Er denne Combofix-loggen ren?

[Deaktivert Konto]

ComboFix 10-12-15.07 - BRUKER 17.12.2010 18:08:40.1.1 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.47.1044.18.3001.1638 [GMT 1:00]

Kjører fra: E:\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-11-17 til 2010-12-17 )))))))))))))))))))))))))))))))))

.

 

2010-12-17 17:31 . 2010-12-17 17:31 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-12-16 15:24 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2010-12-16 15:24 . 2010-10-28 12:56 2048 ----a-w- c:\windows\system32\tzres.dll

2010-12-09 19:21 . 2010-12-13 09:58 -------- d-----w- c:\program files\Microsoft Silverlight

2010-11-27 11:55 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-09 08:36 . 2010-11-09 08:36 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-20 09:25 . 2010-10-20 06:48 231936 ----a-w- c:\windows\system32\msshsq.dll

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-12 186904]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-01 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-01 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-01 150552]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-31 61440]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-11 7399968]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-11 1833504]

"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-05-26 253696]

"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-05-15 440864]

"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2009-04-29 176128]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk

backup=c:\windows\pss\Acer VCM.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

backup=c:\windows\pss\Bluetooth.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^Users^BRUKER^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]

path=c:\users\BRUKER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup

backupExtension=.Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-06-12 00:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2009-03-30 20:59 62760 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]

2009-04-09 00:56 1071624 ----a-w- c:\program files\Launch Manager\LManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]

2009-12-29 19:53 200704 ----a-w- c:\windows\PLFSetI.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2009-02-06 18:32 1430824 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

 

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]

R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]

R4 gupdate;Googles oppdateringstjeneste (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 133104]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2009-09-26 819600]

S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2009-04-11 117256]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-05-15 703008]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-05-26 62208]

S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]

S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2009-04-29 118784]

S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-02-05 237568]

S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2009-09-23 447832]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-06-01 4386304]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-06-01 93184]

S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2009-06-01 4568064]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [2009-04-01 50176]

S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-09-25 3666432]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]

S3 sftfs;sftfs;c:\program files\Microsoft Application Virtualization Client\drivers\sftfslh.sys [2009-09-23 543064]

S3 sftplay;sftplay;c:\program files\Microsoft Application Virtualization Client\drivers\sftplaylh.sys [2009-09-23 190312]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-09-23 21848]

S3 sftvol;sftvol;c:\program files\Microsoft Application Virtualization Client\drivers\sftvollh.sys [2009-09-23 14680]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2009-09-23 203608]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2010-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 20:10]

 

2010-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 20:10]

 

2010-12-16 c:\windows\Tasks\Norton Security Scan for BRUKER.job

- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-16 07:48]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.programs2011.com/no/index.php?rvs=hompag/

mStart Page = hxxp://www.programs2011.com/no/index.php?rvs=hompag/

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

FF - ProfilePath - c:\users\BRUKER\AppData\Roaming\Mozilla\Firefox\Profiles\24ry0iy1.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.no/

FF - prefs.js: keyword.URL - hxxp://www.programs2011.com/no/index.php?rvs=hompag/&%s=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

- - - - TOMME PEKERE FJERNET - - - -

 

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

SafeBoot-mcmscsvc

SafeBoot-MCODS

MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe

MSConfigStartUp-EgisTecLiveUpdate - c:\program files\EgisTec Egis Software Update\EgisUpdate.exe

MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

MSConfigStartUp-Google Update - c:\users\BRUKER\AppData\Local\Google\Update\GoogleUpdate.exe

MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe

MSConfigStartUp-mwlDaemon - c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe

MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe

MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-17 18:31

Windows 6.0.6001 Service Pack 1 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

 

- - - - - - - > 'Explorer.exe'(2616)

c:\program files\Acer\Acer PowerSmart Manager\SysHook.dll

.

Tidspunkt ferdig: 2010-12-17 18:35:59

ComboFix-quarantined-files.txt 2010-12-17 17:35

 

Pre-Run: 374 209 384 448 byte ledig

Post-Run: 374 902 652 928 byte ledig

 

- - End Of File - - 814FD2C6E9EA4CCC3A2B9C806F1774AB

[raWrz]

Hei,

 

Har du noen problemer eller er det bare en sjekk?

 

~ Submit

[Deaktivert Konto]

Er søstera mi sin PC. Den er veldig treg, spesielt med kald oppstart av programmer. I tillegg så er internettilkobling veldig treg over alt, og tilkoblingen slår seg av etter ca 1-2 minutter, og da må wifi-knappen av og på igjen, osv...

[Deaktivert Konto]

Tenker på en fabrikk-gjennoppretting eller hva det nå heter, men sjekker først etter virus.

[raWrz]

Combofix loggen ser ren ut så du kan avinstallere den ved å starte kjør (windows knappen + R) og skriv combofix /uninstall

 

Har du installert de nyeste driverne til nettverkskorte?

[Reinsdyret]

Hei, jeg fikk noe hissig spyware fra nettstedet programs2011.com (uoppmerksom nedlasting av messenger-klient), og da jeg googlet nettstedet fikk jeg opp tråden din. Regn altså med at dette er et problem:

 

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.programs2011.com/no/index.php?rvs=hompag/

mStart Page = hxxp://www.programs2011.com/no/index.php?rvs=hompag/