Enya Skrevet 9. september 2010 Del Skrevet 9. september 2010 MBAM [skjult] Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversjon: 4582 Windows 6.1.7600 (Safe Mode) Internet Explorer 8.0.7600.16385 09.09.2010 15:56:23 mbam-log-2010-09-09 (15-56-23).txt Skanntype: Full skann (C:\|) Objekter skannet: 264861 Tid tilbakelagt: 55 minutt(er), 17 sekund(er) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert 5 Minneprosesser infisert: (Ingen skadelige objekter funnet) Minnemoduler infisert: (Ingen skadelige objekter funnet) Registernøkler infisert: (Ingen skadelige objekter funnet) Registerverdier infisert: (Ingen skadelige objekter funnet) Registerfiler infisert: (Ingen skadelige objekter funnet) Mapper infisert: (Ingen skadelige objekter funnet) Filer infisert C:\Program Files\FlashFXP\ntshrui.dll (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\dietxug.exe.vir (Trojan.Sasfis) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\nxdm.exe.vir (Trojan.Sasfis) -> Quarantined and deleted successfully. C:\Users\Jørgen\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\3d224be8-3050b1bb (Trojan.Cycler) -> Quarantined and deleted successfully. C:\Users\Jørgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully. [/skjult] Combofix [skjult] ComboFix 10-09-08.03 - Jørgen 09.09.2010 16:06:38.1.2 - x86 Microsoft Windows 7 Professional 6.1.7600.0.1252.47.1044.18.2975.2144 [GMT 2:00] Kjører fra: c:\users\Jørgen\Desktop\ComboFix.exe * Opprettet nytt gjenopprettingspunkt . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Jørgen\AppData\Local\Windows Server c:\users\Jørgen\AppData\Local\Windows Server\admin.txt c:\users\Jørgen\AppData\Local\Windows Server\flags.ini c:\users\Jørgen\AppData\Local\Windows Server\server.dat c:\users\Jørgen\AppData\Local\Windows Server\uses32.dat c:\users\Jørgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.lnk c:\windows\system32\0.691474118252938.exe Infisert kopi av c:\windows\system32\DRIVERS\iaStor.sys ble funnet og desinfisert Gjenopprettet kopi fra - Kitty had a snack Infisert kopi av c:\windows\system32\wininit.exe ble funnet og desinfisert Gjenopprettet kopi fra - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe Infisert kopi av c:\windows\explorer.exe ble funnet og desinfisert Gjenopprettet kopi fra - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-08-09 til 2010-09-09 ))))))))))))))))))))))))))))))))) . 2010-09-09 14:16 . 2010-09-09 14:16 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-09-09 14:04 . 2009-06-04 18:43 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys 2010-09-09 08:16 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-09 08:16 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-08 17:50 . 1996-11-05 14:13 299008 ----a-w- c:\windows\uninst.exe 2010-09-08 17:25 . 2010-09-08 18:17 -------- d-----w- c:\program files\Logic Minimizer 2010-09-08 17:01 . 2010-09-08 18:13 -------- d-----w- c:\windows\Downloaded Installations 2010-09-08 15:17 . 2010-09-08 15:18 -------- d-----w- c:\program files\Calc98 2010-09-07 16:39 . 2010-09-07 16:39 -------- d-----w- c:\program files\CRW 2010-09-07 13:02 . 2010-09-07 13:02 -------- d-----w- c:\programdata\PC Drivers HeadQuarters 2010-08-24 09:51 . 2010-09-08 17:51 -------- d-----w- c:\program files\Alvls 2010-08-19 12:03 . 2010-09-09 12:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-19 12:03 . 2010-08-19 12:03 -------- d-----w- c:\programdata\Malwarebytes 2010-08-18 17:24 . 2010-08-18 17:24 -------- d-----w- C:\AMD 2010-08-18 00:52 . 2010-08-18 00:52 -------- d-----w- c:\windows\system32\%LocalAppData% 2010-08-18 00:52 . 2010-08-18 00:52 -------- d-sh--w- c:\windows\system32\%APPDATA% 2010-08-14 20:13 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-08-14 20:12 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll 2010-08-14 20:12 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll 2010-08-14 20:12 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll 2010-08-14 20:11 . 2010-06-08 06:02 1233920 ----a-w- c:\windows\system32\msxml3.dll 2010-08-14 20:11 . 2010-06-22 02:47 310784 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-14 20:11 . 2010-06-22 02:47 307200 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-08-14 20:11 . 2010-06-22 02:47 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-08-14 20:09 . 2010-06-16 05:48 224256 ----a-w- c:\windows\system32\schannel.dll 2010-08-14 20:08 . 2010-06-19 04:07 2326016 ----a-w- c:\windows\system32\win32k.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "869604542"="c:\users\Jørgen\AppData\Local\869604542.exe" [2010-09-09 955904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-19 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-19 174104] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-19 151064] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-18 1537320] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-06 7600672] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120] "LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-27 1191432] "ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2009-07-30 180224] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-09-05 3567616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCInstallQueue"="netman.dll" [2009-07-14 280576] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] c:\users\J›rgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-30 503808] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-17 795936] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys] @="FSFilter System Recovery" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun R0 haftqv;haftqv;c:\windows\System32\drivers\muduox.sys [x] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2007-03-20 16896] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-19 172032] S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2009-08-24 107016] S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2010-02-03 29744] S2 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-09-05 3450368] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-08-19 5068800] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-08-19 106496] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2009-08-19 5924864] S3 netw5v32;Intel® trådløs WiFi-kobling 5000-kortdriver for 32-biters Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . . ------- Tilleggsskanning ------- . uInternet Settings,ProxyOverride = *.local IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - c:\users\Jørgen\AppData\Roaming\Mozilla\Firefox\Profiles\lhy4fwex.default\ FF - plugin: c:\progra~1\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . . ------- Filassosiasjoner ------- . .scr=AutoCADScriptFile . - - - - TOMME PEKERE FJERNET - - - - SafeBoot-dmio.sys SafeBoot-dmload.sys SafeBoot-dmadmin SafeBoot-dmserver SafeBoot-SRService . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'Explorer.exe'(2252) c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\system32\atieclxx.exe c:\program files\Acer Bio Protection\CompPtcVUI.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\DAEMON Tools Lite\DTLite.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Tidspunkt ferdig: 2010-09-09 16:21:48 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2010-09-09 14:21 ComboFix2.txt 2010-01-25 19:23 ComboFix3.txt 2010-01-25 18:34 ComboFix4.txt 2010-01-25 15:36 ComboFix5.txt 2010-09-09 14:01 Pre-Run: 175 344 451 584 byte ledig Post-Run: 175 358 164 992 byte ledig - - End Of File - - 1454A500A4D34D5A085589682EBA9A9D [/skjult] Lenke til kommentar
norbat Skrevet 9. september 2010 Del Skrevet 9. september 2010 Åpne notisblokk og kopier inn det som står i fet skrift under, lagre fila på skrivebordet som CFScript.txt. Dra deretter fila over Combofix-iconet. Combofix vil starte igjen. Post loggen. File:: c:\users\Jørgen\AppData\Local\869604542.exe c:\users\Jørgen\AppData\Local\869604542. exe Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "869604542"=- Driver:: haftqv Hvordan kjører pc'n? Lenke til kommentar
Enya Skrevet 9. september 2010 Forfatter Del Skrevet 9. september 2010 Ny logg ComboFix 10-09-08.03 - Jørgen 09.09.2010 16:58:32.2.2 - x86 NETWORK Microsoft Windows 7 Professional 6.1.7600.0.1252.47.1044.18.2975.2335 [GMT 2:00] Kjører fra: c:\users\Jørgen\Desktop\ComboFix.exe Command switches brukt :: c:\users\Jørgen\Desktop\CFScript.txt.txt * Opprettet nytt gjenopprettingspunkt FILE :: "c:\users\Jørgen\AppData\Local\869604542. exe" "c:\users\Jørgen\AppData\Local\869604542.exe" . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Jørgen\AppData\Local\869604542.exe c:\users\Jørgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.lnk . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_haftqv ((((((((((((((((((((((((((( Filer Opprettet Fra 2010-08-09 til 2010-09-09 ))))))))))))))))))))))))))))))))) . 2010-09-09 15:05 . 2010-09-09 15:05 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-09-09 15:05 . 2010-09-09 15:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-09-09 14:04 . 2009-06-04 18:43 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys 2010-09-09 08:16 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-09 08:16 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-08 17:50 . 1996-11-05 14:13 299008 ----a-w- c:\windows\uninst.exe 2010-09-08 17:25 . 2010-09-09 14:37 -------- d-----w- c:\program files\Logic Minimizer 2010-09-08 17:01 . 2010-09-08 18:13 -------- d-----w- c:\windows\Downloaded Installations 2010-09-08 15:17 . 2010-09-08 15:18 -------- d-----w- c:\program files\Calc98 2010-09-07 16:39 . 2010-09-07 16:39 -------- d-----w- c:\program files\CRW 2010-09-07 13:02 . 2010-09-07 13:02 -------- d-----w- c:\programdata\PC Drivers HeadQuarters 2010-08-24 09:51 . 2010-09-08 17:51 -------- d-----w- c:\program files\Alvls 2010-08-19 12:03 . 2010-09-09 12:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-19 12:03 . 2010-08-19 12:03 -------- d-----w- c:\programdata\Malwarebytes 2010-08-18 17:24 . 2010-08-18 17:24 -------- d-----w- C:\AMD 2010-08-18 00:52 . 2010-08-18 00:52 -------- d-----w- c:\windows\system32\%LocalAppData% 2010-08-18 00:52 . 2010-08-18 00:52 -------- d-sh--w- c:\windows\system32\%APPDATA% 2010-08-14 20:13 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-08-14 20:12 . 2010-07-29 06:30 197632 ----a-w- c:\windows\system32\ir32_32.dll 2010-08-14 20:12 . 2010-07-29 06:30 82944 ----a-w- c:\windows\system32\iccvid.dll 2010-08-14 20:12 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll 2010-08-14 20:11 . 2010-06-08 06:02 1233920 ----a-w- c:\windows\system32\msxml3.dll 2010-08-14 20:11 . 2010-06-22 02:47 310784 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-14 20:11 . 2010-06-22 02:47 307200 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-08-14 20:11 . 2010-06-22 02:47 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys 2010-08-14 20:09 . 2010-06-16 05:48 224256 ----a-w- c:\windows\system32\schannel.dll 2010-08-14 20:08 . 2010-06-19 04:07 2326016 ----a-w- c:\windows\system32\win32k.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-09 15:06 . 2010-02-03 21:27 -------- d-----w- c:\program files\Common Files\Akamai 2010-09-09 14:12 . 2009-07-14 07:31 74124 ----a-w- c:\windows\system32\perfc014.dat 2010-09-09 14:12 . 2009-07-14 07:31 448210 ----a-w- c:\windows\system32\perfh014.dat 2010-09-09 12:09 . 2010-04-27 14:35 -------- d-----w- c:\program files\FlashFXP 2010-09-09 08:21 . 2010-02-08 16:50 -------- d-----w- c:\programdata\Microsoft Help 2010-09-08 12:43 . 2010-07-29 16:46 -------- d-----w- c:\program files\Realtek 2010-09-08 12:43 . 2010-02-03 19:27 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-08-19 19:47 . 2009-07-13 23:11 13904 ----a-w- c:\windows\system32\drivers\hwpolicy.sys 2010-08-19 07:46 . 2010-08-18 00:27 784 ----a-w- c:\programdata\id.tmp 2010-08-09 01:37 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail 2010-07-29 18:23 . 2010-02-03 19:20 -------- d-----w- c:\program files\Intel 2010-07-29 18:23 . 2010-07-29 18:23 -------- d-sh--we c:\programdata\Start-meny 2010-07-29 18:23 . 2010-07-29 18:23 -------- d-sh--we c:\programdata\Skrivebord 2010-07-29 18:23 . 2010-07-29 18:23 -------- d-sh--we c:\programdata\Programdata 2010-07-29 18:23 . 2010-07-29 18:23 -------- d-sh--we c:\programdata\Maler 2010-07-29 18:23 . 2010-07-29 18:23 -------- d-sh--we c:\programdata\Favoritter 2010-07-29 18:23 . 2010-07-29 18:23 -------- d-sh--we c:\programdata\Dokumenter 2010-07-29 18:23 . 2010-07-29 18:23 -------- d-sh--we c:\program files\Fellesfiler 2010-07-29 17:19 . 2010-07-29 17:19 21464 ----a-w- c:\windows\system32\emptyregdb.dat 2010-07-29 16:55 . 2010-03-24 21:05 -------- d-----w- c:\program files\VideoLAN 2010-07-29 16:55 . 2010-02-08 14:10 -------- d-----w- c:\program files\uTorrent 2010-07-29 16:55 . 2010-06-24 12:21 -------- d-----w- c:\program files\TmNationsForever 2010-07-29 16:55 . 2010-04-27 15:10 -------- d-----w- c:\program files\Tansee iPhone Transfer Photo 2010-07-29 16:55 . 2010-02-17 16:33 -------- d-----w- c:\program files\Spotify 2010-07-29 16:55 . 2010-02-16 19:57 -------- d-----w- c:\program files\SopCast 2010-07-29 16:55 . 2010-06-12 13:39 -------- d-----w- c:\program files\Sony Ericsson 2010-07-29 16:55 . 2010-02-08 07:55 -------- d-----w- c:\program files\Solid Edge V20 2010-07-29 16:54 . 2010-04-14 10:41 -------- d-----w- c:\program files\QuickTime 2010-07-29 16:54 . 2010-02-12 14:44 -------- d-----w- c:\program files\MSECache 2010-07-29 16:54 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild 2010-07-29 16:54 . 2010-04-13 19:30 -------- d-----w- c:\program files\Microsoft.NET 2010-07-29 16:54 . 2010-02-08 16:51 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2010-07-29 16:54 . 2010-04-13 19:30 -------- d-----w- c:\program files\Microsoft Synchronization Services 2010-07-29 16:54 . 2010-04-13 19:30 -------- d-----w- c:\program files\Microsoft Sync Framework 2010-07-29 16:54 . 2010-04-13 19:30 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2010-07-29 16:54 . 2010-02-18 12:26 -------- d-----w- c:\program files\Microsoft Silverlight 2010-07-29 16:53 . 2010-04-13 19:25 -------- d-----w- c:\program files\Microsoft Analysis Services 2010-07-29 16:53 . 2010-02-23 22:13 -------- d-----w- c:\program files\Microsoft 2010-07-29 16:52 . 2010-04-08 15:48 -------- d-----w- c:\program files\LimeWire 2010-07-29 16:52 . 2010-02-04 15:57 -------- d-----w- c:\program files\Mathcad 2010-07-29 16:52 . 2010-02-03 19:30 -------- d-----w- c:\program files\Launch Manager 2010-07-29 16:52 . 2010-04-14 10:42 -------- d-----w- c:\program files\iTunes 2010-07-29 16:52 . 2010-02-11 10:16 -------- d-----w- c:\program files\Java 2010-07-29 16:51 . 2010-04-14 10:42 -------- d-----w- c:\program files\iPod 2010-07-29 16:51 . 2010-02-23 22:11 -------- d-----w- c:\program files\Common Files\Windows Live 2010-07-29 16:51 . 2010-02-08 16:41 -------- d-----w- c:\program files\DAEMON Tools Lite 2010-07-29 16:51 . 2010-02-11 10:17 -------- d-----w- c:\program files\Common Files\Java 2010-07-29 16:51 . 2010-02-03 22:06 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2010-07-29 16:51 . 2010-02-03 19:27 -------- d-----w- c:\program files\Common Files\InstallShield 2010-07-29 16:51 . 2010-02-03 22:04 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2010-07-29 16:51 . 2010-02-03 19:32 -------- d-----w- c:\program files\Common Files\ATI Technologies 2010-07-29 16:50 . 2010-04-14 10:40 -------- d-----w- c:\program files\Common Files\Apple 2010-07-29 16:50 . 2010-02-04 15:16 -------- d-----w- c:\program files\Common Files\Adobe 2010-07-29 16:50 . 2010-04-14 10:41 -------- d-----w- c:\program files\Bonjour 2010-07-29 16:50 . 2010-02-03 22:04 -------- d-----w- c:\program files\AutoCAD 2010 2010-07-29 16:50 . 2010-02-03 19:47 -------- d-----w- c:\program files\AutomationLabs 2010-07-29 16:50 . 2010-02-03 19:31 -------- d-----w- c:\program files\ATI Technologies 2010-07-29 16:50 . 2010-02-03 19:31 -------- d-----w- c:\program files\ATI 2010-07-29 16:50 . 2010-04-14 10:41 -------- d-----w- c:\program files\Apple Software Update 2010-07-29 16:50 . 2010-02-03 19:36 -------- d-----w- c:\program files\Acer Bio Protection 2010-07-29 16:50 . 2010-02-03 19:38 -------- d-----w- c:\program files\Acer 2010-07-29 16:46 . 2010-07-29 16:46 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf 2010-07-29 16:46 . 2010-07-29 16:46 -------- d-----w- c:\program files\Synaptics 2010-07-29 16:46 . 2010-07-29 16:46 0 ----a-w- c:\windows\ativpsrm.bin 2010-06-30 06:25 . 2010-08-14 20:10 978432 ----a-w- c:\windows\system32\wininet.dll 2010-06-19 06:33 . 2010-08-14 20:10 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-06-19 06:33 . 2010-08-14 20:10 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-06-12 13:40 . 2010-06-12 13:40 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-19 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-19 174104] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-19 151064] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-18 1537320] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-06 7600672] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120] "LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-27 1191432] "ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2009-07-30 180224] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-09-05 3567616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCInstallQueue"="netman.dll" [2009-07-14 280576] c:\users\J›rgen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-30 503808] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-17 795936] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "ConsentPromptBehaviorAdmin"= 0 (0x0) "EnableLUA"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys] @="FSFilter System Recovery" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-08 691696] R0 touerci;touerci;c:\windows\System32\drivers\wljxtnjo.sys [x] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2007-03-20 16896] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-07 1343400] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-19 172032] S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2009-08-24 107016] S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2010-02-03 29744] S2 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-09-05 3450368] S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2009-07-30 118784] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-08-19 5068800] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-08-19 106496] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2009-08-19 5924864] S3 netw5v32;Intel® trådløs WiFi-kobling 5000-kortdriver for 32-biters Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-06-12 27632] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . . ------- Tilleggsskanning ------- . uInternet Settings,ProxyOverride = *.local IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL FF - ProfilePath - c:\users\Jørgen\AppData\Roaming\Mozilla\Firefox\Profiles\lhy4fwex.default\ FF - plugin: c:\progra~1\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - TOMME PEKERE FJERNET - - - - SafeBoot-dmboot.sys . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,47,7e,88,28,4e,4b,38,42,9e,a6,36,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,47,7e,88,28,4e,4b,38,42,9e,a6,36,\ [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="IE.AssocFile.HTM" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="IE.AssocFile.HTM" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="IE.AssocFile.MHT" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="IE.AssocFile.MHT" [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice] @Denied: (2) (LocalSystem) "Progid"="IE.AssocFile.URL" [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'Explorer.exe'(3352) c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\system32\atieclxx.exe c:\program files\Acer Bio Protection\CompPtcVUI.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\sppsvc.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE c:\windows\system32\taskhost.exe . ************************************************************************** . Tidspunkt ferdig: 2010-09-09 17:11:45 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2010-09-09 15:11 ComboFix2.txt 2010-09-09 14:21 ComboFix3.txt 2010-01-25 19:23 ComboFix4.txt 2010-01-25 18:34 ComboFix5.txt 2010-09-09 14:57 Pre-Run: 175 421 513 728 byte ledig Post-Run: 175 350 325 248 byte ledig - - End Of File - - BB68A957469B8AA814CBE47526C2DF44 Ser ut til å kjøre fint nå, er den ren? Lenke til kommentar
norbat Skrevet 15. september 2010 Del Skrevet 15. september 2010 Loggen ser grei ut. Du kan avinstallere combofix ved å skrive combofix /uninstall i kjør-feltet Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå