Gå til innhold

[LØST]Kunne noen tenkr seg å titte igjennom loggene mine? Malware/Combofix

Footy

Av Footy
i IKT-drift og sikkerhet

Anbefalte innlegg

Footy

Footy

Skrevet
Skrevet (endret)

Har slitt mye med BSOD de siste 24 timene. I den forbindelse ryddet litt og kjørt diverse scans...

Noen som har mulighet å ta en kjapp titt på loggene?

 

beklager lengden, får ikke spoiler til å fungere. Om noen kan gjøre dette for meg hadde jeg vært enda mer takknemmelig.

 

Malware:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Databaseversjon: 5485

 

Windows 6.0.6000

Internet Explorer 7.0.6000.16982

 

09.01.2011 11:31:41

mbam-log-2011-01-09 (11-31-41).txt

 

Skanntype: Hurtigsøk

Objekter skannet: 141881

Tid tilbakelagt: 6 minutt(er), 52 sekund(er)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 0

Registerverdier infisert: 0

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert 1

 

Minneprosesser infisert:

(Ingen skadelige objekter funnet)

 

Minnemoduler infisert:

(Ingen skadelige objekter funnet)

 

Registernøkler infisert:

(Ingen skadelige objekter funnet)

 

Registerverdier infisert:

(Ingen skadelige objekter funnet)

 

Registerfiler infisert:

(Ingen skadelige objekter funnet)

 

Mapper infisert:

(Ingen skadelige objekter funnet)

 

Filer infisert

c:\Windows\System32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.

 

 

 

 

 

 

 

Combofix:

ComboFix 11-01-08.04 - Anne 09.01.2011 12:34:07.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.47.1044.18.2045.1238 [GMT 1:00]

Kjører fra: c:\users\Anne\Downloads\ComboFix.exe

.

 

((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\programdata\hpeCDBA.dll

c:\temp\1cb

c:\temp\1cb\syscheck.log

 

.

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-12-09 til 2011-01-09 )))))))))))))))))))))))))))))))))

.

 

2011-01-09 01:36 . 2011-01-09 01:36 -------- d-----w- c:\users\Anne\AppData\Roaming\Malwarebytes

2011-01-09 01:35 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-09 01:35 . 2011-01-09 01:35 -------- d-----w- c:\programdata\Malwarebytes

2011-01-09 01:35 . 2011-01-09 01:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-09 01:35 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-08 14:09 . 2011-01-08 14:09 614152 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-01-05 18:34 . 2011-01-05 18:37 -------- d-----w- c:\users\Anne\AppData\Roaming\vlc

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr

2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-17 16:58 . 2010-11-17 16:58 73216 ----a-w- c:\windows\system32\msiexec.exe

2010-11-17 16:58 . 2010-11-17 16:58 332800 ----a-w- c:\windows\system32\msihnd.dll

2010-11-17 16:58 . 2010-11-17 16:58 2560 ----a-w- c:\windows\system32\msimsg.dll

2010-11-17 16:58 . 2010-11-17 16:58 2252288 ----a-w- c:\windows\system32\msi.dll

2010-11-14 13:13 . 2010-11-14 13:13 72704 ----a-w- c:\windows\system32\admparse.dll

2010-11-14 13:13 . 2010-11-14 13:13 832512 ----a-w- c:\windows\system32\wininet.dll

2010-11-14 13:13 . 2010-11-14 13:13 52736 ----a-w- c:\windows\apppatch\iebrshim.dll

2010-11-14 13:13 . 2010-11-14 13:13 389120 ----a-w- c:\windows\system32\html.iec

2010-11-14 13:13 . 2010-11-14 13:13 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-11-14 13:13 . 2010-11-14 13:13 48128 ----a-w- c:\windows\system32\mshtmler.dll

2010-11-14 13:13 . 2010-11-14 13:13 1383424 ----a-w- c:\windows\system32\mshtml.tlb

2010-11-14 13:13 . 2010-11-14 13:13 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2010-11-14 13:13 . 2010-11-14 13:13 26624 ----a-w- c:\windows\system32\ieUnatt.exe

2010-11-14 13:13 . 2010-11-14 13:13 56320 ----a-w- c:\windows\system32\iesetup.dll

2010-11-14 13:11 . 2010-11-14 13:11 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE

2010-11-14 13:11 . 2010-11-14 13:11 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE

2010-11-14 13:11 . 2010-11-14 13:11 27136 ----a-w- c:\windows\system32\NETSTAT.EXE

2010-11-14 13:11 . 2010-11-14 13:11 19968 ----a-w- c:\windows\system32\ARP.EXE

2010-11-14 13:11 . 2010-11-14 13:11 17920 ----a-w- c:\windows\system32\ROUTE.EXE

2010-11-14 13:11 . 2010-11-14 13:11 15360 ----a-w- c:\windows\system32\netevent.dll

2010-11-14 13:11 . 2010-11-14 13:11 11264 ----a-w- c:\windows\system32\MRINFO.EXE

2010-11-14 13:11 . 2010-11-14 13:11 103936 ----a-w- c:\windows\system32\netiohlp.dll

2010-11-14 13:11 . 2010-11-14 13:11 10240 ----a-w- c:\windows\system32\finger.exe

2010-11-14 13:10 . 2010-11-14 13:10 378368 ----a-w- c:\windows\system32\winhttp.dll

2010-11-14 13:07 . 2010-11-14 13:07 36352 ----a-w- c:\windows\system32\tsgqec.dll

2010-11-14 13:07 . 2010-11-14 13:07 116736 ----a-w- c:\windows\system32\aaclient.dll

2010-11-14 13:07 . 2010-11-14 13:07 1871872 ----a-w- c:\windows\system32\mstscax.dll

2010-11-14 13:06 . 2010-11-14 13:06 268800 ----a-w- c:\windows\system32\es.dll

2010-11-14 13:01 . 2010-11-14 13:01 80896 ----a-w- c:\windows\system32\MSNP.ax

2010-11-14 13:01 . 2010-11-14 13:01 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax

2010-11-14 13:01 . 2010-11-14 13:01 428032 ----a-w- c:\windows\system32\EncDec.dll

2010-11-14 13:01 . 2010-11-14 13:01 217088 ----a-w- c:\windows\system32\psisrndr.ax

2010-11-14 13:01 . 2010-11-14 13:01 177152 ----a-w- c:\windows\system32\mpg2splt.ax

2010-11-14 13:01 . 2010-11-14 13:01 1244672 ----a-w- c:\windows\system32\mcmde.dll

2010-11-14 13:01 . 2010-11-14 13:01 57856 ----a-w- c:\windows\system32\MSDvbNP.ax

2010-11-14 13:01 . 2010-11-14 13:01 292352 ----a-w- c:\windows\system32\psisdecd.dll

2010-11-14 12:48 . 2010-11-14 12:48 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll

2010-11-14 12:48 . 2010-11-14 12:48 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll

2010-11-14 12:48 . 2010-11-14 12:48 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll

2010-11-14 12:48 . 2010-11-14 12:48 1558016 ----a-w- c:\windows\system32\NlsLexicons0049.dll

2010-11-14 12:48 . 2010-11-14 12:48 1236992 ----a-w- c:\windows\system32\NlsLexicons0020.dll

2010-11-14 12:48 . 2010-11-14 12:48 1782272 ----a-w- c:\windows\system32\NlsLexicons0039.dll

2010-11-14 12:48 . 2010-11-14 12:48 2136064 ----a-w- c:\windows\system32\NlsLexicons0021.dll

2010-11-14 12:48 . 2010-11-14 12:48 5499904 ----a-w- c:\windows\system32\NlsLexicons0022.dll

2010-11-14 12:48 . 2010-11-14 12:48 7964672 ----a-w- c:\windows\system32\NlsLexicons0024.dll

2010-11-14 12:48 . 2010-11-14 12:48 5791232 ----a-w- c:\windows\system32\NlsLexicons0026.dll

2010-11-14 12:48 . 2010-11-14 12:48 6224896 ----a-w- c:\windows\system32\NlsLexicons0027.dll

2010-11-14 12:48 . 2010-11-14 12:48 4175872 ----a-w- c:\windows\system32\NlsLexicons0010.dll

2010-11-14 12:47 . 2010-11-14 12:47 2466816 ----a-w- c:\windows\system32\NlsLexicons0011.dll

2010-11-14 12:47 . 2010-11-14 12:47 4981248 ----a-w- c:\windows\system32\NlsLexicons0013.dll

2010-11-14 12:47 . 2010-11-14 12:47 3331072 ----a-w- c:\windows\system32\NlsLexicons0018.dll

2010-11-14 12:47 . 2010-11-14 12:47 6781440 ----a-w- c:\windows\system32\NlsLexicons0019.dll

2010-11-14 12:47 . 2010-11-14 12:47 11722752 ----a-w- c:\windows\system32\NlsLexicons0001.dll

2010-11-14 12:47 . 2010-11-14 12:47 4164096 ----a-w- c:\windows\system32\NlsLexicons0002.dll

2010-11-14 12:47 . 2010-11-14 12:47 1452544 ----a-w- c:\windows\system32\NlsLexicons0003.dll

2010-11-14 12:47 . 2010-11-14 12:47 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll

2010-11-14 12:47 . 2010-11-14 12:47 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll

2010-11-14 12:47 . 2010-11-14 12:47 3419136 ----a-w- c:\windows\system32\NlsLexicons004a.dll

2010-11-14 12:47 . 2010-11-14 12:47 1702912 ----a-w- c:\windows\system32\NlsLexicons004b.dll

2010-11-14 12:47 . 2010-11-14 12:47 4093440 ----a-w- c:\windows\system32\NlsLexicons004c.dll

2010-11-14 12:47 . 2010-11-14 12:47 1972736 ----a-w- c:\windows\system32\NlsLexicons004e.dll

2010-11-14 12:47 . 2010-11-14 12:47 4045824 ----a-w- c:\windows\system32\NlsLexicons003e.dll

2010-11-14 12:47 . 2010-11-14 12:47 4096 ----a-w- c:\windows\system32\NlsLexicons002a.dll

2010-11-14 12:47 . 2010-11-14 12:47 6014976 ----a-w- c:\windows\system32\NlsLexicons001a.dll

2010-11-14 12:47 . 2010-11-14 12:47 6585856 ----a-w- c:\windows\system32\NlsLexicons001b.dll

2010-11-14 12:46 . 2010-11-14 12:46 6346240 ----a-w- c:\windows\system32\NlsLexicons001d.dll

2010-11-14 12:46 . 2010-11-14 12:46 9892864 ----a-w- c:\windows\system32\NlsLexicons000a.dll

2010-11-14 12:46 . 2010-11-14 12:46 6237696 ----a-w- c:\windows\system32\NlsLexicons000c.dll

2010-11-14 12:46 . 2010-11-14 12:46 1722368 ----a-w- c:\windows\system32\NlsLexicons000d.dll

2010-11-14 12:46 . 2010-11-14 12:46 5654528 ----a-w- c:\windows\system32\NlsLexicons000f.dll

2010-11-14 12:46 . 2010-11-14 12:46 4616192 ----a-w- c:\windows\system32\NlsLexicons0414.dll

2010-11-14 12:46 . 2010-11-14 12:46 5090816 ----a-w- c:\windows\system32\NlsLexicons0416.dll

2010-11-14 12:46 . 2010-11-14 12:46 5031936 ----a-w- c:\windows\system32\NlsLexicons0816.dll

2010-11-14 12:46 . 2010-11-14 12:46 7042560 ----a-w- c:\windows\system32\NlsLexicons081a.dll

2010-11-14 12:46 . 2010-11-14 12:46 5071872 ----a-w- c:\windows\system32\NlsModels0011.dll

2010-11-14 12:46 . 2010-11-14 12:46 3102720 ----a-w- c:\windows\system32\NlsData0047.dll

2010-11-14 12:46 . 2010-11-14 12:46 3102720 ----a-w- c:\windows\system32\NlsData0046.dll

2010-11-14 12:46 . 2010-11-14 12:46 3102720 ----a-w- c:\windows\system32\NlsData0045.dll

2010-11-14 12:46 . 2010-11-14 12:46 3102720 ----a-w- c:\windows\system32\NlsData0049.dll

2010-11-14 12:46 . 2010-11-14 12:46 3102720 ----a-w- c:\windows\system32\NlsData0039.dll

2010-11-14 12:46 . 2010-11-14 12:46 3102720 ----a-w- c:\windows\system32\NlsData0020.dll

2010-11-14 12:46 . 2010-11-14 12:46 1799168 ----a-w- c:\windows\system32\NlsData0022.dll

2010-11-14 12:46 . 2010-11-14 12:46 1799168 ----a-w- c:\windows\system32\NlsData0021.dll

2010-11-14 12:46 . 2010-11-14 12:46 1965056 ----a-w- c:\windows\system32\NlsData0027.dll

2010-11-14 12:46 . 2010-11-14 12:46 1963520 ----a-w- c:\windows\system32\NlsData0026.dll

2010-11-14 12:46 . 2010-11-14 12:46 1963520 ----a-w- c:\windows\system32\NlsData0024.dll

2010-11-14 12:46 . 2010-11-14 12:46 4493312 ----a-w- c:\windows\system32\NlsData0010.dll

2010-11-14 12:46 . 2010-11-14 12:46 3464704 ----a-w- c:\windows\system32\NlsData0013.dll

2010-11-14 12:46 . 2010-11-14 12:46 2655232 ----a-w- c:\windows\system32\NlsData0011.dll

2010-11-14 12:46 . 2010-11-14 12:46 1963520 ----a-w- c:\windows\system32\NlsData0018.dll

2010-11-14 12:46 . 2010-11-14 12:46 1523200 ----a-w- c:\windows\system32\NlsData0000.dll

2010-11-14 12:46 . 2010-11-14 12:46 4495360 ----a-w- c:\windows\system32\NlsData0019.dll

2010-11-14 12:46 . 2010-11-14 12:46 2597888 ----a-w- c:\windows\system32\NlsData0001.dll

2010-11-14 12:46 . 2010-11-14 12:46 1963520 ----a-w- c:\windows\system32\NlsData0003.dll

2010-11-14 12:46 . 2010-11-14 12:46 1963520 ----a-w- c:\windows\system32\NlsData0002.dll

2010-11-14 12:46 . 2010-11-14 12:46 4874240 ----a-w- c:\windows\system32\NlsData0009.dll

2010-11-14 12:46 . 2010-11-14 12:46 2241024 ----a-w- c:\windows\system32\NlsData0007.dll

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-14 1232896]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-27 39408]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]

"Mobile Partner"="c:\program files\Mobile Partner\Mobile Partner.exe" [2008-12-04 114688]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-02-02 36864]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-05-06 405504]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 857648]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-05-27 92704]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2271840558-4011763898-2198543459-1000]

"EnableNotificationsRef"=dword:00000001

 

R2 gupdate;Googles oppdateringstjeneste (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 135664]

R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]

R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-12-30 103040]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2007-12-23 715248]

S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2011-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 19:21]

 

2011-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 19:21]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.dagbladet.no/

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

Trusted Zone: skandiabanken.no\secure

Trusted Zone: skandiabanken.no\www

FF - ProfilePath - c:\users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.dagbladet.no/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}

.

- - - - TOMME PEKERE FJERNET - - - -

 

URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-01-09 12:44

Windows 6.0.6000 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Tidspunkt ferdig: 2011-01-09 12:49:28

ComboFix-quarantined-files.txt 2011-01-09 11:49

 

Pre-Run: 13 913 698 304 byte ledig

Post-Run: 13 867 511 808 byte ledig

 

- - End Of File - - CFA4A996617D6185FE93953CA90C626B

Endret av Footy
Lenke til kommentar

Videoannonse

Videoannonse
Annonse
r2d290

r2d290

Skrevet
Skrevet

Heisann

 

Loggen din er ikke noe lenger enn vanlig, så det går sikkert fint at den ikke er i spoiler. Merker du noen problemer med PC-en nå?

Du kjører Combofix fra c:\users\Anne\Downloads\ComboFix.exe

 

I veiledningen (ref. signaturen min) står det at Combofix skal kjøres fra Skrivebordet. Vennligst flytt Combofix.exe til Skrivebordet.

 

 

I din neste post:

-Fortell om du merker neon problemer med PC-en

-Gi tilbakemelding på om du har fått flyttet Combofix

Lenke til kommentar
Footy

Footy

Skrevet
  • Forfatter
Skrevet

Vel, Pc'en ser ut til å oppføre seg greit nå, litt treg, men eller normal.

 

Det som skjedde i går var at en BSOD poppet opp og begynte å dumpe minnet eller er noe rart.

Etter det restartet den seg selv om igjen og om igjen helt til jeg fysisk skrudde den av og startet opp i safe mode. Det måtte 3 forsøk til for at den klarte det.

Jeg tok så backup av alt nødvendige i safemode, for å så starte den på nytt normalt. Dette greide den på 2 forsøk.

Siden da har jeg ikke gjort noe annet enn å følge veiledningen (med unntak av at jeg gjorde det litt feil)

 

Ny combofix log følger:

 

ComboFix 11-01-08.04 - Anne 09.01.2011 17:53:09.3.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.47.1044.18.2045.1379 [GMT 1:00]

Kjører fra: c:\users\Anne\Desktop\ComboFix.exe

.

 

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-12-09 til 2011-01-09 )))))))))))))))))))))))))))))))))

.

 

2011-01-09 17:02 . 2011-01-09 17:02 -------- d-----w- c:\users\Anne\AppData\Local\temp

2011-01-09 17:02 . 2011-01-09 17:02 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-01-09 01:36 . 2011-01-09 01:36 -------- d-----w- c:\users\Anne\AppData\Roaming\Malwarebytes

2011-01-09 01:35 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-09 01:35 . 2011-01-09 01:35 -------- d-----w- c:\programdata\Malwarebytes

2011-01-09 01:35 . 2011-01-09 01:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-01-09 01:35 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-08 14:09 . 2011-01-08 14:09 614152 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-01-05 18:34 . 2011-01-05 18:37 -------- d-----w- c:\users\Anne\AppData\Roaming\vlc

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr

2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-17 16:58 . 2010-11-17 16:58 73216 ----a-w- c:\windows\system32\msiexec.exe

2010-11-17 16:58 . 2010-11-17 16:58 332800 ----a-w- c:\windows\system32\msihnd.dll

2010-11-17 16:58 . 2010-11-17 16:58 2560 ----a-w- c:\windows\system32\msimsg.dll

2010-11-17 16:58 . 2010-11-17 16:58 2252288 ----a-w- c:\windows\system32\msi.dll

2010-11-14 13:13 . 2010-11-14 13:13 72704 ----a-w- c:\windows\system32\admparse.dll

2010-11-14 13:13 . 2010-11-14 13:13 832512 ----a-w- c:\windows\system32\wininet.dll

2010-11-14 13:13 . 2010-11-14 13:13 52736 ----a-w- c:\windows\apppatch\iebrshim.dll

2010-11-14 13:13 . 2010-11-14 13:13 389120 ----a-w- c:\windows\system32\html.iec

2010-11-14 13:13 . 2010-11-14 13:13 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-11-14 13:13 . 2010-11-14 13:13 48128 ----a-w- c:\windows\system32\mshtmler.dll

2010-11-14 13:13 . 2010-11-14 13:13 1383424 ----a-w- c:\windows\system32\mshtml.tlb

2010-11-14 13:13 . 2010-11-14 13:13 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2010-11-14 13:13 . 2010-11-14 13:13 26624 ----a-w- c:\windows\system32\ieUnatt.exe

2010-11-14 13:13 . 2010-11-14 13:13 56320 ----a-w- c:\windows\system32\iesetup.dll

2010-11-14 13:11 . 2010-11-14 13:11 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE

2010-11-14 13:11 . 2010-11-14 13:11 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE

2010-11-14 13:11 . 2010-11-14 13:11 27136 ----a-w- c:\windows\system32\NETSTAT.EXE

2010-11-14 13:11 . 2010-11-14 13:11 19968 ----a-w- c:\windows\system32\ARP.EXE

2010-11-14 13:11 . 2010-11-14 13:11 17920 ----a-w- c:\windows\system32\ROUTE.EXE

2010-11-14 13:11 . 2010-11-14 13:11 15360 ----a-w- c:\windows\system32\netevent.dll

2010-11-14 13:11 . 2010-11-14 13:11 11264 ----a-w- c:\windows\system32\MRINFO.EXE

2010-11-14 13:11 . 2010-11-14 13:11 103936 ----a-w- c:\windows\system32\netiohlp.dll

2010-11-14 13:11 . 2010-11-14 13:11 10240 ----a-w- c:\windows\system32\finger.exe

2010-11-14 13:10 . 2010-11-14 13:10 378368 ----a-w- c:\windows\system32\winhttp.dll

2010-11-14 13:07 . 2010-11-14 13:07 36352 ----a-w- c:\windows\system32\tsgqec.dll

2010-11-14 13:07 . 2010-11-14 13:07 116736 ----a-w- c:\windows\system32\aaclient.dll

2010-11-14 13:07 . 2010-11-14 13:07 1871872 ----a-w- c:\windows\system32\mstscax.dll

2010-11-14 13:06 . 2010-11-14 13:06 268800 ----a-w- c:\windows\system32\es.dll

2010-11-14 13:01 . 2010-11-14 13:01 80896 ----a-w- c:\windows\system32\MSNP.ax

2010-11-14 13:01 . 2010-11-14 13:01 68608 ----a-w- c:\windows\system32\Mpeg2Data.ax

2010-11-14 13:01 . 2010-11-14 13:01 428032 ----a-w- c:\windows\system32\EncDec.dll

2010-11-14 13:01 . 2010-11-14 13:01 217088 ----a-w- c:\windows\system32\psisrndr.ax

2010-11-14 13:01 . 2010-11-14 13:01 177152 ----a-w- c:\windows\system32\mpg2splt.ax

2010-11-14 13:01 . 2010-11-14 13:01 1244672 ----a-w- c:\windows\system32\mcmde.dll

2010-11-14 13:01 . 2010-11-14 13:01 57856 ----a-w- c:\windows\system32\MSDvbNP.ax

2010-11-14 13:01 . 2010-11-14 13:01 292352 ----a-w- c:\windows\system32\psisdecd.dll

2010-11-14 12:48 . 2010-11-14 12:48 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll

2010-11-14 12:48 . 2010-11-14 12:48 1808896 ----a-w- c:\windows\system32\NlsLexicons0046.dll

2010-11-14 12:48 . 2010-11-14 12:48 1411072 ----a-w- c:\windows\system32\NlsLexicons0047.dll

2010-11-14 12:48 . 2010-11-14 12:48 1558016 ----a-w- c:\windows\system32\NlsLexicons0049.dll

2010-11-14 12:48 . 2010-11-14 12:48 1236992 ----a-w- c:\windows\system32\NlsLexicons0020.dll

2010-11-14 12:48 . 2010-11-14 12:48 1782272 ----a-w- c:\windows\system32\NlsLexicons0039.dll

2010-11-14 12:48 . 2010-11-14 12:48 2136064 ----a-w- c:\windows\system32\NlsLexicons0021.dll

2010-11-14 12:48 . 2010-11-14 12:48 5499904 ----a-w- c:\windows\system32\NlsLexicons0022.dll

2010-11-14 12:48 . 2010-11-14 12:48 7964672 ----a-w- c:\windows\system32\NlsLexicons0024.dll

2010-11-14 12:48 . 2010-11-14 12:48 5791232 ----a-w- c:\windows\system32\NlsLexicons0026.dll

2010-11-14 12:48 . 2010-11-14 12:48 6224896 ----a-w- c:\windows\system32\NlsLexicons0027.dll

2010-11-14 12:48 . 2010-11-14 12:48 4175872 ----a-w- c:\windows\system32\NlsLexicons0010.dll

2010-11-14 12:47 . 2010-11-14 12:47 2466816 ----a-w- c:\windows\system32\NlsLexicons0011.dll

2010-11-14 12:47 . 2010-11-14 12:47 4981248 ----a-w- c:\windows\system32\NlsLexicons0013.dll

2010-11-14 12:47 . 2010-11-14 12:47 3331072 ----a-w- c:\windows\system32\NlsLexicons0018.dll

2010-11-14 12:47 . 2010-11-14 12:47 6781440 ----a-w- c:\windows\system32\NlsLexicons0019.dll

2010-11-14 12:47 . 2010-11-14 12:47 11722752 ----a-w- c:\windows\system32\NlsLexicons0001.dll

2010-11-14 12:47 . 2010-11-14 12:47 4164096 ----a-w- c:\windows\system32\NlsLexicons0002.dll

2010-11-14 12:47 . 2010-11-14 12:47 1452544 ----a-w- c:\windows\system32\NlsLexicons0003.dll

2010-11-14 12:47 . 2010-11-14 12:47 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll

2010-11-14 12:47 . 2010-11-14 12:47 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll

2010-11-14 12:47 . 2010-11-14 12:47 3419136 ----a-w- c:\windows\system32\NlsLexicons004a.dll

2010-11-14 12:47 . 2010-11-14 12:47 1702912 ----a-w- c:\windows\system32\NlsLexicons004b.dll

2010-11-14 12:47 . 2010-11-14 12:47 4093440 ----a-w- c:\windows\system32\NlsLexicons004c.dll

2010-11-14 12:47 . 2010-11-14 12:47 1972736 ----a-w- c:\windows\system32\NlsLexicons004e.dll

2010-11-14 12:47 . 2010-11-14 12:47 4045824 ----a-w- c:\windows\system32\NlsLexicons003e.dll

2010-11-14 12:47 . 2010-11-14 12:47 4096 ----a-w- c:\windows\system32\NlsLexicons002a.dll

2010-11-14 12:47 . 2010-11-14 12:47 6014976 ----a-w- c:\windows\system32\NlsLexicons001a.dll

2010-11-14 12:47 . 2010-11-14 12:47 6585856 ----a-w- c:\windows\system32\NlsLexicons001b.dll

2010-11-14 12:46 . 2010-11-14 12:46 6346240 ----a-w- c:\windows\system32\NlsLexicons001d.dll

2010-11-14 12:46 . 2010-11-14 12:46 9892864 ----a-w- c:\windows\system32\NlsLexicons000a.dll

2010-11-14 12:46 . 2010-11-14 12:46 6237696 ----a-w- c:\windows\system32\NlsLexicons000c.dll

2010-11-14 12:46 . 2010-11-14 12:46 1722368 ----a-w- c:\windows\system32\NlsLexicons000d.dll

2010-11-14 12:46 . 2010-11-14 12:46 5654528 ----a-w- c:\windows\system32\NlsLexicons000f.dll

2010-11-14 12:46 . 2010-11-14 12:46 4616192 ----a-w- c:\windows\system32\NlsLexicons0414.dll

2010-11-14 12:46 . 2010-11-14 12:46 5090816 ----a-w- c:\windows\system32\NlsLexicons0416.dll

2010-11-14 12:46 . 2010-11-14 12:46 5031936 ----a-w- c:\windows\system32\NlsLexicons0816.dll

2010-11-14 12:46 . 2010-11-14 12:46 7042560 ----a-w- c:\windows\system32\NlsLexicons081a.dll

2010-11-14 12:46 . 2010-11-14 12:46 5071872 ----a-w- c:\windows\system32\NlsModels0011.dll

2010-11-14 12:46 . 2010-11-14 12:46 3102720 ----a-w- c:\windows\system32\NlsData0047.dll

2010-11-14 12:46 . 2010-11-14 12:46 3102720 ----a-w- c:\windows\system32\NlsData0046.dll

2010-11-14 12:46 . 2010-11-14 12:46 3102720 ----a-w- c:\windows\system32\NlsData0045.dll

2010-11-14 12:46 . 2010-11-14 12:46 3102720 ----a-w- c:\windows\system32\NlsData0049.dll

2010-11-14 12:46 . 2010-11-14 12:46 3102720 ----a-w- c:\windows\system32\NlsData0039.dll

2010-11-14 12:46 . 2010-11-14 12:46 3102720 ----a-w- c:\windows\system32\NlsData0020.dll

2010-11-14 12:46 . 2010-11-14 12:46 1799168 ----a-w- c:\windows\system32\NlsData0022.dll

2010-11-14 12:46 . 2010-11-14 12:46 1799168 ----a-w- c:\windows\system32\NlsData0021.dll

2010-11-14 12:46 . 2010-11-14 12:46 1965056 ----a-w- c:\windows\system32\NlsData0027.dll

2010-11-14 12:46 . 2010-11-14 12:46 1963520 ----a-w- c:\windows\system32\NlsData0026.dll

2010-11-14 12:46 . 2010-11-14 12:46 1963520 ----a-w- c:\windows\system32\NlsData0024.dll

2010-11-14 12:46 . 2010-11-14 12:46 4493312 ----a-w- c:\windows\system32\NlsData0010.dll

2010-11-14 12:46 . 2010-11-14 12:46 3464704 ----a-w- c:\windows\system32\NlsData0013.dll

2010-11-14 12:46 . 2010-11-14 12:46 2655232 ----a-w- c:\windows\system32\NlsData0011.dll

2010-11-14 12:46 . 2010-11-14 12:46 1963520 ----a-w- c:\windows\system32\NlsData0018.dll

2010-11-14 12:46 . 2010-11-14 12:46 1523200 ----a-w- c:\windows\system32\NlsData0000.dll

2010-11-14 12:46 . 2010-11-14 12:46 4495360 ----a-w- c:\windows\system32\NlsData0019.dll

2010-11-14 12:46 . 2010-11-14 12:46 2597888 ----a-w- c:\windows\system32\NlsData0001.dll

2010-11-14 12:46 . 2010-11-14 12:46 1963520 ----a-w- c:\windows\system32\NlsData0003.dll

2010-11-14 12:46 . 2010-11-14 12:46 1963520 ----a-w- c:\windows\system32\NlsData0002.dll

2010-11-14 12:46 . 2010-11-14 12:46 4874240 ----a-w- c:\windows\system32\NlsData0009.dll

2010-11-14 12:46 . 2010-11-14 12:46 2241024 ----a-w- c:\windows\system32\NlsData0007.dll

.

 

(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))

.

.

*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-14 1232896]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-27 39408]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]

"Mobile Partner"="c:\program files\Mobile Partner\Mobile Partner.exe" [2008-12-04 114688]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-02-02 36864]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-05-06 405504]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 857648]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-05-27 92704]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2271840558-4011763898-2198543459-1000]

"EnableNotificationsRef"=dword:00000001

 

R2 gupdate;Googles oppdateringstjeneste (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 135664]

R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]

R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-12-30 103040]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2007-12-23 715248]

S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.

Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

 

2011-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 19:21]

 

2011-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-23 19:21]

.

.

------- Tilleggsskanning -------

.

uStart Page = hxxp://www.dagbladet.no/

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

Trusted Zone: skandiabanken.no\secure

Trusted Zone: skandiabanken.no\www

FF - ProfilePath - c:\users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\94cp9ler.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.dagbladet.no/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-01-09 18:02

Windows 6.0.6000 NTFS

 

skanner skjulte prosesser ...

 

skanner skjulte autostart-oppføringer ...

 

skanner skjulte filer ...

 

skanning vellykket

skjulte filer: 0

 

**************************************************************************

.

--------------------- LÅSTE REGISTERNØKLER ---------------------

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Tidspunkt ferdig: 2011-01-09 18:06:49

ComboFix-quarantined-files.txt 2011-01-09 17:06

ComboFix2.txt 2011-01-09 16:29

ComboFix3.txt 2011-01-09 11:49

 

Pre-Run: 13 564 059 648 byte ledig

Post-Run: 13 537 759 232 byte ledig

 

- - End Of File - - 3D000BFF3D4AA5FDDB84806205532B4B

Lenke til kommentar
r2d290

r2d290

Skrevet
Skrevet

Jeg ser at du har fått flyttet Combofix til Skrivebordet. Bra!

Fint å høre at du ikke merker noen direkte problemer med PC-en. Ble den nylig og plutselig treg, eller har den vært treg i lengre tid?

Både Malwarebytes og Combofix fjernet noe malware, og etter det ser det ut for meg at du er ren.

 

Kan prøve en opprensing for å gjøre PC-en raskere:

Last ned TFC til Skrivebordet.

  • Åpne filen, og avslutt alle andre vinduer.
  • Programmet vil avslutte alle programmer på egenhånd mens den kjører. Pass på å la programmet få kjøre uforstyrret.
  • Trykk på Start knappen for å starte prosessen. Det skal ikke ta lang tid før programmet er ferdig med jobben.
  • Når programmet er ferdig vil den restarte maskinen. Hvis ikke, gjør du dette selv så du er sikker på at programmet får gjort det den skal.

 

Combofix må avinstalleres.

 

Gå til Start > Kjør

Skriv følgende i boksen:

 

  • combofix /uninstall

 

PS: legg merke til mellomrommet mellom x og /uninstall

 

Du skal nå ha noe som tilsvarer bildet nedenfor:

combofix_uninstall.jpg

 

Trykk Enter.

 

Denne kommandoen vil:

  • Fjerne følgende:

    • ComboFix og dets tilhørende filer og mapper.
      VundoFix backups, hvis de eksisterer.
      Mappen C:\Deckard, hvis den eksisterer
      Mappen C:\OtMoveIt, hvis den eksisterer

    [*] Nullstille klokke-instillingene.

    [*] Skjule filetternavn hvis det er nødvendig.

    [*] Skjule System/Skjulte filer og mapper hvis det er nødvendig.

    [*] Nullstille systemgjennoprettingspunkter.

 

 

Sørg forøvrig for at Java, Flash player og Adobe reader er oppdatert, i tillegg til Windows.

 

Dersom du mener problemet er løst, vennligst trykk på "LØST"-knappen øverst til høyre i tråden din.

 

-Surf trygt-

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...