Sjekk av logger

mogr · 25. august 2010

På forhånd takk

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4472

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

25.08.2010 17:23:56

mbam-log-2010-08-25 (17-23-56).txt

Scan type: Quick scan

Objects scanned: 120222

Time elapsed: 7 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ComboFix 10-08-24.0B - Administrator 25.08.2010 17:04:24.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.560 [GMT 2:00]

Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\msconfig.exe

.

\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected

.

\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected

.

((((((((((((((((((((((((( Files Created from 2010-07-25 to 2010-08-25 )))))))))))))))))))))))))))))))

.

2010-08-24 21:37 . 2010-08-24 21:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-08-24 21:36 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-24 21:36 . 2010-08-24 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-08-24 21:36 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-24 21:36 . 2010-08-24 21:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-24 20:29 . 2010-08-24 20:29 2157 ----a-w- c:\documents and settings\Administrator\Application Data\.purple\certificates\x509\tls_peers\omega.contacts.msn.com

2010-08-24 20:28 . 2010-08-24 20:28 2095 ----a-w- c:\documents and settings\Administrator\Application Data\.purple\certificates\x509\tls_peers\login.live.com

2010-08-24 10:57 . 2010-08-24 10:58 -------- d-----w- c:\program files\YouTube Downloader

2010-08-22 22:12 . 2010-08-22 22:12 -------- d-----w- C:\YouTubeVideos

2010-08-22 15:38 . 2010-08-22 15:38 2165 ----a-w- c:\documents and settings\Administrator\Application Data\.purple\certificates\x509\tls_peers\rsi.hotmail.com

2010-08-17 18:32 . 2010-08-17 18:32 -------- d-----w- C:\Download

2010-08-17 15:16 . 2010-08-17 15:17 -------- d-----w- c:\program files\PS3 Media Server

2010-08-14 20:59 . 2010-08-14 20:59 2145 ----a-w- c:\documents and settings\Administrator\Application Data\.purple\certificates\x509\tls_peers\ows.messenger.msn.com

2010-08-14 14:11 . 2010-08-14 14:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\JGoodies

2010-08-14 14:11 . 2010-08-14 14:11 -------- d-----w- c:\program files\JGoodies

2010-08-11 17:50 . 2010-06-14 07:41 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll

2010-08-11 17:49 . 2010-06-30 12:31 149504 ------w- c:\windows\system32\dllcache\schannel.dll

2010-08-02 19:10 . 2010-07-27 06:30 8462336 ------w- c:\windows\system32\dllcache\shell32.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-25 14:51 . 2010-04-09 22:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent

2010-08-25 14:24 . 2010-04-22 17:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\Spotify

2010-08-24 20:42 . 2010-05-15 19:00 99 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences2.dat

2010-08-24 20:32 . 2010-04-10 11:41 46 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences.dat

2010-08-24 20:30 . 2010-04-09 23:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\.purple

2010-08-24 19:57 . 2010-04-09 22:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\foobar2000

2010-08-24 19:05 . 2010-04-09 21:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\NoNameScript

2010-08-24 09:12 . 2010-04-09 21:38 -------- d-----w- c:\program files\mIRC

2010-08-23 20:04 . 2010-04-10 09:19 -------- d-----w- c:\program files\Warcraft III

2010-08-18 11:42 . 2010-04-09 22:56 -------- d-----w- c:\program files\uTorrent

2010-08-17 19:44 . 2010-04-09 23:10 -------- d-----w- c:\program files\Pidgin

2010-08-17 15:23 . 2010-06-04 13:02 -------- d-----w- c:\program files\TVersity Codec Pack

2010-08-14 19:36 . 2010-04-09 21:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\mIRC

2010-08-13 15:09 . 2010-06-29 00:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc

2010-08-11 17:59 . 2010-04-11 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-07-23 12:52 . 2010-07-23 12:34 -------- d-----w- c:\program files\Opera

2010-07-08 18:47 . 2010-06-07 19:57 -------- d-----w- c:\program files\Full Tilt Poker

2010-07-04 13:04 . 2010-05-20 13:53 -------- d-----w- c:\program files\DVDVideoSoft

2010-07-04 13:04 . 2010-05-20 13:53 -------- d-----w- c:\program files\Common Files\DVDVideoSoft

2010-06-30 13:15 . 2010-06-29 13:54 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-06-30 12:31 . 2009-12-14 04:31 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-30 12:21 . 2010-04-09 21:25 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-06-29 14:18 . 2010-06-29 14:01 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-06-29 14:18 . 2010-06-29 14:18 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-06-29 14:18 . 2010-06-29 14:05 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-06-29 14:17 . 2010-06-29 14:01 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys

2010-06-29 14:17 . 2010-06-29 14:05 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-06-29 14:15 . 2010-06-29 14:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG9

2010-06-29 14:01 . 2010-06-29 14:01 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2010-06-29 13:59 . 2010-06-29 13:59 50968 ----a-w- c:\windows\system32\avgfwdx.dll

2010-06-29 13:59 . 2010-06-29 13:59 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys

2010-06-29 13:55 . 2010-06-29 13:55 -------- d-----w- c:\program files\AVG

2010-06-29 13:40 . 2010-05-19 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2010-06-28 20:27 . 2010-06-28 20:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic

2010-06-24 12:10 . 2009-12-14 04:31 667136 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 12:10 . 2009-12-14 04:31 81920 ----a-w- c:\windows\system32\ieencode.dll

2010-06-23 13:44 . 2009-12-14 04:31 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2009-12-14 04:31 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2008-04-14 02:41 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 07:41 . 2009-12-14 04:31 1172480 ----a-w- c:\windows\system32\msxml3.dll

.

------- Sigcheck -------

[-] 2009-12-14 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

c:\windows\System32\wscntfy.exe ... is missing !!

c:\windows\System32\regsvc.dll ... is missing !!

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-03 136176]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"D-Link Network USB Utility"="c:\program files\D-Link\SharePort\SharePort.exe" [2009-06-25 2585856]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-29 2065760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"_nltide_3"="advpack.dll" [2008-04-14 99840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableCAD"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoSMMyPictures"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"ForceClassicControlPanel"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoSMMyPictures"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-06-29 14:18 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Program Files\\D-Link\\SharePort\\SharePort.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Documents and Settings\\Administrator\\Desktop\\gproxy.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9303:UDP"= 9303:UDP:SharePort UDP Port

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [29.06.2010 16:01 25168]

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [29.06.2010 16:01 52872]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [29.06.2010 16:05 216400]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [29.06.2010 16:01 243024]

R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [29.06.2010 16:17 921952]

R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [29.06.2010 16:17 308136]

R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [29.06.2010 16:17 2331032]

R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [29.06.2010 16:17 5897808]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [29.06.2010 15:59 30104]

R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [29.06.2010 16:00 122448]

R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [29.06.2010 16:00 30288]

R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [29.06.2010 16:00 26192]

R3 DlinkUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\drivers\DlinkUDSMBus.sys [22.06.2009 11:35 54528]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [29.06.2010 15:59 30104]

S3 DlinkUDSTcpBus;DlinkUDSTcpBus;c:\windows\system32\drivers\DlinkUDSTcpBus.sys [22.06.2009 11:35 61312]

S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\QSC8B.tmp --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\QSC8B.tmp [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - HELPSVC

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

2010-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1614895754-527237240-500Core.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-03 15:18]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1614895754-527237240-500UA.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-03 15:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-25 17:11

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]

"ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\QSC8B.tmp"

.

Completion time: 2010-08-25 17:14:28

ComboFix-quarantined-files.txt 2010-08-25 15:14

Pre-Run: 5 114 818 560 bytes free

Post-Run: 5 086 679 040 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin

- - End Of File - - FC915E504448F9B28DEBC6B2AA1D007F

Endret 25. august 2010 av mogr

mogr · 29. august 2010

bump

norbat · 29. august 2010

Post ny combofix-logg.

mogr · 5. september 2010

ComboFix 10-09-04.06 - Administrator 05.09.2010 21:37:07.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.351 [GMT 2:00]

Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2010-08-05 to 2010-09-05 )))))))))))))))))))))))))))))))

.

2010-08-29 20:11 . 2010-08-29 20:11 2157 ----a-w- c:\documents and settings\Administrator\Application Data\.purple\certificates\x509\tls_peers\omega.contacts.msn.com

2010-08-29 19:05 . 2010-08-29 19:05 2095 ----a-w- c:\documents and settings\Administrator\Application Data\.purple\certificates\x509\tls_peers\login.live.com

2010-08-25 16:15 . 2010-08-25 16:15 -------- d-----w- c:\windows\system32\xircom

2010-08-25 16:15 . 2010-08-25 16:15 -------- d-----w- c:\windows\system32\wbem\snmp

2010-08-25 16:15 . 2010-08-25 16:15 -------- d-----w- c:\windows\srchasst

2010-08-25 16:15 . 2010-08-25 16:15 -------- d-----w- c:\windows\msagent

2010-08-25 16:15 . 2010-08-25 16:15 -------- d-----w- c:\program files\microsoft frontpage

2010-08-24 21:37 . 2010-08-24 21:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-08-24 21:36 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-24 21:36 . 2010-08-24 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-08-24 21:36 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-24 21:36 . 2010-08-24 21:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-24 10:57 . 2010-08-24 10:58 -------- d-----w- c:\program files\YouTube Downloader

2010-08-22 22:12 . 2010-08-22 22:12 -------- d-----w- C:\YouTubeVideos

2010-08-22 15:38 . 2010-08-22 15:38 2165 ----a-w- c:\documents and settings\Administrator\Application Data\.purple\certificates\x509\tls_peers\rsi.hotmail.com

2010-08-17 18:32 . 2010-08-17 18:32 -------- d-----w- C:\Download

2010-08-17 15:16 . 2010-08-17 15:17 -------- d-----w- c:\program files\PS3 Media Server

2010-08-14 20:59 . 2010-08-14 20:59 2145 ----a-w- c:\documents and settings\Administrator\Application Data\.purple\certificates\x509\tls_peers\ows.messenger.msn.com

2010-08-14 14:11 . 2010-08-14 14:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\JGoodies

2010-08-14 14:11 . 2010-08-14 14:11 -------- d-----w- c:\program files\JGoodies

2010-08-11 17:50 . 2010-06-14 07:41 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll

2010-08-11 17:49 . 2010-06-30 12:31 149504 ------w- c:\windows\system32\dllcache\schannel.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-30 11:40 . 2010-04-09 22:56 -------- d-----w- c:\program files\uTorrent

2010-08-30 11:16 . 2010-04-09 21:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\NoNameScript

2010-08-29 20:17 . 2010-04-09 23:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\.purple

2010-08-29 18:48 . 2010-04-09 22:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent

2010-08-27 06:20 . 2010-04-09 21:38 -------- d-----w- c:\program files\mIRC

2010-08-26 23:12 . 2010-04-09 22:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\foobar2000

2010-08-26 22:38 . 2010-05-15 19:00 99 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences2.dat

2010-08-26 22:29 . 2010-04-10 11:41 46 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences.dat

2010-08-26 20:22 . 2010-04-22 17:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\Spotify

2010-08-26 18:12 . 2010-04-10 09:19 -------- d-----w- c:\program files\Warcraft III

2010-08-17 19:44 . 2010-04-09 23:10 -------- d-----w- c:\program files\Pidgin

2010-08-17 15:23 . 2010-06-04 13:02 -------- d-----w- c:\program files\TVersity Codec Pack

2010-08-14 19:36 . 2010-04-09 21:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\mIRC

2010-08-13 15:09 . 2010-06-29 00:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc

2010-08-11 17:59 . 2010-04-11 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-07-23 12:52 . 2010-07-23 12:34 -------- d-----w- c:\program files\Opera

2010-07-08 18:47 . 2010-06-07 19:57 -------- d-----w- c:\program files\Full Tilt Poker

2010-06-30 12:31 . 2009-12-14 04:31 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-29 14:18 . 2010-06-29 14:01 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-06-29 14:18 . 2010-06-29 14:18 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-06-29 14:18 . 2010-06-29 14:05 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-06-29 14:17 . 2010-06-29 14:01 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys

2010-06-29 14:17 . 2010-06-29 14:05 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-06-29 14:01 . 2010-06-29 14:01 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2010-06-29 13:59 . 2010-06-29 13:59 50968 ----a-w- c:\windows\system32\avgfwdx.dll

2010-06-29 13:59 . 2010-06-29 13:59 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys

2010-06-24 12:10 . 2009-12-14 04:31 667136 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 12:10 . 2009-12-14 04:31 81920 ----a-w- c:\windows\system32\ieencode.dll

2010-06-23 13:44 . 2009-12-14 04:31 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2009-12-14 04:31 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2008-04-14 02:41 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 07:41 . 2009-12-14 04:31 1172480 ----a-w- c:\windows\system32\msxml3.dll

.

------- Sigcheck -------

[-] 2009-12-14 . 9425B72F40257B45D45D24773273DAD0 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

c:\windows\System32\wscntfy.exe ... is missing !!

c:\windows\System32\regsvc.dll ... is missing !!

.

((((((((((((((((((((((((((((( SnapShot@2010-08-25_15.11.56 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-09-05 18:15 . 2010-09-05 18:15 16384 c:\windows\Temp\Perflib_Perfdata_9b8.dat

+ 2010-04-10 11:41 . 2010-08-26 22:28 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll

- 2010-04-10 11:41 . 2010-08-24 20:28 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll

+ 2010-04-10 11:41 . 2010-08-26 22:28 93696 c:\windows\.jagex_cache_32\runescape\jaggl.dll

- 2010-04-10 11:41 . 2010-08-24 20:28 93696 c:\windows\.jagex_cache_32\runescape\jaggl.dll

+ 2010-05-15 18:59 . 2010-08-26 22:28 81920 c:\windows\.jagex_cache_32\runescape\hw3d.dll

- 2010-05-15 18:59 . 2010-08-24 20:28 81920 c:\windows\.jagex_cache_32\runescape\hw3d.dll

- 2010-04-10 11:41 . 2010-08-24 20:28 833024 c:\windows\.jagex_cache_32\runescape\sw3d.dll

+ 2010-04-10 11:41 . 2010-08-26 22:28 833024 c:\windows\.jagex_cache_32\runescape\sw3d.dll

- 2010-05-15 18:59 . 2010-08-24 20:28 102400 c:\windows\.jagex_cache_32\runescape\jagdx.dll

+ 2010-05-15 18:59 . 2010-08-26 22:28 102400 c:\windows\.jagex_cache_32\runescape\jagdx.dll

- 2010-05-15 18:59 . 2010-08-24 20:28 114688 c:\windows\.jagex_cache_32\runescape\jaclib.dll

+ 2010-05-15 18:59 . 2010-08-26 22:28 114688 c:\windows\.jagex_cache_32\runescape\jaclib.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-03 136176]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-30 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-30 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"D-Link Network USB Utility"="c:\program files\D-Link\SharePort\SharePort.exe" [2009-06-25 2585856]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-29 2065760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"_nltide_3"="advpack.dll" [2008-04-14 99840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableCAD"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoSMMyPictures"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"ForceClassicControlPanel"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

"NoSMMyPictures"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-06-29 14:18 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Program Files\\D-Link\\SharePort\\SharePort.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Documents and Settings\\Administrator\\Desktop\\gproxy.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9303:UDP"= 9303:UDP:SharePort UDP Port

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [29.06.2010 16:01 25168]

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [29.06.2010 16:01 52872]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [29.06.2010 16:05 216400]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [29.06.2010 16:01 243024]

R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [29.06.2010 16:17 921952]

R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [29.06.2010 16:17 308136]

R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [29.06.2010 16:17 2331032]

R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [29.06.2010 16:17 5897808]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [29.06.2010 15:59 30104]

R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [29.06.2010 16:00 122448]

R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [29.06.2010 16:00 30288]

R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [29.06.2010 16:00 26192]

R3 DlinkUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\drivers\DlinkUDSMBus.sys [22.06.2009 11:35 54528]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [29.06.2010 15:59 30104]

S3 DlinkUDSTcpBus;DlinkUDSTcpBus;c:\windows\system32\drivers\DlinkUDSTcpBus.sys [22.06.2009 11:35 61312]

S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\QSC8B.tmp --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\QSC8B.tmp [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Contents of the 'Scheduled Tasks' folder

2010-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1614895754-527237240-500Core.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-03 15:18]

2010-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1614895754-527237240-500UA.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-03 15:18]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zn1f5c7t.default\

FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\KavLinkFilter.dll

FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-05 21:40

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]

"ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\QSC8B.tmp"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1244)

c:\windows\system32\igfxdev.dll

.

Completion time: 2010-09-05 21:41:49

ComboFix-quarantined-files.txt 2010-09-05 19:41

ComboFix2.txt 2010-08-25 15:14

Pre-Run: 5 135 417 344 bytes free

Post-Run: 5 128 744 960 bytes free

- - End Of File - - 2EFFD57DF4FEBA3966B86713958E828C

norbat · 6. september 2010

Gå til virscan.org og sjekk ut følgende fil:

c:\windows\system32\drivers\tcpip.sys

Du har også to filer som mangler og som du evt. kan legge inn vha. en xp-cd evt. fra en annen pc.

c:\windows\System32\wscntfy.exe

c:\windows\System32\regsvc.dll

Logg inn

Sjekk av logger

Anbefalte innlegg

mogr

Lenke til kommentar

Videoannonse

mogr

Lenke til kommentar

norbat

Lenke til kommentar

mogr

Lenke til kommentar

norbat

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Opprett konto

Logg inn

Hvem er aktive 0 medlemmer