FlowerEye Skrevet 24. april 2012 Del Skrevet 24. april 2012 Har slettet og funne masse suspekte filer på laptopen i det siste, og begynner kanskje å tro at noen jeg kjenner tuller med systemet. Eller at det bare er noe skikkelig dritt der. Kan noen sjekke gjennom loggene mine, og eventuelt fortelle meg hva jeg bør gjøre for å finne ut av det, og få alt i orden igjen? Hadde blitt meget takknemlig! Combofix logg: ComboFix 12-04-24.01 - Thomas&IJ 24.04.2012 13:37:18.1.2 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.47.1044.18.4092.3021 [GMT 2:00] Kjører fra: c:\users\Thomas&IJ\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Local c:\users\Thomas&IJ\d4bc05d48b6f969939412023d5b5bc2c-500x373.jpg c:\users\Thomas&IJ\Documents\~WRL0003.tmp c:\windows\SysWow64\Config.cfg . . ((((((((((((((((((((((((((( Filer Opprettet Fra 2012-03-24 til 2012-04-24 ))))))))))))))))))))))))))))))))) . . 2012-04-24 11:57 . 2012-04-24 11:57 -------- d-----w- c:\programdata\Local 2012-04-24 11:55 . 2012-04-24 11:55 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-24 11:45 . 2012-04-24 11:45 27936 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys 2012-04-24 11:43 . 2012-04-24 11:44 -------- d-----w- c:\program files\HitmanPro 2012-04-24 11:27 . 2012-04-24 11:45 -------- d-----w- c:\programdata\HitmanPro 2012-04-24 11:11 . 2012-04-24 11:11 -------- d-----w- C:\TDSSKiller_Quarantine 2012-04-20 15:22 . 2012-04-24 10:45 -------- d-----w- c:\programdata\SecTaskMan 2012-04-20 15:21 . 2012-04-20 15:21 -------- d-----w- c:\program files (x86)\Security Task Manager 2012-04-19 20:48 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-19 20:48 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-19 01:27 . 2012-04-19 01:27 -------- d-----w- c:\windows\system32\SPReview 2012-04-19 01:26 . 2012-04-19 01:26 -------- d-----w- c:\windows\system32\EventProviders 2012-04-19 01:23 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll 2012-04-19 01:23 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-04-19 01:23 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-04-15 22:00 . 2012-04-15 22:02 -------- d-----w- c:\users\Thomas&IJ\.lincity 2012-04-15 21:57 . 2012-04-20 14:53 -------- d-----w- c:\program files (x86)\LinCity-NG 2012-04-14 23:49 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll 2012-04-14 23:48 . 2010-11-20 13:26 1632256 ----a-w- c:\windows\system32\dwmcore.dll 2012-04-14 23:47 . 2010-11-20 13:32 179072 ----a-w- c:\windows\system32\drivers\Classpnp.sys 2012-04-14 23:46 . 2010-11-20 13:27 24064 ----a-w- c:\windows\system32\sisbkup.dll 2012-04-14 23:45 . 2010-11-20 13:29 3584 ----a-w- c:\windows\system32\drivers\nb-NO\tsusbflt.sys.mui 2012-04-14 23:45 . 2010-11-20 13:39 2560 ----a-w- c:\windows\system32\drivers\nb-NO\rdpwd.sys.mui 2012-04-14 23:45 . 2010-11-20 13:29 14848 ----a-w- c:\windows\system32\drivers\nb-NO\nwifi.sys.mui 2012-04-14 23:45 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll 2012-04-14 23:45 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll 2012-04-14 23:45 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll 2012-04-14 23:45 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll 2012-04-14 23:45 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll 2012-04-14 23:45 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll 2012-04-14 23:41 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll 2012-04-14 23:41 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll 2012-04-14 23:41 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll 2012-04-14 14:55 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2012-04-14 14:55 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2012-04-14 14:55 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys 2012-04-14 14:55 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2012-04-14 14:55 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2012-04-14 14:55 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2012-04-14 14:55 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys 2012-04-14 03:12 . 2012-04-14 03:12 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-04-14 02:50 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-14 02:50 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-04-14 02:50 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-04-14 02:18 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-14 02:18 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-04-14 02:18 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-14 02:18 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-14 02:18 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-04-14 02:18 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-04-14 02:18 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-04-13 20:21 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2012-04-13 20:21 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2012-04-13 20:21 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe 2012-04-13 20:21 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe 2012-04-13 20:21 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe 2012-04-13 20:21 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe 2012-04-13 20:21 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll 2012-04-13 20:21 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll 2012-04-13 20:21 . 2010-12-23 10:36 259072 ----a-w- c:\windows\system32\mpg2splt.ax 2012-04-13 20:21 . 2010-12-23 05:54 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll 2012-04-13 20:21 . 2010-12-23 05:54 850944 ----a-w- c:\windows\SysWow64\sbe.dll 2012-04-13 20:21 . 2010-12-23 05:50 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax 2012-04-13 20:19 . 2011-05-04 04:32 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll 2012-04-13 20:18 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-04-13 20:18 . 2010-11-20 13:33 288640 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-04-13 20:18 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll 2012-04-13 20:18 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2012-04-13 20:18 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll 2012-04-13 20:18 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll 2012-04-13 20:18 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll 2012-04-13 20:18 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll 2012-04-13 20:18 . 2011-02-19 09:00 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-04-13 20:17 . 2011-02-19 04:34 294912 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-04-13 20:17 . 2011-02-19 12:03 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-04-13 20:17 . 2011-02-19 06:30 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-04-13 20:17 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll 2012-04-13 20:17 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2012-04-13 20:17 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2012-04-13 20:16 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll 2012-04-13 20:16 . 2011-03-03 06:21 30208 ----a-w- c:\windows\system32\dnscacheugc.exe 2012-04-13 20:16 . 2011-03-03 05:36 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe 2012-04-13 20:16 . 2010-11-20 13:26 321024 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-04-13 20:16 . 2010-11-20 12:18 219136 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2012-04-13 20:16 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll 2012-04-13 20:16 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2012-04-13 20:15 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys 2012-04-13 20:15 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys 2012-04-13 20:15 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys 2012-04-13 20:14 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll 2012-04-13 20:14 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax 2012-04-13 20:14 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll 2012-04-13 20:14 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax 2012-04-13 20:14 . 2010-11-20 13:24 288256 ----a-w- c:\windows\system32\MSNP.ax 2012-04-13 20:14 . 2010-11-20 13:24 104960 ----a-w- c:\windows\system32\Mpeg2Data.ax 2012-04-13 20:14 . 2010-11-20 12:16 72704 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax 2012-04-13 20:14 . 2010-11-20 12:16 204288 ----a-w- c:\windows\SysWow64\MSNP.ax 2012-04-13 20:14 . 2010-11-20 13:24 75776 ----a-w- c:\windows\system32\MSDvbNP.ax 2012-04-13 20:14 . 2010-11-20 12:16 59904 ----a-w- c:\windows\SysWow64\MSDvbNP.ax 2012-04-13 20:13 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys 2012-04-13 20:13 . 2011-02-05 17:10 642944 ----a-w- c:\windows\system32\winload.efi 2012-04-13 20:13 . 2011-02-05 17:06 605552 ----a-w- c:\windows\system32\winload.exe 2012-04-13 20:13 . 2011-02-05 17:06 518672 ----a-w- c:\windows\system32\winresume.exe 2012-04-13 20:13 . 2011-02-05 17:10 20352 ----a-w- c:\windows\system32\kdusb.dll 2012-04-13 20:13 . 2011-02-05 17:10 19328 ----a-w- c:\windows\system32\kd1394.dll 2012-04-13 20:13 . 2011-02-05 17:10 17792 ----a-w- c:\windows\system32\kdcom.dll 2012-04-13 20:13 . 2011-02-05 17:06 566208 ----a-w- c:\windows\system32\winresume.efi 2012-04-13 20:13 . 2010-11-20 13:27 63488 ----a-w- c:\windows\system32\setbcdlocale.dll 2012-04-13 20:11 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll 2012-04-13 20:11 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-04-13 20:11 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll 2012-04-13 20:11 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll 2012-04-13 20:11 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll 2012-04-13 20:11 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll 2012-04-13 19:50 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll 2012-04-13 19:50 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll 2012-04-13 19:45 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-13 19:41 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-04-13 19:41 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-13 19:41 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-04-13 19:41 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-04-13 12:37 . 2012-04-13 12:37 -------- d-----w- c:\users\Thomas&IJ\AppData\Roaming\Malwarebytes 2012-04-13 12:37 . 2012-04-13 12:37 -------- d-----w- c:\programdata\Malwarebytes 2012-04-13 12:37 . 2012-04-13 12:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-04-13 12:37 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-19 01:43 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-04-19 01:43 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-03-11 21:02 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-02-15 10:01 . 2012-02-15 10:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys 2012-02-15 10:01 . 2012-02-15 10:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-02-07 09:02 . 2012-02-07 09:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\system32\svchost.exe . c:\windows\SysWow64\svchost.exe ... mangler !! . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-26 740216] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" "Easybits Recovery"=c:\program files (x86)\EasyBits For Kids\ezRecover.exe "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe "HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" "Nuance PDF Converter Professional 7-reminder"="c:\program files (x86)\Nuance\PDF Professional 7\Ereg\Ereg.exe" -r "c:\programdata\Nuance\PDF Converter Professional 7\Ereg\Ereg.ini" "PDF7 Registry Controller"=c:\program files (x86)\Nuance\PDF Professional 7\RegistryController.exe "PDFHook"=c:\program files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "<NO NAME>"= "BDRegion"=c:\program files (x86)\Cyberlink\Shared files\brs.exe . R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [x] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [x] R2 gupdate;Googles oppdateringstjeneste (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-10 136176] R2 MSSQL$QSRNVIVO9;SQL Server (QSRNVIVO9);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.QSRNVIVO9\MSSQL\Binn\sqlservr.exe [x] R2 MSSQL$VISMA;SQL Server (VISMA);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x] R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [x] R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408] R3 gupdatem;Google-oppdatering-tjenesten (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-10 136176] R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896] R4 SQLAgent$QSRNVIVO9;SQL Server Agent (QSRNVIVO9);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.QSRNVIVO9\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 367456] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/07/24 16:21];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-06-28 20:50 146928] S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/07/24 16:44];c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl [2009-12-15 10:28 146928] S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2012-04-24 107848] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] S2 SesamService;Sesam Control Service;c:\program files (x86)\Telenor\Mobilt Bredbånd\Sesam\BIN\SecMIPService.exe [2008-05-09 1216296] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x] S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] S3 wtsmpadap;Sesam Virtual Adapter;c:\windows\system32\DRIVERS\wtsmpadap.sys [x] S3 WtSmpFlt;Sesam Adapter;c:\windows\system32\DRIVERS\wtsmpflt.sys [x] . . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-08-20 20:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) . 2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-15 20:05] . 2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-15 20:05] . 2012-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3474513845-1905341291-1713624515-1000Core.job - c:\users\Thomas&IJ\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-10 20:05] . 2012-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3474513845-1905341291-1713624515-1000UA.job - c:\users\Thomas&IJ\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-10 20:05] . 2012-04-13 c:\windows\Tasks\HPCeeScheduleForThomas&IJ.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Tilleggsskanning ------- . uStart Page = hxxp://search.babylon.com/?affID=111252&babsrc=HP_ss&mntrId=4adbfeed000000000000f67bcb805a5b uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Open with Nuance PDF Converter 7.0 - c:\program files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll /100 TCP: DhcpNameServer = 217.13.7.140 217.13.4.24 . - - - - TOMME PEKERE FJERNET - - - - . URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file) Wow6432Node-HKCU-Run-AdobeBridge - (no file) SafeBoot-79487086.sys AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl" . --------------------- LÅSTE REGISTERNØKLER --------------------- . [HKEY_USERS\S-1-5-21-3474513845-1905341291-1713624515-1000\Software\SecuROM\License information*] "datasecu"=hex:38,12,75,45,4b,f6,77,d6,f8,57,f7,8f,0d,55,73,8d,b5,29,8f,3b,48, 03,2c,8c,bd,63,d8,62,51,26,3e,2b,fa,e7,6b,14,e6,32,93,77,59,05,d0,ec,5d,fe,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\program files (x86)\CyberLink\Shared files\RichVideo.exe c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe . ************************************************************************** . Tidspunkt ferdig: 2012-04-24 14:08:55 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2012-04-24 12:08 . Pre-Run: 285 545 861 120 byte ledig Post-Run: 285 391 413 248 byte ledig . - - End Of File - - 3F644932B9AAD883B5DBD0C332A7BBF8 Hitmanpro finner 45 infiserte trusler, og 45 spor. Jeg får ikkje gjort noe eller postet logg i og med at programmet måtte aktiveres, og jeg har ikke noe kode. Mbam fant ingenting tho.. Logg: Malwarebytes Anti-Malware 1.61.0.1400www.malwarebytes.org Databaseversjon: v2012.04.13.03 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Thomas&IJ :: THOMAS [administrator] 14.04.2012 04:11:51 mbam-log-2012-04-14 (04-11-51).txt Skanntype: Egendefinert skann Aktiverte skanningsinnstillinger: Filsystem | Heuristikk/Shuriken | PUP | PUM Deaktiverte skanninnstillinger: Minne | Oppstart | Register | Heuristikk/Ekstra | P2P Objekter skannet: 5 Tid tilbakelagt: 21 sekund(er) Minneprosesser oppdaget: 0 (Ingen skadelige objekter funnet) Minnemoduler oppdaget: 0 (Ingen skadelige objekter funnet) Registernøkler oppdaget: 0 (Ingen skadelige objekter funnet) Registerverdier oppdaget: 0 (Ingen skadelige objekter funnet) Registerfiler oppdaget: 0 (Ingen skadelige objekter funnet) Mapper oppdaget: 0 (Ingen skadelige objekter funnet) Filer oppdaget 0 (Ingen skadelige objekter funnet) (klar) Tidligere mbam logg: Malwarebytes Anti-Malware 1.61.0.1400www.malwarebytes.org Databaseversjon: v2012.04.13.03 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Thomas&IJ :: THOMAS [administrator] 14.04.2012 04:13:02 mbam-log-2012-04-14 (04-13-02).txt Skanntype: Full skann Aktiverte skanningsinnstillinger: Minne | Oppstart | Register | Filsystem | Heuristikk/Ekstra | Heuristikk/Shuriken | PUP | PUM Deaktiverte skanninnstillinger: P2P Objekter skannet: 560740 Tid tilbakelagt: 4 time®, 35 minutt(er), 5 sekund(er) Minneprosesser oppdaget: 0 (Ingen skadelige objekter funnet) Minnemoduler oppdaget: 0 (Ingen skadelige objekter funnet) Registernøkler oppdaget: 19 HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Satt i karantene og slettet vellykket. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Satt i karantene og slettet vellykket. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Satt i karantene og slettet vellykket. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Satt i karantene og slettet vellykket. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Satt i karantene og slettet vellykket. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Satt i karantene og slettet vellykket. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Satt i karantene og slettet vellykket. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Satt i karantene og slettet vellykket. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Satt i karantene og slettet vellykket. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Satt i karantene og slettet vellykket. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> Satt i karantene og slettet vellykket. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> Satt i karantene og slettet vellykket. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> Satt i karantene og slettet vellykket. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> Satt i karantene og slettet vellykket. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> Satt i karantene og slettet vellykket. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> Satt i karantene og slettet vellykket. HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Satt i karantene og slettet vellykket. HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Satt i karantene og slettet vellykket. HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Satt i karantene og slettet vellykket. Registerverdier oppdaget: 0 (Ingen skadelige objekter funnet) Registerfiler oppdaget: 0 (Ingen skadelige objekter funnet) Mapper oppdaget: 1 C:\ProgramData\TheBflix (PUP.BFlix) -> Satt i karantene og slettet vellykket. Filer oppdaget 10 C:\Users\Thomas&IJ\AppData\Local\mwsautSp.exe (PUP.MyWebSearch) -> Satt i karantene og slettet vellykket. C:\Users\Thomas&IJ\Downloads\actualspy.exe (Application.ActualSpy) -> Satt i karantene og slettet vellykket. C:\Users\Thomas&IJ\Downloads\DownloadSetup.exe (Affiliate.Downloader) -> Satt i karantene og slettet vellykket. C:\Users\Thomas&IJ\Downloads\RetrogamerSetup2.3.70.1.RGman000.exe (PUP.MyWebSearch) -> Satt i karantene og slettet vellykket. C:\Users\Thomas&IJ\Downloads\CorelDRAW.Graphics.Suite.X5.v15.1.0.588.Incl.Keymaker-CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Satt i karantene og slettet vellykket. C:\ProgramData\TheBflix\background.html (PUP.BFlix) -> Satt i karantene og slettet vellykket. C:\ProgramData\TheBflix\ajhcekcffkpnaednoeoegnmnjdlnjjmg.crx (PUP.BFlix) -> Satt i karantene og slettet vellykket. C:\ProgramData\TheBflix\bhoclass.dll (PUP.BFlix) -> Satt i karantene og slettet vellykket. C:\ProgramData\TheBflix\content.js (PUP.BFlix) -> Satt i karantene og slettet vellykket. C:\ProgramData\TheBflix\settings.ini (PUP.BFlix) -> Satt i karantene og slettet vellykket. (klar) Lenke til kommentar
Superby Skrevet 24. april 2012 Del Skrevet 24. april 2012 send en trojan tilbake! [email protected] Lenke til kommentar
Dr.Geek Skrevet 24. april 2012 Del Skrevet 24. april 2012 Har slettet og funne masse suspekte filer på laptopen i det siste, og begynner kanskje å tro at noen jeg kjenner tuller med systemet. Eller at det bare er noe skikkelig dritt der. C:\Users\Thomas&IJ\Downloads\RetrogamerSetup2.3.70.1.RGman000.exe (PUP.MyWebSearch) -> Satt i karantene og slettet vellykket. C:\Users\Thomas&IJ\Downloads\CorelDRAW.Graphics.Suite.X5.v15.1.0.588.Incl.Keymaker-CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Satt i karantene og slettet vellykket. Du har lastet en crack/keygen. Dette medfører nesten alltid malware/adware infeksjoner. Combofix log viser også manglende/korrupte systemfiler. Lenke til kommentar
FlowerEye Skrevet 24. april 2012 Forfatter Del Skrevet 24. april 2012 Har slettet og funne masse suspekte filer på laptopen i det siste, og begynner kanskje å tro at noen jeg kjenner tuller med systemet. Eller at det bare er noe skikkelig dritt der. C:\Users\Thomas&IJ\Downloads\RetrogamerSetup2.3.70.1.RGman000.exe (PUP.MyWebSearch) -> Satt i karantene og slettet vellykket. C:\Users\Thomas&IJ\Downloads\CorelDRAW.Graphics.Suite.X5.v15.1.0.588.Incl.Keymaker-CORE\CORE10k.EXE (Dont.Steal.Our.Software) -> Satt i karantene og slettet vellykket. Du har lastet en crack/keygen. Dette medfører nesten alltid malware/adware infeksjoner. Combofix log viser også manglende/korrupte systemfiler. Det er nok ikke meg som har lastet det ned.. Hva mangler sa du? Kan jeg gjøre noe for å fikse det? Lenke til kommentar
Dr.Geek Skrevet 25. april 2012 Del Skrevet 25. april 2012 Dette ligger på Downloads foldern: C:\Users\Thomas&IJ\Downloads\ Her: C:\Users\Thomas&IJ\Downloads\actualspy.exe (Application.ActualSpy) Her har det blitt lastet ned en kylogger. http://www.actualspy.com/ Kjenner ikke noe til det heller?! Lenke til kommentar
FlowerEye Skrevet 29. april 2012 Forfatter Del Skrevet 29. april 2012 Var noe jeg installerte for å prøve å se hvordan de programmene fungerte Men det ble med installeringen. Jeg tok en systemgjennoppretting, og her er ny logg fra combofix: ComboFix 12-04-28.01 - Thomas&IJ 29.04.2012 3:20.1.2 - x64Microsoft Windows 7 Home Premium 6.1.7600.0.1252.47.1044.18.4092.1917 [GMT 2:00] Kjører fra: c:\users\Thomas&IJ\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Local c:\programdata\TheBflix c:\programdata\TheBflix\bhoclass.dll c:\programdata\TheBflix\content.js c:\programdata\TheBflix\settings.ini c:\windows\SysWow64\bdaplgin.ax c:\windows\SysWow64\cero.rs c:\windows\SysWow64\Config.cfg c:\windows\SysWow64\csrr.rs c:\windows\SysWow64\dwlGina3.dll c:\windows\SysWow64\esrb.rs c:\windows\SysWow64\g711codc.ax c:\windows\SysWow64\grb.rs c:\windows\SysWow64\iac25_32.ax c:\windows\SysWow64\ir41_32.ax c:\windows\SysWow64\ivfsrc.ax c:\windows\SysWow64\ksproxy.ax c:\windows\SysWow64\kstvtune.ax c:\windows\SysWow64\Kswdmcap.ax c:\windows\SysWow64\ksxbar.ax c:\windows\SysWow64\Mpeg2Data.ax c:\windows\SysWow64\mpg2splt.ax c:\windows\SysWow64\MSDvbNP.ax c:\windows\SysWow64\MSNP.ax c:\windows\SysWow64\oflc.rs c:\windows\SysWow64\pegi-fi.rs c:\windows\SysWow64\pegi-pt.rs c:\windows\SysWow64\pegi.rs c:\windows\SysWow64\pegibbfc.rs c:\windows\SysWow64\psisrndr.ax c:\windows\SysWow64\usk.rs c:\windows\SysWow64\VBICodec.ax c:\windows\SysWow64\vbisurf.ax c:\windows\SysWow64\vidcap.ax c:\windows\SysWow64\WEB.rs c:\windows\SysWow64\WSTPager.ax . . ((((((((((((((((((((((((((( Filer Opprettet Fra 2012-03-28 til 2012-04-29 ))))))))))))))))))))))))))))))))) . . 2012-04-29 01:39 . 2012-04-29 01:39 -------- d-----w- c:\programdata\Local 2012-04-29 01:35 . 2012-04-29 01:35 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-29 01:08 . 2012-04-29 01:08 -------- d-----w- c:\programdata\Deskman11 2012-04-29 01:08 . 2012-04-29 01:08 -------- d-----w- c:\program files (x86)\Anfibia Deskman 2012-04-29 01:08 . 2012-01-08 11:16 3712 ----a-w- c:\windows\SysWow64\dwlkbf.sys 2012-04-29 01:08 . 2012-04-29 01:08 81920 ----a-w- c:\windows\SysWow64\aakah.dll 2012-04-29 01:08 . 2012-04-29 01:08 34272 ----a-w- c:\windows\SysWow64\aakah.sys 2012-04-29 01:08 . 2012-04-29 01:08 237568 ----a-w- c:\windows\SysWow64\aaksrv.exe 2012-04-29 01:08 . 2012-04-29 01:08 20768 ----a-w- c:\windows\SysWow64\aakbdrv.sys 2012-04-29 01:08 . 2012-04-29 01:08 -------- d-----w- c:\program files (x86)\Advanced Anti Keylogger 2012-04-29 00:37 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-25 17:04 . 2012-04-27 20:02 -------- d-----r- c:\program files (x86)\Skype 2012-04-24 11:27 . 2012-04-24 11:45 -------- d-----w- c:\programdata\HitmanPro 2012-04-24 11:11 . 2012-04-24 11:11 -------- d-----w- C:\TDSSKiller_Quarantine 2012-04-20 15:22 . 2012-04-27 20:02 -------- d-----w- c:\programdata\SecTaskMan 2012-04-20 15:21 . 2012-04-27 20:02 -------- d-----w- c:\program files (x86)\Security Task Manager 2012-04-15 22:00 . 2012-04-15 22:02 -------- d-----w- c:\users\Thomas&IJ\.lincity 2012-04-15 21:57 . 2012-04-20 14:53 -------- d-----w- c:\program files (x86)\LinCity-NG 2012-04-13 12:37 . 2012-04-13 12:37 -------- d-----w- c:\users\Thomas&IJ\AppData\Roaming\Malwarebytes 2012-04-13 12:37 . 2012-04-13 12:37 -------- d-----w- c:\programdata\Malwarebytes 2012-04-13 12:37 . 2012-04-29 00:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-04-12 18:16 . 2012-04-12 18:16 -------- d-----w- c:\users\Thomas&IJ\AppData\Roaming\Adobe Mini Bridge CS5 2012-04-01 20:04 . 2012-04-01 20:04 -------- d-----w- c:\program files\iPod 2012-04-01 20:04 . 2012-04-01 20:07 -------- d-----w- c:\program files\iTunes 2012-04-01 20:02 . 2012-04-01 20:02 -------- d-----w- c:\program files\Common Files\Apple . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-15 10:01 . 2012-02-15 10:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys 2012-02-15 10:01 . 2012-02-15 10:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll . . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-03-15 19:45 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-15 1869152] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-26 740216] "AAK"="c:\program files (x86)\Advanced Anti Keylogger\aak.exe" [2012-04-29 643072] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-15 982880] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "DSKM"="c:\program files (x86)\Anfibia Deskman\deskman.exe" [2012-04-04 4411472] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "DeskHelper"="c:\program files (x86)\Anfibia Deskman\deskmanh.exe" [2012-04-04 461392] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" "Easybits Recovery"=c:\program files (x86)\EasyBits For Kids\ezRecover.exe "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe "HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" "Nuance PDF Converter Professional 7-reminder"="c:\program files (x86)\Nuance\PDF Professional 7\Ereg\Ereg.exe" -r "c:\programdata\Nuance\PDF Converter Professional 7\Ereg\Ereg.ini" "PDF7 Registry Controller"=c:\program files (x86)\Nuance\PDF Professional 7\RegistryController.exe "PDFHook"=c:\program files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "<NO NAME>"= "BDRegion"=c:\program files (x86)\Cyberlink\Shared files\brs.exe . R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100619.001\BHDrvx64.sys [2010-05-22 942640] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [x] R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248] R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776] R2 gupdate;Googles oppdateringstjeneste (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-10 136176] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408] R3 GTMM Device Service;GTMM Device Service;c:\program files (x86)\Telenor\Mobilt Bredbånd\GtmmDeviceService.exe [2009-05-11 106496] R3 gupdatem;Google-oppdatering-tjenesten (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-10 136176] R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] R4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x] R4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x] R4 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 44896] R4 SQLAgent$QSRNVIVO9;SQL Server Agent (QSRNVIVO9);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.QSRNVIVO9\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 367456] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x] S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100709.001\IDSvia64.sys [2010-05-28 463408] S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/07/24 16:21];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-06-28 20:50 146928] S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/07/24 16:44];c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl [2009-12-15 10:28 146928] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 DeskmanHelper;Deskman Helper;c:\program files (x86)\Anfibia Deskman\deskmansvc.exe [2012-04-04 582736] S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] S2 MSSQL$QSRNVIVO9;SQL Server (QSRNVIVO9);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.QSRNVIVO9\MSSQL\Binn\sqlservr.exe [2010-04-03 42884448] S2 MSSQL$VISMA;SQL Server (VISMA);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [2011-08-04 126400] S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [2010-07-25 134944] S2 SesamService;Sesam Control Service;c:\program files (x86)\Telenor\Mobilt Bredbånd\Sesam\BIN\SecMIPService.exe [2008-05-09 1216296] S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-15 918880] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] S3 wtsmpadap;Sesam Virtual Adapter;c:\windows\system32\DRIVERS\wtsmpadap.sys [x] S3 WtSmpFlt;Sesam Adapter;c:\windows\system32\DRIVERS\wtsmpflt.sys [x] . . --- Andre tjenester/drivere lastet i minnet --- . *NewlyCreated* - AVGLDX64 *NewlyCreated* - WS2IFSL . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-08-20 20:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) . 2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-15 20:05] . 2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-15 20:05] . 2012-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3474513845-1905341291-1713624515-1000Core.job - c:\users\Thomas&IJ\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-10 20:05] . 2012-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3474513845-1905341291-1713624515-1000UA.job - c:\users\Thomas&IJ\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-10 20:05] . 2012-04-29 c:\windows\Tasks\HPCeeScheduleForThomas&IJ.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22] . 2012-04-28 c:\windows\Tasks\Norton Security Scan for Thomas&IJ.job - c:\program files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-07 00:27] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Tilleggsskanning ------- . uStart Page = hxxp://search.babylon.com/?affID=111252&babsrc=HP_ss&mntrId=4adbfeed000000000000f67bcb805a5b uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Append the content of the link to existing PDF file - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Append the content of the selected links to existing PDF file - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML IE: Append to existing PDF file - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Create PDF file - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: Create PDF file from the content of the link - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: Create PDF files from the selected links - c:\program files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML IE: Open with Nuance PDF Converter 7.0 - c:\program files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll /100 IE: Open with PDF Professional 7 - c:\program files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm TCP: DhcpNameServer = 217.13.7.140 217.13.4.24 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll FF - ProfilePath - c:\users\Thomas&IJ\AppData\Roaming\Mozilla\Firefox\Profiles\flnqg4bf.default\ FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=111252&babsrc=KW_ss&mntrId=4adbfeed000000000000f67bcb805a5b&q= FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=111252&babsrc=HP_ss&mntrId=4adbfeed000000000000f67bcb805a5b FF - user.js: extensions.BabylonToolbar_i.id - 4adbfeed000000000000f67bcb805a5b FF - user.js: extensions.BabylonToolbar_i.hardId - 4adbfeed000000000000f67bcb805a5b FF - user.js: extensions.BabylonToolbar_i.instlDay - 15413 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:00 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111252 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - TOMME PEKERE FJERNET - - - - . URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file) Wow6432Node-HKLM-Run-dmanapp - (no file) Wow6432Node-HKLM-Run-dmanweb - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl" . --------------------- LÅSTE REGISTERNØKLER --------------------- . [HKEY_USERS\S-1-5-21-3474513845-1905341291-1713624515-1000\Software\SecuROM\License information*] "datasecu"=hex:38,12,75,45,4b,f6,77,d6,f8,57,f7,8f,0d,55,73,8d,b5,29,8f,3b,48, 03,2c,8c,bd,63,d8,62,51,26,3e,2b,fa,e7,6b,14,e6,32,93,77,59,05,d0,ec,5d,fe,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe c:\program files (x86)\CyberLink\Shared files\RichVideo.exe c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe . ************************************************************************** . Tidspunkt ferdig: 2012-04-29 03:49:58 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2012-04-29 01:49 ComboFix2.txt 2012-04-24 12:08 . Pre-Run: 270 349 832 192 byte ledig Post-Run: 271 350 243 328 byte ledig . - - End Of File - - 66AF186B836B2FB147F93C6F93E15372 Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå