Gå til innhold

[Løst]Hjelp: Malware / Trojan

claes

Av claes
i IKT-drift og sikkerhet

Anbefalte innlegg

claes

claes

Skrevet
Skrevet (endret)

Hei

Jeg klarte å laste ned noe drit og har fått noe malware/trojan greier på PCen. Jeg fikk opp "M S A Security Center" popups med faste intervaler, men disse forsvant da jeg slettet ikonene jeg hadde fått på skrivebordet og en mappe som het "MSA" i programfiler som så litt mistenkelig ut.

 

Jeg kjørte først McAfee og den fant 2 "FakeAlertAR" trojanere som ble slettet/isolert, jeg slettet også mappen disse lå i manuelt da det lå et par mistenkelige filer der. Jeg søkte også litt på forumet her og lastet ned alle programmene i den stickyen:

 

Kjørte CCleaner før jeg gjorde dette:

 

Edit: ny ComboFix logg:

 

ComboFix 08-09-01.03 - Claes 2008-09-02 21:20:13.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.2135 [GMT 2:00]

Running from: C:\Users\Claes\Desktop\ComboFix.exe

* Resident AV is active

 

.

 

((((((((((((((((((((((((( Files Created from 2008-08-02 to 2008-09-02 )))))))))))))))))))))))))))))))

.

 

2008-09-02 21:19 . 2008-09-02 21:19 <DIR> d-------- C:\327882R2FWJFW

2008-09-02 20:49 . 2008-09-02 20:49 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com

2008-09-02 20:49 . 2008-09-02 20:49 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com

2008-09-02 20:48 . 2008-09-02 20:48 <DIR> d-------- C:\Users\Claes\AppData\Roaming\SUPERAntiSpyware.com

2008-09-02 20:48 . 2008-09-02 20:48 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-09-02 20:48 . 2008-09-02 20:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-09-02 20:43 . 2008-09-02 20:43 <DIR> d-------- C:\Users\Claes\AppData\Roaming\Malwarebytes

2008-09-02 20:43 . 2008-09-02 20:43 <DIR> d-------- C:\Users\All Users\Malwarebytes

2008-09-02 20:43 . 2008-09-02 20:43 <DIR> d-------- C:\ProgramData\Malwarebytes

2008-09-02 20:43 . 2008-09-02 20:43 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-09-02 20:43 . 2008-09-02 00:16 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys

2008-09-02 20:43 . 2008-09-02 00:16 17,200 --a------ C:\Windows\System32\drivers\mbam.sys

2008-09-02 20:30 . 2008-09-02 20:30 <DIR> d-------- C:\Program Files\CCleaner

2008-09-02 19:16 . 2008-09-02 19:16 574,464 --a------ C:\Windows\uninstall.exe

2008-09-02 19:16 . 2008-09-02 19:16 85,032 --a------ C:\Windows\uninstall.dat

2008-09-02 19:16 . 2008-09-02 19:16 5,926 --a------ C:\Windows\uninstall.xml

2008-09-02 19:03 . 2008-09-02 19:03 <DIR> d-------- C:\Program Files\AudioSurf

2008-09-02 15:55 . 2008-09-02 15:55 <DIR> d-------- C:\Program Files\MSXML 4.0

2008-09-01 22:41 . 2008-09-01 22:41 <DIR> d-------- C:\Users\Claes\AppData\Roaming\Sports Interactive

2008-09-01 22:38 . 2008-09-01 22:38 <DIR> dr-h----- C:\Users\Claes\AppData\Roaming\SecuROM

2008-09-01 22:34 . 2008-09-01 22:37 <DIR> d--h----- C:\Program Files\Zero G Registry

2008-09-01 22:34 . 2008-09-01 22:34 <DIR> d-------- C:\Program Files\Sports Interactive

2008-09-01 22:33 . 2008-09-01 22:33 <DIR> d--h----- C:\Users\Claes\InstallAnywhere

2008-09-01 22:16 . 2008-09-01 22:16 <DIR> d-------- C:\Users\All Users\LightScribe

2008-09-01 22:16 . 2008-09-01 22:16 <DIR> d-------- C:\ProgramData\LightScribe

2008-09-01 21:58 . 2008-09-01 21:58 <DIR> d-------- C:\Users\Claes\AppData\Roaming\Nero

2008-09-01 21:55 . 2008-09-01 21:55 <DIR> d-------- C:\Users\All Users\Nero

2008-09-01 21:55 . 2008-09-01 21:55 <DIR> d-------- C:\ProgramData\Nero

2008-09-01 21:55 . 2008-09-01 21:55 <DIR> d-------- C:\Program Files\Nero

2008-09-01 21:55 . 2008-09-01 21:56 <DIR> d-------- C:\Program Files\Common Files\Nero

2008-08-31 19:04 . 2007-12-06 17:09 196,608 --a------ C:\Windows\System32\SynCtrl.dll

2008-08-31 19:04 . 2007-12-06 18:12 196,400 --a------ C:\Windows\System32\drivers\SynTP.sys

2008-08-31 19:04 . 2007-12-06 18:12 110,592 --a------ C:\Windows\System32\SynTPCo4.dll

2008-08-31 11:34 . 2008-08-31 11:34 <DIR> d-------- C:\Users\Claes\AppData\Roaming\Template

2008-08-31 11:34 . 2008-08-31 12:32 184 --a------ C:\Users\Claes\AppData\Roaming\wklnhst.dat

2008-08-31 04:36 . 2008-02-10 13:53 17,730,504 --a------ C:\Windows\eRy.exe

2008-08-31 04:36 . 2008-08-31 04:36 3 --a------ C:\Windows\AFirst.cmd

2008-08-31 00:30 . 2008-08-31 16:16 <DIR> d-------- C:\Users\Claes\AppData\Roaming\SporeCreatureCreator

2008-08-31 00:12 . 2008-08-31 00:23 <DIR> d-------- C:\Program Files\AOE2

2008-08-31 00:09 . 2008-08-31 00:25 <DIR> d-------- C:\Program Files\Spore

2008-08-30 22:55 . 2008-08-30 23:05 <DIR> d-------- C:\Users\All Users\Codemasters

2008-08-30 22:55 . 2008-08-30 23:05 <DIR> d-------- C:\ProgramData\Codemasters

2008-08-30 22:52 . 2008-08-30 22:52 <DIR> d-------- C:\Program Files\OpenAL

2008-08-30 22:52 . 2008-03-05 15:56 3,786,760 --a------ C:\Windows\System32\D3DX9_37.dll

2008-08-30 22:51 . 2008-04-28 12:29 805,400 -ra------ C:\Windows\System32\tmpEE3.tmp

2008-08-30 22:24 . 2008-08-30 22:24 <DIR> d-------- C:\Program Files\Microsoft Silverlight

2008-08-30 22:08 . 2008-08-30 22:08 <DIR> d-------- C:\Program Files\uTorrent

2008-08-30 22:07 . 2008-09-02 21:16 <DIR> d-------- C:\Users\Claes\AppData\Roaming\uTorrent

2008-08-30 19:29 . 2008-08-30 19:29 <DIR> d-------- C:\Users\Claes\AppData\Roaming\Digsby

2008-08-30 19:27 . 2008-08-30 19:28 <DIR> d-------- C:\Program Files\Digsby

2008-08-30 19:05 . 2008-08-30 19:05 <DIR> d-------- C:\Users\Claes\AppData\Roaming\vlc

2008-08-30 18:44 . 2008-08-30 18:44 <DIR> d-------- C:\Windows\System32\RTCOM

2008-08-30 18:44 . 2008-08-30 18:45 <DIR> d-------- C:\Program Files\ATI Technologies

2008-08-30 18:44 . 2008-08-30 18:44 <DIR> d-------- C:\Program Files\ATI

2008-08-30 18:43 . 2008-08-30 18:43 <DIR> dr------- C:\Windows\System32\config\systemprofile\Videos

2008-08-30 18:43 . 2008-08-30 18:43 <DIR> dr------- C:\Windows\System32\config\systemprofile\Searches

2008-08-30 18:43 . 2008-08-30 18:43 <DIR> dr------- C:\Windows\System32\config\systemprofile\Saved Games

2008-08-30 18:43 . 2008-08-30 18:43 <DIR> dr------- C:\Windows\System32\config\systemprofile\Pictures

2008-08-30 18:43 . 2008-08-30 18:43 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music

2008-08-30 18:43 . 2008-08-30 18:43 <DIR> dr------- C:\Windows\System32\config\systemprofile\Links

2008-08-30 18:43 . 2008-08-30 18:43 <DIR> dr------- C:\Windows\System32\config\systemprofile\Downloads

2008-08-30 18:43 . 2008-08-30 18:43 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents

2008-08-30 18:43 . 2008-08-30 18:43 <DIR> dr------- C:\Windows\System32\config\systemprofile\Contacts

2008-08-30 18:43 . 2008-08-30 18:43 <DIR> d-------- C:\Program Files\Realtek

2008-08-30 18:42 . 2008-08-30 18:42 0 --a------ C:\Windows\ativpsrm.bin

2008-08-30 18:39 . 2008-08-30 18:39 <DIR> d-------- C:\Program Files\VideoLAN

2008-08-30 17:08 . 2008-09-01 19:39 <DIR> d-------- C:\Users\All Users\TrackMania

2008-08-30 17:08 . 2008-09-01 19:39 <DIR> d-------- C:\ProgramData\TrackMania

2008-08-30 17:02 . 2008-08-30 17:06 <DIR> d-------- C:\Program Files\TmUnitedForever

2008-08-30 16:55 . 2008-08-30 20:40 <DIR> d-------- C:\Users\Claes\AppData\Roaming\Winamp

2008-08-30 16:55 . 2008-08-30 16:56 <DIR> d-------- C:\Program Files\Winamp

2008-08-30 16:55 . 2007-03-08 01:51 129,784 --------- C:\Windows\System32\pxafs.dll

2008-08-30 16:29 . 2008-08-30 16:29 <DIR> d-------- C:\Users\All Users\PlayMovie

2008-08-30 16:29 . 2008-08-30 16:29 <DIR> d-------- C:\ProgramData\PlayMovie

2008-08-30 14:56 . 2008-08-30 14:56 <DIR> d-------- C:\Program Files\mIRC

2008-08-30 14:53 . 2008-08-30 14:53 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-08-30 14:44 . 2008-08-30 14:44 <DIR> d-------- C:\Users\All Users\TEMP

2008-08-30 14:44 . 2008-08-30 14:44 <DIR> d-------- C:\ProgramData\TEMP

2008-08-30 14:43 . 2008-08-30 16:29 <DIR> d-------- C:\Users\Claes\AppData\Roaming\CyberLink

2008-08-30 14:00 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll

2008-08-30 13:38 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll

2008-08-30 13:37 . 2008-06-26 05:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll

2008-08-30 13:34 . 2008-08-30 13:34 <DIR> d-------- C:\Users\All Users\WLInstaller

2008-08-30 13:34 . 2008-08-30 13:34 <DIR> d-------- C:\ProgramData\WLInstaller

2008-08-30 13:34 . 2008-08-30 13:39 <DIR> d-------- C:\Program Files\Windows Live

2008-08-30 13:34 . 2008-08-30 13:39 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-08-30 13:30 . 2008-08-30 13:30 <DIR> d-------- C:\Program Files\Opera

2008-08-30 13:30 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-08-30 13:29 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll

2008-08-30 13:29 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll

2008-08-30 13:29 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax

2008-08-30 13:29 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax

2008-08-30 13:27 . 2008-08-30 13:29 <DIR> d-------- C:\Program Files\Java

2008-08-30 13:27 . 2008-08-30 13:27 <DIR> d-------- C:\Program Files\Common Files\Java

2008-08-30 13:09 . 2008-08-30 13:09 92 --a------ C:\Windows\GridV.UNI

2008-08-30 13:05 . 2007-07-17 19:33 368,640 --a------ C:\Windows\System32\CheckD2DSystem.exe

2008-08-30 13:05 . 2006-11-12 11:54 327,680 --a------ C:\Windows\System32\Remove_eRecovery.exe

2008-08-30 13:05 . 2006-11-10 17:27 16,384 --a------ C:\Windows\System32\LauncheRyAgentUser.exe

2008-08-30 13:05 . 2005-12-09 09:12 16,384 --a------ C:\Windows\System32\ClearEvent.exe

2008-08-30 13:05 . 2006-02-24 11:28 552 --a------ C:\Windows\System32\setup.iss

2008-08-30 13:03 . 2008-08-30 13:03 <DIR> d-------- C:\Users\All Users\InstallShield

2008-08-30 13:03 . 2008-08-30 13:03 <DIR> d-------- C:\ProgramData\InstallShield

2008-08-30 13:03 . 2007-03-29 16:48 626,688 --a------ C:\Windows\Image.dll

2008-08-30 13:03 . 2008-01-17 13:52 466,944 --a------ C:\Windows\Acer Crystal Eye webcam.EXE

2008-08-30 13:03 . 2007-04-20 06:30 222,382 --a------ C:\Windows\Acer Crystal Eye webcam.ico

2008-08-30 13:03 . 2007-10-23 10:56 200,704 --a------ C:\Windows\PLFSetI.exe

2008-08-30 13:03 . 2006-05-17 00:58 73,728 --a------ C:\Windows\System32\ISUSPM.cpl

2008-08-30 13:03 . 2007-10-29 13:35 36 --a------ C:\Windows\PidList.ini

2008-08-30 13:02 . 2008-08-30 13:02 <DIR> d-------- C:\Program Files\Acer

2008-08-30 13:01 . 2008-02-15 17:42 46,592 --a------ C:\Windows\System32\drivers\rimmptsk.sys

2008-08-30 13:00 . 2008-08-30 13:00 <DIR> d-------- C:\Users\TxR

2008-08-30 13:00 . 2008-08-30 13:00 <DIR> d-------- C:\Users\systemprofile

2008-08-30 13:00 . 2008-08-30 13:00 <DIR> d-------- C:\Users\RegBack

2008-08-30 13:00 . 2008-08-30 13:00 <DIR> d-------- C:\Users\Journal

2008-08-30 12:58 . 2008-08-30 12:58 <DIR> d-------- C:\CLSetup

2008-08-30 12:58 . 2008-08-30 12:58 20 --a------ C:\Medion.ini

2008-08-30 12:52 . 2005-08-16 08:49 40,960 --------- C:\junction.exe

2008-08-30 12:51 . 2006-11-22 22:26 1,706,800 --a------ C:\Windows\System32\gdiplus.dll

2008-08-30 12:50 . 2008-08-30 12:50 <DIR> d-------- C:\Program Files\Launch Manager

2008-08-30 12:50 . 2008-08-30 12:50 83 --a------ C:\Windows\QtZgAcer.UNI

2008-08-30 12:49 . 2008-08-30 12:49 <DIR> d-------- C:\Users\Claes\AppData\Roaming\ATI

2008-08-30 12:49 . 2008-08-30 12:49 <DIR> d-------- C:\Users\All Users\ATI

2008-08-30 12:49 . 2008-08-30 12:49 <DIR> d-------- C:\ProgramData\ATI

2008-08-30 12:49 . 2008-08-30 12:49 <DIR> d--hs---- C:\$RECYCLE.BIN

2008-08-30 12:48 . 2008-08-30 12:48 <DIR> d-------- C:\Windows\ACER

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-01 20:07 --------- d-----w C:\Program Files\McAfee

2008-09-01 18:28 --------- d-----w C:\Program Files\SiteAdvisor

2008-08-30 21:05 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-08-30 20:52 444,952 ----a-w C:\Windows\System32\wrap_oal.dll

2008-08-30 20:52 109,080 ----a-w C:\Windows\System32\OpenAL32.dll

2008-08-30 16:43 319,456 ----a-w C:\Windows\DIFxAPI.dll

2008-08-30 16:43 315,392 ----a-w C:\Windows\HideWin.exe

2008-08-30 16:43 --------- d-----w C:\Program Files\Intel

2008-08-30 15:40 --------- d-----w C:\Program Files\Windows Mail

2008-08-30 15:32 --------- d-----w C:\ProgramData\Microsoft Help

2008-08-30 14:29 --------- d-----w C:\ProgramData\CyberLink

2008-08-30 11:03 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-08-30 10:53 --------- d-----w C:\Program Files\Acer Arcade Deluxe

2008-08-30 10:47 2,032 ----a-w C:\Windows\CLEANUP.CMD

2008-08-30 10:43 --------- d-sh--w C:\ProgramData\Start-meny

2008-08-30 10:43 --------- d-sh--w C:\ProgramData\Skrivebord

2008-08-30 10:43 --------- d-sh--w C:\ProgramData\Programdata

2008-08-30 10:43 --------- d-sh--w C:\ProgramData\Maler

2008-08-30 10:43 --------- d-sh--w C:\ProgramData\Favoritter

2008-08-30 10:43 --------- d-sh--w C:\ProgramData\Dokumenter

2008-08-30 10:43 --------- d-sh--w C:\Program Files\Fellesfiler

2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll

2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll

2008-06-24 14:06 972,072 ----a-w C:\Windows\UNNeroMediaHome.exe

2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL

2008-06-06 12:54 972,072 ----a-w C:\Windows\UNRecode.exe

2008-06-06 12:54 95,600 ----a-w C:\Windows\System32\NeroCo.dll

2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini

.

 

((((((((((((((((((((((((((((( snapshot@2008-09-02_20.37.59.60 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-09-02 18:48:56 34,304 ----a-r C:\Windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF1.exe

- 2008-09-02 16:08:18 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-09-02 19:17:23 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2008-09-02 16:08:18 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2008-09-02 19:17:23 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-09-02 16:09:23 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-09-02 19:18:27 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-09-02 19:18:27 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-09-02 16:10:00 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-09-02 19:19:14 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-09-02 19:19:14 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-09-02 18:34:20 101,250 ----a-w C:\Windows\System32\perfc009.dat

+ 2008-09-02 18:53:14 101,250 ----a-w C:\Windows\System32\perfc009.dat

- 2008-09-02 18:34:20 76,478 ----a-w C:\Windows\System32\perfc014.dat

+ 2008-09-02 18:53:14 76,478 ----a-w C:\Windows\System32\perfc014.dat

- 2008-09-02 18:34:20 587,178 ----a-w C:\Windows\System32\perfh009.dat

+ 2008-09-02 18:53:14 587,178 ----a-w C:\Windows\System32\perfh009.dat

- 2008-09-02 18:34:20 452,326 ----a-w C:\Windows\System32\perfh014.dat

+ 2008-09-02 18:53:14 452,326 ----a-w C:\Windows\System32\perfh014.dat

- 2008-09-02 16:10:19 3,938 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2226595239-686808635-2797051325-1000_UserData.bin

+ 2008-09-02 19:19:44 3,946 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2226595239-686808635-2797051325-1000_UserData.bin

- 2008-09-02 16:10:18 84,872 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-09-02 19:19:44 85,360 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-09-02 16:10:18 48,576 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-09-02 19:19:44 49,488 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-01-03 02:00 39472 --a------ C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 125952]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 1576176]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]

"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-25 518656]

"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]

"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]

"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 36640]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]

"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704]

"WarReg_PopUp"="C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]

"PLFSetI"="C:\Windows\PLFSetI.exe" [2007-10-23 200704]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-04 36352]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]

"RtHDVCpl"="RtHDVCpl.exe" [2008-01-24 C:\Windows\RtHDVCpl.exe]

"Skytel"="Skytel.exe" [2008-01-24 C:\Windows\SkyTel.exe]

 

C:\Users\Claes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Digsby.lnk - C:\Program Files\Digsby\digsby.exe [2008-07-11 115200]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2008-04-21 535336]

SETAUDIO.EXE [2008-04-04 20480]

SETRES.EXE [2008-04-04 20480]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{72CE51A3-3CF1-4AA7-AFE4-7ED2C3B51EA5}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe

"{A26D4B86-51C4-4019-8A85-38D83F8B73A0}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician

"{EE11E512-8C04-49EA-802F-22A8447E2AD8}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia

"{08312F33-78FA-437B-9202-55A77474206C}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard

"{4D1A86E0-AF4F-42B6-96DC-9C3FC4955D37}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{EE772FC7-433F-449F-B462-96F82FBB4C49}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{4F514715-96FF-4F1D-9E01-9D5C2D5D6159}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent

"{FB3CE3FB-160C-401C-B3C8-DFB9BA4CEF00}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine

"{E16726DB-50E4-49DF-8C8F-82F1AAC13D76}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie

"{5255A591-CA4E-4126-BEC9-9A6B5D4C8746}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program

"{8FB4B6D5-54CE-4E05-812B-CBB96B93C7CB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{C4A7978D-A90A-4F58-AB0D-50F507DA3A22}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{A44BEDEB-10E6-4F0E-96FA-F66D95193ACA}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{4000176F-F48A-45EB-87DB-D032C57F9EE8}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

"{3279511F-9A2F-4CE5-891C-F0F30A525397}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-01-04 17:15 41456]

R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-05-08 3552256]

R3 winbondcir;Winbond IR Transceiver;C:\Windows\system32\DRIVERS\winbondcir.sys [2008-01-24 43008]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-24 179712]

S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]

S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Users\Claes\AppData\Roaming\Mozilla\Firefox\Profiles\pnax6d9t.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.netvibes.com/

FF -: plugin - C:\Program Files\Opera\program\plugins\np-mswmp.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-02 21:23:10

Windows 6.0.6001 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\Windows\Explorer.exe

-> C:\Program Files\SiteAdvisor\6261\saHook.dll

.

Completion time: 2008-09-02 21:24:20

ComboFix-quarantined-files.txt 2008-09-02 19:24:11

ComboFix2.txt 2008-09-02 18:38:23

 

Pre-Run: 106,663,702,528 byte ledig

Post-Run: 106,626,506,752 byte ledig

 

297 --- E O F --- 2008-09-02 13:55:20

 

 

 

 

HiJackThis logg:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:41:55, on 02.09.2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Acer\Empowering Technology\eAudio\eAudio.exe

C:\Program Files\SiteAdvisor\6261\SiteAdv.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE

C:\Windows\ehome\ehmsas.exe

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Windows\system32\SndVol.exe

C:\Windows\explorer.exe

C:\Users\Claes\Desktop\HiJackThis.exe

C:\Windows\System32\notepad.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://no.intl.acer.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Påloggingshjelp for Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe

O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [siteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [\VIE68D1.exe] C:\Windows\System32\VIE68D1.exe

O4 - HKLM\..\Run: [\VIE6B31.exe] C:\Windows\System32\VIE6B31.exe

O4 - HKLM\..\Run: [\VIEEC04.exe] C:\Windows\System32\VIEEC04.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [\VIE68D1.exe] C:\Windows\System32\VIE68D1.exe

O4 - HKCU\..\Run: [\VIE6B31.exe] C:\Windows\System32\VIE6B31.exe

O4 - HKCU\..\Run: [\VIEEC04.exe] C:\Windows\System32\VIEEC04.exe

O4 - Startup: Digsby.lnk = C:\Program Files\Digsby\digsby.exe

O4 - Startup: Orion.lnk = C:\Convesoft\Orion\Messenger.exe

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O4 - Global Startup: SETAUDIO.EXE

O4 - Global Startup: SETRES.EXE

O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

O13 - Gopher Prefix:

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u...ows-i586-jc.cab

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SiteAdvisor-service (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 9418 bytes

 

 

 

MBAM logger:

 

Malwarebytes' Anti-Malware 1.26

Database versjon: 1103

Windows 6.0.6001 Service Pack 1

 

02.09.2008 20:47:33

mbam-log-2008-09-02 (20-47-19).txt

 

Skanntype: Rask Skann

Objekter skannet: 43519

Tid tilbakelagt: 3 minute(s), 23 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 2

Registerverdier infisert: 6

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 5

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

HKEY_CLASSES_ROOT\gksraemq.bdfx (Trojan.FakeAlert) -> No action taken.

HKEY_CLASSES_ROOT\gksraemq.toolbar.1 (Trojan.FakeAlert) -> No action taken.

 

Registerverdier infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie68d1.exe (Trojan.FakeAlert) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie68d1.exe (Trojan.FakeAlert) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie6b31.exe (Trojan.FakeAlert) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie6b31.exe (Trojan.FakeAlert) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vieec04.exe (Trojan.FakeAlert) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vieec04.exe (Trojan.FakeAlert) -> No action taken.

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

C:\Windows\System32\VIE68D1.exe (Trojan.FakeAlert) -> No action taken.

C:\Windows\System32\VIE6B31.exe (Trojan.FakeAlert) -> No action taken.

C:\Windows\System32\VIEEC04.exe (Trojan.FakeAlert) -> No action taken.

C:\Windows\System32\MSA.cpl (Rogue.MSAntivirus) -> No action taken.

C:\Windows\sxmaokgf.exe (Trojan.FakeAlert) -> No action taken.

 

 

 

 

Malwarebytes' Anti-Malware 1.26

Database versjon: 1103

Windows 6.0.6001 Service Pack 1

 

02.09.2008 20:47:39

mbam-log-2008-09-02 (20-47-39).txt

 

Skanntype: Rask Skann

Objekter skannet: 43519

Tid tilbakelagt: 3 minute(s), 23 second(s)

 

Minneprosesser infisert: 0

Minnemoduler infisert: 0

Registernøkler infisert: 2

Registerverdier infisert: 6

Registerfiler infisert: 0

Mapper infisert: 0

Filer infisert: 5

 

Minneprosesser infisert:

(Ingen mistenkelige filer funnet)

 

Minnemoduler infisert:

(Ingen mistenkelige filer funnet)

 

Registernøkler infisert:

HKEY_CLASSES_ROOT\gksraemq.bdfx (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\gksraemq.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Registerverdier infisert:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie68d1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie68d1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie6b31.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie6b31.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vieec04.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vieec04.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Registerfiler infisert:

(Ingen mistenkelige filer funnet)

 

Mapper infisert:

(Ingen mistenkelige filer funnet)

 

Filer infisert:

C:\Windows\System32\VIE68D1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Windows\System32\VIE6B31.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Windows\System32\VIEEC04.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Windows\System32\MSA.cpl (Rogue.MSAntivirus) -> Quarantined and deleted successfully.

C:\Windows\sxmaokgf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

 

 

SUPER AntiSpyware:

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 09/02/2008 at 09:12 PM

 

Application Version : 4.20.1046

 

Core Rules Database Version : 3541

Trace Rules Database Version: 1530

 

Scan type : Quick Scan

Total Scan Time : 00:15:24

 

Memory items scanned : 761

Memory threats detected : 0

Registry items scanned : 432

Registry threats detected : 0

File items scanned : 17430

File threats detected : 2

 

Trojan.Unknown Origin

C:\WINDOWS\SYSTEM32\1.ICO

C:\WINDOWS\SYSTEM32\2.ICO

 

 

 

Hadde satt stor pris på hjelp så fort som mulig!

Takk :)

 

Edit: Har jeg kanskje kjørt dette i feil rekkefølge?

Endret av Claes91
Lenke til kommentar

Videoannonse

Videoannonse
Annonse
claes

claes

Skrevet
  • Forfatter
Skrevet

Sånn, der var ny ComboFix kjørt:

 

 

ComboFix 08-09-01.03 - Claes 2008-09-02 21:20:13.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1044.18.2135 [GMT 2:00]

Running from: C:\Users\Claes\Desktop\ComboFix.exe

* Resident AV is active

 

.

 

((((((((((((((((((((((((( Files Created from 2008-08-02 to 2008-09-02 )))))))))))))))))))))))))))))))

.

 

2008-09-02 21:19 . 2008-09-02 21:19 <DIR> d-------- C:\327882R2FWJFW

2008-09-02 20:49 . 2008-09-02 20:49 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com

2008-09-02 20:49 . 2008-09-02 20:49 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com

2008-09-02 20:48 . 2008-09-02 20:48 <DIR> d-------- C:\Users\Claes\AppData\Roaming\SUPERAntiSpyware.com

2008-09-02 20:48 . 2008-09-02 20:48 <DIR> d-------- C:\Program Files\SUPERAntiSpyware

2008-09-02 20:48 . 2008-09-02 20:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-09-02 20:43 . 2008-09-02 20:43 <DIR> d-------- C:\Users\Claes\AppData\Roaming\Malwarebytes

2008-09-02 20:43 . 2008-09-02 20:43 <DIR> d-------- C:\Users\All Users\Malwarebytes

2008-09-02 20:43 . 2008-09-02 20:43 <DIR> d-------- C:\ProgramData\Malwarebytes

2008-09-02 20:43 . 2008-09-02 20:43 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-09-02 20:43 . 2008-09-02 00:16 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys

2008-09-02 20:43 . 2008-09-02 00:16 17,200 --a------ C:\Windows\System32\drivers\mbam.sys

2008-09-02 20:30 . 2008-09-02 20:30 <DIR> d-------- C:\Program Files\CCleaner

2008-09-02 19:16 . 2008-09-02 19:16 574,464 --a------ C:\Windows\uninstall.exe

2008-09-02 19:16 . 2008-09-02 19:16 85,032 --a------ C:\Windows\uninstall.dat

2008-09-02 19:16 . 2008-09-02 19:16 5,926 --a------ C:\Windows\uninstall.xml

2008-09-02 19:03 . 2008-09-02 19:03 <DIR> d-------- C:\Program Files\AudioSurf

2008-09-02 15:55 . 2008-09-02 15:55 <DIR> d-------- C:\Program Files\MSXML 4.0

2008-09-01 22:41 . 2008-09-01 22:41 <DIR> d-------- C:\Users\Claes\AppData\Roaming\Sports Interactive

2008-09-01 22:38 . 2008-09-01 22:38 <DIR> dr-h----- C:\Users\Claes\AppData\Roaming\SecuROM

2008-09-01 22:34 . 2008-09-01 22:37 <DIR> d--h----- C:\Program Files\Zero G Registry

2008-09-01 22:34 . 2008-09-01 22:34 <DIR> d-------- C:\Program Files\Sports Interactive

2008-09-01 22:33 . 2008-09-01 22:33 <DIR> d--h----- C:\Users\Claes\InstallAnywhere

2008-09-01 22:16 . 2008-09-01 22:16 <DIR> d-------- C:\Users\All Users\LightScribe

2008-09-01 22:16 . 2008-09-01 22:16 <DIR> d-------- C:\ProgramData\LightScribe

2008-09-01 21:58 . 2008-09-01 21:58 <DIR> d-------- C:\Users\Claes\AppData\Roaming\Nero

2008-09-01 21:55 . 2008-09-01 21:55 <DIR> d-------- C:\Users\All Users\Nero

2008-09-01 21:55 . 2008-09-01 21:55 <DIR> d-------- C:\ProgramData\Nero

2008-09-01 21:55 . 2008-09-01 21:55 <DIR> d-------- C:\Program Files\Nero

2008-09-01 21:55 . 2008-09-01 21:56 <DIR> d-------- C:\Program Files\Common Files\Nero

2008-08-31 19:04 . 2007-12-06 17:09 196,608 --a------ C:\Windows\System32\SynCtrl.dll

2008-08-31 19:04 . 2007-12-06 18:12 196,400 --a------ C:\Windows\System32\drivers\SynTP.sys

2008-08-31 19:04 . 2007-12-06 18:12 110,592 --a------ C:\Windows\System32\SynTPCo4.dll

2008-08-31 11:34 . 2008-08-31 11:34 <DIR> d-------- C:\Users\Claes\AppData\Roaming\Template

2008-08-31 11:34 . 2008-08-31 12:32 184 --a------ C:\Users\Claes\AppData\Roaming\wklnhst.dat

2008-08-31 04:36 . 2008-02-10 13:53 17,730,504 --a------ C:\Windows\eRy.exe

2008-08-31 04:36 . 2008-08-31 04:36 3 --a------ C:\Windows\AFirst.cmd

2008-08-31 00:30 . 2008-08-31 16:16 <DIR> d-------- C:\Users\Claes\AppData\Roaming\SporeCreatureCreator

2008-08-31 00:12 . 2008-08-31 00:23 <DIR> d-------- C:\Program Files\AOE2

2008-08-31 00:09 . 2008-08-31 00:25 <DIR> d-------- C:\Program Files\Spore

2008-08-30 22:55 . 2008-08-30 23:05 <DIR> d-------- C:\Users\All Users\Codemasters

2008-08-30 22:55 . 2008-08-30 23:05 <DIR> d-------- C:\ProgramData\Codemasters

2008-08-30 22:52 . 2008-08-30 22:52 <DIR> d-------- C:\Program Files\OpenAL

2008-08-30 22:52 . 2008-03-05 15:56 3,786,760 --a------ C:\Windows\System32\D3DX9_37.dll

2008-08-30 22:51 . 2008-04-28 12:29 805,400 -ra------ C:\Windows\System32\tmpEE3.tmp

2008-08-30 22:24 . 2008-08-30 22:24 <DIR> d-------- C:\Program Files\Microsoft Silverlight

2008-08-30 22:08 . 2008-08-30 22:08 <DIR> d-------- C:\Program Files\uTorrent

2008-08-30 22:07 . 2008-09-02 21:16 <DIR> d-------- C:\Users\Claes\AppData\Roaming\uTorrent

2008-08-30 19:29 . 2008-08-30 19:29 <DIR> d-------- C:\Users\Claes\AppData\Roaming\Digsby

2008-08-30 19:27 . 2008-08-30 19:28 <DIR> d-------- C:\Program Files\Digsby

2008-08-30 19:05 . 2008-08-30 19:05 <DIR> d-------- C:\Users\Claes\AppData\Roaming\vlc

2008-08-30 18:44 . 2008-08-30 18:44 <DIR> d-------- C:\Windows\System32\RTCOM

2008-08-30 18:44 . 2008-08-30 18:45 <DIR> d-------- C:\Program Files\ATI Technologies

2008-08-30 18:44 . 2008-08-30 18:44 <DIR> d-------- C:\Program Files\ATI

2008-08-30 18:43 . 2008-08-30 18:43 <DIR> dr------- C:\Windows\System32\config\systemprofile\Videos

2008-08-30 18:43 . 2008-08-30 18:43 <DIR> dr------- C:\Windows\System32\config\systemprofile\Searches

2008-08-30 18:43 . 2008-08-30 18:43 <DIR> dr------- C:\Windows\System32\config\systemprofile\Saved Games

2008-08-30 18:43 . 2008-08-30 18:43 <DIR> dr------- C:\Windows\System32\config\systemprofile\Pictures

2008-08-30 18:43 . 2008-08-30 18:43 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music

2008-08-30 18:43 . 2008-08-30 18:43 <DIR> dr------- C:\Windows\System32\config\systemprofile\Links

2008-08-30 18:43 . 2008-08-30 18:43 <DIR> dr------- C:\Windows\System32\config\systemprofile\Downloads

2008-08-30 18:43 . 2008-08-30 18:43 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents

2008-08-30 18:43 . 2008-08-30 18:43 <DIR> dr------- C:\Windows\System32\config\systemprofile\Contacts

2008-08-30 18:43 . 2008-08-30 18:43 <DIR> d-------- C:\Program Files\Realtek

2008-08-30 18:42 . 2008-08-30 18:42 0 --a------ C:\Windows\ativpsrm.bin

2008-08-30 18:39 . 2008-08-30 18:39 <DIR> d-------- C:\Program Files\VideoLAN

2008-08-30 17:08 . 2008-09-01 19:39 <DIR> d-------- C:\Users\All Users\TrackMania

2008-08-30 17:08 . 2008-09-01 19:39 <DIR> d-------- C:\ProgramData\TrackMania

2008-08-30 17:02 . 2008-08-30 17:06 <DIR> d-------- C:\Program Files\TmUnitedForever

2008-08-30 16:55 . 2008-08-30 20:40 <DIR> d-------- C:\Users\Claes\AppData\Roaming\Winamp

2008-08-30 16:55 . 2008-08-30 16:56 <DIR> d-------- C:\Program Files\Winamp

2008-08-30 16:55 . 2007-03-08 01:51 129,784 --------- C:\Windows\System32\pxafs.dll

2008-08-30 16:29 . 2008-08-30 16:29 <DIR> d-------- C:\Users\All Users\PlayMovie

2008-08-30 16:29 . 2008-08-30 16:29 <DIR> d-------- C:\ProgramData\PlayMovie

2008-08-30 14:56 . 2008-08-30 14:56 <DIR> d-------- C:\Program Files\mIRC

2008-08-30 14:53 . 2008-08-30 14:53 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-08-30 14:44 . 2008-08-30 14:44 <DIR> d-------- C:\Users\All Users\TEMP

2008-08-30 14:44 . 2008-08-30 14:44 <DIR> d-------- C:\ProgramData\TEMP

2008-08-30 14:43 . 2008-08-30 16:29 <DIR> d-------- C:\Users\Claes\AppData\Roaming\CyberLink

2008-08-30 14:00 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll

2008-08-30 13:38 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll

2008-08-30 13:37 . 2008-06-26 05:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll

2008-08-30 13:34 . 2008-08-30 13:34 <DIR> d-------- C:\Users\All Users\WLInstaller

2008-08-30 13:34 . 2008-08-30 13:34 <DIR> d-------- C:\ProgramData\WLInstaller

2008-08-30 13:34 . 2008-08-30 13:39 <DIR> d-------- C:\Program Files\Windows Live

2008-08-30 13:34 . 2008-08-30 13:39 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller

2008-08-30 13:30 . 2008-08-30 13:30 <DIR> d-------- C:\Program Files\Opera

2008-08-30 13:30 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-08-30 13:29 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll

2008-08-30 13:29 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll

2008-08-30 13:29 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax

2008-08-30 13:29 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax

2008-08-30 13:27 . 2008-08-30 13:29 <DIR> d-------- C:\Program Files\Java

2008-08-30 13:27 . 2008-08-30 13:27 <DIR> d-------- C:\Program Files\Common Files\Java

2008-08-30 13:09 . 2008-08-30 13:09 92 --a------ C:\Windows\GridV.UNI

2008-08-30 13:05 . 2007-07-17 19:33 368,640 --a------ C:\Windows\System32\CheckD2DSystem.exe

2008-08-30 13:05 . 2006-11-12 11:54 327,680 --a------ C:\Windows\System32\Remove_eRecovery.exe

2008-08-30 13:05 . 2006-11-10 17:27 16,384 --a------ C:\Windows\System32\LauncheRyAgentUser.exe

2008-08-30 13:05 . 2005-12-09 09:12 16,384 --a------ C:\Windows\System32\ClearEvent.exe

2008-08-30 13:05 . 2006-02-24 11:28 552 --a------ C:\Windows\System32\setup.iss

2008-08-30 13:03 . 2008-08-30 13:03 <DIR> d-------- C:\Users\All Users\InstallShield

2008-08-30 13:03 . 2008-08-30 13:03 <DIR> d-------- C:\ProgramData\InstallShield

2008-08-30 13:03 . 2007-03-29 16:48 626,688 --a------ C:\Windows\Image.dll

2008-08-30 13:03 . 2008-01-17 13:52 466,944 --a------ C:\Windows\Acer Crystal Eye webcam.EXE

2008-08-30 13:03 . 2007-04-20 06:30 222,382 --a------ C:\Windows\Acer Crystal Eye webcam.ico

2008-08-30 13:03 . 2007-10-23 10:56 200,704 --a------ C:\Windows\PLFSetI.exe

2008-08-30 13:03 . 2006-05-17 00:58 73,728 --a------ C:\Windows\System32\ISUSPM.cpl

2008-08-30 13:03 . 2007-10-29 13:35 36 --a------ C:\Windows\PidList.ini

2008-08-30 13:02 . 2008-08-30 13:02 <DIR> d-------- C:\Program Files\Acer

2008-08-30 13:01 . 2008-02-15 17:42 46,592 --a------ C:\Windows\System32\drivers\rimmptsk.sys

2008-08-30 13:00 . 2008-08-30 13:00 <DIR> d-------- C:\Users\TxR

2008-08-30 13:00 . 2008-08-30 13:00 <DIR> d-------- C:\Users\systemprofile

2008-08-30 13:00 . 2008-08-30 13:00 <DIR> d-------- C:\Users\RegBack

2008-08-30 13:00 . 2008-08-30 13:00 <DIR> d-------- C:\Users\Journal

2008-08-30 12:58 . 2008-08-30 12:58 <DIR> d-------- C:\CLSetup

2008-08-30 12:58 . 2008-08-30 12:58 20 --a------ C:\Medion.ini

2008-08-30 12:52 . 2005-08-16 08:49 40,960 --------- C:\junction.exe

2008-08-30 12:51 . 2006-11-22 22:26 1,706,800 --a------ C:\Windows\System32\gdiplus.dll

2008-08-30 12:50 . 2008-08-30 12:50 <DIR> d-------- C:\Program Files\Launch Manager

2008-08-30 12:50 . 2008-08-30 12:50 83 --a------ C:\Windows\QtZgAcer.UNI

2008-08-30 12:49 . 2008-08-30 12:49 <DIR> d-------- C:\Users\Claes\AppData\Roaming\ATI

2008-08-30 12:49 . 2008-08-30 12:49 <DIR> d-------- C:\Users\All Users\ATI

2008-08-30 12:49 . 2008-08-30 12:49 <DIR> d-------- C:\ProgramData\ATI

2008-08-30 12:49 . 2008-08-30 12:49 <DIR> d--hs---- C:\$RECYCLE.BIN

2008-08-30 12:48 . 2008-08-30 12:48 <DIR> d-------- C:\Windows\ACER

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-01 20:07 --------- d-----w C:\Program Files\McAfee

2008-09-01 18:28 --------- d-----w C:\Program Files\SiteAdvisor

2008-08-30 21:05 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-08-30 20:52 444,952 ----a-w C:\Windows\System32\wrap_oal.dll

2008-08-30 20:52 109,080 ----a-w C:\Windows\System32\OpenAL32.dll

2008-08-30 16:43 319,456 ----a-w C:\Windows\DIFxAPI.dll

2008-08-30 16:43 315,392 ----a-w C:\Windows\HideWin.exe

2008-08-30 16:43 --------- d-----w C:\Program Files\Intel

2008-08-30 15:40 --------- d-----w C:\Program Files\Windows Mail

2008-08-30 15:32 --------- d-----w C:\ProgramData\Microsoft Help

2008-08-30 14:29 --------- d-----w C:\ProgramData\CyberLink

2008-08-30 11:03 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-08-30 10:53 --------- d-----w C:\Program Files\Acer Arcade Deluxe

2008-08-30 10:47 2,032 ----a-w C:\Windows\CLEANUP.CMD

2008-08-30 10:43 --------- d-sh--w C:\ProgramData\Start-meny

2008-08-30 10:43 --------- d-sh--w C:\ProgramData\Skrivebord

2008-08-30 10:43 --------- d-sh--w C:\ProgramData\Programdata

2008-08-30 10:43 --------- d-sh--w C:\ProgramData\Maler

2008-08-30 10:43 --------- d-sh--w C:\ProgramData\Favoritter

2008-08-30 10:43 --------- d-sh--w C:\ProgramData\Dokumenter

2008-08-30 10:43 --------- d-sh--w C:\Program Files\Fellesfiler

2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll

2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll

2008-06-24 14:06 972,072 ----a-w C:\Windows\UNNeroMediaHome.exe

2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL

2008-06-06 12:54 972,072 ----a-w C:\Windows\UNRecode.exe

2008-06-06 12:54 95,600 ----a-w C:\Windows\System32\NeroCo.dll

2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini

.

 

((((((((((((((((((((((((((((( snapshot@2008-09-02_20.37.59.60 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-09-02 18:48:56 34,304 ----a-r C:\Windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF1.exe

- 2008-09-02 16:08:18 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-09-02 19:17:23 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2008-09-02 16:08:18 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2008-09-02 19:17:23 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-09-02 16:09:23 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-09-02 19:18:27 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-09-02 19:18:27 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2008-09-02 16:10:00 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-09-02 19:19:14 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-09-02 19:19:14 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2008-09-02 18:34:20 101,250 ----a-w C:\Windows\System32\perfc009.dat

+ 2008-09-02 18:53:14 101,250 ----a-w C:\Windows\System32\perfc009.dat

- 2008-09-02 18:34:20 76,478 ----a-w C:\Windows\System32\perfc014.dat

+ 2008-09-02 18:53:14 76,478 ----a-w C:\Windows\System32\perfc014.dat

- 2008-09-02 18:34:20 587,178 ----a-w C:\Windows\System32\perfh009.dat

+ 2008-09-02 18:53:14 587,178 ----a-w C:\Windows\System32\perfh009.dat

- 2008-09-02 18:34:20 452,326 ----a-w C:\Windows\System32\perfh014.dat

+ 2008-09-02 18:53:14 452,326 ----a-w C:\Windows\System32\perfh014.dat

- 2008-09-02 16:10:19 3,938 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2226595239-686808635-2797051325-1000_UserData.bin

+ 2008-09-02 19:19:44 3,946 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2226595239-686808635-2797051325-1000_UserData.bin

- 2008-09-02 16:10:18 84,872 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-09-02 19:19:44 85,360 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2008-09-02 16:10:18 48,576 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2008-09-02 19:19:44 49,488 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-01-03 02:00 39472 --a------ C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 125952]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]

"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 1576176]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]

"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-02-25 518656]

"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]

"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]

"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-08-24 36640]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-11-22 178712]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]

"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2008-01-22 200704]

"WarReg_PopUp"="C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]

"PLFSetI"="C:\Windows\PLFSetI.exe" [2007-10-23 200704]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-04 36352]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]

"RtHDVCpl"="RtHDVCpl.exe" [2008-01-24 C:\Windows\RtHDVCpl.exe]

"Skytel"="Skytel.exe" [2008-01-24 C:\Windows\SkyTel.exe]

 

C:\Users\Claes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Digsby.lnk - C:\Program Files\Digsby\digsby.exe [2008-07-11 115200]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2008-04-21 535336]

SETAUDIO.EXE [2008-04-04 20480]

SETRES.EXE [2008-04-04 20480]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{72CE51A3-3CF1-4AA7-AFE4-7ED2C3B51EA5}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe

"{A26D4B86-51C4-4019-8A85-38D83F8B73A0}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician

"{EE11E512-8C04-49EA-802F-22A8447E2AD8}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia

"{08312F33-78FA-437B-9202-55A77474206C}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard

"{4D1A86E0-AF4F-42B6-96DC-9C3FC4955D37}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{EE772FC7-433F-449F-B462-96F82FBB4C49}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{4F514715-96FF-4F1D-9E01-9D5C2D5D6159}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent

"{FB3CE3FB-160C-401C-B3C8-DFB9BA4CEF00}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine

"{E16726DB-50E4-49DF-8C8F-82F1AAC13D76}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie

"{5255A591-CA4E-4126-BEC9-9A6B5D4C8746}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program

"{8FB4B6D5-54CE-4E05-812B-CBB96B93C7CB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{C4A7978D-A90A-4F58-AB0D-50F507DA3A22}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{A44BEDEB-10E6-4F0E-96FA-F66D95193ACA}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{4000176F-F48A-45EB-87DB-D032C57F9EE8}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

"{3279511F-9A2F-4CE5-891C-F0F30A525397}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2008-01-04 17:15 41456]

R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-05-08 3552256]

R3 winbondcir;Winbond IR Transceiver;C:\Windows\system32\DRIVERS\winbondcir.sys [2008-01-24 43008]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-24 179712]

S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]

S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Users\Claes\AppData\Roaming\Mozilla\Firefox\Profiles\pnax6d9t.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.netvibes.com/

FF -: plugin - C:\Program Files\Opera\program\plugins\np-mswmp.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-02 21:23:10

Windows 6.0.6001 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\Windows\Explorer.exe

-> C:\Program Files\SiteAdvisor\6261\saHook.dll

.

Completion time: 2008-09-02 21:24:20

ComboFix-quarantined-files.txt 2008-09-02 19:24:11

ComboFix2.txt 2008-09-02 18:38:23

 

Pre-Run: 106,663,702,528 byte ledig

Post-Run: 106,626,506,752 byte ledig

 

297 --- E O F --- 2008-09-02 13:55:20

 

 

 

:dontgetit:

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste
×
×
  • Opprett ny...