Kannutt Skrevet 28. mars 2011 Del Skrevet 28. mars 2011 Hjelp! Maskinen min går tregt, nettleser fungerer bare periodevis, og flere administrator oppgaver er fratatt meg. Har lest denne tråden: https://www.diskusjon.no/index.php?showtopic=691246 Har lastet ned og kjørt, og fått logger fra Malwarebytes Anti-Malware og Combofix. Kan noen hjelpe?? Jeg er sånn passe "grønn" her, så setter veldig pris på hjelp! Logg fra Malwarebytes: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Databaseversjon: 6195 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 28.03.2011 16:38:57 mbam-log-2011-03-28 (16-38-57).txt Skanntype: Hurtigsøk Objekter skannet: 149506 Tid tilbakelagt: 6 minutt(er), 24 sekund(er) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert 0 Minneprosesser infisert: (Ingen skadelige objekter funnet) Minnemoduler infisert: (Ingen skadelige objekter funnet) Registernøkler infisert: (Ingen skadelige objekter funnet) Registerverdier infisert: (Ingen skadelige objekter funnet) Registerfiler infisert: (Ingen skadelige objekter funnet) Mapper infisert: (Ingen skadelige objekter funnet) Filer infisert (Ingen skadelige objekter funnet) Logg fra combofix: ComboFix 11-03-27.02 - Kon 28.03.2011 16:56:14.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.47.1044.18.3003.1742 [GMT 2:00] Kjører fra: c:\users\Kon\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\dlumd10.dll c:\windows\system32\dlumd9.dll c:\windows\Temp\log.txt . . ((((((((((((((((((((((((((( Filer Opprettet Fra 2011-02-28 til 2011-03-28 ))))))))))))))))))))))))))))))))) . . 2011-03-28 15:03 . 2011-03-28 15:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-03-28 14:32 . 2011-03-28 14:32 -------- d-----w- c:\users\Kon\AppData\Roaming\Malwarebytes 2011-03-28 14:32 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-28 14:32 . 2011-03-28 14:32 -------- d-----w- c:\programdata\Malwarebytes 2011-03-28 14:31 . 2011-03-28 14:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-28 14:31 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-26 18:07 . 2010-03-23 12:15 13936 ----a-w- c:\windows\system32\drivers\dlkmdldr.sys 2011-03-26 18:07 . 2010-03-23 12:15 165488 ----a-w- c:\windows\system32\drivers\dlkmd.sys 2011-03-26 17:42 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll 2011-03-26 17:39 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll 2011-03-26 17:39 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2011-03-26 17:39 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2011-03-26 17:39 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-03-26 17:39 . 2009-10-23 17:10 714240 ----a-w- c:\windows\system32\timedate.cpl 2011-03-26 17:39 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-03-26 17:39 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll 2011-03-26 17:39 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll 2011-03-26 17:34 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll 2011-03-26 17:34 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll 2011-03-26 17:34 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe 2011-03-26 17:34 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2011-03-26 17:34 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe 2011-03-26 17:34 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2011-03-26 17:34 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2011-03-26 17:34 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll 2011-03-26 17:34 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll 2011-03-26 17:23 . 2011-03-26 17:23 -------- d-----w- c:\program files\Common Files\Adobe 2011-03-26 17:22 . 2011-03-26 17:22 -------- d-----w- c:\program files\Common Files\Java 2011-03-26 17:22 . 2011-02-02 20:40 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-03-26 15:54 . 2011-03-26 15:54 -------- d-----w- c:\users\Kon\AppData\Local\Microsoft Games 2011-03-26 15:35 . 2011-03-26 15:35 979456 ----a-w- c:\windows\system32\MFH264Dec.dll 2011-03-26 14:41 . 2011-03-26 14:41 -------- d-----w- c:\users\Kon\AppData\Roaming\AVG10 2011-03-26 14:31 . 2011-03-26 14:31 -------- d-----w- c:\users\Kon\AppData\Local\Mozilla 2011-03-26 02:12 . 2009-11-08 09:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2011-03-26 02:12 . 2009-11-08 09:55 49472 ----a-w- c:\windows\system32\netfxperf.dll 2011-03-26 02:12 . 2009-11-08 09:55 297808 ----a-w- c:\windows\system32\mscoree.dll 2011-03-26 02:12 . 2009-11-08 09:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2011-03-26 02:12 . 2009-11-08 09:55 1130824 ----a-w- c:\windows\system32\dfshim.dll 2011-03-26 02:09 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe 2011-03-25 21:58 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe 2011-03-25 21:58 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2011-03-25 21:58 . 2010-10-15 14:08 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-03-25 21:58 . 2010-10-15 14:08 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-03-25 21:58 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll 2011-03-25 21:56 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll 2011-03-25 21:56 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll 2011-03-25 21:56 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe 2011-03-25 21:56 . 2010-01-29 15:40 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll 2011-03-25 21:56 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-03-25 21:56 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-03-25 21:56 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-03-25 21:56 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll 2011-03-25 21:55 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe 2011-03-25 21:55 . 2010-06-17 18:08 10926592 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll 2011-03-25 21:55 . 2010-06-17 16:16 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe 2011-03-25 21:55 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL 2011-03-25 21:55 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll 2011-03-25 21:55 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll 2011-03-25 21:55 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll 2011-03-25 21:55 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-03-25 21:55 . 2010-01-21 15:05 62464 ----a-w- c:\windows\system32\l3codeca.acm 2011-03-25 21:55 . 2009-04-11 06:27 220672 ----a-w- c:\windows\system32\l3codecp.acm 2011-03-25 21:55 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll 2011-03-25 21:55 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll 2011-03-25 21:54 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll 2011-03-25 21:54 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll 2011-03-25 21:54 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll 2011-03-25 21:54 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll 2011-03-25 21:54 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe 2011-03-25 21:54 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe 2011-03-25 21:54 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll 2011-03-25 21:49 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-03-25 21:48 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-25 21:32 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll 2011-03-25 21:31 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-18 18:03 . 2011-03-26 14:28 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-12 186904] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-03-25 30192] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-11 7399968] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-04-11 1833504] "PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824] "LManager"="c:\program files\Launch Manager\LManager.exe" [2009-04-09 1071624] "BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-05-26 253696] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2009-03-30 62760] "Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-05-15 440864] "ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2009-04-29 176128] "TosDockApp"="c:\program files\TOSHIBA\dynadock_II\TosDockApp.exe" [2008-10-21 169272] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-03 1848648] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-11-23 565248] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-4-13 791840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll . R2 gupdate;Googles oppdateringstjeneste (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472] R3 cmusbser;%CMUSBSER%;c:\windows\system32\DRIVERS\cmusbser.sys [2006-12-13 87040] R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-03-25 30192] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424] S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2010-03-23 13936] S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2010-03-23 4752744] S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2009-04-11 117256] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-05-15 703008] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-05-26 62208] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632] S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2009-04-29 118784] S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-02-05 237568] S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.24075.0.sys [2010-03-23 21888] S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2010-03-23 165488] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-05 112640] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [2009-09-04 53248] S3 NETw1v32;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw1v32.sys [2009-06-19 5958144] S3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM106.sys [2008-09-08 1499648] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) . 2011-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 06:10] . 2011-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 06:10] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.google.no/ mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&s=2&o=vp32&d=1109&m=aspire_4810t uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s FF - ProfilePath - c:\users\Kon\AppData\Roaming\Mozilla\Firefox\Profiles\iioo4xea.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.no/ . - - - - TOMME PEKERE FJERNET - - - - . Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKLM-Run-TosDockSvr - c:\program files\TOSHIBA\dynadock_II\TosDockSvr.exe HKLM-Run-Cm106Sound - cm106.cpl SafeBoot-mcmscsvc SafeBoot-MCODS . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-28 17:03 Windows 6.0.6002 Service Pack 2 NTFS . skanner skjulte prosesser ... . skanner skjulte autostart-oppføringer ... . skanner skjulte filer ... . skanning vellykket skjulte filer: 0 . ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Tidspunkt ferdig: 2011-03-28 17:05:12 ComboFix-quarantined-files.txt 2011-03-28 15:05 . Pre-Run: 381 893 840 896 byte ledig Post-Run: 381 366 509 568 byte ledig . - - End Of File - - DA99A78F5B47690DF6BAF29198E5F09E Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå