Kake24 Skrevet 9. juni 2011 Del Skrevet 9. juni 2011 (endret) Takk for eventuell hjelp. Combofix: ComboFix 11-06-09.04 - PC 10-Jun-11 0:00.1.6 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4093.2982 [GMT 2:00] Running from: c:\users\PC\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2011-05-09 to 2011-06-09 ))))))))))))))))))))))))))))))) . . 2011-06-10 05:21 . 2011-06-09 19:26 -------- d-----w- c:\windows\Panther 2011-06-09 22:02 . 2011-06-09 22:02 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-09 22:00 . 2011-06-09 22:00 -------- d-----w- C:\32788R22FWJFW 2011-06-09 21:32 . 2011-06-09 21:34 -------- d-----w- c:\program files\NVIDIA Corporation 2011-06-09 21:32 . 2011-06-09 21:32 -------- d-----w- C:\NVIDIA 2011-06-09 21:21 . 2011-06-09 21:36 -------- d-----w- c:\programdata\boost_interprocess 2011-06-09 20:10 . 2011-06-09 20:10 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-06-09 20:10 . 2011-06-09 20:10 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-06-09 20:10 . 2011-06-09 20:10 -------- d-----w- c:\program files (x86)\Java 2011-06-09 20:05 . 2011-06-09 20:06 -------- d-----w- c:\program files (x86)\Windows Live 2011-06-09 20:05 . 2011-06-09 20:05 -------- d-----w- c:\windows\PCHEALTH 2011-06-09 20:04 . 2011-06-09 20:04 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2011-06-09 20:04 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll 2011-06-09 20:04 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll 2011-06-09 20:04 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll 2011-06-09 20:04 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll 2011-06-09 20:04 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL 2011-06-09 20:04 . 2010-05-23 10:11 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll 2011-06-09 20:04 . 2010-05-23 08:37 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL 2011-06-09 20:04 . 2010-05-23 08:35 257024 ----a-w- c:\windows\system32\mfreadwrite.dll 2011-06-09 20:04 . 2010-05-23 08:35 206848 ----a-w- c:\windows\system32\mfps.dll 2011-06-09 20:04 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\SysWow64\mf.dll 2011-06-09 20:04 . 2010-05-23 08:35 4068864 ----a-w- c:\windows\system32\mf.dll 2011-06-09 20:02 . 2011-06-09 20:02 -------- d-----w- c:\program files (x86)\Common Files\Windows Live 2011-06-09 19:59 . 2011-05-29 07:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-06-09 19:59 . 2011-06-09 19:59 -------- d-----w- c:\programdata\Malwarebytes 2011-06-09 19:59 . 2011-05-29 07:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-09 19:57 . 2010-11-30 09:43 601424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{82EF2E4D-6AB8-4863-B6E9-4F31B9CE57FF}\gapaengine.dll 2011-06-09 19:57 . 2011-05-24 17:12 8718160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{37822097-62DA-4502-A751-75B322E837DE}\mpengine.dll 2011-06-09 19:54 . 2011-06-09 20:01 -------- d-----w- c:\program files (x86)\Common Files\Steam 2011-06-09 19:51 . 2011-06-09 19:52 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2011-06-09 19:51 . 2011-06-09 19:52 -------- d-----w- c:\program files\Microsoft Security Client 2011-06-09 19:51 . 2010-04-09 11:06 1898376 ----a-w- c:\windows\system32\drivers\tcpip.sys 2011-06-09 19:51 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys 2011-06-09 19:48 . 2011-06-09 19:48 -------- d-----w- c:\program files (x86)\NEC Electronics 2011-06-09 19:48 . 2011-06-09 21:33 -------- d-sh--w- c:\windows\Installer 2011-06-09 19:47 . 2010-02-01 13:20 325152 ----a-w- c:\windows\system32\drivers\Rt64win7.sys 2011-06-09 19:47 . 2010-01-05 16:39 107552 ----a-w- c:\windows\system32\RTNUninst64.dll 2011-06-09 19:47 . 2009-12-03 09:27 74272 ----a-w- c:\windows\system32\RtNicProp64.dll 2011-06-09 19:46 . 2011-06-09 19:46 16896 ----a-w- c:\windows\AsTaskSched.dll 2011-06-09 19:46 . 2011-06-09 19:46 -------- d-----w- c:\windows\SysWow64\RTCOM 2011-06-09 19:46 . 2011-06-09 19:46 -------- d-----w- c:\program files\Realtek 2011-06-09 19:26 . 2011-06-09 20:18 -------- d-----w- c:\users\PC 2011-06-09 19:26 . 2011-06-09 19:26 -------- d-----w- C:\Recovery 2011-05-20 20:35 . 2011-05-20 20:35 304744 ----a-w- c:\windows\SysWow64\nvStreaming.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-09 20:05 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-05-25 06:09 . 2009-07-13 21:59 8863336 ----a-w- c:\windows\system32\nvwgf2umx.dll 2011-05-25 06:09 . 2009-07-13 21:59 6555240 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2011-05-25 06:09 . 2009-06-10 20:37 11992680 ----a-w- c:\windows\SysWow64\nvd3dum.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 MBAMService;MBAMService;e:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 WMP300Nv2;Linksys Wireless-N PCI Adapter WMP300Nv2 Service;c:\windows\system32\DRIVERS\WMP300Nv2.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2011-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1859001202-3978954821-3225384232-1000Core.job - c:\users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-09 19:51] . 2011-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1859001202-3978954821-3225384232-1000UA.job - c:\users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-09 19:51] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: Interfaces\{C4D86047-AAC8-4472-8335-43A83C88F4EC}: NameServer = 10.0.0.138 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\DAODx.exe . ************************************************************************** . Completion time: 2011-06-10 00:04:19 - machine was rebooted ComboFix-quarantined-files.txt 2011-06-09 22:04 . Pre-Run: 60,607,107,072 bytes free Post-Run: 60,470,988,800 bytes free . - - End Of File - - C8286435FEA9883F7BD008101594A83A MBAM: Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6821 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 09-Jun-11 23:55:04 mbam-log-2011-06-09 (23-55-04).txt Scan type: Quick scan Objects scanned: 168806 Time elapsed: 1 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Endret 9. juni 2011 av Kake24 Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå