Gå til innhold

Anbefalte innlegg

ComboFix 08-05-29.1 - asåire 2008-05-30 21:23:59.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.1066 [GMT 2:00]

Running from: C:\Users\asåire\Desktop\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-30 )))))))))))))))))))))))))))))))

.

 

No new files created in this timespan

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-30 19:27 2,621,440 --sha-w C:\Users\asåire\NTUSER.DAT

2008-05-30 19:27 2,621,440 --sha-w C:\Users\asåire\NTUSER.DAT

2008-05-30 19:11 --------- d-----w C:\Program Files\Norton Internet Security

2008-05-30 19:11 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-05-30 17:37 13,072 ----a-w C:\Users\asåire\AppData\Roaming\nvModes.dat

2008-05-13 21:50 --------- d-----w C:\ProgramData\Microsoft Help

2008-05-13 21:50 --------- d-----w C:\Program Files\Windows Mail

2008-04-21 12:09 --------- d-s---w C:\Users\asåire\AppData\Roaming\Microsoft

2008-04-14 17:14 --------- d-----w C:\Program Files\Java

2008-04-07 11:23 --------- d-----w C:\Users\asåire\AppData\Roaming\Adobe

2008-04-03 10:01 --------- d-----w C:\ProgramData\Symantec

2008-03-08 04:30 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll

2008-03-08 04:30 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-03-08 04:30 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-03-08 04:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-03-08 04:30 1,686,528 ----a-w C:\Windows\System32\gameux.dll

2008-03-08 00:37 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll

2008-03-08 00:22 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll

2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll

2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll

2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll

2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe

2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe

2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll

2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll

2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys

2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll

2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll

2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll

2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll

2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe

2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll

2008-02-16 18:37 194,560 ----a-w C:\Windows\System32\WebClnt.dll

2008-02-16 18:33 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe

2008-02-16 18:33 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe

2008-02-16 18:31 24,064 ----a-w C:\Windows\System32\netcfg.exe

2008-02-16 18:31 22,016 ----a-w C:\Windows\System32\netiougc.exe

2008-02-16 18:31 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll

2008-02-15 12:31 61,224 ----a-w C:\Users\asåire\GoToAssistDownloadHelper.exe

2008-02-15 12:31 61,224 ----a-w C:\Users\asåire\GoToAssistDownloadHelper.exe

2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe

2008-01-14 20:29 66,247,384 ----a-w C:\Users\asåire\mediamanager23_enu.exe

2008-01-14 20:29 66,247,384 ----a-w C:\Users\asåire\mediamanager23_enu.exe

2008-01-14 20:29 13,841,966 ----a-w C:\Users\asåire\vegaspro80_manual.exe

2008-01-14 20:29 13,841,966 ----a-w C:\Users\asåire\vegaspro80_manual.exe

2008-01-14 20:29 115,662,325 ----a-w C:\Users\asåire\SonyVegasPro80a-ce_enu.exe

2008-01-14 20:29 115,662,325 ----a-w C:\Users\asåire\SonyVegasPro80a-ce_enu.exe

2007-11-05 13:55 174 --sha-w C:\Program Files\desktop.ini

2007-11-09 21:25 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2007-11-09 21:25 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2007-11-09 21:25 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

 

------- Sigcheck -------

 

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 21:41 1232896]

"????r"="" []

"?????????"="??????????????e" []

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-07 22:35 171448]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]

"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 00:06 2321600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-11-22 09:29 90191]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-11-22 09:29 7757824]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-11-22 09:29 81920]

"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 07:37 4186112 C:\Windows\RtHDVCpl.exe]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 05:00 815104]

"Acer Tour"="" []

"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344]

"eRecoveryService"="" []

"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 19:30 517768]

"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 00:24 620152]

"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 17:40 1884160]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-02-20 14:17 115816]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Acrobat Speed Launcher.lnk - C:\Windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2007-11-05 19:53:24 295606]

Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 01:01:50 734872]

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696]

Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2006-12-13 01:59:46 528384]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{10F17EAB-EFAE-4A90-849F-2F61E345A737}"= UDP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite

"{D10C1BEF-BA76-4B6A-A61B-2B4843146994}"= TCP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite

"{5B33E76E-9A3D-4DDD-9978-33FC639978C8}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{B4FF5431-EEE8-4867-BE19-033F7F41220A}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)

"{E8BD0A9E-75F4-46E9-83A7-C6E8D9B29170}"= UDP:3703:Adobe Version Cue CS3 Server

"{B3924350-4E31-46B2-AAC6-43C14DE086E8}"= UDP:3704:Adobe Version Cue CS3 Server

"{0E9BE563-54C1-4960-9536-334ADE75F07C}"= UDP:50900:Adobe Version Cue CS3 Server

"{A2A3B232-3437-4A99-96DE-3E2218BB4957}"= UDP:50901:Adobe Version Cue CS3 Server

"{4AFFC9A6-EEC9-4673-B6DE-61BF52DFF58D}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server

"{37D018E7-A369-42DF-B25C-02F16B00ACC0}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server

"{3F51E7F3-12B7-4DFC-ABAD-6C5697A29809}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{2CFBB938-2ACC-4E06-B01F-B50A427149CF}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{528F0473-6130-4BB6-8C72-8E32E06D7FD1}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{175D8319-2A83-4DC6-8396-D2E76D7B7858}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{8C6AA67E-97F4-4F84-9F2F-ADB9859A5D9B}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{FB007768-FE18-4B71-909A-F86E32066610}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{7F860DF2-5418-4F9C-BAEA-A6FA2D1062F2}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs

"{D8B236A0-C983-410D-B978-BF65B92A1AE5}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080529.001\IDSvix86.sys [2008-02-13 18:18]

R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-11-20 22:43]

R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2006-11-13 01:13]

R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 13:57]

R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2006-12-01 11:34]

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 11:39]

R3 Cam5607;Acer OrbiCam;C:\Windows\system32\Drivers\BisonC07.sys [2005-11-29 09:20]

R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 14:39]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 09:30]

S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSONY_MEDIAMGR2 []

S3 SMSCIRDA;SMSC Infrared Device Driver;C:\Windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 16:44]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a2692a2-8d10-11dc-b65d-001b38214d0c}]

\shell\AutoRun\command - F:\SETUP.EXE

\shell\configure\command - F:\SETUP.EXE

\shell\install\command - F:\SETUP.EXE

 

*Newly Created Service* - CATCHME

*Newly Created Service* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

"2008-05-26 20:09:49 C:\Windows\Tasks\Norton Internet Security Online - Kjør fullstendig systemsøk - asåire.job"

- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:

"2007-11-28 21:24:34 C:\Windows\Tasks\Se etter oppdateringer for Windows Live Toolbar.job"

- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-30 21:27:30

Windows 6.0.6000 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-05-30 21:28:50

ComboFix-quarantined-files.txt 2008-05-30 19:28:26

 

Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application.

Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application.

 

178 --- E O F --- 2008-05-28 20:06:08

 

 

Ble dette rett? :ermm:

Lenke til kommentar
Videoannonse
Annonse

Vel, dere som klarer å tyde loggen, og ser mening i alle disse ordene... :p

Hva slags diagnose får PC-en min?

Det er mulig Norton tok det første gangen, for da restartet jeg PC-en og greier. Men det er vel typisk min flaks at det ligger der enda!

Liker virkelig ikke dette. :S

Endret av medlem-124997
Lenke til kommentar

Loggen der fin ut.

Norton en ny tracking cookie.

Norton vil alltid finne cookies.

Dette er ikke farlig.

---

Du kan rense opp litt med CCleaner.

Dette fjerner cookies.

Denne kan du godt kjøre en gang iblant.

---

Last ned kjør CCleaner

'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t.

Kjør register-renser og"svar ja til og reparere"

---

Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc.

---

Surf trygt.

Endret av SNIPPSAT
Lenke til kommentar

Og, når du har fått til å avinstallere combofix, er det fint om du redigerer emnetittelen din.

Rediger førsteinlegget ditt med FULL redigering, og skriv:

[LØST]

foran emnetittelen din. Dette vil gjøre at det blir mer ryddig her på forumet :)

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
×
×
  • Opprett ny...