Gå til innhold

hvordan ser denne ut

marrismarflow

Av marrismarflow
i IKT-drift og sikkerhet

Anbefalte innlegg

marrismarflow

marrismarflow

Skrevet
Skrevet

ComboFix 08-08-17.03 - Øyvind Johansen 2008-08-18 13:03:26.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1044.18.442 [GMT 2:00]

Running from: C:\Documents and Settings\Øyvind Johansen\Skrivebord\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Øyvind Johansen\UserData

C:\Documents and Settings\Øyvind Johansen\UserData\C1YBOXAF\Tdy58[1].xml

C:\Documents and Settings\Øyvind Johansen\UserData\index.dat

C:\Documents and Settings\Øyvind Johansen\UserData\S16V0P6V\oWindowsUpdate[1].xml

 

.

((((((((((((((((((((((((( Files Created from 2008-07-18 to 2008-08-18 )))))))))))))))))))))))))))))))

.

 

2008-08-18 12:44 . 2008-08-18 12:44 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware

2008-08-18 12:44 . 2008-08-18 12:44 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard

2008-08-18 12:44 . 2008-08-18 12:44 <DIR> d-------- C:\Documents and Settings\Øyvind Johansen\Programdata\SUPERAntiSpyware.com

2008-08-18 12:44 . 2008-08-18 12:44 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com

2008-08-18 12:42 . 2008-08-18 12:42 <DIR> dr-h----- C:\Documents and Settings\Øyvind Johansen\Siste

2008-08-18 12:42 . 2008-08-18 12:42 <DIR> dr-h----- C:\Documents and Settings\Øyvind Johansen\Siste

2008-08-18 12:41 . 2008-08-18 12:41 <DIR> d-------- C:\Programfiler\Yahoo!

2008-08-18 12:41 . 2008-08-18 12:41 <DIR> d-------- C:\Programfiler\CCleaner

2008-08-18 07:50 . 2008-08-18 07:50 <DIR> d-------- C:\Programfiler\mIRC

2008-08-18 07:50 . 2008-08-18 07:58 <DIR> d-------- C:\Documents and Settings\Øyvind Johansen\Programdata\mIRC

2008-08-15 07:58 . 2008-08-15 07:58 381 --a------ C:\Shortcut to Film - Dvd.lnk

2008-08-15 07:53 . 2008-08-15 07:53 <DIR> d-------- C:\Programfiler\FileZilla FTP Client

2008-08-15 07:53 . 2008-08-18 12:25 <DIR> d-------- C:\Documents and Settings\Øyvind Johansen\Programdata\FileZilla

2008-08-15 07:35 . 2008-08-15 07:35 <DIR> d-------- C:\TPSINST

2008-08-15 07:35 . 2008-08-15 07:35 <DIR> d-------- C:\MITOITUS

2008-08-15 07:35 . 2008-08-15 07:42 173 --a------ C:\WINDOWS\PeikPlat.INI

2008-07-27 19:06 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys

2008-07-27 19:06 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys

2008-07-27 19:06 . 2008-07-27 19:06 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-07-27 19:06 . 2008-07-27 19:06 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf

2008-07-27 19:00 . 2008-05-07 07:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll

2008-07-27 19:00 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll

2008-07-27 19:00 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys

2008-07-27 19:00 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys

2008-07-27 19:00 . 2008-05-07 07:38 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys

2008-07-27 19:00 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys

2008-07-27 18:59 . 2008-07-27 18:59 <DIR> d-------- C:\Programfiler\MSXML 6.0

2008-07-27 18:59 . 2008-02-01 16:17 138,112 --a------ C:\WINDOWS\system32\drivers\nmwcdnsu.sys

2008-07-27 18:59 . 2008-02-01 16:17 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdnsuc.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-18 04:39 --------- d-----w C:\Documents and Settings\All Users\Programdata\avg7

2008-08-14 01:02 --------- d-----w C:\Documents and Settings\All Users\Programdata\Microsoft Help

2008-08-08 19:25 --------- d-----w C:\Documents and Settings\Øyvind Johansen\Programdata\uTorrent

2008-08-07 06:02 --------- d-----w C:\Programfiler\Zattoo

2008-07-27 17:00 --------- d-----w C:\Programfiler\Nokia

2008-07-27 17:00 --------- d-----w C:\Documents and Settings\All Users\Programdata\Installations

2008-07-27 16:59 --------- d-----w C:\Programfiler\Fellesfiler\Nokia

2008-07-27 16:47 --------- d-----w C:\Programfiler\Avanquest update

2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-23 15:41 658,944 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools"="C:\Programfiler\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]

"MsnMsgr"="C:\Programfiler\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]

"PcSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PCSync2.exe" [2007-11-07 18:35 1294336]

"MSMSGS"="C:\Programfiler\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

"Sony Ericsson PC Suite"="C:\Programfiler\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2007-08-02 16:55 348160]

"SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

"PC Suite Tray"="C:\Programfiler\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 11:12 695808]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"="C:\Programfiler\Analog Devices\Core\smax4pnp.exe" [2006-05-01 12:07 843776]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-13 15:05 7557120]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-02-13 15:05 86016]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-28 05:10 580096]

"SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"QuickTime Task"="C:\Programfiler\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]

"iTunesHelper"="C:\Programfiler\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]

"SansaDispatch"="C:\Programfiler\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-05-02 20:00 55368]

"Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"nwiz"="nwiz.exe" [2006-02-13 15:05 1519616 C:\WINDOWS\system32\nwiz.exe]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-03-02 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 05:10 219136]

"Nokia.PCSync"="C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^AutoCAD Startup Accelerator.lnk]

path=C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\AutoCAD Startup Accelerator.lnk

backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Programfiler\\uTorrent\\utorrent.exe"=

"C:\\Programfiler\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Programfiler\\Grisoft\\AVG7\\avginet.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avgamsvr.exe"=

"C:\\Programfiler\\Grisoft\\AVG7\\avgcc.exe"=

"C:\\Programfiler\\SmartFTP Client\\SmartFTP.exe"=

"C:\\Programfiler\\iTunes\\iTunes.exe"=

"C:\\Programfiler\\Zattoo\\zattood.exe"=

"C:\\Programfiler\\Zattoo\\Zattoo2.exe"=

"C:\\Programfiler\\Zattoo\\Zattoo.exe"=

"C:\\Programfiler\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"C:\\Programfiler\\Fellesfiler\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Programfiler\\Windows Live\\Messenger\\livecall.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

 

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 16:17]

S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 16:17]

S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);C:\WINDOWS\system32\DRIVERS\sea1bus.sys [2007-02-08 13:55]

S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\sea1mdfl.sys [2007-02-08 13:55]

S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\sea1mdm.sys [2007-02-08 13:55]

S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\sea1mgmt.sys [2007-02-08 13:56]

S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);C:\WINDOWS\system32\DRIVERS\sea1nd5.sys [2007-02-08 13:56]

S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\sea1obex.sys [2007-02-08 13:56]

S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);C:\WINDOWS\system32\DRIVERS\sea1unic.sys [2007-02-08 13:56]

S3 UXDCMN;UXDCMN;D:\Software\ws\UXDCMN.SYS [2007-02-20 07:52]

 

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

 

2008-08-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Programfiler\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Øyvind Johansen\Programdata\Mozilla\Firefox\Profiles\5ldz2obs.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-18 13:04:58

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-08-18 13:05:41

ComboFix-quarantined-files.txt 2008-08-18 11:05:37

 

Pre-Run: 25,454,583,808 byte ledig

Post-Run: 25,451,126,784 byte ledig

 

155 --- E O F --- 2008-08-14 01:02:55

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Du må være et medlem for å kunne skrive en kommentar

Opprett konto

Det er enkelt å melde seg inn for å starte en ny konto!

Start en konto

Logg inn

Har du allerede en konto? Logg inn her.

Logg inn nå
Gå til emneliste

  • Hvem er aktive   0 medlemmer

    • Ingen innloggede medlemmer aktive
×
×
  • Opprett ny...