Tanner Skrevet 2. januar 2011 Del Skrevet 2. januar 2011 Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Databaseversjon: 5440 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 02.01.2011 02:23:39 mbam-log-2011-01-02 (02-23-39).txt Skanntype: Hurtigsøk Objekter skannet: 164218 Tid tilbakelagt: 8 minutt(er), 5 sekund(er) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert 0 Minneprosesser infisert: (Ingen skadelige objekter funnet) Minnemoduler infisert: (Ingen skadelige objekter funnet) Registernøkler infisert: (Ingen skadelige objekter funnet) Registerverdier infisert: (Ingen skadelige objekter funnet) Registerfiler infisert: (Ingen skadelige objekter funnet) Mapper infisert: (Ingen skadelige objekter funnet) Filer infisert (Ingen skadelige objekter funnet) ComboFix 11-01-01.01 - Olav Magne 02.01.2011 2:47.1.2 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.47.1033.18.4086.3174 [GMT 1:00] Kjører fra: c:\users\Olav Magne\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-12-02 til 2011-01-02 ))))))))))))))))))))))))))))))))) . 2011-01-02 01:43 . 2011-01-02 01:44 -------- d-----w- C:\32788R22FWJFW 2011-01-01 23:48 . 2011-01-01 23:48 -------- d-----w- c:\windows\SysWow64\Adobe 2010-12-29 01:57 . 2010-12-29 01:57 -------- d-----w- c:\program files (x86)\Abe's Oddysee 2010-12-29 01:57 . 1997-03-24 16:42 314368 ----a-w- c:\windows\IsUninst.exe 2010-12-29 01:52 . 2010-12-29 01:53 -------- d-----w- c:\program files (x86)\DAEMON Tools Toolbar 2010-12-29 01:51 . 2010-12-29 01:53 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite 2010-12-29 01:51 . 2010-12-29 01:57 -------- d-----w- c:\users\Olav Magne\AppData\Roaming\DAEMON Tools Lite 2010-12-29 01:51 . 2010-12-29 01:51 -------- d-----w- c:\programdata\DAEMON Tools Lite 2010-12-20 16:21 . 2010-12-20 16:21 -------- d-----w- c:\users\Olav Magne\AppData\Roaming\OpenOffice.org 2010-12-20 16:13 . 2010-12-20 16:13 -------- d-----w- c:\program files (x86)\JRE 2010-12-20 16:13 . 2010-12-20 16:13 -------- d-----w- c:\program files (x86)\OpenOffice.org 3 2010-12-16 17:38 . 2010-12-30 21:44 -------- d-----w- c:\users\Olav Magne\AppData\Roaming\vlc 2010-12-15 05:14 . 2010-11-02 04:40 496128 ----a-w- c:\windows\SysWow64\taskschd.dll 2010-12-15 05:14 . 2010-11-02 04:40 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll 2010-12-15 05:14 . 2010-11-02 04:34 192000 ----a-w- c:\windows\SysWow64\taskeng.exe 2010-12-15 05:14 . 2010-11-02 04:34 179712 ----a-w- c:\windows\SysWow64\schtasks.exe 2010-12-15 05:14 . 2010-10-20 04:54 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2010-12-15 05:14 . 2010-10-20 02:58 294400 ----a-w- c:\windows\SysWow64\atmfd.dll 2010-12-15 05:14 . 2010-10-16 04:36 314368 ----a-w- c:\windows\SysWow64\webio.dll 2010-12-15 05:14 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll 2010-12-15 05:14 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe 2010-12-15 05:14 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe 2010-12-14 15:10 . 2010-12-14 15:10 -------- d-----w- c:\users\Olav Magne\AppData\Roaming\Malwarebytes 2010-12-14 15:10 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2010-12-14 15:10 . 2010-12-14 15:10 -------- d-----w- c:\programdata\Malwarebytes 2010-12-14 15:10 . 2011-01-02 01:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2010-12-13 15:14 . 2008-07-31 09:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll 2010-12-13 15:14 . 2008-07-31 09:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll 2010-12-13 15:14 . 2008-07-12 07:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll 2010-12-13 15:14 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll 2010-12-13 15:14 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll 2010-12-13 15:06 . 2010-12-13 15:06 -------- d-----w- C:\Riot Games 2010-12-10 23:03 . 2010-12-10 23:03 -------- d-----w- c:\program files (x86)\Common Files\Skype 2010-12-08 20:09 . 2010-12-09 16:10 -------- d-----w- c:\users\Olav Magne\UO 2010-12-08 13:03 . 2010-12-08 13:03 -------- d-----w- c:\program files (x86)\Common Files\InstallShield 2010-12-08 11:49 . 2010-12-08 12:11 -------- d-----w- c:\programdata\Media Center Programs 2010-12-08 11:49 . 2010-12-08 11:49 -------- d--h--w- c:\windows\PIF . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-16 19:39 . 2010-08-09 19:14 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2010-10-22 11:43 . 2010-10-22 11:43 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2010-10-22 11:43 . 2010-10-22 11:43 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{7e0c6414-5557-45e4-a2a0-c84f50184a3f}"= "c:\program files (x86)\PHPNuke-NO\tbPHPN.dll" [2010-09-12 3863136] [HKEY_CLASSES_ROOT\clsid\{7e0c6414-5557-45e4-a2a0-c84f50184a3f}] [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2010-09-12 13:02 3863136 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7e0c6414-5557-45e4-a2a0-c84f50184a3f}] 2010-09-12 13:02 3863136 ----a-w- c:\program files (x86)\PHPNuke-NO\tbPHPN.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{7e0c6414-5557-45e4-a2a0-c84f50184a3f}"= "c:\program files (x86)\PHPNuke-NO\tbPHPN.dll" [2010-09-12 3863136] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136] [HKEY_CLASSES_ROOT\clsid\{7e0c6414-5557-45e4-a2a0-c84f50184a3f}] [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2010-11-08 2975640] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2008-02-01 65536] R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 113704] R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 19496] R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 153128] R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 133160] R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 34856] R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 128552] R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 146472] R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344] R3 WatAdminSvc;WatAdminSvc; [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-29 834544] S3 NETwLv64; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETwLv64.sys [2010-08-16 7530496] . --------- x86-64 ----------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . ------- Tilleggsskanning ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.26.0.cab DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab . - - - - TOMME PEKERE FJERNET - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{7E0C6414-5557-45E4-A2A0-C84F50184A3F} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*] "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d, bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\ [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Tidspunkt ferdig: 2011-01-02 02:55:30 ComboFix-quarantined-files.txt 2011-01-02 01:55 Pre-Run: 8 843 010 048 byte ledig Post-Run: 9 033 256 960 byte ledig - - End Of File - - F478806399B20A24CAC5F6D240C73965 Lenke til kommentar
r2d290 Skrevet 8. januar 2011 Del Skrevet 8. januar 2011 (endret) Heisann Beklager forsinkelsen. Har du merket noen problemer med PC-en, eller var dette bare en sjekk? Endret 8. januar 2011 av r2d290 Lenke til kommentar
Tanner Skrevet 9. januar 2011 Forfatter Del Skrevet 9. januar 2011 Hadde noen problemer med veldig lag på et online spill. Viste ikke om det var pcen eller nettet. Har uansett installert windows på nytt nå, og ting funker bedre. Lenke til kommentar
r2d290 Skrevet 9. januar 2011 Del Skrevet 9. januar 2011 Da regner jeg saken som løst =) Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå