Keiseren av Grønland Skrevet 14. februar 2009 Del Skrevet 14. februar 2009 Dette er det merkeligste jeg har vært borti, og oppfatter det nesten som noen har klart å hacke Google på et eller annet vis. Når jeg søker på Google.com etter hva som helst, så har to av linkene, gjerne nummer 2 og 3, blitt erstattet med China Sex Museum og Porntube. Hvis dette er en eller annen trojan, så plager den meg ikke ellers med noe på PC'en. Var ikke lenge siden jeg kjørte full spywarescan. Er det noen som har vært borti dette? Går det an å løse problemet? Lenke til kommentar
CuriousPencilSharpener Skrevet 14. februar 2009 Del Skrevet 14. februar 2009 Det er nok ikke google som har virus. Det er du som har fått lurt inn noe dritt på PC-en din. Og selv om ikke spyware-løsningen din oppdager det, så så er det noe groms i systemet ditt som ikke skal være der. Har dog ingen tips til hvordan du skal fjerne det. Lenke til kommentar
raWrz Skrevet 14. februar 2009 Del Skrevet 14. februar 2009 (endret) hei. dette er veldig kjent akkurat nå https://www.diskusjon.no/index.php?showtopic=691246 les der det står: Søk med Google / Yahoo blir redirektet til feile sider edit: for og svare på ditt spørsmål ang. om du eller google har virus så er det deg Endret 14. februar 2009 av Submit Lenke til kommentar
raWrz Skrevet 14. februar 2009 Del Skrevet 14. februar 2009 hvis du har en annen data og en minnepenn gjør følgene. last ned combofix fra den andre maskinen og legg den over på minne penn. start den infiserte dataen i sikkerhets modues( tapp F12 under oppstart) og kjør combofix Lenke til kommentar
Keiseren av Grønland Skrevet 14. februar 2009 Forfatter Del Skrevet 14. februar 2009 kan du ikke gi meg en direkte nedlastningslink? til en av serverne utenom bleepingcomputer. Lenke til kommentar
norbat Skrevet 14. februar 2009 Del Skrevet 14. februar 2009 (endret) http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Du kunne også ha sjekket følgende: Stopp TDSSserv.sys, hvis denne kjører på pc'n din, slik at du får mulighet til å hente f.eks. Malwarebytes anti-malware (MBAM). Før du installerer MBAM, endrer du navnet på installasjonsfila til noe annet eks. navnetditt.exe. Om man ikke får oppdatert programmet, så kjør allikevel en rask skann med mbam. Du stopper tjenesten ved å gjøre følgende: Gå til Kontrollpanel->System->Maskinvare->Enhetsbehandling Velg Vis->Vis skjulte enheter Klikk på plusstegnet framfor "Drivere som ikke er Plug and Play-kompatible" Bla deg ned til TDSSserv.sys, høyreklikk på fila og velg Deaktiver. Restart pc'n. Du skal nå kunne komme deg på nett for å hente MBAM, oppdatere og kjørt en skann som vil slette oppføringene til denne malwaren. Endret 14. februar 2009 av norbat Lenke til kommentar
Keiseren av Grønland Skrevet 14. februar 2009 Forfatter Del Skrevet 14. februar 2009 fant ikke TDSSserv.sys der. Jeg deaktiverte denne for ikke så lenge siden, da jeg lagde ent råd tidligere om et nytt spyware program. Hvordan var det man startet opp i sikkerhetsmodus igjen? Jeg prøvde å holde inn F12 uten at noe skjedde. Startet maskinen flere ganger nå å trykket på F8, F4 og DEL uten at jeg får den menyen for oppstart. Lenke til kommentar
norbat Skrevet 14. februar 2009 Del Skrevet 14. februar 2009 Du trykker på F8 under oppstart. Lenke til kommentar
Keiseren av Grønland Skrevet 15. februar 2009 Forfatter Del Skrevet 15. februar 2009 Nå fikk jeg fjerna det (tror jeg) Dobbeltklikka på Combofix, lot det kjøre og starte maskinen to ganger på egen hånd. Jeg dro derimot ingen logfil inn på combofix ikonet...? Kjørte også malwarebytes og lot det fjerne én infisert fil Lenke til kommentar
raWrz Skrevet 15. februar 2009 Del Skrevet 15. februar 2009 post de loggene:) combofix loggen finner du i C:\Combofix.txt og MBAM loggen finner du under Loggfiler når du starter opp programmet Lenke til kommentar
Keiseren av Grønland Skrevet 15. februar 2009 Forfatter Del Skrevet 15. februar 2009 (endret) Sånn, combofix: ComboFix 09-02-12.03 - Marius 2009-02-15 0:48:30.2 - NTFSx86 Kjører fra: c:\documents and settings\Marius\Skrivebord\hullet.exe ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\cdmxtras c:\windows\cdmxtras\uninst.exe c:\windows\system32\adsmsextq.exe c:\windows\system32\adsmsexty.exe c:\windows\system32\cache329 c:\windows\system32\cache329\B_329_0_0_106800.htm c:\windows\system32\cache329\B_329_0_0_107400.htm c:\windows\system32\cache329\B_329_1_0_449200.gif c:\windows\system32\cache329\B_329_1_0_454300.gif c:\windows\system32\cache329\B_329_2_0_106800.htm c:\windows\system32\cache329\B_329_2_0_107400.htm c:\windows\system32\cache329\B_329_3_0_106800.htm c:\windows\system32\cache329\B_329_3_0_107400.htm c:\windows\system32\cache329\t_B_329_0_0_106800.htm c:\windows\system32\cache329\t_B_329_0_0_107400.htm c:\windows\system32\cache329\t_B_329_2_0_106800.htm c:\windows\system32\cache329\t_B_329_2_0_107400.htm c:\windows\system32\cache329\t_B_329_3_0_106800.htm c:\windows\system32\cache329\t_B_329_3_0_107400.htm c:\windows\system32\drivers\UACuwylvroy.sys c:\windows\system32\TDSSorvd.dat c:\windows\system32\UACewijnbaq.dll c:\windows\system32\UAChxehtitl.dll c:\windows\system32\UACklttlyrn.log c:\windows\system32\UACngbatksg.log c:\windows\system32\UACotmgfekj.log c:\windows\system32\UACotvkfypm.dll c:\windows\system32\UACpmevdyib.dat c:\windows\system32\UACqppjsuwl.dll . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_UACd.sys -------\Legacy_TDSSSERV.SYS -------\Legacy_CRYPTSVCSSDPSRV -------\Legacy_NVCSCHEDULERCLR_OPTIMIZATION_V2.0.50727_32 -------\Service_CryptSvcSSDPSRV -------\Service_NVCSchedulerclr_optimization_v2.0.50727_32 ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-15 til 2009-02-15 ))))))))))))))))))))))))))))))))) . 2009-02-14 22:09 . 2009-02-14 22:25 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2009-02-14 22:09 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-14 22:09 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-11 01:29 . 2009-02-14 22:21 5,182 --a------ c:\windows\system32\uacinit.dll 2009-02-09 00:17 . 2009-02-09 00:17 <DIR> d-------- c:\documents and settings\Marius\Programdata\vlc 2009-02-02 00:23 . 2009-02-02 00:23 4,510 --a------ C:\Silent 16-17 khz.mp3 2009-01-31 17:48 . 2009-01-31 17:48 91 --a------ c:\windows\system32\1037ay.sys 2009-01-30 13:40 . 2009-01-30 13:40 <DIR> d--hs---- c:\documents and settings\Marius\IECompatCache 2009-01-30 13:37 . 2009-01-30 13:37 <DIR> d--hs---- c:\documents and settings\Marius\IETldCache 2009-01-30 13:32 . 2009-01-30 13:33 <DIR> d--h-c--- c:\windows\ie8 2009-01-30 13:31 . 2009-01-11 06:00 79,360 -----c--- c:\windows\system32\dllcache\iecompat.dll 2009-01-27 20:00 . 2009-01-27 20:00 <DIR> d-------- c:\programfiler\Fellesfiler\Windows Live 2009-01-15 02:23 . 2009-01-15 02:23 53,248 --------- c:\windows\system32\msrating.dll.mui 2009-01-15 02:23 . 2009-01-15 02:23 2,560 --------- c:\windows\system32\mshta.exe.mui 2009-01-15 02:21 . 2009-01-15 02:21 81,920 --------- c:\windows\system32\iedkcs32.dll.mui 2009-01-15 02:21 . 2009-01-15 02:21 4,096 --------- c:\windows\system32\ie4uinit.exe.mui 2009-01-15 02:04 . 2009-01-15 02:04 18,944 -----c--- c:\windows\system32\dllcache\corpol.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-14 23:41 --------- d-----w c:\documents and settings\Marius\Programdata\uTorrent 2009-02-12 00:55 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help 2009-02-05 22:27 --------- d-----w c:\programfiler\Norton Security Scan 2008-12-19 17:38 --------- d-----w c:\programfiler\Windows Live Safety Center 2008-10-02 20:51 66,808 ----a-w c:\documents and settings\Marius\Programdata\GDIPFONTCACHEV1.DAT 2007-11-11 23:26 22,328 ----a-w c:\documents and settings\Marius\Programdata\PnkBstrK.sys 2008-09-13 14:29 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008091320080914\index.dat . ------- Sigcheck ------- 2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys 2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys 2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys 2008-06-20 11:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\$NtServicePackUninstall$\tcpip.sys 2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys 2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys 2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys 2008-04-13 20:20 361344 accf5a9a1ffaa490f33dba1c632b95e1 c:\windows\ServicePackFiles\i386\tcpip.sys 2008-06-20 12:51 361600 9425b72f40257b45d45d24773273dad0 c:\windows\system32\dllcache\tcpip.sys 2008-06-20 12:51 361600 9425b72f40257b45d45d24773273dad0 c:\windows\system32\drivers\tcpip.sys . . -- Snapshot resatt til dagens dato -- . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= vdrcodec.dll "msacm.enc"= ITIG726.acm "VIDC.MJPG"= Pvmjpg30.dll "vidc.CDVC"= cdvccodc.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^AutoStart IR.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\AutoStart IR.lnk backup=c:\windows\pss\AutoStart IR.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^InterVideo WinCinema Manager.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\InterVideo WinCinema Manager.lnk backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Logitech SetPoint.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Marius^Start-meny^Programmer^Oppstart^XFX Game Controller.lnk] path=c:\documents and settings\Marius\Start-meny\Programmer\Oppstart\XFX Game Controller.lnk backup=c:\windows\pss\XFX Game Controller.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareStrike [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 21:16 39792 c:\programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobemgr] c:\windows\system32\adobemgr.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe] --a------ 2002-12-06 16:07 617984 c:\program files\ASUS\Probe\AsusProb.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet] c:\programfiler\BitComet\BitComet.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-14 17:22 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2007-08-29 16:09 171464 c:\programfiler\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] c:\programfiler\D-Tools\daemon.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C42 Series] --a------ 2002-02-19 04:03 74240 c:\windows\system32\spool\drivers\w32x86\3\E_S10IC2.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fraps] --a------ 2005-08-15 14:12 2822144 c:\fraps\fraps.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2007-08-24 07:00 33648 c:\programfiler\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] --a------ 2004-08-04 06:31 208952 c:\windows\ime\IMJP8_1\imjpmig.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-11-20 13:20 290088 c:\programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList] --a------ 2007-03-21 14:41 145496 c:\programfiler\Pinnacle\Studio 11\LaunchList2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair] --a------ 2003-06-30 19:56 188416 c:\programfiler\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] --a------ 2003-06-30 19:56 188416 c:\programfiler\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] --a------ 2003-06-30 20:00 65536 c:\programfiler\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-10-18 11:34 5724184 c:\programfiler\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MULTIMEDIA KEYBOARD] --a------ 2001-11-08 21:28 147456 c:\programfiler\Netropa\Multimedia Keyboard\MMKeybd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] c:\programfiler\Ahead\Nero BackItUp\NBJ.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norman ZANDA] --a------ 2008-06-02 14:46 273520 c:\norman\npm\bin\Zlh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-09-17 01:07 8491008 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune] --a------ 2007-07-03 12:32 81920 c:\programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-09-17 01:07 81920 c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4] --a------ 2006-10-11 11:45 75304 c:\programfiler\ScanSoft\OmniPageSE4.0\OpWareSE4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] --a------ 2004-08-04 06:32 455168 c:\windows\system32\IME\TINTLGNT\tintsetp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] --a------ 2004-08-04 06:32 455168 c:\windows\system32\IME\TINTLGNT\tintsetp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Scan] c:\programfiler\Power Scan\powerscan.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-11-04 10:30 413696 c:\programfiler\QuickTime Alternative\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 19:24 32768 c:\programfiler\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] --a------ 2006-09-28 12:16 185896 c:\programfiler\Fellesfiler\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-03-14 02:43 83608 c:\programfiler\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfAccuracy] c:\programfiler\SurfAccuracy\SAcc.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-07-28 13:20 68856 c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] --a------ 2009-02-09 11:59 270128 c:\programfiler\uTorrent\uTorrent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-09-17 01:07 1626112 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2004-11-15 11:20 77824 c:\windows\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "xmlprov"=3 (0x3) "WZCSVC"=2 (0x2) "WudfSvc"=3 (0x3) "wuauserv"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "WmiApSrv"=3 (0x3) "WmdmPmSN"=3 (0x3) "WMDM PMSP Service"=2 (0x2) "WLSetupSvc"=3 (0x3) "winmgmt"=2 (0x2) "WebClient"=2 (0x2) "W32Time"=2 (0x2) "VSS"=3 (0x3) "usnjsvc"=3 (0x3) "UPS"=3 (0x3) "upnphost"=3 (0x3) "UleadBurningHelper"=2 (0x2) "TVersityMediaServer"=2 (0x2) "TrkWks"=2 (0x2) "Themes"=2 (0x2) "TermService"=3 (0x3) "TapiSrv"=3 (0x3) "SysmonLog"=3 (0x3) "SwPrv"=3 (0x3) "stisvc"=2 (0x2) "SSDPSRV"=3 (0x3) "srservice"=2 (0x2) "Spooler"=2 (0x2) "ShellHWDetection"=2 (0x2) "SharedAccess"=2 (0x2) "SENS"=2 (0x2) "seclogon"=2 (0x2) "Schedule"=2 (0x2) "SCardSvr"=3 (0x3) "SamSs"=2 (0x2) "RSVP"=3 (0x3) "RDSessMgr"=3 (0x3) "RasMan"=3 (0x3) "RasAuto"=3 (0x3) "ProtectedStorage"=2 (0x2) "PolicyAgent"=2 (0x2) "PlugPlay"=2 (0x2) "PCLEPCI"=2 (0x2) "ose"=3 (0x3) "odserv"=3 (0x3) "NVSvc"=2 (0x2) "NVCSchedulerclr_optimization_v2.0.50727_32"=2 (0x2) "NVCScheduler"=3 (0x3) "nvcoas"=3 (0x3) "nTuneService"=2 (0x2) "NtmsSvc"=3 (0x3) "NtLmSsp"=3 (0x3) "nsesvc"=3 (0x3) "Norman ZANDA"=2 (0x2) "Norman NJeeves"=3 (0x3) "Nla"=3 (0x3) "nhksrv"=2 (0x2) "Netman"=3 (0x3) "Netlogon"=3 (0x3) "napagent"=3 (0x3) "MSIServer"=3 (0x3) "MSDTC"=3 (0x3) "mnmsrvc"=3 (0x3) "Microsoft Office Groove Audit Service"=3 (0x3) "LmHosts"=2 (0x2) "lanmanworkstation"=2 (0x2) "lanmanserver"=2 (0x2) "iPod Service"=3 (0x3) "ImapiService"=3 (0x3) "IDriverT"=3 (0x3) "HTTPFilter"=3 (0x3) "hkmsvc"=3 (0x3) "helpsvc"=2 (0x2) "gusvc"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) "FastUserSwitchingCompatibility"=3 (0x3) "EventSystem"=3 (0x3) "Eventlog"=2 (0x2) "ERSvc"=2 (0x2) "EPSONStatusAgent2"=2 (0x2) "eLoggerSvc6"=2 (0x2) "EapHost"=3 (0x3) "Dot3svc"=3 (0x3) "Dnscache"=2 (0x2) "dmserver"=3 (0x3) "dmadmin"=3 (0x3) "Dhcp"=2 (0x2) "CryptSvcSSDPSRV"=2 (0x2) "CryptSvc"=2 (0x2) "Creative Service for CDROM Access"=2 (0x2) "COMSysApp"=3 (0x3) "clr_optimization_v2.0.50727_32"=3 (0x3) "cisvc"=3 (0x3) "CCALib8"=2 (0x2) "Browser"=2 (0x2) "Bonjour Service"=2 (0x2) "BITS"=3 (0x3) "AudioSrv"=2 (0x2) "aspnet_state"=3 (0x3) "AppMgmt"=3 (0x3) "Apple Mobile Device"=2 (0x2) "ALG"=3 (0x3) "6to4"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Programfiler\\iTunes\\iTunes.exe"= R3 nvcfsr;nvcfsr;c:\norman\Nvc\bin\nvcfsr.sys [2007-01-09 6712] R3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcw32mf.sys [2007-06-20 19000] R3 nvcoafl51;nvcoafl51;c:\norman\Nvc\bin\nvcoafl51.sys [2007-01-09 30264] R3 nvcoaft51;nvcoaft51;c:\norman\Nvc\bin\nvcoaft51.sys [2007-01-09 129848] R3 nvcoarc51;nvcoarc51;c:\norman\Nvc\bin\nvcoarc51.sys [2007-01-09 23224] R4 nhksrv;Netropa NHK Server;c:\programfiler\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672] R4 nsesvc;Norman Scanner Engine Service;c:\norman\Nse\bin\NSESVC.EXE [2008-11-27 183352] R4 nvcoas;Norman Virus Control on-access component;c:\norman\Nvc\bin\nvcoas.exe [2008-04-29 183352] R4 NVCScheduler;Norman Virus Control Scheduler;c:\norman\Nvc\BIN\NVCSCHED.EXE [2008-03-11 146488] S1 LtcyCfgDrv;PCI Latency Tool driver;c:\windows\system32\drivers\LtcyCfgDrv.sys [2005-07-08 2816] S1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\DRIVERS\msikbd2k.sys [2001-10-15 6656] S2 Ndiskio;Ndiskio;c:\norman\Nse\bin\NDISKIO.SYS [2007-01-02 20448] --- Andre tjenester/drivere lastet i minnet --- *Deregistered* - AFD *Deregistered* - Arp1394 *Deregistered* - aslm75 *Deregistered* - atapi *Deregistered* - audstub *Deregistered* - Beep *Deregistered* - Cdfs *Deregistered* - CryptSvc *Deregistered* - DcomLaunch *Deregistered* - ERSvc *Deregistered* - Fastfat *Deregistered* - Fips *Deregistered* - FltMgr *Deregistered* - Ftdisk *Deregistered* - Gpc *Deregistered* - Hardlock *Deregistered* - helpsvc *Deregistered* - imagesrv *Deregistered* - ip6fw *Deregistered* - IpNat *Deregistered* - IPSec *Deregistered* - isapnp *Deregistered* - KSecDD *Deregistered* - LtcyCfgDrv *Deregistered* - MarvinBus *Deregistered* - mnmdd *Deregistered* - MountMgr *Deregistered* - MRxSmb *Deregistered* - Msfs *Deregistered* - mssmbios *Deregistered* - Mup *Deregistered* - NDIS *Deregistered* - Ndiskio *Deregistered* - NdisTapi *Deregistered* - NdisWan *Deregistered* - NDProxy *Deregistered* - NetBIOS *Deregistered* - NetBT *Deregistered* - Npfs *Deregistered* - Ntfs *Deregistered* - Null *Deregistered* - PartMgr *Deregistered* - ParVdm *Deregistered* - PCI *Deregistered* - PCIIde *Deregistered* - PfModNT *Deregistered* - PptpMiniport *Deregistered* - PQNTDrv *Deregistered* - PSched *Deregistered* - RasAcd *Deregistered* - Rasl2tp *Deregistered* - RasPppoe *Deregistered* - Raspti *Deregistered* - Rdbss *Deregistered* - RDPCDD *Deregistered* - RpcSs *Deregistered* - Secdrv *Deregistered* - Spooler *Deregistered* - sptd *Deregistered* - sr *Deregistered* - srservice *Deregistered* - swenum *Deregistered* - Tcpip *Deregistered* - Tcpip6 *Deregistered* - TermDD *Deregistered* - tunmp *Deregistered* - Update *Deregistered* - VgaSave *Deregistered* - VolSnap *Deregistered* - Wanarp *Deregistered* - WS2IFSL *Deregistered* - wuauserv [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-02-13 c:\windows\Tasks\1-Click Maintenance.job - c:\programfiler\TuneUp Utilities 2006\SystemOptimizer.exe [] 2008-08-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-02-14 c:\windows\Tasks\At1.job - c:\windows\system32\6EomrX84.exe [] 2008-10-27 c:\windows\Tasks\At10.job - c:\windows\system32\6EomrX84.exe [] 2009-01-21 c:\windows\Tasks\At11.job - c:\windows\system32\6EomrX84.exe [] 2009-02-05 c:\windows\Tasks\At12.job - c:\windows\system32\6EomrX84.exe [] 2009-02-11 c:\windows\Tasks\At13.job - c:\windows\system32\6EomrX84.exe [] 2009-02-13 c:\windows\Tasks\At14.job - c:\windows\system32\6EomrX84.exe [] 2009-02-13 c:\windows\Tasks\At15.job - c:\windows\system32\6EomrX84.exe [] 2009-02-14 c:\windows\Tasks\At16.job - c:\windows\system32\6EomrX84.exe [] 2009-02-14 c:\windows\Tasks\At17.job - c:\windows\system32\6EomrX84.exe [] 2009-02-14 c:\windows\Tasks\At18.job - c:\windows\system32\6EomrX84.exe [] 2009-02-14 c:\windows\Tasks\At19.job - c:\windows\system32\6EomrX84.exe [] 2009-02-14 c:\windows\Tasks\At2.job - c:\windows\system32\6EomrX84.exe [] 2009-02-14 c:\windows\Tasks\At20.job - c:\windows\system32\6EomrX84.exe [] 2009-02-14 c:\windows\Tasks\At21.job - c:\windows\system32\6EomrX84.exe [] 2009-02-14 c:\windows\Tasks\At22.job - c:\windows\system32\6EomrX84.exe [] 2009-02-13 c:\windows\Tasks\At23.job - c:\windows\system32\6EomrX84.exe [] 2009-02-14 c:\windows\Tasks\At24.job - c:\windows\system32\6EomrX84.exe [] 2009-02-13 c:\windows\Tasks\At25.job - c:\windows\system32\672U15I5.exe [] 2009-02-14 c:\windows\Tasks\At26.job - c:\windows\system32\672U15I5.exe [] 2009-02-14 c:\windows\Tasks\At27.job - c:\windows\system32\672U15I5.exe [] 2009-02-13 c:\windows\Tasks\At28.job - c:\windows\system32\672U15I5.exe [] 2008-12-16 c:\windows\Tasks\At29.job - c:\windows\system32\672U15I5.exe [] 2009-02-14 c:\windows\Tasks\At3.job - c:\windows\system32\6EomrX84.exe [] 2008-10-05 c:\windows\Tasks\At30.job - c:\windows\system32\672U15I5.exe [] 2008-10-05 c:\windows\Tasks\At31.job - c:\windows\system32\672U15I5.exe [] 2008-10-05 c:\windows\Tasks\At32.job - c:\windows\system32\672U15I5.exe [] 2008-10-22 c:\windows\Tasks\At33.job - c:\windows\system32\672U15I5.exe [] 2008-10-27 c:\windows\Tasks\At34.job - c:\windows\system32\672U15I5.exe [] 2009-01-21 c:\windows\Tasks\At35.job - c:\windows\system32\672U15I5.exe [] 2009-02-05 c:\windows\Tasks\At36.job - c:\windows\system32\672U15I5.exe [] 2009-02-11 c:\windows\Tasks\At37.job - c:\windows\system32\672U15I5.exe [] 2009-02-13 c:\windows\Tasks\At38.job - c:\windows\system32\672U15I5.exe [] 2009-02-13 c:\windows\Tasks\At39.job - c:\windows\system32\672U15I5.exe [] 2009-02-13 c:\windows\Tasks\At4.job - c:\windows\system32\6EomrX84.exe [] 2009-02-14 c:\windows\Tasks\At40.job - c:\windows\system32\672U15I5.exe [] 2009-02-14 c:\windows\Tasks\At41.job - c:\windows\system32\672U15I5.exe [] 2009-02-14 c:\windows\Tasks\At42.job - c:\windows\system32\672U15I5.exe [] 2009-02-14 c:\windows\Tasks\At43.job - c:\windows\system32\672U15I5.exe [] 2009-02-14 c:\windows\Tasks\At44.job - c:\windows\system32\672U15I5.exe [] 2009-02-14 c:\windows\Tasks\At45.job - c:\windows\system32\672U15I5.exe [] 2009-02-14 c:\windows\Tasks\At46.job - c:\windows\system32\672U15I5.exe [] 2009-02-13 c:\windows\Tasks\At47.job - c:\windows\system32\672U15I5.exe [] 2009-02-14 c:\windows\Tasks\At48.job - c:\windows\system32\672U15I5.exe [] 2008-12-16 c:\windows\Tasks\At5.job - c:\windows\system32\6EomrX84.exe [] 2008-07-13 c:\windows\Tasks\At6.job - c:\windows\system32\6EomrX84.exe [] 2008-07-13 c:\windows\Tasks\At7.job - c:\windows\system32\6EomrX84.exe [] 2008-08-22 c:\windows\Tasks\At8.job - c:\windows\system32\6EomrX84.exe [] 2008-10-22 c:\windows\Tasks\At9.job - c:\windows\system32\6EomrX84.exe [] 2009-02-14 c:\windows\Tasks\RegCure Program Check.job - c:\programfiler\RegCure\RegCure.exe [] 2009-01-01 c:\windows\Tasks\RegCure.job - c:\programfiler\RegCure\RegCure.exe [] . - - - - TOMME PEKERE FJERNET - - - - MSConfigStartUp-Adobe Photo Downloader - c:\programfiler\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.vg.no/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {B91BED64-CB32-47F7-A6D9-7F1FE6930400} = 217.13.7.140,217.13.4.24 DPF: {78D80081-F388-11D3-9161-00105A07EA40} - hxxp://www.leadtools.com/cabs/LCODCCMPE.CAB FF - ProfilePath - c:\documents and settings\Marius\Programdata\Mozilla\Firefox\Profiles\zu2ujkkd.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - plugin: c:\program files\Garmin GPS Plugin\npGarmin.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-15 01:00:46 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk21] "ImagePath"="\??\c:\windows\system32\Drivers\HNPsSdk.drv" . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-1390067357-484763869-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C1507CFF-87E4-A9F0-48A5-C7FD4DFD33A1}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "abaflhlejkbehiaggdfbllnecijokffefb"=hex:61,61,00,00 "bbaflhlejkbehiaggdoakoofgoenbakbdkdn"=hex:61,61,00,00 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,5a,2d,18,cc,72, 56,4f,5a,e2,63,26,f1,3f,c8,ff,68,2a,a9,58,ae,01,e6,0e,9b,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,ff,27,a0,43,73, 1a,91,c5,6a,9c,d6,61,af,45,84,18,67,83,65,aa,ab,d0,31,f8,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,04,0a,1f,25,1d, 34,78,1d,ff,7c,85,e0,43,d4,0e,fe,38,56,1c,1a,d3,a0,3c,47,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,84,98,53,bc,20, d0,7b,84,86,8c,21,01,be,91,eb,e7,0e,2e,f2,0c,ec,a2,a0,35,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,52,5b,a6,76,3f, 38,a9,36,f5,1d,4d,73,a8,13,5c,05,ae,22,6f,07,ac,7a,1b,e6,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,d6,7d,fd,9e,a7, 74,77,13,df,20,58,62,78,6b,cf,c8,b6,21,78,a9,f7,f6,9b,d7,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,80,b4,e2,57,a7, 42,fb,e5,fb,a7,78,e6,12,2f,9a,ea,9d,ee,16,83,26,e3,75,83,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:c0,2b,84,33,35,5a,dd,af,a2,e0,9d,5d,b3,36,7c,8d,82,a6,04,97,f9, c4,d0,94,d3,3b,20,44,b5,11,e1,34,c9,47,86,91,ed,0c,1b,1c,02,b0,c7,85,7c,b0,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,5b,34,16,23,e4, 3a,52,1e,01,3a,48,fc,e8,04,4a,f1,40,ee,12,9c,3b,67,20,09,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,89,0d,76,f6,38, a3,50,ef,f6,0f,4e,58,98,5b,89,c9,98,19,0b,99,5b,ea,87,e0,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,9a,86,84,a6,46, 87,5a,17,3d,ce,ea,26,2d,45,aa,78,6f,b2,3b,c6,bb,10,70,00,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,5c,7f,2f,6a,2b, 7f,47,ba,2a,b7,cc,b5,b9,7f,41,e7,5f,53,c8,3b,ad,ff,75,c4,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,8f,82,73,13,93, 8a,d8,30,6c,43,2d,1e,aa,22,2f,9c,51,c0,29,f5,17,73,04,2b,6c,43,2d,1e,aa,22,\ [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:c0,2b,84,33,35,5a,dd,af,a2,e0,9d,5d,b3,36,7c,8d,82,a6,04,97,f9, c4,d0,94,d3,3b,20,44,b5,11,e1,34,c9,47,86,91,ed,0c,1b,1c,02,b0,c7,85,7c,b0,\ . Tidspunkt ferdig: 2009-02-15 1:09:33 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2009-02-15 00:09:31 ComboFix2.txt 2008-07-12 19:24:03 ComboFix3.txt 2008-07-12 12:29:06 ComboFix4.txt 2008-07-11 22:19:25 ComboFix5.txt 2009-02-14 23:44:20 Pre-Run: 68,003,545,088 byte ledig Post-Run: 70,869,721,088 byte ledig 9951 --- E O F --- 2009-02-12 00:56:49 Endret 15. februar 2009 av Ramius Lenke til kommentar
norbat Skrevet 15. februar 2009 Del Skrevet 15. februar 2009 Hvis combofix-loggen er svært lang, kan du fjerne det som ligger under snapshot-delen. Evt. kan du laste opp loggene som vedlegg. Lenke til kommentar
Keiseren av Grønland Skrevet 15. februar 2009 Forfatter Del Skrevet 15. februar 2009 Oppdaterte den nå, og fjernet snapshots Lenke til kommentar
norbat Skrevet 15. februar 2009 Del Skrevet 15. februar 2009 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. File:: c:\windows\system32\uacinit.dll Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobemgr] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Scan] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfAccuracy] Sjekk følgende filer på Virustotal: c:\windows\system32\1037ay.sys c:\windows\system32\drivers\tcpip.sys Gi tilbakemelding på hva som evt. ble funnet på filene. Gå til følgnede mappa: c:\windows\Tasks Og slett følgende oppføringer: c:\windows\Tasks\1-Click Maintenance.job c:\windows\Tasks\At1.job til AT48.job c:\windows\Tasks\RegCure Program Check.job c:\windows\Tasks\RegCure.job Oppdater MBAM og kjør en ny rask skann. Hvis den finner noe av interesse, post loggen. Lenke til kommentar
Keiseren av Grønland Skrevet 15. februar 2009 Forfatter Del Skrevet 15. februar 2009 Gjorde nettopp som du sa, her er ny combofix: ComboFix 09-02-15.01 - Marius 2009-02-15 23:30:14.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1044.18.1023.498 [GMT 1:00] Kjører fra: c:\documents and settings\Marius\Skrivebord\Combofix.exe Command switches brukt :: c:\documents and settings\Marius\Skrivebord\CFScript.txt AV: Norman Virus Control ver. 5.99 *On-access scanning enabled* (Updated) * Opprettet nytt gjenopprettingspunkt ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! FILE :: c:\windows\system32\uacinit.dll . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\zip32.dll . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-01-15 til 2009-02-15 ))))))))))))))))))))))))))))))))) . 2009-02-15 00:44 . 2009-02-15 01:09 <DIR> d-------- C:\hullet 2009-02-14 22:09 . 2009-02-14 22:25 <DIR> d-------- c:\programfiler\Malwarebytes' Anti-Malware 2009-02-14 22:09 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-14 22:09 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-09 00:17 . 2009-02-09 00:17 <DIR> d-------- c:\documents and settings\Marius\Programdata\vlc 2009-02-02 00:23 . 2009-02-02 00:23 4,510 --a------ C:\Silent 16-17 khz.mp3 2009-01-31 17:48 . 2009-01-31 17:48 91 --a------ c:\windows\system32\1037ay.sys 2009-01-30 13:40 . 2009-01-30 13:40 <DIR> d--hs---- c:\documents and settings\Marius\IECompatCache 2009-01-30 13:37 . 2009-01-30 13:37 <DIR> d--hs---- c:\documents and settings\Marius\IETldCache 2009-01-30 13:32 . 2009-01-30 13:33 <DIR> d--h-c--- c:\windows\ie8 2009-01-30 13:31 . 2009-01-11 06:00 79,360 -----c--- c:\windows\system32\dllcache\iecompat.dll 2009-01-27 20:00 . 2009-01-27 20:00 <DIR> d-------- c:\programfiler\Fellesfiler\Windows Live 2009-01-15 02:23 . 2009-01-15 02:23 53,248 --------- c:\windows\system32\msrating.dll.mui 2009-01-15 02:23 . 2009-01-15 02:23 2,560 --------- c:\windows\system32\mshta.exe.mui 2009-01-15 02:21 . 2009-01-15 02:21 81,920 --------- c:\windows\system32\iedkcs32.dll.mui 2009-01-15 02:21 . 2009-01-15 02:21 4,096 --------- c:\windows\system32\ie4uinit.exe.mui 2009-01-15 02:04 . 2009-01-15 02:04 18,944 -----c--- c:\windows\system32\dllcache\corpol.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-15 22:37 --------- d-----w c:\documents and settings\Marius\Programdata\uTorrent 2009-02-12 00:55 --------- d-----w c:\documents and settings\All Users\Programdata\Microsoft Help 2009-02-05 22:27 --------- d-----w c:\programfiler\Norton Security Scan 2009-01-15 01:05 911,872 ----a-w c:\windows\system32\wininet.dll 2009-01-15 01:05 43,008 ----a-w c:\windows\system32\licmgr10.dll 2009-01-15 01:04 18,944 ----a-w c:\windows\system32\corpol.dll 2009-01-15 01:03 72,704 ----a-w c:\windows\system32\admparse.dll 2009-01-15 01:03 71,680 ----a-w c:\windows\system32\iesetup.dll 2009-01-15 01:03 420,352 ----a-w c:\windows\system32\vbscript.dll 2009-01-15 01:01 34,304 ----a-w c:\windows\system32\imgutil.dll 2009-01-15 01:00 48,128 ----a-w c:\windows\system32\mshtmler.dll 2009-01-15 01:00 45,568 ----a-w c:\windows\system32\mshta.exe 2009-01-15 00:50 156,160 ----a-w c:\windows\system32\msls31.dll 2008-12-19 17:38 --------- d-----w c:\programfiler\Windows Live Safety Center 2008-12-08 19:45 23,040 --sha-w c:\windows\system32\1037a.dll 2008-10-02 20:51 66,808 ----a-w c:\documents and settings\Marius\Programdata\GDIPFONTCACHEV1.DAT 2007-11-11 23:26 22,328 ----a-w c:\documents and settings\Marius\Programdata\PnkBstrK.sys 2008-09-13 14:29 32,768 --sha-w c:\windows\system32\config\systemprofile\Lokale innstillinger\Logg\History.IE5\MSHist012008091320080914\index.dat . ------- Sigcheck ------- 2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys 2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys 2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys 2008-06-20 11:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\$NtServicePackUninstall$\tcpip.sys 2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys 2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys 2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys 2008-04-13 20:20 361344 accf5a9a1ffaa490f33dba1c632b95e1 c:\windows\ServicePackFiles\i386\tcpip.sys 2008-06-20 12:51 361600 9425b72f40257b45d45d24773273dad0 c:\windows\system32\dllcache\tcpip.sys 2008-06-20 12:51 361600 9425b72f40257b45d45d24773273dad0 c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( SnapShot_2009-02-15_ 1.09.00.75 ))))))))))))))))))))))))))))))))))))))))) . + 2009-02-15 11:24:38 16,384 ----atw c:\windows\temp\Perflib_Perfdata_39c.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\programfiler\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "uTorrent"="c:\programfiler\uTorrent\uTorrent.exe" [2009-02-09 270128] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ASUS Probe"="c:\program files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= vdrcodec.dll "msacm.enc"= ITIG726.acm "VIDC.MJPG"= Pvmjpg30.dll "vidc.CDVC"= cdvccodc.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^AutoStart IR.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\AutoStart IR.lnk backup=c:\windows\pss\AutoStart IR.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^InterVideo WinCinema Manager.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\InterVideo WinCinema Manager.lnk backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Logitech SetPoint.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Marius^Start-meny^Programmer^Oppstart^XFX Game Controller.lnk] path=c:\documents and settings\Marius\Start-meny\Programmer\Oppstart\XFX Game Controller.lnk backup=c:\windows\pss\XFX Game Controller.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 21:16 39792 c:\programfiler\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe] --a------ 2002-12-06 16:07 617984 c:\program files\ASUS\Probe\AsusProb.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet] c:\programfiler\BitComet\BitComet.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-14 17:22 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2007-08-29 16:09 171464 c:\programfiler\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] c:\programfiler\D-Tools\daemon.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C42 Series] --a------ 2002-02-19 04:03 74240 c:\windows\system32\spool\drivers\w32x86\3\E_S10IC2.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fraps] --a------ 2005-08-15 14:12 2822144 c:\fraps\fraps.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2007-08-24 07:00 33648 c:\programfiler\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] --a------ 2004-08-04 06:31 208952 c:\windows\ime\IMJP8_1\imjpmig.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-11-20 13:20 290088 c:\programfiler\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList] --a------ 2007-03-21 14:41 145496 c:\programfiler\Pinnacle\Studio 11\LaunchList2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair] --a------ 2003-06-30 19:56 188416 c:\programfiler\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] --a------ 2003-06-30 19:56 188416 c:\programfiler\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] --a------ 2003-06-30 20:00 65536 c:\programfiler\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-10-18 11:34 5724184 c:\programfiler\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MULTIMEDIA KEYBOARD] --a------ 2001-11-08 21:28 147456 c:\programfiler\Netropa\Multimedia Keyboard\MMKeybd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] c:\programfiler\Ahead\Nero BackItUp\NBJ.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norman ZANDA] --a------ 2008-06-02 14:46 273520 c:\norman\npm\bin\Zlh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-09-17 01:07 8491008 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune] --a------ 2007-07-03 12:32 81920 c:\programfiler\NVIDIA Corporation\nTune\nTuneCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2007-09-17 01:07 81920 c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4] --a------ 2006-10-11 11:45 75304 c:\programfiler\ScanSoft\OmniPageSE4.0\OpWareSE4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] --a------ 2004-08-04 06:32 455168 c:\windows\system32\IME\TINTLGNT\tintsetp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] --a------ 2004-08-04 06:32 455168 c:\windows\system32\IME\TINTLGNT\tintsetp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-11-04 10:30 413696 c:\programfiler\QuickTime Alternative\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-02 19:24 32768 c:\programfiler\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] --a------ 2006-09-28 12:16 185896 c:\programfiler\Fellesfiler\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-03-14 02:43 83608 c:\programfiler\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-07-28 13:20 68856 c:\programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] --a------ 2009-02-09 11:59 270128 c:\programfiler\uTorrent\uTorrent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-09-17 01:07 1626112 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2004-11-15 11:20 77824 c:\windows\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "NVCSchedulerclr_optimization_v2.0.50727_32"=2 (0x2) "CryptSvcSSDPSRV"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"= "c:\\Programfiler\\Bonjour\\mDNSResponder.exe"= "c:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Programfiler\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Programfiler\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Programfiler\\iTunes\\iTunes.exe"= R1 LtcyCfgDrv;PCI Latency Tool driver;c:\windows\system32\drivers\LtcyCfgDrv.sys [2005-07-08 2816] R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [2005-08-11 6656] R2 Ndiskio;Ndiskio;c:\norman\Nse\Bin\Ndiskio.sys [2006-05-25 20448] R2 nhksrv;Netropa NHK Server;c:\programfiler\Netropa\Multimedia Keyboard\nhksrv.exe [2005-08-11 28672] R3 nsesvc;Norman Scanner Engine Service;c:\norman\Nse\Bin\Nsesvc.exe [2009-02-14 183352] R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2007-05-03 19000] R3 nvcoas;Norman Virus Control on-access component;c:\norman\NVC\Bin\Nvcoas.exe [2007-06-14 183352] R3 NVCScheduler;Norman Virus Control Scheduler;c:\norman\NVC\Bin\Nvcsched.exe [2007-05-24 146488] S3 nvcfsr;nvcfsr;c:\norman\NVC\Bin\Nvcfsr.sys [2006-05-25 6712] S3 nvcoafl51;nvcoafl51;c:\norman\NVC\Bin\Nvcoafl51.sys [2006-05-25 30264] S3 nvcoaft51;nvcoaft51;c:\norman\NVC\Bin\Nvcoaft51.sys [2006-05-25 129848] S3 nvcoarc51;nvcoarc51;c:\norman\NVC\Bin\Nvcoarc51.sys [2006-05-25 23224] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-02-13 c:\windows\Tasks\1-Click Maintenance.job - c:\programfiler\TuneUp Utilities 2006\SystemOptimizer.exe [] 2008-08-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programfiler\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-02-14 c:\windows\Tasks\At1.job - c:\windows\system32\6EomrX84.exe [] 2008-10-27 c:\windows\Tasks\At10.job - c:\windows\system32\6EomrX84.exe [] 2009-01-21 c:\windows\Tasks\At11.job - c:\windows\system32\6EomrX84.exe [] 2009-02-05 c:\windows\Tasks\At12.job - c:\windows\system32\6EomrX84.exe [] 2009-02-11 c:\windows\Tasks\At13.job - c:\windows\system32\6EomrX84.exe [] 2009-02-15 c:\windows\Tasks\At14.job - c:\windows\system32\6EomrX84.exe [] 2009-02-15 c:\windows\Tasks\At15.job - c:\windows\system32\6EomrX84.exe [] 2009-02-15 c:\windows\Tasks\At16.job - c:\windows\system32\6EomrX84.exe [] 2009-02-15 c:\windows\Tasks\At17.job - c:\windows\system32\6EomrX84.exe [] 2009-02-15 c:\windows\Tasks\At18.job - c:\windows\system32\6EomrX84.exe [] 2009-02-15 c:\windows\Tasks\At19.job - c:\windows\system32\6EomrX84.exe [] 2009-02-14 c:\windows\Tasks\At2.job - c:\windows\system32\6EomrX84.exe [] 2009-02-15 c:\windows\Tasks\At20.job - c:\windows\system32\6EomrX84.exe [] 2009-02-15 c:\windows\Tasks\At21.job - c:\windows\system32\6EomrX84.exe [] 2009-02-15 c:\windows\Tasks\At22.job - c:\windows\system32\6EomrX84.exe [] 2009-02-15 c:\windows\Tasks\At23.job - c:\windows\system32\6EomrX84.exe [] 2009-02-15 c:\windows\Tasks\At24.job - c:\windows\system32\6EomrX84.exe [] 2009-02-13 c:\windows\Tasks\At25.job - c:\windows\system32\672U15I5.exe [] 2009-02-14 c:\windows\Tasks\At26.job - c:\windows\system32\672U15I5.exe [] 2009-02-14 c:\windows\Tasks\At27.job - c:\windows\system32\672U15I5.exe [] 2009-02-13 c:\windows\Tasks\At28.job - c:\windows\system32\672U15I5.exe [] 2008-12-16 c:\windows\Tasks\At29.job - c:\windows\system32\672U15I5.exe [] 2009-02-14 c:\windows\Tasks\At3.job - c:\windows\system32\6EomrX84.exe [] 2008-10-05 c:\windows\Tasks\At30.job - c:\windows\system32\672U15I5.exe [] 2008-10-05 c:\windows\Tasks\At31.job - c:\windows\system32\672U15I5.exe [] 2008-10-05 c:\windows\Tasks\At32.job - c:\windows\system32\672U15I5.exe [] 2008-10-22 c:\windows\Tasks\At33.job - c:\windows\system32\672U15I5.exe [] 2008-10-27 c:\windows\Tasks\At34.job - c:\windows\system32\672U15I5.exe [] 2009-01-21 c:\windows\Tasks\At35.job - c:\windows\system32\672U15I5.exe [] 2009-02-05 c:\windows\Tasks\At36.job - c:\windows\system32\672U15I5.exe [] 2009-02-11 c:\windows\Tasks\At37.job - c:\windows\system32\672U15I5.exe [] 2009-02-15 c:\windows\Tasks\At38.job - c:\windows\system32\672U15I5.exe [] 2009-02-15 c:\windows\Tasks\At39.job - c:\windows\system32\672U15I5.exe [] 2009-02-13 c:\windows\Tasks\At4.job - c:\windows\system32\6EomrX84.exe [] 2009-02-15 c:\windows\Tasks\At40.job - c:\windows\system32\672U15I5.exe [] 2009-02-15 c:\windows\Tasks\At41.job - c:\windows\system32\672U15I5.exe [] 2009-02-15 c:\windows\Tasks\At42.job - c:\windows\system32\672U15I5.exe [] 2009-02-15 c:\windows\Tasks\At43.job - c:\windows\system32\672U15I5.exe [] 2009-02-15 c:\windows\Tasks\At44.job - c:\windows\system32\672U15I5.exe [] 2009-02-15 c:\windows\Tasks\At45.job - c:\windows\system32\672U15I5.exe [] 2009-02-15 c:\windows\Tasks\At46.job - c:\windows\system32\672U15I5.exe [] 2009-02-15 c:\windows\Tasks\At47.job - c:\windows\system32\672U15I5.exe [] 2009-02-15 c:\windows\Tasks\At48.job - c:\windows\system32\672U15I5.exe [] 2008-12-16 c:\windows\Tasks\At5.job - c:\windows\system32\6EomrX84.exe [] 2008-07-13 c:\windows\Tasks\At6.job - c:\windows\system32\6EomrX84.exe [] 2008-07-13 c:\windows\Tasks\At7.job - c:\windows\system32\6EomrX84.exe [] 2008-08-22 c:\windows\Tasks\At8.job - c:\windows\system32\6EomrX84.exe [] 2008-10-22 c:\windows\Tasks\At9.job - c:\windows\system32\6EomrX84.exe [] 2009-02-15 c:\windows\Tasks\RegCure Program Check.job - c:\programfiler\RegCure\RegCure.exe [] 2009-01-01 c:\windows\Tasks\RegCure.job - c:\programfiler\RegCure\RegCure.exe [] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://www.vg.no/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {B91BED64-CB32-47F7-A6D9-7F1FE6930400} = 217.13.7.140,217.13.4.24 DPF: {78D80081-F388-11D3-9161-00105A07EA40} - hxxp://www.leadtools.com/cabs/LCODCCMPE.CAB FF - ProfilePath - c:\documents and settings\Marius\Programdata\Mozilla\Firefox\Profiles\zu2ujkkd.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - plugin: c:\program files\Garmin GPS Plugin\npGarmin.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-15 23:36:51 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk21] "ImagePath"="\??\c:\windows\system32\Drivers\HNPsSdk.drv" . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-1390067357-484763869-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C1507CFF-87E4-A9F0-48A5-C7FD4DFD33A1}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "abaflhlejkbehiaggdfbllnecijokffefb"=hex:61,61,00,00 "bbaflhlejkbehiaggdoakoofgoenbakbdkdn"=hex:61,61,00,00 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,5a,2d,18,cc,72, 56,4f,5a,e2,63,26,f1,3f,c8,ff,68,2a,a9,58,ae,01,e6,0e,9b,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,ff,27,a0,43,73, 1a,91,c5,6a,9c,d6,61,af,45,84,18,67,83,65,aa,ab,d0,31,f8,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,04,0a,1f,25,1d, 34,78,1d,ff,7c,85,e0,43,d4,0e,fe,38,56,1c,1a,d3,a0,3c,47,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,84,98,53,bc,20, d0,7b,84,86,8c,21,01,be,91,eb,e7,0e,2e,f2,0c,ec,a2,a0,35,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,52,5b,a6,76,3f, 38,a9,36,f5,1d,4d,73,a8,13,5c,05,ae,22,6f,07,ac,7a,1b,e6,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,d6,7d,fd,9e,a7, 74,77,13,df,20,58,62,78,6b,cf,c8,b6,21,78,a9,f7,f6,9b,d7,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,80,b4,e2,57,a7, 42,fb,e5,fb,a7,78,e6,12,2f,9a,ea,9d,ee,16,83,26,e3,75,83,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:c0,2b,84,33,35,5a,dd,af,a2,e0,9d,5d,b3,36,7c,8d,82,a6,04,97,f9, c4,d0,94,d3,3b,20,44,b5,11,e1,34,c9,47,86,91,ed,0c,1b,1c,02,b0,c7,85,7c,b0,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,5b,34,16,23,e4, 3a,52,1e,01,3a,48,fc,e8,04,4a,f1,40,ee,12,9c,3b,67,20,09,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,89,0d,76,f6,38, a3,50,ef,f6,0f,4e,58,98,5b,89,c9,98,19,0b,99,5b,ea,87,e0,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,9a,86,84,a6,46, 87,5a,17,3d,ce,ea,26,2d,45,aa,78,6f,b2,3b,c6,bb,10,70,00,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,5c,7f,2f,6a,2b, 7f,47,ba,2a,b7,cc,b5,b9,7f,41,e7,5f,53,c8,3b,ad,ff,75,c4,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,8f,82,73,13,93, 8a,d8,30,6c,43,2d,1e,aa,22,2f,9c,51,c0,29,f5,17,73,04,2b,6c,43,2d,1e,aa,22,\ [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:c0,2b,84,33,35,5a,dd,af,a2,e0,9d,5d,b3,36,7c,8d,82,a6,04,97,f9, c4,d0,94,d3,3b,20,44,b5,11,e1,34,c9,47,86,91,ed,0c,1b,1c,02,b0,c7,85,7c,b0,\ . Tidspunkt ferdig: 2009-02-15 23:41:43 ComboFix-quarantined-files.txt 2009-02-15 22:41:04 ComboFix2.txt 2009-02-15 00:09:34 ComboFix3.txt 2008-07-12 19:24:03 ComboFix4.txt 2008-07-12 12:29:06 ComboFix5.txt 2009-02-15 22:29:09 Pre-Run: 69 664 862 208 byte ledig Post-Run: 69,763,674,112 byte ledig 432 --- E O F --- 2009-02-12 00:56:49 Lenke til kommentar
norbat Skrevet 15. februar 2009 Del Skrevet 15. februar 2009 Fikk du sjekke de to filene på Virustotal? Lenke til kommentar
Keiseren av Grønland Skrevet 16. februar 2009 Forfatter Del Skrevet 16. februar 2009 Fikk du sjekke de to filene på Virustotal? File 1037ay.sys received on 02.16.2009 13:05:25 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Result: 0/39 (0%) Loading server information... Your file is queued in position: 2. Estimated start time is between 46 and 66 seconds. Do not close the window until scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Compact Print results Your file has expired or does not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result a-squared 4.0.0.93 2009.02.16 - AhnLab-V3 2009.2.14.0 2009.02.16 - AntiVir 7.9.0.79 2009.02.16 - Authentium 5.1.0.4 2009.02.15 - Avast 4.8.1335.0 2009.02.16 - AVG 8.0.0.237 2009.02.16 - BitDefender 7.2 2009.02.16 - CAT-QuickHeal 10.00 2009.02.16 - ClamAV 0.94.1 2009.02.16 - Comodo 978 2009.02.15 - DrWeb 4.44.0.09170 2009.02.16 - eSafe 7.0.17.0 2009.02.15 - eTrust-Vet 31.6.6358 2009.02.14 - F-Prot 4.4.4.56 2009.02.15 - F-Secure 8.0.14470.0 2009.02.16 - Fortinet 3.117.0.0 2009.02.16 - GData 19 2009.02.16 - Ikarus T3.1.1.45.0 2009.02.16 - K7AntiVirus 7.10.582 2009.01.09 - Kaspersky 7.0.0.125 2009.02.16 - McAfee 5527 2009.02.15 - McAfee+Artemis 5527 2009.02.15 - Microsoft 1.4306 2009.02.16 - NOD32 3856 2009.02.16 - Norman 6.00.02 2009.02.13 - nProtect 2009.1.8.0 2009.02.16 - Panda 9.4.3.20 2009.02.15 - PCTools 4.4.2.0 2009.02.16 - Prevx1 V2 2009.02.16 - Rising 21.17.02.00 2009.02.16 - SecureWeb-Gateway 6.7.6 2009.02.16 - Sophos 4.38.0 2009.02.16 - Sunbelt 3.2.1851.2 2009.02.12 - Symantec 10 2009.02.16 - TheHacker 6.3.2.2.258 2009.02.16 - TrendMicro 8.700.0.1004 2009.02.16 - VBA32 3.12.8.12 2009.02.16 - ViRobot 2009.2.16.1609 2009.02.16 - VirusBuster 4.5.11.0 2009.02.15 - Additional information File size: 91 bytes MD5...: a83b02da455569c6c548a959f28c813e SHA1..: 1284d23bc80ceabdc11a0aa9267139f10501a4cf SHA256: e1c220705581e4f1cb72ecf51c4c26298fd2aa83841f1d0907e4f9d886534edf SHA512: 0ecbfa27a0fea3ead1216c032e78998b9fdc571f68a687cfac089200a60ff6c7 a4a7600902a7d78e5a2841dd410da8a1bb57f803ef60531b96956149456751a5 ssdeep: 3:3fIKKRLVFUZER2FoInD+I8YSSRWHH1XxVUHn:v9QVFU68nD+ILM/4 PEiD..: - TrID..: File type identification Unknown! PEInfo: - Prøvde andre fila, men den sa at det nettopp var den jeg analyserte. Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå