Enya Skrevet 23. januar 2010 Skrevet 23. januar 2010 Er noen filer som MBAM ikke klarer å fjerne. Kjørte derfor combofix, noe som ikke gikk helt problemfritt. Etter combofix var ferdig virket ikke firefox og ie7, stod noe om at det manglet registeroppføring. Restartet derfor maskinen, dette ressulterte i bluescreen under oppstart. Måtte kjøre gjennopprettningskonsollen i vista for å få på maskinen igjen. Så, her er loggene jeg fikk, er de rene? MBAM Klikk for å se/fjerne innholdet nedenfor Malwarebytes' Anti-Malware 1.44 Databaseversjon: 3616 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 23.01.2010 21:22:46 mbam-log-2010-01-23 (21-22-46).txt Skanntype: Rask Skann Objekter skannet: 103990 Tid tilbakelagt: 5 minute(s), 56 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 1 Mapper infisert: 0 Filer infisert: 3 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\Windows\system32\Drivers\dpybk.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Users\Jørgen\AppData\Local\Temp\wmpscfgs.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Internet Explorer\wmpscfgs.exe (Trojan.Agent) -> Delete on reboot. Combofix Klikk for å se/fjerne innholdet nedenfor ComboFix 10-01-23.02 - Jørgen 23.01.2010 21:27:32.1.2 - x86 Microsoft® Windows Vista™ Business 6.0.6001.1.1252.47.1044.18.2974.1875 [GMT 1:00] Kjører fra: c:\users\Jørgen\Desktop\ComboFix.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2641040584-143730932-3949562028-500 c:\program files\Internet Explorer\wmpscfgs.exe c:\program files\temp c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk c:\recycler\S-1-5-21-2099069624-2113542849-546749693-4380 c:\recycler\S-1-5-21-2625116829-4845590302-874992811-7615 c:\recycler\S-1-5-21-5649707686-8334603017-200391446-4647 c:\recycler\S-1-5-21-6382019253-1349297832-493392894-5880 c:\recycler\S-1-5-21-8521637388-6426151839-161213911-6333 c:\windows\Help\help c:\windows\Help\help\en-US\Help.h1c c:\windows\Help\help\en-US\Help.H1T c:\windows\Help\help\en-US\Help_AssetId.H1K c:\windows\Help\help\en-US\Help_BestBet.H1K c:\windows\Help\help\en-US\Help_LinkTerm.H1K c:\windows\Help\help\en-US\Help_SubjectTerm.H1K c:\windows\Help\help\en-US\stopwrds.stp c:\windows\Help\help\nb-NO\Help.h1c c:\windows\Help\help\nb-NO\Help.H1T c:\windows\Help\help\nb-NO\Help_AssetId.H1K c:\windows\Help\help\nb-NO\Help_BestBet.H1K c:\windows\Help\help\nb-NO\Help_LinkTerm.H1K c:\windows\Help\help\nb-NO\Help_SubjectTerm.H1K c:\windows\Help\help\nb-NO\resources.H1S c:\windows\Help\help\nb-NO\stopwrds.stp c:\windows\Help\help\nb-NO\stylec.h1s c:\windows\plfseti .exe c:\windows\system32\hkcmd .exe c:\windows\system32\igfxpers .exe c:\windows\system32\igfxtray .exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-12-23 til 2010-01-23 ))))))))))))))))))))))))))))))))) . 2010-01-23 16:44 . 2010-01-23 16:44 -------- d-----w- c:\program files\AutomationLabs 2010-01-22 19:13 . 2010-01-22 19:13 164864 ----a-w- C:\dietxug.exe 2010-01-22 19:04 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-22 19:04 . 2010-01-23 20:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-22 19:04 . 2010-01-22 19:04 -------- d-----w- c:\programdata\Malwarebytes 2010-01-22 19:04 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-22 18:59 . 2010-01-22 19:15 164864 ----a-w- C:\nxdm.exe 2010-01-22 18:59 . 2010-01-22 19:15 39440 ----a-w- C:\xogcvq.exe 2010-01-22 18:58 . 2010-01-23 16:31 59904 ----a-w- c:\windows\system32\app_dll.dll 2010-01-22 18:57 . 2010-01-22 18:57 39440 ----a-w- C:\exjaa.exe 2010-01-13 11:28 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll 2010-01-13 11:28 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll 2010-01-11 11:12 . 2010-01-11 11:15 -------- d-----w- c:\program files\AutoCAD 2010 2010-01-11 09:57 . 2010-01-11 09:58 -------- d-----w- c:\program files\DWG TrueView 2010 2010-01-11 09:56 . 2010-01-11 09:56 -------- d-----w- c:\program files\Microsoft WSE 2010-01-11 09:47 . 2008-03-05 14:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll 2010-01-11 09:47 . 2008-03-05 14:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll 2010-01-11 09:47 . 2008-02-05 22:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll 2010-01-11 09:45 . 2010-01-11 09:59 -------- d-----w- c:\program files\Autodesk 2010-01-11 09:28 . 2010-01-11 10:36 -------- d-----w- C:\Autodesk 2010-01-11 09:13 . 2010-01-23 20:38 -------- d-----w- c:\program files\Common Files\Akamai 2010-01-11 08:23 . 2010-01-11 08:23 -------- d-----w- c:\windows\VCMtemp 2010-01-08 14:49 . 2010-01-08 14:49 -------- d-----w- c:\programdata\FLEXnet 2010-01-08 14:23 . 2010-01-08 14:23 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2010-01-08 14:21 . 2010-01-13 14:54 -------- d-----w- c:\programdata\Autodesk 2010-01-08 14:21 . 2010-01-11 11:13 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2010-01-08 13:17 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll 2010-01-08 13:08 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-01-08 13:08 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll 2010-01-08 13:08 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys 2010-01-08 12:57 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll 2010-01-08 12:57 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2010-01-08 12:57 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-01-08 12:57 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll 2010-01-08 12:57 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe 2010-01-08 12:57 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll 2010-01-08 12:57 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe 2010-01-08 12:51 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll 2010-01-08 12:51 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll 2010-01-08 12:51 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll 2010-01-08 12:51 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll 2010-01-08 12:51 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll 2010-01-07 23:57 . 2010-01-07 23:57 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-01-07 23:57 . 2010-01-23 20:17 -------- d-----w- c:\program files\DAEMON Tools Lite 2010-01-07 23:56 . 2010-01-07 23:56 -------- d-----w- c:\programdata\DAEMON Tools Lite 2010-01-07 23:27 . 2010-01-07 23:27 -------- d-----w- c:\program files\uTorrent 2010-01-07 16:43 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-01-07 16:43 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll 2010-01-07 16:43 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll 2010-01-07 16:43 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2010-01-07 16:43 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2010-01-07 16:43 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2010-01-07 16:43 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2010-01-07 16:43 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE 2010-01-07 16:43 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2010-01-07 16:43 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe 2010-01-07 16:42 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll 2010-01-07 16:42 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll 2010-01-07 16:42 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll 2010-01-07 16:42 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll 2010-01-07 16:41 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll 2010-01-07 16:41 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll 2010-01-07 16:41 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll 2010-01-07 16:41 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll 2010-01-07 16:41 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll 2010-01-07 16:41 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2010-01-07 16:41 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll 2010-01-07 16:41 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe 2010-01-07 16:40 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll 2010-01-07 16:40 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll 2010-01-07 16:38 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll 2010-01-07 16:38 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll 2010-01-07 16:36 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll 2010-01-07 16:35 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys 2010-01-07 16:35 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2010-01-07 16:34 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll 2010-01-07 16:34 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll 2010-01-07 16:29 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2010-01-07 16:29 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2010-01-07 16:29 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll 2010-01-07 16:28 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-01-07 16:27 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll 2010-01-07 16:27 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2010-01-07 16:27 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe 2010-01-07 16:27 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll 2010-01-07 16:27 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll 2010-01-07 16:27 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2010-01-07 16:19 . 2010-01-14 10:12 181120 ------w- c:\windows\system32\MpSigStub.exe 2010-01-06 19:48 . 2010-01-06 19:48 -------- d-----w- c:\program files\Spotify 2010-01-06 17:53 . 2010-01-06 17:53 -------- d-----w- c:\program files\Common Files\ATI Technologies 2010-01-06 17:52 . 2010-01-06 17:52 -------- d-----w- c:\program files\ATI 2010-01-06 17:52 . 2010-01-06 17:53 -------- d-----w- c:\program files\ATI Technologies 2010-01-06 14:22 . 2010-01-21 21:55 -------- d-----w- c:\programdata\TmForever 2010-01-06 14:17 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll 2010-01-06 14:14 . 2010-01-06 14:16 -------- d-----w- c:\program files\TmNationsForever 2010-01-06 12:34 . 2010-01-06 12:34 -------- d-----w- c:\program files\Common Files\InterVideo 2010-01-06 12:32 . 2010-01-06 12:34 -------- d-----w- c:\program files\InterVideo 2010-01-06 12:28 . 2010-01-23 20:28 -------- d-----w- c:\program files\Launch Manager 2010-01-06 12:27 . 2010-01-23 20:28 -------- d-----w- c:\program files\Acer Bio Protection 2010-01-06 12:27 . 2010-01-06 12:27 469552 ----a-w- c:\windows\system32\NBMatS1SDK.dll 2010-01-06 12:26 . 2010-01-06 12:26 28208 ----a-w- c:\windows\system32\drivers\FPSensor.sys 2010-01-06 12:24 . 2009-04-10 05:53 84256 ----a-w- c:\windows\system32\drivers\btwaudio.sys 2010-01-06 12:24 . 2009-04-07 07:32 29472 ----a-w- c:\windows\system32\drivers\btwl2cap.sys 2010-01-06 12:24 . 2009-03-24 10:14 106784 ----a-w- c:\windows\system32\drivers\btwavdt.sys 2010-01-06 12:24 . 2009-03-24 10:14 17056 ----a-w- c:\windows\system32\drivers\btwrchid.sys 2010-01-06 12:24 . 2010-01-06 12:24 -------- d-----w- c:\program files\WIDCOMM 2010-01-06 12:22 . 2010-01-06 12:22 -------- d-----w- c:\program files\Synaptics 2010-01-06 12:20 . 2010-01-23 20:28 39440 ----a-w- c:\windows\plfseti.exe 2010-01-06 12:20 . 2009-04-16 17:45 106496 ----a-w- c:\windows\FixUVC.exe 2010-01-06 12:17 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2010-01-06 12:16 . 2010-01-23 20:37 12 ----a-w- c:\windows\bthservsdp.dat 2010-01-06 12:15 . 2010-01-06 12:15 0 ----a-w- c:\windows\nsreg.dat 2010-01-06 12:13 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll 2010-01-06 12:13 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe 2010-01-06 12:13 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2010-01-06 12:13 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll 2010-01-06 12:13 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll 2010-01-06 12:13 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll 2010-01-06 12:13 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll 2010-01-06 12:13 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll 2010-01-06 12:13 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe 2010-01-06 12:12 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll 2010-01-06 12:09 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll 2010-01-06 12:09 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll 2010-01-06 12:09 . 2010-01-06 12:09 -------- d-----w- c:\programdata\ATI . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-23 20:33 . 2008-01-21 05:41 94000 ----a-w- c:\windows\system32\perfc014.dat 2010-01-23 20:33 . 2008-01-21 05:41 499034 ----a-w- c:\windows\system32\perfh014.dat 2010-01-23 20:28 . 2010-01-06 12:20 39440 ----a-w- c:\windows\plfseti .exe 2010-01-23 20:28 . 2009-09-25 07:20 39440 ----a-w- c:\windows\system32\hkcmd.exe 2010-01-22 18:57 . 2009-09-25 07:20 39440 ----a-w- c:\windows\system32\igfxpers.exe 2010-01-19 22:42 . 2009-07-23 11:16 -------- d-----w- c:\program files\Google 2010-01-13 11:34 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-01-12 14:03 . 2010-01-12 14:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2010-01-06 20:00 . 2009-07-23 11:47 -------- d-----w- c:\program files\Common Files\Adobe 2010-01-06 17:54 . 2009-07-23 11:09 319456 ----a-w- c:\windows\DIFxAPI.dll 2010-01-06 13:00 . 2009-07-23 11:34 -------- d-----w- c:\programdata\McAfee 2010-01-06 12:35 . 2009-07-23 11:15 -------- d-----w- c:\program files\Acer 2010-01-06 12:34 . 2009-07-23 11:02 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-06 12:22 . 2010-01-06 12:22 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf 2010-01-06 12:13 . 2010-01-06 12:13 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb5F9E.tmp.exe 2010-01-06 12:07 . 2010-01-06 12:07 159728 ----a-w- c:\programdata\Partner\partner.dll 2010-01-06 12:07 . 2010-01-06 12:07 111088 ----a-w- c:\programdata\Partner\partner.exe 2010-01-06 12:03 . 2010-01-06 12:03 -------- d-sh--we c:\programdata\Start-meny 2010-01-06 12:03 . 2010-01-06 12:03 -------- d-sh--we c:\programdata\Skrivebord 2010-01-06 12:03 . 2010-01-06 12:03 -------- d-sh--we c:\programdata\Programdata 2010-01-06 12:03 . 2010-01-06 12:03 -------- d-sh--we c:\programdata\Maler 2010-01-06 12:03 . 2010-01-06 12:03 -------- d-sh--we c:\programdata\Favoritter 2010-01-06 12:03 . 2010-01-06 12:03 -------- d-sh--we c:\programdata\Dokumenter 2010-01-06 12:03 . 2010-01-06 12:03 -------- d-sh--we c:\program files\Fellesfiler 2009-10-27 13:20 . 2010-01-07 16:39 833024 ----a-w- c:\windows\system32\wininet.dll 2009-10-27 13:16 . 2010-01-07 16:39 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-10-27 10:55 . 2010-01-07 16:39 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2010-01-06 13:05 . 2010-01-06 13:05 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . <pre> c:\program files\Acer\Acer PowerSmart Manager\epowertraylauncher .exe c:\program files\Acer\Optical Drive Power Management\oddpwr .exe c:\program files\Acer\WR_PopUp\productreg .exe c:\program files\Acer Bio Protection\pdtwzd .exe c:\program files\Adobe\Reader 9.0\Reader\reader_sl .exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\clistart .exe c:\program files\Common Files\Adobe\ARM\1.0\adobearm .exe c:\program files\DAEMON Tools Lite\dtlite .exe c:\program files\Google\Google Desktop Search\googledesktop .exe c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe c:\program files\Intel\Intel Matrix Storage Manager\iaanotif .exe c:\program files\Launch Manager\lmanager .exe c:\program files\Malwarebytes' Anti-Malware\mbam .exe c:\program files\NewTech Infosystems\Acer Backup Manager\backupmanagertray .exe c:\program files\Realtek\Audio\HDA\rthdvcpl .exe c:\program files\Synaptics\SynTP\syntpenh .exe c:\program files\Windows Live\Messenger\msnmsgr .exe c:\program files\Windows Live\Messenger\msnmsgr .exe c:\program files\Windows Live\Messenger\msnmsgr .exe c:\program files\Windows Live\Messenger\msnmsgr .exe c:\program files\Windows Live\Messenger\msnmsgr .exe c:\windows\plfseti .exe </pre> (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}] 2010-01-06 12:07 159728 ----a-w- c:\programdata\Partner\partner.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2010-01-23 39440] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-23 39440] "DAEMON Tools Lite"="c:\program files\daemon tools lite\DTLite.exe" [2010-01-23 39440] "msnmsgr"="c:\program files\windows live\messenger\msnmsgr .exe" [2010-01-23 39440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-01-23 39440] "ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2010-01-23 39440] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-01-23 39440] "Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-01-23 39440] "BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-01-23 39440] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-23 39440] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-23 39440] "PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-23 39440] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-23 39440] "VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2010-01-23 39440] "LManager"="c:\program files\Launch Manager\LManager.exe" [2010-01-23 39440] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-01-23 39440] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-01-23 39440] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-7-23 565248] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" R1 DPMemGridVista;Physical Memory I/O for GridVista;c:\program files\GridVista\DPMemGridVista.sys [23.07.2009 20:10 10504] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [21.01.2008 03:24 21504] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [25.09.2009 08:20 176128] R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [23.07.2009 20:11 117256] R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [23.07.2009 12:33 707104] R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\System32\drivers\FPSensor.sys [06.01.2010 13:26 28208] R2 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [01.06.2009 15:37 3444736] R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [01.07.2009 13:04 62208] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [17.06.2009 16:31 144640] R2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [23.07.2009 12:15 118784] R2 regi;regi;c:\windows\System32\drivers\regi.sys [17.04.2007 20:09 11032] R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [23.07.2009 12:51 237568] R3 amdkmdag;amdkmdag;c:\windows\System32\drivers\atipmdag.sys [25.09.2009 08:20 4994048] R3 amdkmdap;amdkmdap;c:\windows\System32\drivers\atikmpag.sys [25.09.2009 08:20 106496] R3 intelkmd;intelkmd;c:\windows\System32\drivers\igdpmd32.sys [25.09.2009 08:20 4744704] R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [23.07.2009 20:11 3668480] S2 gupdate;Googles oppdateringstjeneste (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19.01.2010 23:41 135664] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [06.01.2010 13:24 29472] S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\googledesktop.exe [23.07.2009 12:16 39440] S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [17.06.2009 16:31 50432] S3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [06.01.2010 13:07 111088] --- Andre tjenester/drivere lastet i minnet --- *Deregistered* - dpybk [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ Akamai REG_MULTI_SZ Akamai . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-01-23 c:\windows\Tasks\At1.job - c:\program files\internet explorer\wmpscfgs.exe [2010-01-23 20:40] 2010-01-23 c:\windows\Tasks\At10.job - c:\program files\internet explorer\wmpscfgs.exe [2010-01-23 20:40] 2010-01-23 c:\windows\Tasks\At11.job - c:\program files\internet explorer\wmpscfgs.exe [2010-01-23 20:40] 2010-01-23 c:\windows\Tasks\At12.job - c:\program files\internet explorer\wmpscfgs.exe [2010-01-23 20:40] 2010-01-23 c:\windows\Tasks\At13.job - c:\program files\internet explorer\wmpscfgs.exe [2010-01-23 20:40] 2010-01-23 c:\windows\Tasks\At14.job - c:\program files\internet explorer\wmpscfgs.exe [2010-01-23 20:40] 2010-01-23 c:\windows\Tasks\At15.job - c:\program files\internet explorer\wmpscfgs.exe [2010-01-23 20:40] 2010-01-23 c:\windows\Tasks\At16.job - c:\program files\internet explorer\wmpscfgs.exe [2010-01-23 20:40] 2010-01-23 c:\windows\Tasks\At17.job - c:\program files\internet explorer\wmpscfgs.exe [2010-01-23 20:40] 2010-01-23 c:\windows\Tasks\At18.job - c:\program files\internet explorer\wmpscfgs.exe [2010-01-23 20:40] 2010-01-23 c:\windows\Tasks\At19.job - c:\program files\internet explorer\wmpscfgs.exe [2010-01-23 20:40] 2010-01-23 c:\windows\Tasks\At2.job - c:\program files\internet explorer\wmpscfgs.exe [2010-01-23 20:40] 2010-01-23 c:\windows\Tasks\At20.job - c:\program files\internet explorer\wmpscfgs.exe [2010-01-23 20:40] 2010-01-23 c:\windows\Tasks\At21.job - c:\program files\internet explorer\wmpscfgs.exe [2010-01-23 20:40] 2010-01-23 c:\windows\Tasks\At22.job - c:\program files\internet explorer\wmpscfgs.exe [2010-01-23 20:40] 2010-01-23 c:\windows\Tasks\At23.job - c:\program files\internet explorer\wmpscfgs.exe [2010-01-23 20:40] 2010-01-23 c:\windows\Tasks\At24.job - c:\program files\internet explorer\wmpscfgs.exe [2010-01-23 20:40] 2010-01-23 c:\windows\Tasks\At3.job - c:\program files\internet explorer\wmpscfgs.exe [2010-01-23 20:40] 2010-01-23 c:\windows\Tasks\At4.job - c:\program files\internet explorer\wmpscfgs.exe [2010-01-23 20:40] 2010-01-23 c:\windows\Tasks\At5.job - c:\program files\internet explorer\wmpscfgs.exe [2010-01-23 20:40] 2010-01-23 c:\windows\Tasks\At6.job - c:\program files\internet explorer\wmpscfgs.exe [2010-01-23 20:40] 2010-01-23 c:\windows\Tasks\At7.job - c:\program files\internet explorer\wmpscfgs.exe [2010-01-23 20:40] 2010-01-23 c:\windows\Tasks\At8.job - c:\program files\internet explorer\wmpscfgs.exe [2010-01-23 20:40] 2010-01-23 c:\windows\Tasks\At9.job - c:\program files\internet explorer\wmpscfgs.exe [2010-01-23 20:40] 2010-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-19 22:41] 2010-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-19 22:41] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&m=travelmate_8471&r=2v650110z806l0341zs75x48n1k23r mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&m=travelmate_8471&r=2v650110z806l0341zs75x48n1k23r IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - c:\users\Jørgen\AppData\Roaming\Mozilla\Firefox\Profiles\95kkn6sh.default\ FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . - - - - TOMME PEKERE FJERNET - - - - SafeBoot-mcmscsvc SafeBoot-MCODS ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-23 21:38 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... c:\program files\Synaptics\SynTP\syntpenh .exe [3408] 0x80CC3958 c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe [292] 0x80C76CE8 c:\program files\Windows Live\Messenger\msnmsgr .exe [3812] 0x89FDA858 c:\program files\DAEMON Tools Lite\dtlite .exe [3820] 0x80C18B68 c:\program files\Launch Manager\lmanager .exe [2604] 0x8991ABD8 c:\program files\Acer Bio Protection\pdtwzd .exe [3476] 0x897C5A88 skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys sprr.sys hal.dll >>UNKNOWN [0x8543A938]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0x8a7a1322 \Driver\ACPI -> acpi.sys @ 0x807bfd4c \Driver\atapi -> 0x854831f8 \Driver\iaStor -> iaStor.sys @ 0x8a24f0b0 IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai] "ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3629.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai] "ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3629.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dpybk] . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(800) c:\windows\system32\app_dll.dll - - - - - - - > 'lsass.exe'(736) c:\windows\system32\app_dll.dll - - - - - - - > 'Explorer.exe'(5444) c:\windows\system32\app_dll.dll c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\system32\atieclxx.exe c:\program files\Acer Bio Protection\CompPtcVUI.exe c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\windows\system32\conime.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Tidspunkt ferdig: 2010-01-23 21:45:29 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2010-01-23 20:45 Pre-Run: 216 133 574 656 byte ledig Post-Run: 215 967 981 568 byte ledig - - End Of File - - 73C0B5EC093CA4BE71C19F31210848C8 Takker for hjelp
norbat Skrevet 25. januar 2010 Skrevet 25. januar 2010 Du er kraftig infisert. Oppdater og kjør en ny rask skann med MBAM Last også ned gratisversjonen til SAS. Oppdater og kjør en rask skann Hent ny Combofix, kjør og post deretter loggen.
Enya Skrevet 25. januar 2010 Forfatter Skrevet 25. januar 2010 (endret) Her er ny combofix. Nå får jeg igjen beskjed om at registernøkkelen er merket for sletting når jeg åpner ett program :/ Klikk for å se/fjerne innholdet nedenfor ComboFix 10-01-24.05 - Jørgen 25.01.2010 16:18:30.1.2 - x86 Microsoft® Windows Vista™ Business 6.0.6001.1.1252.47.1044.18.2974.1915 [GMT 1:00] Kjører fra: c:\users\Jørgen\Desktop\ComboFix.exe SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-2641040584-143730932-3949562028-500 c:\program files\Internet Explorer\wmpscfgs.exe c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk c:\recycler\S-1-5-21-8521637388-6426151839-161213911-6333 c:\windows\plfseti .exe c:\windows\system32\hkcmd .exe c:\windows\system32\igfxpers .exe c:\windows\system32\igfxtray .exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-12-25 til 2010-01-25 ))))))))))))))))))))))))))))))))) . 2010-01-25 15:27 . 2010-01-25 15:27 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-01-25 15:27 . 2010-01-25 15:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-01-25 14:21 . 2010-01-25 14:21 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2010-01-25 14:21 . 2010-01-25 15:06 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-01-25 14:20 . 2010-01-25 14:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-01-24 21:55 . 2010-01-24 21:55 4 ----a-w- c:\program files\89891192.dat 2010-01-24 21:53 . 2010-01-24 21:53 -------- d-----w- c:\programdata\WindowsSearch 2010-01-23 16:44 . 2010-01-23 16:44 -------- d-----w- c:\program files\AutomationLabs 2010-01-22 19:13 . 2010-01-22 19:13 164864 ----a-w- C:\dietxug.exe 2010-01-22 19:04 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-22 19:04 . 2010-01-23 20:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-22 19:04 . 2010-01-22 19:04 -------- d-----w- c:\programdata\Malwarebytes 2010-01-22 19:04 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-22 18:59 . 2010-01-22 19:15 164864 ----a-w- C:\nxdm.exe 2010-01-13 11:28 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll 2010-01-13 11:28 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll 2010-01-11 11:12 . 2010-01-11 11:15 -------- d-----w- c:\program files\AutoCAD 2010 2010-01-11 09:57 . 2010-01-11 09:58 -------- d-----w- c:\program files\DWG TrueView 2010 2010-01-11 09:56 . 2010-01-11 09:56 -------- d-----w- c:\program files\Microsoft WSE 2010-01-11 09:47 . 2008-03-05 14:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll 2010-01-11 09:47 . 2008-03-05 14:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll 2010-01-11 09:47 . 2008-02-05 22:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll 2010-01-11 09:45 . 2010-01-11 09:59 -------- d-----w- c:\program files\Autodesk 2010-01-11 09:28 . 2010-01-11 10:36 -------- d-----w- C:\Autodesk 2010-01-11 09:13 . 2010-01-25 15:30 -------- d-----w- c:\program files\Common Files\Akamai 2010-01-11 08:23 . 2010-01-25 07:55 -------- d-----w- c:\windows\VCMtemp 2010-01-08 14:49 . 2010-01-25 11:27 -------- d-----w- c:\programdata\FLEXnet 2010-01-08 14:23 . 2010-01-08 14:23 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2010-01-08 14:21 . 2010-01-13 14:54 -------- d-----w- c:\programdata\Autodesk 2010-01-08 14:21 . 2010-01-11 11:13 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2010-01-08 13:17 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll 2010-01-08 13:08 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-01-08 13:08 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll 2010-01-08 13:08 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys 2010-01-08 12:57 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll 2010-01-08 12:57 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2010-01-08 12:57 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-01-08 12:57 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll 2010-01-08 12:57 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe 2010-01-08 12:57 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll 2010-01-08 12:57 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe 2010-01-08 12:51 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll 2010-01-08 12:51 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll 2010-01-08 12:51 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll 2010-01-08 12:51 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll 2010-01-08 12:51 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll 2010-01-07 23:57 . 2010-01-07 23:57 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-01-07 23:57 . 2010-01-25 15:06 -------- d-----w- c:\program files\DAEMON Tools Lite 2010-01-07 23:56 . 2010-01-07 23:56 -------- d-----w- c:\programdata\DAEMON Tools Lite 2010-01-07 23:27 . 2010-01-07 23:27 -------- d-----w- c:\program files\uTorrent 2010-01-07 16:43 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-01-07 16:43 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll 2010-01-07 16:43 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll 2010-01-07 16:43 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2010-01-07 16:43 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2010-01-07 16:43 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2010-01-07 16:43 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2010-01-07 16:43 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE 2010-01-07 16:43 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2010-01-07 16:43 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe 2010-01-07 16:42 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll 2010-01-07 16:42 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll 2010-01-07 16:42 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll 2010-01-07 16:42 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll 2010-01-07 16:41 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll 2010-01-07 16:41 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll 2010-01-07 16:41 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll 2010-01-07 16:41 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll 2010-01-07 16:41 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll 2010-01-07 16:41 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2010-01-07 16:41 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll 2010-01-07 16:41 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe 2010-01-07 16:40 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll 2010-01-07 16:40 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll 2010-01-07 16:38 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll 2010-01-07 16:38 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll 2010-01-07 16:36 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll 2010-01-07 16:35 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys 2010-01-07 16:35 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2010-01-07 16:34 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll 2010-01-07 16:34 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll 2010-01-07 16:29 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2010-01-07 16:29 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2010-01-07 16:29 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll 2010-01-07 16:28 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-01-07 16:27 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll 2010-01-07 16:27 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2010-01-07 16:27 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe 2010-01-07 16:27 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll 2010-01-07 16:27 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll 2010-01-07 16:27 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2010-01-07 16:19 . 2010-01-14 10:12 181120 ------w- c:\windows\system32\MpSigStub.exe 2010-01-06 19:48 . 2010-01-06 19:48 -------- d-----w- c:\program files\Spotify 2010-01-06 17:53 . 2010-01-06 17:53 -------- d-----w- c:\program files\Common Files\ATI Technologies 2010-01-06 17:52 . 2010-01-06 17:52 -------- d-----w- c:\program files\ATI 2010-01-06 17:52 . 2010-01-06 17:53 -------- d-----w- c:\program files\ATI Technologies 2010-01-06 14:22 . 2010-01-21 21:55 -------- d-----w- c:\programdata\TmForever 2010-01-06 14:17 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll 2010-01-06 14:14 . 2010-01-06 14:16 -------- d-----w- c:\program files\TmNationsForever 2010-01-06 12:34 . 2010-01-06 12:34 -------- d-----w- c:\program files\Common Files\InterVideo 2010-01-06 12:32 . 2010-01-06 12:34 -------- d-----w- c:\program files\InterVideo 2010-01-06 12:28 . 2010-01-25 15:06 -------- d-----w- c:\program files\Launch Manager 2010-01-06 12:27 . 2010-01-25 15:06 -------- d-----w- c:\program files\Acer Bio Protection 2010-01-06 12:27 . 2010-01-06 12:27 469552 ----a-w- c:\windows\system32\NBMatS1SDK.dll 2010-01-06 12:26 . 2010-01-06 12:26 28208 ----a-w- c:\windows\system32\drivers\FPSensor.sys 2010-01-06 12:24 . 2009-04-10 05:53 84256 ----a-w- c:\windows\system32\drivers\btwaudio.sys 2010-01-06 12:24 . 2009-04-07 07:32 29472 ----a-w- c:\windows\system32\drivers\btwl2cap.sys 2010-01-06 12:24 . 2009-03-24 10:14 106784 ----a-w- c:\windows\system32\drivers\btwavdt.sys 2010-01-06 12:24 . 2009-03-24 10:14 17056 ----a-w- c:\windows\system32\drivers\btwrchid.sys 2010-01-06 12:24 . 2010-01-06 12:24 -------- d-----w- c:\program files\WIDCOMM 2010-01-06 12:22 . 2010-01-06 12:22 -------- d-----w- c:\program files\Synaptics 2010-01-06 12:20 . 2009-04-16 17:45 106496 ----a-w- c:\windows\FixUVC.exe 2010-01-06 12:17 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2010-01-06 12:16 . 2010-01-25 15:28 12 ----a-w- c:\windows\bthservsdp.dat 2010-01-06 12:15 . 2010-01-06 12:15 0 ----a-w- c:\windows\nsreg.dat 2010-01-06 12:13 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll 2010-01-06 12:13 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe 2010-01-06 12:13 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2010-01-06 12:13 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll 2010-01-06 12:13 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll 2010-01-06 12:13 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll 2010-01-06 12:13 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll 2010-01-06 12:13 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll 2010-01-06 12:13 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe 2010-01-06 12:12 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-25 15:24 . 2008-01-21 05:41 94000 ----a-w- c:\windows\system32\perfc014.dat 2010-01-25 15:24 . 2008-01-21 05:41 499034 ----a-w- c:\windows\system32\perfh014.dat 2010-01-19 22:42 . 2009-07-23 11:16 -------- d-----w- c:\program files\Google 2010-01-13 11:34 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-01-12 14:03 . 2010-01-12 14:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2010-01-06 20:00 . 2009-07-23 11:47 -------- d-----w- c:\program files\Common Files\Adobe 2010-01-06 17:54 . 2009-07-23 11:09 319456 ----a-w- c:\windows\DIFxAPI.dll 2010-01-06 13:00 . 2009-07-23 11:34 -------- d-----w- c:\programdata\McAfee 2010-01-06 12:35 . 2009-07-23 11:15 -------- d-----w- c:\program files\Acer 2010-01-06 12:34 . 2009-07-23 11:02 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-06 12:22 . 2010-01-06 12:22 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf 2010-01-06 12:13 . 2010-01-06 12:13 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb5F9E.tmp.exe 2010-01-06 12:07 . 2010-01-06 12:07 159728 ----a-w- c:\programdata\Partner\partner.dll 2010-01-06 12:07 . 2010-01-06 12:07 111088 ----a-w- c:\programdata\Partner\partner.exe 2010-01-06 12:03 . 2010-01-06 12:03 -------- d-sh--we c:\programdata\Start-meny 2010-01-06 12:03 . 2010-01-06 12:03 -------- d-sh--we c:\programdata\Skrivebord 2010-01-06 12:03 . 2010-01-06 12:03 -------- d-sh--we c:\programdata\Programdata 2010-01-06 12:03 . 2010-01-06 12:03 -------- d-sh--we c:\programdata\Maler 2010-01-06 12:03 . 2010-01-06 12:03 -------- d-sh--we c:\programdata\Favoritter 2010-01-06 12:03 . 2010-01-06 12:03 -------- d-sh--we c:\programdata\Dokumenter 2010-01-06 12:03 . 2010-01-06 12:03 -------- d-sh--we c:\program files\Fellesfiler 2010-01-06 13:05 . 2010-01-06 13:05 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . <pre> c:\program files\Acer\Acer PowerSmart Manager\epowertraylauncher .exe c:\program files\Acer\Optical Drive Power Management\oddpwr .exe c:\program files\Acer\WR_PopUp\productreg .exe c:\program files\Acer Bio Protection\pdtwzd .exe c:\program files\Adobe\Reader 9.0\Reader\reader_sl .exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\clistart .exe c:\program files\Common Files\Adobe\ARM\1.0\adobearm .exe c:\program files\DAEMON Tools Lite\dtlite .exe c:\program files\Google\Google Desktop Search\googledesktop .exe c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe c:\program files\Intel\Intel Matrix Storage Manager\iaanotif .exe c:\program files\Launch Manager\lmanager .exe c:\program files\NewTech Infosystems\Acer Backup Manager\backupmanagertray .exe c:\program files\Realtek\Audio\HDA\rthdvcpl .exe c:\program files\SUPERAntiSpyware\superantispyware .exe c:\program files\Synaptics\SynTP\syntpenh .exe c:\program files\Windows Live\Messenger\msnmsgr .exe c:\program files\Windows Live\Messenger\msnmsgr .exe c:\program files\Windows Live\Messenger\msnmsgr .exe </pre> (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}] 2010-01-06 12:07 159728 ----a-w- c:\programdata\Partner\partner.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-7-23 565248] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" R1 DPMemGridVista;Physical Memory I/O for GridVista;c:\program files\GridVista\DPMemGridVista.sys [23.07.2009 20:10 10504] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05.01.2010 07:56 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05.01.2010 07:56 74480] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [21.01.2008 03:24 21504] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [25.09.2009 08:20 176128] R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [23.07.2009 20:11 117256] R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [23.07.2009 12:33 707104] R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\System32\drivers\FPSensor.sys [06.01.2010 13:26 28208] R2 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [01.06.2009 15:37 3444736] R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [01.07.2009 13:04 62208] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [17.06.2009 16:31 144640] R2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [23.07.2009 12:15 118784] R2 regi;regi;c:\windows\System32\drivers\regi.sys [17.04.2007 20:09 11032] R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [23.07.2009 12:51 237568] R3 amdkmdag;amdkmdag;c:\windows\System32\drivers\atipmdag.sys [25.09.2009 08:20 4994048] R3 amdkmdap;amdkmdap;c:\windows\System32\drivers\atikmpag.sys [25.09.2009 08:20 106496] R3 intelkmd;intelkmd;c:\windows\System32\drivers\igdpmd32.sys [25.09.2009 08:20 4744704] R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [23.07.2009 20:11 3668480] S2 gupdate;Googles oppdateringstjeneste (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19.01.2010 23:41 135664] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [06.01.2010 13:24 29472] S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [17.06.2009 16:31 50432] S3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [06.01.2010 13:07 111088] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05.01.2010 07:56 7408] --- Andre tjenester/drivere lastet i minnet --- *Deregistered* - dpybk [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ Akamai REG_MULTI_SZ Akamai . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-19 22:41] 2010-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-19 22:41] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&m=travelmate_8471&r=2v650110z806l0341zs75x48n1k23r mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&m=travelmate_8471&r=2v650110z806l0341zs75x48n1k23r IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - c:\users\Jørgen\AppData\Roaming\Mozilla\Firefox\Profiles\95kkn6sh.default\ FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-25 16:30 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spks.sys hal.dll >>UNKNOWN [0x8543A938]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0x8a79c322 \Driver\ACPI -> acpi.sys @ 0x807c0d4c \Driver\atapi -> 0x854841f8 \Driver\iaStor -> iaStor.sys @ 0x8a24c0b0 IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai] "ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3629.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai] "ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3629.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dpybk] . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'Explorer.exe'(3076) c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\system32\atieclxx.exe c:\program files\Acer Bio Protection\CompPtcVUI.exe c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\windows\system32\conime.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Tidspunkt ferdig: 2010-01-25 16:36:34 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2010-01-25 15:36 ComboFix2.txt 2010-01-23 20:45 Pre-Run: 215 058 239 488 byte ledig Post-Run: 214 677 581 824 byte ledig Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5 - - End Of File - - 3B0E9D0FA7F1DC1E95E236AFEEFE9BD5 Endret 25. januar 2010 av Enya
norbat Skrevet 25. januar 2010 Skrevet 25. januar 2010 Last ned vedlagt fil (cfscript.txt) og legg den på skrivebordet. Dra og slipp fila over Combofix. Combofix vil starte igjen. Post loggen. cfscript.txt
Enya Skrevet 25. januar 2010 Forfatter Skrevet 25. januar 2010 Får denne feilmeldingen når jeg drar den over: "Ulovlig operasjon ble forsøkt på en registernøkkel som er merket for sletting" Får samme meldingen på alle programmer som jeg prøver å åpne.
norbat Skrevet 25. januar 2010 Skrevet 25. januar 2010 Prøv samme prosedyre i sikker modus (tapp F8 under oppstart, velg sikker modus)
Enya Skrevet 25. januar 2010 Forfatter Skrevet 25. januar 2010 Skal prøve det senere, andre plikter kaller. Er tilbake rundt 21.00. Takker for hjelp så langt norbat
Enya Skrevet 25. januar 2010 Forfatter Skrevet 25. januar 2010 No logg Klikk for å se/fjerne innholdet nedenfor ComboFix 10-01-24.05 - Jørgen 25.01.2010 19:20:47.2.2 - x86 MINIMAL Microsoft® Windows Vista™ Business 6.0.6001.1.1252.47.1044.18.2974.2549 [GMT 1:00] Kjører fra: c:\users\Jørgen\Desktop\ComboFix.exe Command switches brukt :: c:\users\Jørgen\Desktop\cfscript.txt SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} FILE :: "C:\dietxug.exe" "C:\nxdm.exe" . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\dietxug.exe C:\nxdm.exe . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-12-25 til 2010-01-25 ))))))))))))))))))))))))))))))))) . 2010-01-25 18:27 . 2010-01-25 18:27 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-01-25 18:27 . 2010-01-25 18:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-01-25 14:20 . 2010-01-25 14:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-01-24 21:55 . 2010-01-24 21:55 4 ----a-w- c:\program files\89891192.dat 2010-01-24 21:53 . 2010-01-24 21:53 -------- d-----w- c:\programdata\WindowsSearch 2010-01-23 16:44 . 2010-01-23 16:44 -------- d-----w- c:\program files\AutomationLabs 2010-01-22 19:04 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-22 19:04 . 2010-01-23 20:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-22 19:04 . 2010-01-22 19:04 -------- d-----w- c:\programdata\Malwarebytes 2010-01-22 19:04 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-13 11:28 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll 2010-01-13 11:28 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll 2010-01-11 11:12 . 2010-01-11 11:15 -------- d-----w- c:\program files\AutoCAD 2010 2010-01-11 09:57 . 2010-01-11 09:58 -------- d-----w- c:\program files\DWG TrueView 2010 2010-01-11 09:56 . 2010-01-11 09:56 -------- d-----w- c:\program files\Microsoft WSE 2010-01-11 09:47 . 2008-03-05 14:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll 2010-01-11 09:47 . 2008-03-05 14:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll 2010-01-11 09:47 . 2008-02-05 22:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll 2010-01-11 09:45 . 2010-01-11 09:59 -------- d-----w- c:\program files\Autodesk 2010-01-11 09:28 . 2010-01-11 10:36 -------- d-----w- C:\Autodesk 2010-01-11 09:13 . 2010-01-25 18:28 -------- d-----w- c:\program files\Common Files\Akamai 2010-01-11 08:23 . 2010-01-25 07:55 -------- d-----w- c:\windows\VCMtemp 2010-01-08 14:49 . 2010-01-25 11:27 -------- d-----w- c:\programdata\FLEXnet 2010-01-08 14:23 . 2010-01-08 14:23 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2010-01-08 14:21 . 2010-01-13 14:54 -------- d-----w- c:\programdata\Autodesk 2010-01-08 14:21 . 2010-01-11 11:13 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2010-01-08 13:17 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll 2010-01-08 13:08 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-01-08 13:08 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll 2010-01-08 13:08 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys 2010-01-08 12:57 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll 2010-01-08 12:57 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2010-01-08 12:57 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-01-08 12:57 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll 2010-01-08 12:57 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe 2010-01-08 12:57 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll 2010-01-08 12:57 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe 2010-01-08 12:51 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll 2010-01-08 12:51 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll 2010-01-08 12:51 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll 2010-01-08 12:51 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll 2010-01-08 12:51 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll 2010-01-07 23:57 . 2010-01-07 23:57 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-01-07 23:57 . 2010-01-25 18:20 -------- d-----w- c:\program files\DAEMON Tools Lite 2010-01-07 23:56 . 2010-01-07 23:56 -------- d-----w- c:\programdata\DAEMON Tools Lite 2010-01-07 23:27 . 2010-01-07 23:27 -------- d-----w- c:\program files\uTorrent 2010-01-07 16:43 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-01-07 16:43 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll 2010-01-07 16:43 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll 2010-01-07 16:43 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2010-01-07 16:43 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2010-01-07 16:43 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2010-01-07 16:43 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2010-01-07 16:43 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE 2010-01-07 16:43 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2010-01-07 16:43 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe 2010-01-07 16:42 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll 2010-01-07 16:42 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll 2010-01-07 16:42 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll 2010-01-07 16:42 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll 2010-01-07 16:41 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll 2010-01-07 16:41 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll 2010-01-07 16:41 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll 2010-01-07 16:41 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll 2010-01-07 16:41 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll 2010-01-07 16:41 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2010-01-07 16:41 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll 2010-01-07 16:41 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe 2010-01-07 16:40 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll 2010-01-07 16:40 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll 2010-01-07 16:38 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll 2010-01-07 16:38 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll 2010-01-07 16:36 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll 2010-01-07 16:35 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys 2010-01-07 16:35 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2010-01-07 16:34 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll 2010-01-07 16:34 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll 2010-01-07 16:29 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2010-01-07 16:29 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2010-01-07 16:29 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll 2010-01-07 16:28 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-01-07 16:27 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll 2010-01-07 16:27 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2010-01-07 16:27 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe 2010-01-07 16:27 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll 2010-01-07 16:27 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll 2010-01-07 16:27 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2010-01-07 16:19 . 2010-01-14 10:12 181120 ------w- c:\windows\system32\MpSigStub.exe 2010-01-06 19:48 . 2010-01-06 19:48 -------- d-----w- c:\program files\Spotify 2010-01-06 17:53 . 2010-01-06 17:53 -------- d-----w- c:\program files\Common Files\ATI Technologies 2010-01-06 17:52 . 2010-01-06 17:52 -------- d-----w- c:\program files\ATI 2010-01-06 17:52 . 2010-01-06 17:53 -------- d-----w- c:\program files\ATI Technologies 2010-01-06 14:22 . 2010-01-21 21:55 -------- d-----w- c:\programdata\TmForever 2010-01-06 14:17 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll 2010-01-06 14:14 . 2010-01-06 14:16 -------- d-----w- c:\program files\TmNationsForever 2010-01-06 12:34 . 2010-01-06 12:34 -------- d-----w- c:\program files\Common Files\InterVideo 2010-01-06 12:32 . 2010-01-06 12:34 -------- d-----w- c:\program files\InterVideo 2010-01-06 12:28 . 2010-01-25 18:20 -------- d-----w- c:\program files\Launch Manager 2010-01-06 12:27 . 2010-01-25 18:20 -------- d-----w- c:\program files\Acer Bio Protection 2010-01-06 12:27 . 2010-01-06 12:27 469552 ----a-w- c:\windows\system32\NBMatS1SDK.dll 2010-01-06 12:26 . 2010-01-06 12:26 28208 ----a-w- c:\windows\system32\drivers\FPSensor.sys 2010-01-06 12:24 . 2009-04-10 05:53 84256 ----a-w- c:\windows\system32\drivers\btwaudio.sys 2010-01-06 12:24 . 2009-04-07 07:32 29472 ----a-w- c:\windows\system32\drivers\btwl2cap.sys 2010-01-06 12:24 . 2009-03-24 10:14 106784 ----a-w- c:\windows\system32\drivers\btwavdt.sys 2010-01-06 12:24 . 2009-03-24 10:14 17056 ----a-w- c:\windows\system32\drivers\btwrchid.sys 2010-01-06 12:24 . 2010-01-06 12:24 -------- d-----w- c:\program files\WIDCOMM 2010-01-06 12:22 . 2010-01-06 12:22 -------- d-----w- c:\program files\Synaptics 2010-01-06 12:20 . 2009-04-16 17:45 106496 ----a-w- c:\windows\FixUVC.exe 2010-01-06 12:17 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2010-01-06 12:16 . 2010-01-25 18:17 12 ----a-w- c:\windows\bthservsdp.dat 2010-01-06 12:15 . 2010-01-06 12:15 0 ----a-w- c:\windows\nsreg.dat 2010-01-06 12:13 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll 2010-01-06 12:13 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe 2010-01-06 12:13 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2010-01-06 12:13 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll 2010-01-06 12:13 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll 2010-01-06 12:13 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll 2010-01-06 12:13 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll 2010-01-06 12:13 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll 2010-01-06 12:13 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe 2010-01-06 12:12 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll 2010-01-06 12:09 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll 2010-01-06 12:09 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll 2010-01-06 12:09 . 2010-01-06 12:09 -------- d-----w- c:\programdata\ATI 2010-01-06 12:09 . 2010-01-06 12:09 0 ----a-w- c:\windows\ativpsrm.bin . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-25 18:24 . 2008-01-21 05:41 93416 ----a-w- c:\windows\system32\perfc014.dat 2010-01-25 18:24 . 2008-01-21 05:41 498048 ----a-w- c:\windows\system32\perfh014.dat 2010-01-25 18:20 . 2010-01-25 14:21 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-01-25 14:21 . 2010-01-25 14:21 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2010-01-19 22:42 . 2009-07-23 11:16 -------- d-----w- c:\program files\Google 2010-01-13 11:34 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-01-12 14:03 . 2010-01-12 14:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2010-01-06 20:00 . 2009-07-23 11:47 -------- d-----w- c:\program files\Common Files\Adobe 2010-01-06 17:54 . 2009-07-23 11:09 319456 ----a-w- c:\windows\DIFxAPI.dll 2010-01-06 13:00 . 2009-07-23 11:34 -------- d-----w- c:\programdata\McAfee 2010-01-06 12:35 . 2009-07-23 11:15 -------- d-----w- c:\program files\Acer 2010-01-06 12:34 . 2009-07-23 11:02 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-06 12:22 . 2010-01-06 12:22 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf 2010-01-06 12:13 . 2010-01-06 12:13 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb5F9E.tmp.exe 2010-01-06 12:07 . 2010-01-06 12:07 159728 ----a-w- c:\programdata\Partner\partner.dll 2010-01-06 12:07 . 2010-01-06 12:07 111088 ----a-w- c:\programdata\Partner\partner.exe 2010-01-06 12:03 . 2010-01-06 12:03 -------- d-sh--we c:\programdata\Start-meny 2010-01-06 12:03 . 2010-01-06 12:03 -------- d-sh--we c:\programdata\Skrivebord 2010-01-06 12:03 . 2010-01-06 12:03 -------- d-sh--we c:\programdata\Programdata 2010-01-06 12:03 . 2010-01-06 12:03 -------- d-sh--we c:\programdata\Maler 2010-01-06 12:03 . 2010-01-06 12:03 -------- d-sh--we c:\programdata\Favoritter 2010-01-06 12:03 . 2010-01-06 12:03 -------- d-sh--we c:\programdata\Dokumenter 2010-01-06 12:03 . 2010-01-06 12:03 -------- d-sh--we c:\program files\Fellesfiler 2010-01-06 13:05 . 2010-01-06 13:05 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}] 2010-01-06 12:07 159728 ----a-w- c:\programdata\Partner\partner.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-7-23 565248] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" R1 DPMemGridVista;Physical Memory I/O for GridVista;c:\program files\GridVista\DPMemGridVista.sys [23.07.2009 20:10 10504] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05.01.2010 07:56 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05.01.2010 07:56 74480] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [21.01.2008 03:24 21504] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [25.09.2009 08:20 176128] R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [23.07.2009 20:11 117256] R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [23.07.2009 12:33 707104] R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\System32\drivers\FPSensor.sys [06.01.2010 13:26 28208] R2 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [01.06.2009 15:37 3444736] R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [01.07.2009 13:04 62208] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [17.06.2009 16:31 144640] R2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [23.07.2009 12:15 118784] R2 regi;regi;c:\windows\System32\drivers\regi.sys [17.04.2007 20:09 11032] R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [23.07.2009 12:51 237568] R3 amdkmdag;amdkmdag;c:\windows\System32\drivers\atipmdag.sys [25.09.2009 08:20 4994048] R3 amdkmdap;amdkmdap;c:\windows\System32\drivers\atikmpag.sys [25.09.2009 08:20 106496] R3 intelkmd;intelkmd;c:\windows\System32\drivers\igdpmd32.sys [25.09.2009 08:20 4744704] R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [23.07.2009 20:11 3668480] S2 gupdate;Googles oppdateringstjeneste (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19.01.2010 23:41 135664] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [06.01.2010 13:24 29472] S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [17.06.2009 16:31 50432] S3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [06.01.2010 13:07 111088] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05.01.2010 07:56 7408] --- Andre tjenester/drivere lastet i minnet --- *Deregistered* - dpybk [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ Akamai REG_MULTI_SZ Akamai . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-19 22:41] 2010-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-19 22:41] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&m=travelmate_8471&r=2v650110z806l0341zs75x48n1k23r mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&m=travelmate_8471&r=2v650110z806l0341zs75x48n1k23r IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - c:\users\Jørgen\AppData\Roaming\Mozilla\Firefox\Profiles\95kkn6sh.default\ FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-25 19:28 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys splp.sys hal.dll >>UNKNOWN [0x8583A938]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0x8a9a4322 \Driver\ACPI -> acpi.sys @ 0x807bfd4c \Driver\atapi -> 0x858841f8 \Driver\iaStor -> iaStor.sys @ 0x8a4580b0 IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai] "ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3629.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai] "ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3629.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dpybk] . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'Explorer.exe'(2400) c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\system32\atieclxx.exe c:\program files\Acer Bio Protection\CompPtcVUI.exe c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\conime.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Tidspunkt ferdig: 2010-01-25 19:34:34 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2010-01-25 18:34 ComboFix2.txt 2010-01-25 15:36 ComboFix3.txt 2010-01-23 20:45 Pre-Run: 218 081 042 432 byte ledig Post-Run: 214 821 650 432 byte ledig Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5 - - End Of File - - 6E73ADEE3FDBF78CB167F87662072CB4
norbat Skrevet 25. januar 2010 Skrevet 25. januar 2010 Kjør prosessen på ny med vedlagt cfscript-fil. Post loggen: cfscript.txt Du har en mulig rootkit i mbr (master boot record). For å eliminere dette, kan du fra gjenopprettingskonsollen (du booter pc'n med Vista dvd'n), velger gjenopprettingskonsollen og fra ledetekst skriv følgende: bootrec.exe /fixmbr
Enya Skrevet 25. januar 2010 Forfatter Skrevet 25. januar 2010 Ny logg Klikk for å se/fjerne innholdet nedenfor ComboFix 10-01-24.05 - Jørgen 25.01.2010 20:09:54.3.2 - x86 MINIMAL Microsoft® Windows Vista™ Business 6.0.6001.1.1252.47.1044.18.2974.2556 [GMT 1:00] Kjører fra: c:\users\Jørgen\Desktop\ComboFix.exe Command switches brukt :: c:\users\Jørgen\Desktop\cfscript.txt SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivere/Tjenester ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DPYBK -------\Service_dpybk ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-12-25 til 2010-01-25 ))))))))))))))))))))))))))))))))) . 2010-01-25 14:21 . 2010-01-25 14:21 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2010-01-25 14:21 . 2010-01-25 18:20 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-01-25 14:20 . 2010-01-25 14:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-01-24 21:55 . 2010-01-24 21:55 4 ----a-w- c:\program files\89891192.dat 2010-01-24 21:53 . 2010-01-24 21:53 -------- d-----w- c:\programdata\WindowsSearch 2010-01-23 16:44 . 2010-01-23 16:44 -------- d-----w- c:\program files\AutomationLabs 2010-01-22 19:04 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-22 19:04 . 2010-01-23 20:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-22 19:04 . 2010-01-22 19:04 -------- d-----w- c:\programdata\Malwarebytes 2010-01-22 19:04 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-22 18:58 . 2010-01-25 19:16 756736 ----a-w- c:\windows\system32\drivers\dpybk.sys 2010-01-13 11:28 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll 2010-01-13 11:28 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll 2010-01-11 11:12 . 2010-01-11 11:15 -------- d-----w- c:\program files\AutoCAD 2010 2010-01-11 09:57 . 2010-01-11 09:58 -------- d-----w- c:\program files\DWG TrueView 2010 2010-01-11 09:56 . 2010-01-11 09:56 -------- d-----w- c:\program files\Microsoft WSE 2010-01-11 09:47 . 2008-03-05 14:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll 2010-01-11 09:47 . 2008-03-05 14:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll 2010-01-11 09:47 . 2008-02-05 22:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll 2010-01-11 09:45 . 2010-01-11 09:59 -------- d-----w- c:\program files\Autodesk 2010-01-11 09:28 . 2010-01-11 10:36 -------- d-----w- C:\Autodesk 2010-01-11 09:13 . 2010-01-25 19:17 -------- d-----w- c:\program files\Common Files\Akamai 2010-01-11 08:23 . 2010-01-25 07:55 -------- d-----w- c:\windows\VCMtemp 2010-01-08 14:49 . 2010-01-25 11:27 -------- d-----w- c:\programdata\FLEXnet 2010-01-08 14:23 . 2010-01-08 14:23 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2010-01-08 14:21 . 2010-01-13 14:54 -------- d-----w- c:\programdata\Autodesk 2010-01-08 14:21 . 2010-01-11 11:13 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2010-01-08 13:17 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll 2010-01-08 13:08 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-01-08 13:08 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll 2010-01-08 13:08 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys 2010-01-08 12:57 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll 2010-01-08 12:57 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2010-01-08 12:57 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-01-08 12:57 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll 2010-01-08 12:57 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe 2010-01-08 12:57 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll 2010-01-08 12:57 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe 2010-01-08 12:51 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll 2010-01-08 12:51 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll 2010-01-08 12:51 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll 2010-01-08 12:51 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll 2010-01-08 12:51 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll 2010-01-07 23:57 . 2010-01-07 23:57 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-01-07 23:57 . 2010-01-25 18:20 -------- d-----w- c:\program files\DAEMON Tools Lite 2010-01-07 23:56 . 2010-01-07 23:56 -------- d-----w- c:\programdata\DAEMON Tools Lite 2010-01-07 23:27 . 2010-01-07 23:27 -------- d-----w- c:\program files\uTorrent 2010-01-07 16:43 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-01-07 16:43 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll 2010-01-07 16:43 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll 2010-01-07 16:43 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2010-01-07 16:43 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2010-01-07 16:43 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2010-01-07 16:43 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2010-01-07 16:43 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE 2010-01-07 16:43 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2010-01-07 16:43 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe 2010-01-07 16:42 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll 2010-01-07 16:42 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll 2010-01-07 16:42 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll 2010-01-07 16:42 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll 2010-01-07 16:41 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll 2010-01-07 16:41 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll 2010-01-07 16:41 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll 2010-01-07 16:41 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll 2010-01-07 16:41 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll 2010-01-07 16:41 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2010-01-07 16:41 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll 2010-01-07 16:41 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe 2010-01-07 16:40 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll 2010-01-07 16:40 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll 2010-01-07 16:38 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll 2010-01-07 16:38 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll 2010-01-07 16:36 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll 2010-01-07 16:35 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys 2010-01-07 16:35 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2010-01-07 16:34 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll 2010-01-07 16:34 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll 2010-01-07 16:29 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2010-01-07 16:29 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2010-01-07 16:29 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll 2010-01-07 16:28 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-01-07 16:27 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll 2010-01-07 16:27 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2010-01-07 16:27 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe 2010-01-07 16:27 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll 2010-01-07 16:27 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll 2010-01-07 16:27 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2010-01-07 16:19 . 2010-01-14 10:12 181120 ------w- c:\windows\system32\MpSigStub.exe 2010-01-06 19:48 . 2010-01-06 19:48 -------- d-----w- c:\program files\Spotify 2010-01-06 17:53 . 2010-01-06 17:53 -------- d-----w- c:\program files\Common Files\ATI Technologies 2010-01-06 17:52 . 2010-01-06 17:52 -------- d-----w- c:\program files\ATI 2010-01-06 17:52 . 2010-01-06 17:53 -------- d-----w- c:\program files\ATI Technologies 2010-01-06 14:22 . 2010-01-21 21:55 -------- d-----w- c:\programdata\TmForever 2010-01-06 14:17 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll 2010-01-06 14:14 . 2010-01-06 14:16 -------- d-----w- c:\program files\TmNationsForever 2010-01-06 12:34 . 2010-01-06 12:34 -------- d-----w- c:\program files\Common Files\InterVideo 2010-01-06 12:32 . 2010-01-06 12:34 -------- d-----w- c:\program files\InterVideo 2010-01-06 12:28 . 2010-01-25 18:20 -------- d-----w- c:\program files\Launch Manager 2010-01-06 12:27 . 2010-01-25 18:20 -------- d-----w- c:\program files\Acer Bio Protection 2010-01-06 12:27 . 2010-01-06 12:27 469552 ----a-w- c:\windows\system32\NBMatS1SDK.dll 2010-01-06 12:26 . 2010-01-06 12:26 28208 ----a-w- c:\windows\system32\drivers\FPSensor.sys 2010-01-06 12:24 . 2009-04-10 05:53 84256 ----a-w- c:\windows\system32\drivers\btwaudio.sys 2010-01-06 12:24 . 2009-04-07 07:32 29472 ----a-w- c:\windows\system32\drivers\btwl2cap.sys 2010-01-06 12:24 . 2009-03-24 10:14 106784 ----a-w- c:\windows\system32\drivers\btwavdt.sys 2010-01-06 12:24 . 2009-03-24 10:14 17056 ----a-w- c:\windows\system32\drivers\btwrchid.sys 2010-01-06 12:24 . 2010-01-06 12:24 -------- d-----w- c:\program files\WIDCOMM 2010-01-06 12:22 . 2010-01-06 12:22 -------- d-----w- c:\program files\Synaptics 2010-01-06 12:20 . 2009-04-16 17:45 106496 ----a-w- c:\windows\FixUVC.exe 2010-01-06 12:17 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2010-01-06 12:16 . 2010-01-25 19:06 12 ----a-w- c:\windows\bthservsdp.dat 2010-01-06 12:15 . 2010-01-06 12:15 0 ----a-w- c:\windows\nsreg.dat 2010-01-06 12:13 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll 2010-01-06 12:13 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe 2010-01-06 12:13 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2010-01-06 12:13 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll 2010-01-06 12:13 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll 2010-01-06 12:13 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll 2010-01-06 12:13 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll 2010-01-06 12:13 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll 2010-01-06 12:13 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe 2010-01-06 12:12 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll 2010-01-06 12:09 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll 2010-01-06 12:09 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll 2010-01-06 12:09 . 2010-01-06 12:09 -------- d-----w- c:\programdata\ATI . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-25 19:14 . 2008-01-21 05:41 93416 ----a-w- c:\windows\system32\perfc014.dat 2010-01-25 19:14 . 2008-01-21 05:41 498048 ----a-w- c:\windows\system32\perfh014.dat 2010-01-19 22:42 . 2009-07-23 11:16 -------- d-----w- c:\program files\Google 2010-01-13 11:34 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-01-12 14:03 . 2010-01-12 14:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2010-01-06 20:00 . 2009-07-23 11:47 -------- d-----w- c:\program files\Common Files\Adobe 2010-01-06 17:54 . 2009-07-23 11:09 319456 ----a-w- c:\windows\DIFxAPI.dll 2010-01-06 13:00 . 2009-07-23 11:34 -------- d-----w- c:\programdata\McAfee 2010-01-06 12:35 . 2009-07-23 11:15 -------- d-----w- c:\program files\Acer 2010-01-06 12:34 . 2009-07-23 11:02 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-06 12:22 . 2010-01-06 12:22 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf 2010-01-06 12:13 . 2010-01-06 12:13 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb5F9E.tmp.exe 2010-01-06 12:07 . 2010-01-06 12:07 159728 ----a-w- c:\programdata\Partner\partner.dll 2010-01-06 12:07 . 2010-01-06 12:07 111088 ----a-w- c:\programdata\Partner\partner.exe 2010-01-06 12:03 . 2010-01-06 12:03 -------- d-sh--we c:\programdata\Start-meny 2010-01-06 12:03 . 2010-01-06 12:03 -------- d-sh--we c:\programdata\Skrivebord 2010-01-06 12:03 . 2010-01-06 12:03 -------- d-sh--we c:\programdata\Programdata 2010-01-06 12:03 . 2010-01-06 12:03 -------- d-sh--we c:\programdata\Maler 2010-01-06 12:03 . 2010-01-06 12:03 -------- d-sh--we c:\programdata\Favoritter 2010-01-06 12:03 . 2010-01-06 12:03 -------- d-sh--we c:\programdata\Dokumenter 2010-01-06 12:03 . 2010-01-06 12:03 -------- d-sh--we c:\program files\Fellesfiler 2010-01-06 13:05 . 2010-01-06 13:05 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}] 2010-01-06 12:07 159728 ----a-w- c:\programdata\Partner\partner.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-7-23 565248] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" R1 DPMemGridVista;Physical Memory I/O for GridVista;c:\program files\GridVista\DPMemGridVista.sys [23.07.2009 20:10 10504] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05.01.2010 07:56 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05.01.2010 07:56 74480] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [21.01.2008 03:24 21504] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [25.09.2009 08:20 176128] R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [23.07.2009 20:11 117256] R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [23.07.2009 12:33 707104] R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\System32\drivers\FPSensor.sys [06.01.2010 13:26 28208] R2 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [01.06.2009 15:37 3444736] R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [01.07.2009 13:04 62208] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [17.06.2009 16:31 144640] R2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [23.07.2009 12:15 118784] R2 regi;regi;c:\windows\System32\drivers\regi.sys [17.04.2007 20:09 11032] R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [23.07.2009 12:51 237568] R3 amdkmdag;amdkmdag;c:\windows\System32\drivers\atipmdag.sys [25.09.2009 08:20 4994048] R3 amdkmdap;amdkmdap;c:\windows\System32\drivers\atikmpag.sys [25.09.2009 08:20 106496] R3 intelkmd;intelkmd;c:\windows\System32\drivers\igdpmd32.sys [25.09.2009 08:20 4744704] R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [23.07.2009 20:11 3668480] S2 gupdate;Googles oppdateringstjeneste (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19.01.2010 23:41 135664] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [06.01.2010 13:24 29472] S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [17.06.2009 16:31 50432] S3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [06.01.2010 13:07 111088] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05.01.2010 07:56 7408] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ Akamai REG_MULTI_SZ Akamai . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2010-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-19 22:41] 2010-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-19 22:41] . . ------- Tilleggsskanning ------- . uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&m=travelmate_8471&r=2v650110z806l0341zs75x48n1k23r mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0414&m=travelmate_8471&r=2v650110z806l0341zs75x48n1k23r IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html IE: Send bilde til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send side til &Bluetooth-enhet... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm FF - ProfilePath - c:\users\Jørgen\AppData\Roaming\Mozilla\Firefox\Profiles\95kkn6sh.default\ FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-25 20:18 Windows 6.0.6001 Service Pack 1 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys sphb.sys hal.dll >>UNKNOWN [0x8583A938]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0x8a9a0322 \Driver\ACPI -> acpi.sys @ 0x807bbd4c \Driver\atapi -> 0x858841f8 \Driver\iaStor -> iaStor.sys @ 0x8a4510b0 IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai] "ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3629.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai] "ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3629.dll" . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'Explorer.exe'(1428) c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll . ------------------------ Andre Kjørende Prosesser ------------------------ . c:\windows\system32\atieclxx.exe c:\program files\Acer Bio Protection\CompPtcVUI.exe c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\conime.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Tidspunkt ferdig: 2010-01-25 20:23:57 - maskinen ble startet på nytt ComboFix-quarantined-files.txt 2010-01-25 19:23 ComboFix2.txt 2010-01-25 18:34 ComboFix3.txt 2010-01-25 15:36 ComboFix4.txt 2010-01-23 20:45 Pre-Run: 217 877 843 968 byte ledig Post-Run: 214 620 143 616 byte ledig - - End Of File - - 89121AEF8390C354748D5A2FCD60208F
norbat Skrevet 25. januar 2010 Skrevet 25. januar 2010 Fint. Filene knyttet til infeksjonen er fjernet. Det som gjenstår er MBR. Har du Vista dvd'n tilgjengelig?
Enya Skrevet 25. januar 2010 Forfatter Skrevet 25. januar 2010 Nei, den har jeg ikke. Andre muligheter?
norbat Skrevet 25. januar 2010 Skrevet 25. januar 2010 (endret) Du kan google og søke etter System Recovery Disc. En liten artikkel finner du på http://blogs.techrepublic.com.com/window-on-windows/?p=622 Endret 25. januar 2010 av norbat
Enya Skrevet 25. januar 2010 Forfatter Skrevet 25. januar 2010 Okei. Hva gjør jeg med registerfeilene da? Får ikke kjøre noen programmer, får meldingen som jeg skrev tidligere. Kjøre Ccleaner? Takker for all hjelp norbat
norbat Skrevet 26. januar 2010 Skrevet 26. januar 2010 Du har vært kraftig infisert der flere programfiler er korrupte. Combofix har prøvd å gjeninnsatt de riktige programfilene. I tillegg er det tegn på at du har en rootkit i MBR. Dette må du få fixet før vi kan vite om det er noe annet som forårsaker problemet med feilmeldingen du får når du forsøker å starte et program. Nå er det også et godt tidspunkt å ta backup av filer som du ønsker å ta vare på (bilder, dokumeneter, epost etc...), uansett utgang av denne saken.
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå