ComboFix 13-08-04.01 - 04.08.2013 22:04:13.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.1014.364 [GMT 2:00] Kjører fra: c:\documents and settings\\Skrivebord\ComboFix.exe . ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\\Programdata\dotNetFx40_Full_setup.exe . . ((((((((((((((((((((((((((( Filer Opprettet Fra 2013-07-04 til 2013-08-04 ))))))))))))))))))))))))))))))))) . . 2013-08-04 16:53 . 2013-08-04 16:53 -------- d-----w- c:\documents and settings\All Users\Programdata\SUPERAntiSpyware.com 2013-08-04 16:52 . 2013-08-04 17:04 -------- d-----w- c:\windows\system32\MRT 2013-08-04 08:12 . 2013-08-04 17:55 -------- d-----w- c:\programfiler\Panda Security 2013-08-04 08:12 . 2013-08-04 08:12 -------- d-----w- c:\windows\LastGood 2013-08-04 07:49 . 2013-08-04 07:50 -------- d-----w- c:\documents and settings\Administrator 2013-08-04 04:34 . 2013-08-04 04:34 -------- d-----w- c:\documents and settings\\Lokale innstillinger\Programdata\Sun 2013-08-04 04:33 . 2013-08-04 05:56 -------- d-----w- c:\documents and settings\All Users\Programdata\Spybot - Search & Destroy 2013-08-04 04:32 . 2009-01-25 11:14 15224 ----a-w- c:\windows\system32\sdnclean.exe 2013-08-04 04:32 . 2013-08-04 04:34 -------- d-----w- c:\programfiler\Spybot - Search & Destroy 2 2013-08-04 01:19 . 2013-08-04 01:19 -------- d-----w- c:\programfiler\Fellesfiler\Java 2013-08-04 01:19 . 2013-08-04 01:18 867240 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-08-04 01:19 . 2013-08-04 01:18 144896 ----a-w- c:\windows\system32\javacpl.cpl 2013-08-04 01:19 . 2013-08-04 01:18 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-08-04 01:18 . 2013-08-04 01:18 -------- d-----w- c:\programfiler\Java 2013-08-03 23:33 . 2013-08-04 20:00 -------- d--h--r- c:\documents and settings\Siste 2013-08-03 23:18 . 2013-08-03 23:18 -------- d-----w- c:\programfiler\CCleaner 2013-08-03 23:16 . 2013-08-03 23:16 -------- d-----w- c:\documents and settings\\Programdata\Malwarebytes 2013-08-03 23:16 . 2013-08-03 23:16 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes 2013-08-03 23:16 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-08-03 23:16 . 2013-08-04 17:59 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2013-08-03 22:55 . 2013-08-03 22:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-08-03 22:55 . 2013-08-03 22:55 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-08-03 22:03 . 2013-08-03 23:03 -------- d-----w- c:\documents and settings\\Lokale innstillinger\Programdata\Deployment . . . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-04 01:18 . 2011-01-25 18:30 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-06-08 01:23 . 2008-05-08 19:34 920064 ----a-w- c:\windows\system32\wininet.dll 2013-06-07 21:53 . 2008-05-08 19:34 43520 ----a-w- c:\windows\system32\licmgr10.dll 2013-06-07 21:53 . 2008-05-08 19:34 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-06-07 18:27 . 2008-05-08 19:34 385024 ----a-w- c:\windows\system32\html.iec 2013-06-05 09:08 . 2008-05-08 19:34 1876736 ----a-w- c:\windows\system32\win32k.sys 2013-06-04 07:22 . 2008-05-08 19:34 563200 ----a-w- c:\windows\system32\qedit.dll 2013-05-08 09:58 . 2006-10-18 19:47 1543680 ------w- c:\windows\system32\wmvdecod.dll . . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2009-03-15 1434920] "RTHDCPL"="RTHDCPL.EXE" [2009-03-15 17529856] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-15 137752] "OA012Mon"="c:\windows\OA012Mon.exe" [2009-05-11 24576] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-06 2289664] "BTMeter"="c:\programfiler\Battery Meter\BTMeter.exe" [2008-11-05 623912] "SunJavaUpdateSched"="c:\programfiler\Fellesfiler\Java\Java Update\jusched.exe" [2013-03-12 253816] "SDTray"="c:\programfiler\Spybot - Search & Destroy 2\SDTray.exe" [2013-05-16 3830224] "WSED"="c:\programfiler\WSED\WSED.exe" [2009-03-31 251176] "dellsupportcenter"="c:\programfiler\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064] "Adobe Reader Speed Launcher"="c:\programfiler\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360] . c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ Windows Search.lnk - c:\programfiler\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-27 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programfiler\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Spybot - Search & Destroy 2\\SDTray.exe"= "c:\\Programfiler\\Spybot - Search & Destroy 2\\SDFSSvc.exe"= "c:\\Programfiler\\Spybot - Search & Destroy 2\\SDUpdate.exe"= "c:\\Programfiler\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"= . R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [29.09.2009 23:04 14248] R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\programfiler\Spybot - Search & Destroy 2\SDFSSvc.exe [04.08.2013 06:32 1817560] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [29.09.2009 23:12 143840] R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [30.09.2009 01:35 135168] R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [30.09.2009 01:35 133632] R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [30.09.2009 01:35 272032] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [30.09.2009 01:35 162816] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [13.09.2010 16:42 27632] RUnknown SASKUTIL;SASKUTIL; [x] S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\programfiler\Spybot - Search & Destroy 2\SDUpdSvc.exe [04.08.2013 06:33 1033688] S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\programfiler\Spybot - Search & Destroy 2\SDWSCSvc.exe [04.08.2013 06:33 171928] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [30.09.2009 01:35 1684736] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [13.09.2010 16:42 13224] . --- Andre tjenester/drivere lastet i minnet --- . *NewlyCreated* - ASWMBR *Deregistered* - aswMBR . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) . 2013-08-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-03 22:55] . 2013-08-04 c:\windows\Tasks\User_Feed_Synchronization-{9B0E2C98-3798-4768-9E08-01C2FADFE47A}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31] . . ------- Tilleggsskanning ------- . uInternet Settings,ProxyServer = localhost:21320 TCP: DhcpNameServer = 192.168.1.1 . - - - - TOMME PEKERE FJERNET - - - - . Toolbar-Locked - (no file) Notify-SDWinLogon - SDWinLogon.dll SafeBoot-mcmscsvc SafeBoot-MCODS . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-08-04 22:12 Windows 5.1.2600 Service Pack 3 NTFS . skanner skjulte prosesser ... . skanner skjulte autostart-oppføringer ... . skanner skjulte filer ... . skanning vellykket skjulte filer: 0 . ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- . - - - - - - - > 'winlogon.exe'(860) c:\windows\System32\BCMLogon.dll . Tidspunkt ferdig: 2013-08-04 22:15:03 ComboFix-quarantined-files.txt 2013-08-04 20:15 . Pre-Run: 107 103 387 648 byte ledig Post-Run: 107 989 151 744 byte ledig . - - End Of File - - 86319215FE16A25B9E8A3B6F648F6C91 CDB4DE4BBD714F152979DA2DCBEF57EB