9,35,32,7f,f9,25,79,b8,e6,44,c3,f6,37,7e,ae,94,\

"rkeysecu"=hex:15,77,81,fe,27,7d,fd,27,16,af,a1,c3,e5,99,22,c9

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'Explorer.exe'(2856)

c:\windows\System32\ieframe.dll

.

------------------------ Andre Kjørende Prosesser ------------------------

.

c:\program files\COMODO\COMODO Internet Security\cmdagent.exe

c:\windows\system32\atieclxx.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\windows\system32\WLANExt.exe

c:\windows\system32\conhost.exe

c:\program files\CDBurnerXP\NMSAccessU.exe

c:\program files\RALINK\Common\RaRegistry.exe

c:\program files\CyberLink\Shared files\RichVideo.exe

c:\windows\system32\WUDFHost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

.

**************************************************************************

.

Tidspunkt ferdig: 2010-11-12 08:44:30 - maskinen ble startet på nytt

ComboFix-quarantined-files.txt 2010-11-12 07:44

 

Pre-Run: 196 626 935 808 byte ledig

Post-Run: 202 667 438 080 byte ledig

 

- - End Of File - - 0109CB6D1C95754DC5F0051A78E29EFB

 

ny brannmurlogg.zip

Endret av Avien
Lenke til kommentar
Videoannonse
Annonse

Jeg oppdaterte førstepost med ny brannmurlogg.

 

 

Submit, jeg setter pris på at du forsøker å hjelpe, men tipping er, strengt talt, ikke til mye hjelp. Jeg har fått hjelp av Tjnome til å konstatere forekomsten av virus. I stedet for å tukle mer med det, så tar jeg nok og formaterer maskinen en av dagene, med mindre noen har en smart fiks.

Endret av Avien
Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...