Log fra Combofix:
ComboFix 10-09-02.03 - start 07-09-2010 16:53:55.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.1014.697 [GMT 2:00]
Kører fra: c:\documents and settings\start\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\start\Skrivebord\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((((((( Filer skabt fra 2010-08-07 til 2010-09-07 )))))))))))))))))))))))))))))))))))
.
2010-09-07 12:26 . 2008-04-13 12:20 182656 ———w- c:\windows\system32\dllcache\ndis.sys
2010-09-07 12:15 . 2010-09-07 12:28 ———— d——-w- C:\bd_logs
2010-09-07 11:36 . 2010-09-07 12:12 ———— d—-a-w- C:\Kaspersky Rescue Disk 10.0
2010-09-06 15:37 . 2010-09-06 15:37 ———— d——-w- c:\windows\system32\MpEngineStore
2010-09-06 10:28 . 2010-09-06 10:28 ———— d——-w- c:\documents and settings\start\Application Data\Birdstep Technology
2010-09-06 10:27 . 2010-09-06 10:28 ———— d——-w- c:\documents and settings\All Users\Application Data\Birdstep Technology
2010-09-06 10:26 . 2009-09-14 18:05 621056 ——a-w- c:\windows\system32\drivers\mod7700.sys
2010-09-06 10:26 . 2009-09-14 18:05 24448 ——a-w- c:\windows\system32\drivers\ewdcsc.sys
2010-09-06 10:26 . 2009-09-14 18:05 112640 ——a-w- c:\windows\system32\drivers\ewusbnet.sys
2010-09-06 10:26 . 2009-09-14 18:05 102656 ——a-w- c:\windows\system32\drivers\ewusbfake.sys
2010-09-06 10:26 . 2009-09-14 18:05 102400 ——a-w- c:\windows\system32\drivers\ewusbmdm.sys
2010-09-06 10:26 . 2010-09-06 10:26 71253 ——a-w- c:\windows\Huawei ModemsUninstall.exe
2010-09-06 10:26 . 2010-09-06 10:26 ———— d——-w- c:\programmer\Huawei Modems
2010-09-06 10:26 . 2009-09-14 18:06 10240 ——a-w- c:\windows\system32\drivers\mdvrmng.sys
2010-09-06 10:25 . 2010-09-06 10:25 ———— d——-w- c:\programmer\3
2010-09-03 14:20 . 2010-06-28 20:37 46672 ——a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-03 14:20 . 2010-06-28 20:37 165456 ——a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-03 14:20 . 2010-06-28 20:33 23376 ——a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-03 14:20 . 2010-06-28 20:32 17744 ——a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-03 14:20 . 2010-06-28 20:32 100176 ——a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-03 14:20 . 2010-06-28 20:32 94544 ——a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-03 14:20 . 2010-06-28 20:32 28880 ——a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-03 14:20 . 2010-06-28 20:57 38848 ——a-w- c:\windows\avastSS.scr
2010-09-03 14:20 . 2010-06-28 20:57 165032 ——a-w- c:\windows\system32\aswBoot.exe
2010-09-03 14:20 . 2010-09-03 14:20 ———— d——-w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-09-03 13:35 . 2010-09-03 13:35 ———— d——-r- c:\documents and settings\NetworkService\Foretrukne
2010-09-02 14:08 . 2010-09-02 14:08 ———— d——-w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-02 14:08 . 2010-09-02 14:08 ———— d——-w- c:\programmer\SUPERAntiSpyware
2010-09-02 14:08 . 2010-09-02 14:08 ———— d——-w- c:\documents and settings\start\Application Data\SUPERAntiSpyware.com
2010-09-02 13:56 . 2010-09-02 13:56 ———— d——-w- c:\documents and settings\start\Application Data\IObit
2010-09-02 13:39 . 2010-09-02 13:39 ———— d——-w- c:\programmer\ToniArts
2010-09-02 12:39 . 2009-04-04 16:09 ———— d——-w- c:\documents and settings\Administrator\Lokale indstillinger\Application Data\Packard Bell
2010-09-02 12:37 . 2010-09-02 12:37 ———— d——-w- c:\programmer\Fælles filer\Wise Installation Wizard
2010-09-02 12:34 . 2010-09-02 12:34 ———— d——-w- c:\documents and settings\start\Application Data\Malwarebytes
2010-09-02 12:34 . 2010-04-29 13:39 38224 ——a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-02 12:34 . 2010-09-02 12:34 ———— d——-w- c:\programmer\Malwarebytes’ Anti-Malware
2010-09-02 12:34 . 2010-09-02 12:34 ———— d——-w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-02 12:34 . 2010-04-29 13:39 20952 ——a-w- c:\windows\system32\drivers\mbam.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-07 01:16 . 2009-11-10 07:21 ———— d——-w- c:\programmer\Microsoft Silverlight
2010-09-06 15:43 . 2009-04-04 15:36 ———— d——-w- c:\programmer\Microsoft Works
2010-09-06 15:42 . 2009-04-04 15:34 ———— d——-w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-06 15:41 . 2009-04-04 22:48 84258 ——a-w- c:\windows\system32\perfc006.dat
2010-09-06 15:41 . 2009-04-04 22:48 460806 ——a-w- c:\windows\system32\perfh006.dat
2010-09-06 10:25 . 2009-04-04 15:22 ———— d—h—w- c:\programmer\InstallShield Installation Information
2010-09-02 13:32 . 2010-09-02 13:32 ———— d——-w- c:\documents and settings\Administrator\Application Data\IObit
2010-09-02 13:32 . 2010-09-02 13:32 ———— d——-w- c:\programmer\IObit
2010-08-04 17:46 . 2009-04-04 15:56 ———— d——-w- c:\documents and settings\All Users\Application Data\Norton
2010-08-04 16:03 . 2010-08-04 16:03 ———— d——-w- c:\programmer\ASIO4ALL v2
2010-08-04 16:03 . 2010-08-04 16:02 ———— d——-w- c:\programmer\VstPlugins
2010-08-04 16:03 . 2010-08-04 15:58 ———— d——-w- c:\programmer\Image-Line
2010-08-04 16:02 . 2010-08-04 16:02 ———— d——-w- c:\programmer\Outsim
2010-08-04 15:06 . 2010-08-04 14:35 ———— d——-w- c:\programmer\UltraMixer
2010-08-04 14:40 . 2010-05-19 19:41 ———— d——-w- c:\programmer\Graffiti Studio 2.0
2010-08-04 14:01 . 2010-03-15 18:37 ———— d——-w- c:\documents and settings\start\Application Data\GetRightToGo
2010-08-03 19:49 . 2010-08-03 19:49 503808 ——a-w- c:\documents and settings\start\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2ad87a12-n\msvcp71.dll
2010-08-03 19:49 . 2010-08-03 19:49 499712 ——a-w- c:\documents and settings\start\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2ad87a12-n\jmc.dll
2010-08-03 19:49 . 2010-08-03 19:49 348160 ——a-w- c:\documents and settings\start\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2ad87a12-n\msvcr71.dll
2010-08-03 19:49 . 2010-08-03 19:49 61440 ——a-w- c:\documents and settings\start\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1ef97721-n\decora-sse.dll
2010-08-03 19:49 . 2010-08-03 19:49 12800 ——a-w- c:\documents and settings\start\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-1ef97721-n\decora-d3d.dll
2010-07-26 12:43 . 2010-07-26 12:43 ———— d——-w- c:\programmer\FlashCatch
2010-07-26 12:30 . 2010-05-10 17:05 ———— d——-w- c:\programmer\DAEMON Tools Toolbar
2010-06-30 12:32 . 2009-04-04 22:48 149504 ——a-w- c:\windows\system32\schannel.dll
2010-06-24 12:25 . 2009-04-04 22:48 916480 ——a-w- c:\windows\system32\wininet.dll
2010-06-21 15:27 . 2009-04-04 22:48 354304 ——a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2009-04-04 22:47 80384 ——a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-04-04 14:05 744448 ——a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2009-04-04 22:48 1172480 ——a-w- c:\windows\system32\msxml3.dll
.
———- Sigcheck———-
[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys
c:\windows\System32\drivers\ndis.sys ... mangler !!
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5B291E6C-9A74-4034-971B-A4B007A0B315}]
2010-01-11 10:18 451808 ——a-w- c:\programmer\RadioBar\toolbar.ni.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{5B291E6C-9A74-4034-971B-A4B007A0B315}”= “c:\programmer\RadioBar\toolbar.ni.dll” [2010-01-11 451808]
[HKEY_CLASSES_ROOT\clsid\{5b291e6c-9a74-4034-971b-a4b007a0b315}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{810FCC0F-2CA3-414a-B8C8-550910C8B664}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
“{5B291E6C-9A74-4034-971B-A4B007A0B315}”= “c:\programmer\RadioBar\toolbar.ni.dll” [2010-01-11 451808]
[HKEY_CLASSES_ROOT\clsid\{5b291e6c-9a74-4034-971b-a4b007a0b315}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{810FCC0F-2CA3-414a-B8C8-550910C8B664}]
[HKEY_CLASSES_ROOT\Pugi.PugiObj]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-15 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “c:\programmer\SUPERAntiSpyware\SASSEH.DLL” [2006-12-20 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 10:41 294912 ——a-w- c:\programmer\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@=“Driver”
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“%windir%\\system32\\sessmgr.exe”=
“c:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE”=
“c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe”=
“c:\\Programmer\\Opera\\opera.exe”=
“c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE”=
“c:\\Programmer\\Microsoft Games\\Zoo Tycoon 2\\zt.exe”=
“c:\\Programmer\\Bonjour\\mDNSResponder.exe”=
“c:\\Programmer\\iTunes\\iTunes.exe”=
“c:\\Programmer\\UltraMixer\\jre\\launch4j-tmp\\UltraMixer.exe”=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03-09-2010 16:20 165456]
R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\sasdifsv.sys [29-02-2008 16:03 8944]
R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [29-02-2008 16:03 51440]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor;c:\programmer\Intel\Intel Matrix Storage Manager\IAANTmon.exe [04-04-2009 17:23 354840]
R3 M3000Srv;WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [04-11-2009 22:28 145152]
S2 aswFsBlk;aswFsBlk;aswFsBlk.sys—> aswFsBlk.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [04-04-2009 17:32 1684736]
S3 GoogleDesktopManager-110309-193829;Google Desktop-administrator 5.9.911.3589;c:\programmer\Google\Google Desktop Search\GoogleDesktop.exe [04-11-2009 22:30 30192]
S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [05-04-2009 00:49 38912]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys—> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys—> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 SASENUM;SASENUM;c:\programmer\SUPERAntiSpyware\SASENUM.SYS [16-02-2006 16:51 4096]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [31-05-2010 11:30 41472]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10-05-2010 19:05 691696]
.
Indhold af mappen ‘Planlagte Opgaver’
2010-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
2010-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2035789119-3646499915-426764551-1006Core.job
- c:\documents and settings\start\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2010-03-07 11:42]
2010-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2035789119-3646499915-426764551-1006UA.job
- c:\documents and settings\start\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2010-03-07 11:42]
.
.
———- Yderligere scanning———-
.
uStart Page = about:blank
Handler: toolbarchrome - {718733BC-AD64-4e5f-AC18-A85FBD75D54D} - c:\programmer\RadioBar\toolbar.ni.dll
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
.
- - - - TOMME GENVEJE FJERNET - - - -
AddRemove-avast5 - c:\programmer\Alwil Software\Avast5\aswRunDll.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-07 17:00
Windows 5.1.2600 Service Pack 3 NTFS
scanner skjulte processer ...
scanner skjulte autostarter ...
scanner skjulte filer ...
scanning gennemført med succes
skjulte filer: 0
**************************************************************************
.
——————————- LÅSTE REGISTRERINGS NØGLER——————————-
[HKEY_USERS\S-1-5-21-2035789119-3646499915-426764551-1006\Software\SecuROM\License information*]
“datasecu”=hex:fd,d2,bd,a6,dc,f4,cc,5e,f3,89,3a,b4,29,5f,77,5c,8a,cb,96,b9,5c,
97,80,55,af,7d,49,ad,cb,8c,da,41,fa,36,1a,a6,b2,a1,b1,4d,48,40,d0,88,ff,ce,\
“rkeysecu”=hex:9a,19,3c,63,e9,52,59,f3,c7,50,d4,62,1d,aa,f9,98
.
——————————- DLLs startet under kørende Processer——————————-
- - - - - - - > ‘winlogon.exe’(384)
c:\programmer\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > ‘explorer.exe’(340)
c:\windows\system32\webcheck.dll
.
————————————Andre kørende processer————————————
.
c:\programmer\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Gennemført tid: 2010-09-07 17:06:05 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2010-09-07 15:06
ComboFix2.txt 2010-09-06 08:08
ComboFix3.txt 2010-09-03 14:09
Pre-Kørsel: 113.742.471.168 byte ledig
Post-Kørsel: 113.734.348.800 byte ledig
- - End Of File - - 08A4095FF65A021603AB4836A93F8EDE
