Gå til innhold

Har fått virus(Popup virus + trojaner)

Kuuket

Av Kuuket
i IKT-drift og sikkerhet

Anbefalte innlegg

Videoannonse

Videoannonse
Annonse
seruz

seruz

Skrevet
Skrevet

combifix loggen min

 

 

ComboFix 08-02.05.3 - seruz 2008-02-10 0:55:47.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.1453 [GMT 1:00]

Running from: C:\Documents and Settings\seruz\Skrivebord\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 )))))))))))))))))))))))))))))))

.

 

2008-02-10 00:15 . 2008-02-10 00:22 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-02-10 00:15 . 2008-02-10 00:15 <DIR> d-------- C:\Documents and Settings\seruz\Programdata\SUPERAntiSpyware.com

2008-02-10 00:15 . 2008-02-10 00:15 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-02-09 23:23 . 2008-02-09 23:23 <DIR> dr-h----- C:\Documents and Settings\seruz\Siste

2008-02-08 14:41 . 2008-02-08 14:54 19,574 --a------ C:\WINDOWS\hpoins01.dat

2008-02-08 14:41 . 2003-04-22 10:24 16,606 --------- C:\WINDOWS\hpomdl01.dat

2008-02-08 11:59 . 2008-02-08 11:57 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2008-02-08 11:57 . 2008-02-08 12:09 <DIR> d-------- C:\Documents and Settings\seruz\.housecall6.6

2008-02-07 23:38 . 2004-08-04 13:00 388,096 --a------ C:\kmd.exe

2008-02-07 22:44 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

2008-02-07 22:44 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2008-02-07 22:44 . 2008-02-06 00:03 85,504 --a------ C:\WINDOWS\system32\VACFix.exe

2008-02-07 22:44 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe

2008-02-07 22:44 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe

2008-02-07 22:44 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2008-02-07 22:44 . 2008-02-07 22:45 2,714 --a------ C:\WINDOWS\system32\tmp.reg

2008-02-07 22:39 . 2008-02-07 22:39 <DIR> d-------- C:\Programfiler\Combined Community Codec Pack

2008-02-07 21:56 . 2008-02-07 21:56 <DIR> d-------- C:\Programfiler\CCleaner

2008-02-07 16:21 . 2008-02-07 16:21 <DIR> d-------- C:\WINDOWS\system32\windows media

2008-02-07 16:21 . 2008-02-07 16:23 <DIR> d--h----- C:\WINDOWS\msdownld.tmp

2008-02-07 16:21 . 2008-02-07 16:21 <DIR> d-------- C:\Programfiler\Windows Media Components

2008-02-07 16:11 . 2008-02-07 16:11 <DIR> d-------- C:\Programfiler\VideoMach-4.0.4

2008-02-07 15:40 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-02-07 15:40 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys

2008-02-07 15:23 . 2008-02-08 14:17 <DIR> d-------- C:\WINDOWS\system32\NtmsData

2008-02-07 15:17 . 2008-02-07 15:17 <DIR> d-------- C:\Documents and Settings\seruz\Programdata\Hewlett-Packard

2008-02-07 15:14 . 2008-02-07 15:14 <DIR> d-------- C:\Programfiler\Hewlett-Packard

2008-02-07 15:14 . 2008-02-07 15:14 <DIR> d-------- C:\Programfiler\Fellesfiler\Hewlett-Packard

2008-02-07 15:13 . 2008-02-07 15:13 <DIR> d-------- C:\temp\HP All-in-One Series Web Release

2008-02-07 15:13 . 2008-02-07 15:13 <DIR> d-------- C:\temp

2008-02-07 15:09 . 2008-02-07 15:09 <DIR> d-------- C:\Programfiler\Winamp

2008-02-07 15:09 . 2008-02-07 15:09 <DIR> d-------- C:\Documents and Settings\seruz\Programdata\Winamp

2008-02-07 14:51 . 2004-08-04 13:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2008-02-07 14:19 . 2008-02-07 14:19 <DIR> d-------- C:\Programfiler\Sony

2008-02-07 14:19 . 2008-02-07 14:19 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Sony

2008-02-07 14:10 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-02-07 14:10 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys

2008-02-07 13:47 . 2008-02-07 13:47 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys

2008-02-07 13:45 . 2008-02-07 13:45 <DIR> d-------- C:\Programfiler\MSXML 6.0

2008-02-07 13:45 . 2008-02-07 13:45 <DIR> d-------- C:\Programfiler\Microsoft CAPICOM 2.1.0.2

2008-02-07 01:28 . 2008-02-07 01:28 0 --a------ C:\WINDOWS\system32\SBRC.dat

2008-02-07 01:28 . 2008-02-07 01:28 0 --a------ C:\WINDOWS\system32\SBFC.dat

2008-02-07 01:26 . 2008-02-07 01:26 <DIR> d-------- C:\Programfiler\Lavasoft

2008-02-07 01:26 . 2008-02-07 01:27 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft

2008-02-07 01:23 . 2008-02-07 01:23 <DIR> d-------- C:\Programfiler\Sunbelt Software

2008-02-07 01:23 . 2008-02-07 01:23 <DIR> d-------- C:\Documents and Settings\seruz\Programdata\Sunbelt Software

2008-02-07 01:23 . 2008-02-07 01:23 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Sunbelt Software

2008-02-06 22:54 . 2008-02-09 17:46 <DIR> d-------- C:\Documents and Settings\seruz\Programdata\skypePM

2008-02-06 22:54 . 2008-02-06 22:54 32 --a------ C:\Documents and Settings\All Users\Programdata\ezsid.dat

2008-02-06 22:53 . 2008-02-06 22:53 <DIR> d-------- C:\Programfiler\Skype

2008-02-06 22:53 . 2008-02-06 22:53 <DIR> d-------- C:\Programfiler\Fellesfiler\Skype

2008-02-06 22:53 . 2008-02-09 17:47 <DIR> d-------- C:\Documents and Settings\seruz\Programdata\Skype

2008-02-06 22:53 . 2008-02-06 22:53 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Skype

2008-02-05 22:05 . 2008-02-05 22:05 <DIR> d-------- C:\Documents and Settings\seruz\Programdata\Sony

2008-02-05 22:05 . 2008-02-05 22:05 <DIR> d-------- C:\Documents and Settings\seruz\Programdata\Publish Providers

2008-02-05 22:05 . 2008-02-07 15:59 <DIR> d-a------ C:\Documents and Settings\All Users\Programdata\TEMP

2008-02-05 22:05 . 2008-02-07 15:53 156 --a------ C:\WINDOWS\Twunk001.MTX

2008-02-05 22:05 . 2008-02-07 15:53 3 --a------ C:\WINDOWS\Twain001.Mtx

2008-02-05 22:05 . 2008-02-05 22:05 0 --a------ C:\WINDOWS\Twunk002.MTX

2008-02-05 22:00 . 2008-02-05 22:00 <DIR> d-------- C:\Programfiler\MSBuild

2008-02-05 21:58 . 2008-02-05 21:58 <DIR> d-------- C:\WINDOWS\system32\XPSViewer

2008-02-05 21:58 . 2008-02-05 21:58 <DIR> d-------- C:\Programfiler\Reference Assemblies

2008-02-05 21:57 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

2008-02-05 21:56 . 2008-02-05 21:56 <DIR> d-------- C:\Documents and Settings\seruz\Programdata\Sony Setup

2008-02-05 21:54 . 2008-02-05 21:54 <DIR> d-------- C:\Programfiler\MagicISO

2008-01-30 15:47 . 2008-01-30 15:47 <DIR> d---s---- C:\Documents and Settings\seruz\UserData

2008-01-30 07:48 . 19,584 C:\WINDOWS\system32\drivers\xofvifhu.dat

2008-01-30 00:04 . 2003-05-07 19:01 8,464 --a------ C:\WINDOWS\system32\sporder.dll

2008-01-30 00:01 . 2004-08-04 13:00 84,480 --a------ C:\WINDOWS\system32\bat.dll

2008-01-30 00:01 . 2008-01-30 00:02 40,730 --a------ C:\WINDOWS\system32\superiorads-uninst.exe

2008-01-26 20:49 . 2008-02-07 14:20 <DIR> d-------- C:\Programfiler\VstPlugins

2008-01-26 20:49 . 2008-01-26 20:49 <DIR> d-------- C:\Programfiler\ASIO4ALL v2

2008-01-26 20:49 . 2002-07-07 23:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm

2008-01-26 20:49 . 2006-06-20 09:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll

2008-01-26 20:48 . 2008-01-30 00:03 <DIR> d-------- C:\Programfiler\Image-Line

2008-01-26 20:39 . 2008-01-26 20:39 <DIR> d-------- C:\Documents and Settings\seruz\Programdata\GetRightToGo

2008-01-26 20:39 . 2008-01-26 20:39 5,607 --a------ C:\WINDOWS\~GLH0001.TMP

2008-01-26 20:20 . 2008-01-26 20:20 <DIR> d-------- C:\eJay

2008-01-26 20:20 . 2008-01-26 20:20 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\InstallShield

2008-01-26 18:16 . 2008-01-26 18:16 <DIR> d-------- C:\Documents and Settings\seruz\Programdata\DivX

2008-01-26 04:47 . 2008-01-29 18:11 <DIR> d-------- C:\WINDOWS\.jagex_cache_32

2008-01-26 04:15 . 2008-01-26 04:15 <DIR> d-------- C:\Programfiler\DivX

2008-01-26 04:15 . 2008-01-04 22:58 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe

2008-01-26 04:15 . 2008-01-04 22:58 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe

2008-01-24 19:21 . 2008-01-24 19:21 <DIR> d-------- C:\Programfiler\NCH Software

2008-01-24 19:21 . 2008-02-02 02:04 <DIR> d-------- C:\Documents and Settings\seruz\Programdata\NCH Swift Sound

2008-01-24 19:21 . 2008-01-24 19:21 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\NCH Swift Sound

2008-01-24 19:21 . 2008-01-24 19:21 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\NCH Software

2008-01-24 19:20 . 2008-02-02 02:04 <DIR> d-------- C:\Programfiler\NCH Swift Sound

2008-01-22 01:14 . 2008-01-22 01:14 <DIR> d-------- C:\Programfiler\iTunes

2008-01-22 01:14 . 2008-01-22 01:14 <DIR> d-------- C:\Programfiler\iPod

2008-01-22 01:14 . 2008-01-22 01:14 <DIR> d-------- C:\Documents and Settings\seruz\Programdata\Apple Computer

2008-01-22 01:14 . 2008-02-09 17:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-01-22 01:14 . 2008-01-22 01:14 1,409 --a------ C:\WINDOWS\QTFont.for

2008-01-22 01:13 . 2008-01-22 01:14 <DIR> d-------- C:\Programfiler\QuickTime

2008-01-22 01:13 . 2008-01-22 01:13 <DIR> d-------- C:\Programfiler\Fellesfiler\Apple

2008-01-22 01:13 . 2008-01-22 01:13 <DIR> d-------- C:\Programfiler\Apple Software Update

2008-01-22 01:13 . 2008-01-22 01:14 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple Computer

2008-01-22 01:13 . 2008-01-22 01:13 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Apple

2008-01-21 00:14 . 2008-01-21 00:14 <DIR> d-------- C:\Programfiler\Konami

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-08 13:34 --------- d-----w C:\Programfiler\Fellesfiler\Adobe

2008-02-02 01:05 --------- d--h--w C:\Programfiler\InstallShield Installation Information

2008-01-26 19:39 5,607 ----a-w C:\WINDOWS\~GLH0001.TMP

2008-01-18 13:20 20,747 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys

2008-01-15 16:45 --------- d-----w C:\Programfiler\Fellesfiler\SpeechEngines

2008-01-15 16:45 --------- d-----w C:\Programfiler\Fellesfiler\ODBC

2008-01-15 16:14 --------- d-----w C:\Programfiler\ASUS

2008-01-15 16:11 --------- d-----w C:\Programfiler\Fellesfiler\InstallShield

2008-01-15 16:10 --------- d-----w C:\Programfiler\DIFX

2008-01-15 16:09 --------- d-----w C:\Programfiler\Analog Devices

2008-01-15 15:59 --------- d-----w C:\Programfiler\microsoft frontpage

2008-01-15 15:58 --------- d-----w C:\Programfiler\Elektroniske tjenester

2008-01-15 15:57 --------- d-----w C:\Programfiler\Fellesfiler\Tjenester

2008-01-15 15:57 --------- d-----w C:\Programfiler\Fellesfiler\MSSoap

2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2008-01-04 21:58 129,784 ------w C:\WINDOWS\system32\pxafs.dll

2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll

2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll

2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll

2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll

2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll

2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll

2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll

2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll

2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll

2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll

2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll

2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll

2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39634E30-9C20-4B70-8B92-040B4D9A4C90}]

2004-08-04 13:00 84480 --a------ C:\WINDOWS\system32\bat.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"Steam"="C:\Programfiler\Steam\Steam.exe" [2008-01-15 22:47 1266936]

"DAEMON Tools Lite"="C:\Programfiler\DAEMON Tools Lite\daemon.exe" [2007-12-29 13:05 486856]

"Skype"="C:\Programfiler\Skype\Phone\Skype.exe" [2008-01-17 18:10 21686568]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2006-05-01 03:07 843776]

"SoundMAX"="C:\Programfiler\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19 729088]

"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-08-14 03:51 352256]

"AsusStartupHelp"="C:\Programfiler\ASUS\AASP\1.00.15\AsRunHelp.exe" [2006-11-14 07:25 363008]

"Launch Ai Booster"="C:\Programfiler\ASUS\AI Booster\OverClk.exe" [2006-11-28 17:20 3714048]

"Ai Gear Help"="C:\Programfiler\ASUS\AI Gear\GearHelp.exe" [2006-07-27 20:39 415744]

"Ai Nap"="C:\Programfiler\ASUS\AI Nap\AiNap.exe" [2006-11-30 11:23 1419776]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-03-13 06:58 7770112]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-03-13 06:58 81920]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-15 23:10 579072]

"PWRISOVM.EXE"="C:\Programfiler\PowerISO\PWRISOVM.EXE" [2007-08-07 01:05 200704]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]

"SBCSTray"="C:\Programfiler\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-06-15 15:17 699120]

"WinampAgent"="C:\Programfiler\Winamp\winampa.exe" [2008-01-15 23:54 37376]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-15 23:10 219136]

 

C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\

Adobe Reader Speed Launch.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]

hpoddt01.exe.lnk - C:\Programfiler\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12 28672]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

R0 dglyfvkn;dglyfvkn;C:\WINDOWS\system32\drivers\xofvifhu.dat []

R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2008-02-07 13:47]

R3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys []

S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-03-22 19:17]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5a89d81-c387-11dc-b7ba-806d6172696f}]

\Shell\AutoRun\command - I:\AUTORUN.EXE

 

*Newly Created Service* - SASDIFSV

*Newly Created Service* - SASENUM

*Newly Created Service* - SASKUTIL

*Newly Created Service* - SBAPIFS

.

Contents of the 'Scheduled Tasks' folder

"2008-02-07 20:15:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-10 00:56:46

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-02-10 0:57:04

ComboFix-quarantined-files.txt 2008-02-07 22:40:40

ComboFix2.txt 2008-02-07 22:40:43

.

2008-02-07 12:45:23 --- E O F ---

 

 

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...