Gå til innhold

Jeg har stadig tilbakekommende virus

Beges

Av Beges
i IKT-drift og sikkerhet

Anbefalte innlegg

Beges

Beges

Skrevet
Skrevet

Hei!

 

Har hatt problemer en god stund nå med tilbakevendende virus. Startet med braviax.exe, som ble til Total Security etc etc. Jeg har sett meg lei på unyttige onlineguider andre har brukt, nå kunne jeg gjerne trengt litt hjelp selv!

 

Kjørte først MBAM, så Combofix, så Spybot, som ikke fant noe.

 

Malwarebytes' Anti-malware:

 

Malwarebytes' Anti-Malware 1.40

Database version: 2747

Windows 5.1.2600 Service Pack 3

 

06.09.2009 16:11:33

mbam-log-2009-09-06 (16-11-33).txt

 

Scan type: Quick Scan

Objects scanned: 130126

Time elapsed: 6 minute(s), 43 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 3

Registry Data Items Infected: 6

Folders Infected: 0

Files Infected: 4

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.

 

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

C:\Documents and Settings\Andreas\Start Menu\Programs\Startup\ikowin32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Documents and Settings\Andreas\Local Settings\Temp\BN16.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Andreas\Local Settings\Temp\BN17.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\Andreas\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.

 

 

 

ComboFix:

 

ComboFix 09-09-05.03 - Andreas 06.09.2009 16:27.1.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1520 [GMT 2:00]

Running from: c:\documents and settings\Andreas\Desktop\iexp2.exe

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Andreas\sys32_nov.exe

c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

c:\windows\Installer\2349b.msi

 

.

((((((((((((((((((((((((( Files Created from 2009-08-06 to 2009-09-06 )))))))))))))))))))))))))))))))

.

 

2009-09-06 11:36 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-06 11:36 . 2009-09-06 11:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-06 11:36 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-05 17:26 . 2009-09-05 17:26 -------- d-----w- c:\documents and settings\Andreas\Application Data\Malwarebytes

2009-09-05 17:26 . 2009-09-05 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-09-05 17:11 . 2009-09-05 17:11 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll

2009-09-05 17:08 . 2009-09-05 17:09 -------- d-----w- c:\windows\ERUNT

2009-09-01 14:36 . 2009-09-01 14:36 29216 ----a-w- c:\windows\system32\sys32_nov.exe

2009-08-24 09:36 . 2009-08-24 09:36 -------- d-----w- c:\windows\system32\XPSViewer

2009-08-24 09:36 . 2009-08-24 09:36 -------- d-----w- c:\program files\MSBuild

2009-08-24 09:36 . 2009-08-24 09:36 -------- d-----w- c:\program files\Reference Assemblies

2009-08-24 09:35 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-24 09:35 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-24 09:35 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-08-24 09:35 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-08-24 09:35 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-08-24 09:35 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-08-24 09:35 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-24 09:35 . 2009-08-24 14:40 -------- d-----w- c:\windows\SxsCaPendDel

2009-08-20 12:37 . 2009-08-20 12:37 -------- d-----w- c:\documents and settings\Andreas\Application Data\Blitware

2009-08-13 07:55 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-08-11 20:50 . 2009-08-11 20:50 -------- d-----w- c:\documents and settings\Stig Rune\Local Settings\Application Data\Google

2009-08-11 14:21 . 2009-08-11 14:21 -------- d-----w- c:\documents and settings\Halvor\Local Settings\Application Data\Electronic Arts

2009-08-11 14:21 . 2009-08-11 14:21 -------- d--h--r- c:\documents and settings\Halvor\Application Data\SecuROM

2009-08-11 14:15 . 2009-08-11 14:15 -------- d-----w- c:\documents and settings\Halvor\Local Settings\Application Data\Mozilla

2009-08-11 14:14 . 2009-08-11 14:14 -------- d-----w- c:\program files\Electronic Arts

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-06 14:14 . 2008-10-24 09:37 16608 ----a-w- c:\windows\gdrv.sys

2009-09-06 13:57 . 2008-12-04 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-09-01 14:36 . 2008-10-24 09:56 -------- d-----w- c:\program files\ESET

2009-08-24 21:03 . 2008-10-25 18:35 86336 ----a-w- c:\documents and settings\Andreas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-19 17:51 . 2008-10-24 09:37 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-08-19 17:38 . 2008-10-27 16:06 -------- d-----w- c:\documents and settings\Andreas\Application Data\uTorrent

2009-08-17 15:12 . 2008-11-01 18:00 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-08-17 15:12 . 2008-11-01 18:00 139152 ----a-w- c:\documents and settings\Andreas\Application Data\PnkBstrK.sys

2009-08-17 15:12 . 2008-11-01 18:00 111928 ----a-w- c:\windows\system32\PnkBstrB.exe

2009-08-17 15:12 . 2008-11-01 18:00 794408 ----a-w- c:\windows\system32\pbsvc.exe

2009-08-12 08:16 . 2008-10-24 11:24 -------- d-----w- c:\program files\Microsoft Silverlight

2009-08-05 15:38 . 2008-10-24 09:41 5874176 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys

2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-04 13:01 . 2008-10-24 09:41 18702336 ----a-w- c:\windows\RTHDCPL.EXE

2009-08-04 12:31 . 2008-10-24 09:41 2170880 ----a-w- c:\windows\MicCal.exe

2009-07-28 19:19 . 2009-07-28 19:19 -------- d--h--r- c:\documents and settings\Andreas\Application Data\SecuROM

2009-07-28 19:19 . 2008-10-25 21:32 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2009-07-21 14:40 . 2009-02-15 17:52 41472 ----a-w- c:\windows\system32\RtkCoInstXP.dll

2009-07-20 20:01 . 2008-10-26 15:38 -------- d-----w- c:\program files\Google

2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-15 04:20 . 2008-10-24 10:07 4407808 ----a-w- c:\windows\system32\drivers\ati2mtag.sys

2009-07-15 02:29 . 2008-10-24 12:22 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll

2009-07-15 02:27 . 2008-10-24 10:10 336896 ----a-w- c:\windows\system32\ati2dvag.dll

2009-07-15 02:10 . 2008-06-24 14:00 204800 ----a-w- c:\windows\system32\atipdlxx.dll

2009-07-15 02:10 . 2008-06-24 14:00 155648 ----a-w- c:\windows\system32\Oemdspif.dll

2009-07-15 02:10 . 2008-06-24 14:00 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe

2009-07-15 02:10 . 2008-06-24 14:00 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2009-07-15 02:09 . 2008-06-24 14:00 155648 ----a-w- c:\windows\system32\ati2evxx.dll

2009-07-15 02:08 . 2008-06-24 13:58 602112 ----a-w- c:\windows\system32\ati2evxx.exe

2009-07-15 02:06 . 2008-06-24 13:57 53248 ----a-w- c:\windows\system32\ATIDDC.DLL

2009-07-15 02:00 . 2008-10-24 12:22 311296 ----a-w- c:\windows\system32\atiiiexx.dll

2009-07-15 01:58 . 2008-10-24 10:10 3281408 ----a-w- c:\windows\system32\ati3duag.dll

2009-07-15 01:48 . 2008-09-24 02:09 12693504 ----a-w- c:\windows\system32\atioglxx.dll

2009-07-15 01:44 . 2008-10-24 10:10 2053888 ----a-w- c:\windows\system32\ativvaxx.dll

2009-07-15 01:43 . 2008-10-24 12:22 887724 ----a-w- c:\windows\system32\ativva6x.dat

2009-07-15 01:43 . 2008-10-24 12:22 3 ----a-w- c:\windows\system32\ativva5x.dat

2009-07-15 01:27 . 2009-07-15 01:27 49664 ----a-w- c:\windows\system32\atimpc32.dll

2009-07-15 01:27 . 2008-06-24 13:23 49664 ----a-w- c:\windows\system32\amdpcom32.dll

2009-07-15 01:23 . 2008-06-24 13:19 561152 ----a-w- c:\windows\system32\atikvmag.dll

2009-07-15 01:22 . 2009-07-15 01:22 45056 ----a-w- c:\windows\system32\aticalrt.dll

2009-07-15 01:22 . 2009-07-15 01:22 45056 ----a-w- c:\windows\system32\aticalcl.dll

2009-07-15 01:21 . 2008-06-24 13:18 159744 ----a-w- c:\windows\system32\atiadlxx.dll

2009-07-15 01:20 . 2009-07-15 01:20 3289088 ----a-w- c:\windows\system32\aticaldd.dll

2009-07-15 01:20 . 2008-06-24 13:18 17408 ----a-w- c:\windows\system32\atitvo32.dll

2009-07-15 01:19 . 2008-06-24 13:17 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2009-07-15 01:18 . 2008-06-24 13:16 376832 ----a-w- c:\windows\system32\atiok3x2.dll

2009-07-15 01:14 . 2008-10-24 10:10 614400 ----a-w- c:\windows\system32\ati2cqag.dll

2009-07-14 19:05 . 2008-10-25 18:42 593920 ------w- c:\windows\system32\ati2sgag.exe

2009-07-13 21:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-12 23:29 . 2009-07-12 23:29 -------- d-----w- c:\documents and settings\Halvor\Application Data\PC Suite

2009-06-29 16:12 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll

2009-06-29 16:12 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-06-29 16:12 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll

2009-06-25 08:25 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:25 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:25 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:25 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-25 08:25 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:25 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-24 11:18 . 2004-08-04 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-24 08:43 . 2008-10-24 09:41 831488 ----a-w- c:\windows\RtlExUpd.dll

2009-06-22 15:39 . 2008-10-24 09:41 1482752 ----a-w- c:\windows\RtlUpd.exe

2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-12 12:31 . 2004-08-04 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe

2009-06-11 12:44 . 2009-05-22 11:25 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-06-10 16:54 . 2008-10-24 12:22 197655 ----a-w- c:\windows\system32\atiicdxx.dat

2009-06-10 14:13 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 07:19 . 2008-10-24 08:32 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"PC Suite Tray"="d:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-05-18 1312256]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-10-24 949376]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

"sys32_nov"="c:\windows\system32\sys32_nov.exe" [2009-09-01 29216]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-08-04 18702336]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"d:\\Program Files\\Steam\\steamapps\\jardarmoose\\team fortress 2\\hl2.exe"=

"d:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=

"d:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\GIGABYTE\\EnergySaver\\run.exe"=

"d:\\Program Files\\Steam\\Steam.exe"=

"d:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=

"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=

"d:\\Program Files\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=

"d:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=

"d:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=

"d:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=

"d:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=

"d:\\Program Files\\Steam\\steamapps\\valhandil\\team fortress 2\\hl2.exe"=

"d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=

"d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=

"d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=

"d:\\Program Files\\Steam\\steamapps\\valhandil\\garrysmod\\hl2.exe"=

"d:\\Program Files\\Ubisoft\\Techland\\Call of Juarez - Bound in Blood\\CoJBiBGame_x86.exe"=

"d:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6113:TCP"= 6113:TCP:Warcraft 3

"53:UDP"= 53:UDP:Promo

 

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [24.10.2008 11:57 15424]

R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [24.10.2008 11:37 80392]

R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [20.07.2007 18:40 93696]

R3 SNPT513;PC Camera (6025 VGA);c:\windows\system32\drivers\snpt513.sys [17.03.2009 16:00 228480]

S2 gupdate1c93780f485f5b2;Google Update Service (gupdate1c93780f485f5b2);c:\program files\Google\Update\GoogleUpdate.exe [26.10.2008 17:38 133104]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [03.11.2008 22:12 1684736]

S3 o1394bul;o1394bul;\??\c:\docume~1\Andreas\LOCALS~1\Temp\o1394bul.sys --> c:\docume~1\Andreas\LOCALS~1\Temp\o1394bul.sys [?]

S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [21.12.2008 16:13 23288]

 

--- Other Services/Drivers In Memory ---

 

*Deregistered* - PROCEXP113

.

Contents of the 'Scheduled Tasks' folder

 

2009-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2008-10-26 15:38]

 

2009-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2008-10-26 15:38]

.

- - - - ORPHANS REMOVED - - - -

 

HKCU-Run-sys32_nov - c:\documents and settings\Andreas\sys32_nov.exe

 

 

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

uInternet Connection Wizard,ShellNext = hxxp://www.ati.com/online/cccwelcome/drivers.html

uInternet Settings,ProxyOverride = *.local

IE: Append to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

LSP: c:\windows\system32\imon.dll

FF - ProfilePath - c:\documents and settings\Andreas\Application Data\Mozilla\Firefox\Profiles\apg1yzxb.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.erepublik.com/en

FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff30\gears.dll

FF - component: d:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

FF - plugin: c:\documents and settings\Andreas\Application Data\Mozilla\Firefox\Profiles\apg1yzxb.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll

FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin.dll

FF - plugin: d:\program files\VideoLAN\VLC\npvlc.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-06 16:30

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-299502267-879983540-725345543-1004\Software\SecuROM\License information*]

"datasecu"=hex:16,a7,2c,81,b8,6f,8b,82,18,7a,74,9c,e3,6f,b5,91,ce,47,be,04,ea,

d7,01,c5,6e,65,31,b5,f2,77,6c,51,8a,be,f3,58,00,ab,1a,87,d5,51,cb,eb,ab,b8,\

"rkeysecu"=hex:46,43,a3,30,71,27,08,0a,05,3a,9a,30,3a,eb,da,b3

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:51,70,cb,63,2c,4f,28,09,c6,73,09,ac,c8,54,66,93,95,35,03,e4,81,

8a,8a,af,cd,fb,2d,d2,2e,13,95,b1,75,5c,c5,57,e0,8d,05,a6,7d,d1,c1,cc,2c,f9,\

 

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:51,70,cb,63,2c,4f,28,09,c6,73,09,ac,c8,54,66,93,95,35,03,e4,81,

8a,8a,af,cd,fb,2d,d2,2e,13,95,b1,75,5c,c5,57,e0,8d,05,a6,7d,d1,c1,cc,2c,f9,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(832)

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'lsass.exe'(888)

c:\windows\system32\imon.dll

.

Completion time: 2009-09-06 16:31

ComboFix-quarantined-files.txt 2009-09-06 14:31

 

Pre-Run: 108 883 668 992 bytes free

Post-Run: 109 013 106 688 bytes free

 

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

254 --- E O F --- 2009-09-03 13:13

 

 

 

Håper noen vennlige sjeler kan ta seg tiden til å hjelpe meg!!!

Lenke til kommentar

Videoannonse

Videoannonse
Annonse
norbat

norbat

Skrevet
Skrevet

Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt.

Dra deretter fila over Combofix-iconet. Combofix vil starte igjen.

 

6af2c97f0f4e497013ed9b32fc36b566.gif

 

File::

c:\windows\system32\sys32_nov.exe

 

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"sys32_nov"=-

 

Post ny combofix-logg.

Lenke til kommentar
Beges

Beges

Skrevet
  • Forfatter
Skrevet

Ny combofix:

 

 

ComboFix 09-09-06.03 - Andreas 07.09.2009 1:31.2.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1402 [GMT 2:00]

Running from: c:\documents and settings\Andreas\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Andreas\Desktop\CFScript.txt

AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

 

FILE ::

"c:\windows\system32\sys32_nov.exe"

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

H:\Autorun.inf

 

.

((((((((((((((((((((((((( Files Created from 2009-08-06 to 2009-09-06 )))))))))))))))))))))))))))))))

.

 

2009-09-06 15:54 . 2009-09-06 15:54 -------- d-----w- c:\program files\Common Files\PCSuite

2009-09-06 15:54 . 2009-09-06 15:54 -------- d-----w- c:\program files\Common Files\Nokia

2009-09-06 15:53 . 2009-09-06 15:53 -------- d-----w- c:\program files\PC Connectivity Solution

2009-09-06 15:53 . 2009-09-06 15:54 -------- d-----w- c:\program files\Nokia

2009-09-06 14:22 . 2009-09-06 14:31 -------- d-s---w- C:\iexp2

2009-09-06 11:36 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-06 11:36 . 2009-09-06 11:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-06 11:36 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-05 17:26 . 2009-09-05 17:26 -------- d-----w- c:\documents and settings\Andreas\Application Data\Malwarebytes

2009-09-05 17:26 . 2009-09-05 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-09-05 17:11 . 2009-09-05 17:11 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll

2009-09-05 17:08 . 2009-09-05 17:09 -------- d-----w- c:\windows\ERUNT

2009-08-24 09:36 . 2009-08-24 09:36 -------- d-----w- c:\windows\system32\XPSViewer

2009-08-24 09:36 . 2009-08-24 09:36 -------- d-----w- c:\program files\MSBuild

2009-08-24 09:36 . 2009-08-24 09:36 -------- d-----w- c:\program files\Reference Assemblies

2009-08-24 09:35 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-24 09:35 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-24 09:35 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-08-24 09:35 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-08-24 09:35 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-08-24 09:35 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-08-24 09:35 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-24 09:35 . 2009-08-24 14:40 -------- d-----w- c:\windows\SxsCaPendDel

2009-08-20 12:37 . 2009-08-20 12:37 -------- d-----w- c:\documents and settings\Andreas\Application Data\Blitware

2009-08-13 07:55 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll

2009-08-11 20:50 . 2009-08-11 20:50 -------- d-----w- c:\documents and settings\Stig Rune\Local Settings\Application Data\Google

2009-08-11 14:21 . 2009-08-11 14:21 -------- d-----w- c:\documents and settings\Halvor\Local Settings\Application Data\Electronic Arts

2009-08-11 14:21 . 2009-08-11 14:21 -------- d--h--r- c:\documents and settings\Halvor\Application Data\SecuROM

2009-08-11 14:15 . 2009-08-11 14:15 -------- d-----w- c:\documents and settings\Halvor\Local Settings\Application Data\Mozilla

2009-08-11 14:14 . 2009-08-11 14:14 -------- d-----w- c:\program files\Electronic Arts

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-06 15:58 . 2008-10-24 09:37 16608 ----a-w- c:\windows\gdrv.sys

2009-09-06 15:54 . 2009-06-01 20:16 -------- d-----w- c:\program files\DIFX

2009-09-06 15:52 . 2009-06-01 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations

2009-09-06 13:57 . 2008-12-04 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-09-01 14:36 . 2008-10-24 09:56 -------- d-----w- c:\program files\ESET

2009-08-24 21:03 . 2008-10-25 18:35 86336 ----a-w- c:\documents and settings\Andreas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-19 17:51 . 2008-10-24 09:37 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-08-19 17:38 . 2008-10-27 16:06 -------- d-----w- c:\documents and settings\Andreas\Application Data\uTorrent

2009-08-17 15:12 . 2008-11-01 18:00 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-08-17 15:12 . 2008-11-01 18:00 139152 ----a-w- c:\documents and settings\Andreas\Application Data\PnkBstrK.sys

2009-08-17 15:12 . 2008-11-01 18:00 111928 ----a-w- c:\windows\system32\PnkBstrB.exe

2009-08-17 15:12 . 2008-11-01 18:00 794408 ----a-w- c:\windows\system32\pbsvc.exe

2009-08-12 08:16 . 2008-10-24 11:24 -------- d-----w- c:\program files\Microsoft Silverlight

2009-08-05 15:38 . 2008-10-24 09:41 5874176 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys

2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-04 13:01 . 2008-10-24 09:41 18702336 ----a-w- c:\windows\RTHDCPL.EXE

2009-08-04 12:31 . 2008-10-24 09:41 2170880 ----a-w- c:\windows\MicCal.exe

2009-07-28 19:19 . 2009-07-28 19:19 -------- d--h--r- c:\documents and settings\Andreas\Application Data\SecuROM

2009-07-28 19:19 . 2008-10-25 21:32 107888 ----a-w- c:\windows\system32\CmdLineExt.dll

2009-07-21 14:40 . 2009-02-15 17:52 41472 ----a-w- c:\windows\system32\RtkCoInstXP.dll

2009-07-20 20:01 . 2008-10-26 15:38 -------- d-----w- c:\program files\Google

2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-15 04:20 . 2008-10-24 10:07 4407808 ----a-w- c:\windows\system32\drivers\ati2mtag.sys

2009-07-15 02:29 . 2008-10-24 12:22 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll

2009-07-15 02:27 . 2008-10-24 10:10 336896 ----a-w- c:\windows\system32\ati2dvag.dll

2009-07-15 02:10 . 2008-06-24 14:00 204800 ----a-w- c:\windows\system32\atipdlxx.dll

2009-07-15 02:10 . 2008-06-24 14:00 155648 ----a-w- c:\windows\system32\Oemdspif.dll

2009-07-15 02:10 . 2008-06-24 14:00 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe

2009-07-15 02:10 . 2008-06-24 14:00 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2009-07-15 02:09 . 2008-06-24 14:00 155648 ----a-w- c:\windows\system32\ati2evxx.dll

2009-07-15 02:08 . 2008-06-24 13:58 602112 ----a-w- c:\windows\system32\ati2evxx.exe

2009-07-15 02:06 . 2008-06-24 13:57 53248 ----a-w- c:\windows\system32\ATIDDC.DLL

2009-07-15 02:00 . 2008-10-24 12:22 311296 ----a-w- c:\windows\system32\atiiiexx.dll

2009-07-15 01:58 . 2008-10-24 10:10 3281408 ----a-w- c:\windows\system32\ati3duag.dll

2009-07-15 01:48 . 2008-09-24 02:09 12693504 ----a-w- c:\windows\system32\atioglxx.dll

2009-07-15 01:44 . 2008-10-24 10:10 2053888 ----a-w- c:\windows\system32\ativvaxx.dll

2009-07-15 01:43 . 2008-10-24 12:22 887724 ----a-w- c:\windows\system32\ativva6x.dat

2009-07-15 01:43 . 2008-10-24 12:22 3 ----a-w- c:\windows\system32\ativva5x.dat

2009-07-15 01:27 . 2009-07-15 01:27 49664 ----a-w- c:\windows\system32\atimpc32.dll

2009-07-15 01:27 . 2008-06-24 13:23 49664 ----a-w- c:\windows\system32\amdpcom32.dll

2009-07-15 01:23 . 2008-06-24 13:19 561152 ----a-w- c:\windows\system32\atikvmag.dll

2009-07-15 01:22 . 2009-07-15 01:22 45056 ----a-w- c:\windows\system32\aticalrt.dll

2009-07-15 01:22 . 2009-07-15 01:22 45056 ----a-w- c:\windows\system32\aticalcl.dll

2009-07-15 01:21 . 2008-06-24 13:18 159744 ----a-w- c:\windows\system32\atiadlxx.dll

2009-07-15 01:20 . 2009-07-15 01:20 3289088 ----a-w- c:\windows\system32\aticaldd.dll

2009-07-15 01:20 . 2008-06-24 13:18 17408 ----a-w- c:\windows\system32\atitvo32.dll

2009-07-15 01:19 . 2008-06-24 13:17 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2009-07-15 01:18 . 2008-06-24 13:16 376832 ----a-w- c:\windows\system32\atiok3x2.dll

2009-07-15 01:14 . 2008-10-24 10:10 614400 ----a-w- c:\windows\system32\ati2cqag.dll

2009-07-14 19:05 . 2008-10-25 18:42 593920 ------w- c:\windows\system32\ati2sgag.exe

2009-07-13 21:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-12 23:29 . 2009-07-12 23:29 -------- d-----w- c:\documents and settings\Halvor\Application Data\PC Suite

2009-06-29 16:12 . 2004-08-04 12:00 827392 ------w- c:\windows\system32\wininet.dll

2009-06-29 16:12 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-06-29 16:12 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll

2009-06-25 08:25 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:25 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:25 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:25 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-25 08:25 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:25 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-24 11:18 . 2004-08-04 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-24 08:43 . 2008-10-24 09:41 831488 ----a-w- c:\windows\RtlExUpd.dll

2009-06-22 15:39 . 2008-10-24 09:41 1482752 ----a-w- c:\windows\RtlUpd.exe

2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-12 12:31 . 2004-08-04 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe

2009-06-11 12:44 . 2009-05-22 11:25 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-06-10 16:54 . 2008-10-24 12:22 197655 ----a-w- c:\windows\system32\atiicdxx.dat

2009-06-10 14:13 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 07:19 . 2008-10-24 08:32 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2009-09-06_14.30.34 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-09-06 15:58 . 2009-09-06 15:58 16384 c:\windows\Temp\Perflib_Perfdata_79c.dat

- 2009-06-01 20:16 . 2009-02-09 05:37 91136 c:\windows\system32\nmwcdcls.dll

+ 2009-06-01 20:16 . 2009-02-09 06:37 91136 c:\windows\system32\nmwcdcls.dll

+ 2009-09-06 15:54 . 2008-08-26 08:26 18816 c:\windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.sys

- 2009-06-01 20:16 . 2008-08-26 08:26 18816 c:\windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.sys

+ 2009-09-06 15:53 . 2009-02-09 06:37 22016 c:\windows\system32\DRVSTORE\ccdcmbo_34CB4225E6E4893AE1D3E4443E91C2B9703B729C\ccdcmbo.sys

+ 2009-09-06 15:53 . 2009-02-09 06:37 91136 c:\windows\system32\DRVSTORE\ccdcmb_34CB4225E6E4893AE1D3E4443E91C2B9703B729C\nmwcdcls.dll

+ 2009-09-06 15:53 . 2009-02-09 06:37 17664 c:\windows\system32\DRVSTORE\ccdcmb_34CB4225E6E4893AE1D3E4443E91C2B9703B729C\ccdcmb.sys

+ 2009-09-06 15:54 . 2009-09-06 15:54 15086 c:\windows\Installer\{3D39E775-DDDA-4327-B747-0BDC5F191331}\ARPPRODUCTICON.exe

+ 2009-09-06 15:54 . 2009-09-06 15:54 10134 c:\windows\Installer\{0C973594-7DDF-4BD0-84ED-3517F7622037}\ARPPRODUCTICON.exe

+ 2009-09-06 15:53 . 2009-03-19 12:48 8320 c:\windows\system32\DRVSTORE\nmwcdnsuc_34CB4225E6E4893AE1D3E4443E91C2B9703B729C\nmwcdnsuc.sys

+ 2009-09-06 15:53 . 2009-02-09 06:37 7808 c:\windows\system32\DRVSTORE\ccdcmbm_34CB4225E6E4893AE1D3E4443E91C2B9703B729C\usbser_lowerflt.sys

+ 2009-09-06 15:53 . 2009-02-09 06:37 7808 c:\windows\system32\DRVSTORE\ccdcmbcj_34CB4225E6E4893AE1D3E4443E91C2B9703B729C\usbser_lowerfltj.sys

+ 2009-09-06 15:53 . 2009-09-06 15:53 3262 c:\windows\Installer\{52D02A2B-03D2-4E34-A358-DC5D951FD296}\ARPPRODUCTICON.exe

+ 2009-09-06 15:53 . 2009-05-11 11:30 547840 c:\windows\system32\DRVSTORE\pccswpddri_1C34ED6F4888FC93BE68C7A31A24834F522D3CBF\PCCSWpdDriver.dll

+ 2009-09-06 15:53 . 2009-03-19 12:48 136704 c:\windows\system32\DRVSTORE\nmwcdnsu_34CB4225E6E4893AE1D3E4443E91C2B9703B729C\nmwcdnsu.sys

+ 2009-09-06 15:53 . 2009-02-09 06:37 659968 c:\windows\system32\DRVSTORE\ccdcmb_34CB4225E6E4893AE1D3E4443E91C2B9703B729C\nmwcdcocls.dll

+ 2009-09-06 15:54 . 2009-09-06 15:54 850432 c:\windows\Installer\48133.msi

+ 2009-09-06 15:53 . 2009-09-06 15:53 549888 c:\windows\Installer\4808d.msi

+ 2009-09-06 15:53 . 2009-09-06 15:53 331264 c:\windows\Installer\48055.msi

+ 2009-09-06 15:53 . 2009-05-11 10:47 1302600 c:\windows\system32\DRVSTORE\pccswpddri_1C34ED6F4888FC93BE68C7A31A24834F522D3CBF\WUDFUpdate_01007.dll

+ 2009-09-06 15:53 . 2009-02-09 06:32 1112288 c:\windows\system32\DRVSTORE\ccdcmb_34CB4225E6E4893AE1D3E4443E91C2B9703B729C\wdfcoinstaller01007.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"sys32_nov"="c:\documents and settings\Andreas\sys32_nov.exe" [bU]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-10-24 949376]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-08-04 18702336]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"d:\\Program Files\\Steam\\steamapps\\jardarmoose\\team fortress 2\\hl2.exe"=

"d:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=

"d:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\GIGABYTE\\EnergySaver\\run.exe"=

"d:\\Program Files\\Steam\\Steam.exe"=

"d:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=

"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=

"d:\\Program Files\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=

"d:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=

"d:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=

"d:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=

"d:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=

"d:\\Program Files\\Steam\\steamapps\\valhandil\\team fortress 2\\hl2.exe"=

"d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=

"d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=

"d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=

"d:\\Program Files\\Steam\\steamapps\\valhandil\\garrysmod\\hl2.exe"=

"d:\\Program Files\\Ubisoft\\Techland\\Call of Juarez - Bound in Blood\\CoJBiBGame_x86.exe"=

"d:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6113:TCP"= 6113:TCP:Warcraft 3

"53:UDP"= 53:UDP:Promo

 

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [24.10.2008 11:57 15424]

R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [24.10.2008 11:37 80392]

R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [20.07.2007 18:40 93696]

R3 SNPT513;PC Camera (6025 VGA);c:\windows\system32\drivers\snpt513.sys [17.03.2009 16:00 228480]

S2 gupdate1c93780f485f5b2;Google Update Service (gupdate1c93780f485f5b2);c:\program files\Google\Update\GoogleUpdate.exe [26.10.2008 17:38 133104]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [03.11.2008 22:12 1684736]

S3 o1394bul;o1394bul;\??\c:\docume~1\Andreas\LOCALS~1\Temp\o1394bul.sys --> c:\docume~1\Andreas\LOCALS~1\Temp\o1394bul.sys [?]

S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [21.12.2008 16:13 23288]

 

--- Other Services/Drivers In Memory ---

 

*NewlyCreated* - SERVICELAYER

.

Contents of the 'Scheduled Tasks' folder

 

2009-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2008-10-26 15:38]

 

2009-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2008-10-26 15:38]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

uInternet Connection Wizard,ShellNext = hxxp://www.ati.com/online/cccwelcome/drivers.html

uInternet Settings,ProxyOverride = *.local

IE: Append to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

LSP: c:\windows\system32\imon.dll

FF - ProfilePath - c:\documents and settings\Andreas\Application Data\Mozilla\Firefox\Profiles\apg1yzxb.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.erepublik.com/en

FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff30\gears.dll

FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

FF - plugin: c:\documents and settings\Andreas\Application Data\Mozilla\Firefox\Profiles\apg1yzxb.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll

FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin.dll

FF - plugin: d:\program files\VideoLAN\VLC\npvlc.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-07 01:36

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

? [19328]

? [45464]

? [48264]

? [47500]

? [47504]

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-299502267-879983540-725345543-1004\Software\SecuROM\License information*]

"datasecu"=hex:16,a7,2c,81,b8,6f,8b,82,18,7a,74,9c,e3,6f,b5,91,ce,47,be,04,ea,

d7,01,c5,6e,65,31,b5,f2,77,6c,51,8a,be,f3,58,00,ab,1a,87,d5,51,cb,eb,ab,b8,\

"rkeysecu"=hex:46,43,a3,30,71,27,08,0a,05,3a,9a,30,3a,eb,da,b3

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:51,70,cb,63,2c,4f,28,09,c6,73,09,ac,c8,54,66,93,95,35,03,e4,81,

8a,8a,af,cd,fb,2d,d2,2e,13,95,b1,75,5c,c5,57,e0,8d,05,a6,7d,d1,c1,cc,2c,f9,\

 

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:51,70,cb,63,2c,4f,28,09,c6,73,09,ac,c8,54,66,93,95,35,03,e4,81,

8a,8a,af,cd,fb,2d,d2,2e,13,95,b1,75,5c,c5,57,e0,8d,05,a6,7d,d1,c1,cc,2c,f9,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(888)

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'lsass.exe'(944)

c:\windows\system32\imon.dll

.

Completion time: 2009-09-06 1:37

ComboFix-quarantined-files.txt 2009-09-06 23:37

ComboFix2.txt 2009-09-06 14:31

 

Pre-Run: 108 699 967 488 bytes free

Post-Run: 108 778 622 976 bytes free

 

283 --- E O F --- 2009-09-03 13:13

 

 

 

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...