Malwarebytes' Anti-Malware 1.37
Database version: 2182
Windows 6.0.6001 Service Pack 1
08-06-2009 20:12:43
mbam-log-2009-06-08 (20-12-43).txt
Skan type: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 319996
Tid tilbagelagt: 1 hour(s), 42 minute(s), 51 second(s)
Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 5
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 1
Inficerede Filer: 2
Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)
Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)
Inficerede Registeringsdatabase Nøgler:
HKEY_CLASSES_ROOT\fe345.fe345mgr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fe345.fe345mgr.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{65768b48-b004-4b26-9bac-a3bac39643d1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)
Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)
Inficerede Mapper:
C:\Windows\System32\199638 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Inficerede Filer:
c:\Windows\t55ft3105f44.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\Windows\9g2234wesdf3dfgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.
og combo log:
ComboFix 09-06-07.07 - Inge 09-06-2009 10:03.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.45.1030.18.1982.1235 [GMT 2:00]
Kører fra: c:\users\Inge\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\Inge\Desktop\CFScript.txt
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((( Filer skabt fra 2009-05-09 til 2009-06-09 )))))))))))))))))))))))))))))))))))
.
2009-06-09 08:09 . 2009-06-09 08:09 -------- d-sh--w- \$RECYCLE.BIN
2009-06-09 08:08 . 2009-06-09 08:10 -------- d-----w- c:\users\Inge\AppData\Local\temp
2009-06-09 08:08 . 2009-06-09 08:08 -------- d-----w- C:\temp
2009-06-09 08:08 . 2009-06-09 08:08 -------- d-----w- \temp
2009-06-09 07:59 . 2009-06-09 08:10 -------- d-s---w- \ComboFix
2009-06-09 07:44 . 2009-06-09 07:44 -------- d-----w- c:\programdata\NortonInstaller
2009-06-09 07:25 . 2009-06-09 07:31 -------- d-sh--w- \Config.Msi
2009-06-09 04:53 . 2009-06-09 08:01 -------- d-----w- \Qoobox
2009-06-08 18:40 . 2009-06-08 18:40 -------- d-----w- c:\program files\Common Files\L&H
2009-06-08 18:39 . 2009-06-08 18:39 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-06-08 18:35 . 2009-06-08 18:35 -------- d-----w- c:\program files\Microsoft.NET
2009-06-08 16:23 . 2009-06-08 16:23 -------- d-----w- c:\users\Inge\AppData\Roaming\Malwarebytes
2009-06-08 16:23 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-08 16:23 . 2009-06-08 16:23 -------- d-----w- c:\programdata\Malwarebytes
2009-06-08 16:23 . 2009-06-08 16:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-08 16:23 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-08 15:47 . 2009-06-08 15:47 -------- d-----w- c:\users\Inge\AppData\Local\Mozilla
2009-06-04 13:50 . 2009-06-04 13:50 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-06-04 13:45 . 2009-06-04 13:45 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-04 13:45 . 2009-06-04 13:45 -------- d-----w- c:\users\Inge\AppData\Roaming\DAEMON Tools
2009-06-04 12:53 . 2009-06-08 15:33 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-04 12:53 . 2009-06-08 15:33 -------- d--h--w- \$AVG8.VAULT$
2009-06-04 12:08 . 2009-06-04 12:08 -------- d-----w- c:\programdata\WindowsSearch
2009-06-04 11:20 . 2009-06-04 11:20 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-04 11:20 . 2009-06-04 11:20 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-04 11:20 . 2009-06-04 11:20 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-04 11:20 . 2009-06-04 11:20 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-04 11:20 . 2009-06-04 11:20 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-04 11:20 . 2009-06-04 11:20 -------- d-----w- c:\programdata\avg8
2009-06-04 11:20 . 2009-06-04 11:20 -------- d-----w- c:\program files\AVG
2009-06-04 10:42 . 2009-06-09 08:09 2079162368 --sha-w- \hiberfil.sys
2009-05-23 17:34 . 2009-05-23 17:35 -------- d-----w- c:\users\Inge\Ny mappe
2009-05-21 20:54 . 2009-03-19 14:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-21 20:54 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-05-21 20:54 . 2009-05-21 20:54 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-21 20:52 . 2009-05-21 20:52 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-05-18 13:42 . 2009-05-18 13:42 -------- d-----w- c:\program files\Common Files\Control Panels
2009-05-18 13:39 . 2009-05-18 13:39 -------- d-----w- c:\programdata\ALM
2009-05-12 11:39 . 2009-05-12 11:40 -------- d-----w- c:\users\Inge\Panda antivirus
2009-05-12 06:38 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-05-12 06:38 . 2009-05-12 06:38 -------- d-----w- c:\program files\Panda Security
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-09 08:09 . 2009-06-04 10:42 2079162368 --sha-w- \hiberfil.sys
2009-06-09 08:09 . 2008-02-05 23:34 2393034752 --sha-w- \pagefile.sys
2009-06-09 07:56 . 2006-11-21 04:49 77202 ----a-w- c:\windows\system32\perfc006.dat
2009-06-09 07:56 . 2006-11-21 04:49 463344 ----a-w- c:\windows\system32\perfh006.dat
2009-06-09 07:49 . 2007-08-20 16:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-09 07:49 . 2008-04-22 19:50 -------- d-----w- c:\programdata\Symantec
2009-06-09 07:48 . 2008-04-22 19:39 -------- d-----w- c:\users\Inge\AppData\Roaming\Symantec
2009-06-09 04:44 . 2009-02-21 11:42 27744 ----a-w- c:\programdata\nvModes.dat
2009-06-08 18:37 . 2007-08-20 16:23 -------- d-----w- c:\program files\Microsoft Works
2009-06-05 18:03 . 2008-02-05 18:05 118624 ----a-w- c:\users\Inge\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-04 13:42 . 2005-05-28 07:04 -------- d-----w- c:\program files\Spyware Stormer
2009-05-21 20:54 . 2008-02-15 13:37 -------- d-----w- c:\program files\iTunes
2009-05-21 20:54 . 2008-02-15 13:38 -------- d-----w- c:\program files\iPod
2009-05-21 20:54 . 2008-02-15 13:45 -------- d-----w- c:\program files\Common Files\Apple
2009-05-19 14:52 . 2008-06-07 06:04 -------- d-----w- c:\program files\Picasa2
2009-05-18 13:44 . 2008-02-24 13:13 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-17 07:01 . 2008-12-10 19:11 -------- d-----w- c:\users\Inge\AppData\Roaming\Skype
2009-05-17 06:07 . 2008-12-10 19:16 -------- d-----w- c:\users\Inge\AppData\Roaming\skypePM
2009-05-16 13:37 . 2009-04-13 19:20 -------- d-----w- c:\users\Inge\AppData\Roaming\gtk-2.0
2009-05-06 20:26 . 2008-12-01 12:35 -------- d-----w- c:\users\Inge\AppData\Roaming\Tunebite
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-05-01 11:52 . 2009-05-01 11:52 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-05-01 10:08 . 2009-05-01 10:08 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-04-17 16:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-03-28 16:08 . 2009-02-01 17:30 0 ----a-w- c:\users\Inge\temp.dat
2009-03-19 14:32 . 2009-03-19 14:32 23400 ----a-w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-17 03:38 . 2009-04-16 20:00 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 20:00 24064 ----a-w- c:\windows\system32\amxread.dll
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-04 1947928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^Inge^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ArsClip.exe - Genvej.lnk]
path=c:\users\Inge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ArsClip.exe - Genvej.lnk
backup=c:\windows\pss\ArsClip.exe - Genvej.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{25239235-CCE9-4506-BB16-AEDA937E00E7}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{447CBEF1-95B8-442E-BC0D-2C32A27AF478}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{BB5D10AA-48F2-4F7B-AFC9-91CE9049526D}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{99327DF5-6E89-4C68-AD7A-9BC0EEF88CD1}"= UDP:c:\windows\System32\migwiz\migwiz.exe:Windows Easy Transfer
"{02922678-BA62-4998-9260-C647E43593AD}"= TCP:c:\windows\System32\migwiz\migwiz.exe:Windows Easy Transfer
"{1E5EC0A3-A2D6-43AF-B8CE-F13AC6E70344}"= UDP:c:\program files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{8F3C97A6-4FD2-45F1-9742-B5460F987A69}"= TCP:c:\program files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{73432569-94A2-4BD6-BD79-4D322DF3D7EA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{256A5E47-F090-4D7A-8815-4084C5AD299C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2E921830-6162-4991-815B-31C16304D0D3}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{CC957C77-5208-48EC-BFBF-3A5245FB9894}"= UDP:3703:Adobe Version Cue CS3 Server
"{B50E831A-7668-4716-8645-820E59B86464}"= UDP:3704:Adobe Version Cue CS3 Server
"{3309B07B-928A-4394-84C7-3E0EF78AAA86}"= UDP:50900:Adobe Version Cue CS3 Server
"{D0DD7294-A424-4CB4-A643-7DB71A51900F}"= UDP:50901:Adobe Version Cue CS3 Server
"{FE6EBC8A-B9E1-477B-80DE-F70224B0B7EE}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{6824830E-B524-4852-B680-20222CCC00E9}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{476A6D60-2F63-4043-87A7-2E1502DF63A6}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{65B95D36-DCDD-4C9B-BB3B-10B07B58EBF6}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{89FA277F-A450-4FC8-A758-56BF95A1A4EA}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{23764773-FDA0-463F-81C2-C926006D2ACB}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{B43D531F-AC10-45C7-BAF0-2D03A455C5E7}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{E18AF5C7-1207-4343-927C-0DED9DFBBD0F}"= UDP:c:\users\Inge\AppData\Local\temp\7zSDDA1.tmp\SymNRT.exe:Norton Removal Tool
"{63A18976-001B-4162-BB9A-038222E762A3}"= TCP:c:\users\Inge\AppData\Local\temp\7zSDDA1.tmp\SymNRT.exe:Norton Removal Tool
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [12-05-2009 08:38 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [04-06-2009 13:20 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [04-06-2009 13:20 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [04-06-2009 13:20 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [04-06-2009 13:20 298776]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\System32\drivers\usbaapl.sys [06-03-2009 00:59 36864]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
.
------- Yderligere scanning -------
.
uStart Page =
hxxp://www.daemon-search.com/defaultuDefault_Search_URL =
hxxp://www.google.com/ieuInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%sIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: sydbank.dk
Trusted Zone: tdc.dk\udstedelse.certifikat
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} -
hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exeFF - ProfilePath - c:\users\Inge\AppData\Roaming\Mozilla\Firefox\Profiles\64fzafqk.default\
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-06-09 10:09
Windows 6.0.6001 Service Pack 1 NTFS
scanner skjulte processer ...
scanner skjulte autostarter ...
scanner skjulte filer ...
scanning gennemført med succes
skjulte filer: 0
**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\
0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
c:\windows\System32\drivers\XAudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\windows\System32\conime.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Gennemført tid: 2009-06-09 10:17 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2009-06-09 08:17
ComboFix2.txt 2009-06-09 05:15
Pre-Kørsel: 63.884.951.552 byte ledig
Post-Kørsel: 63.704.952.832 byte ledig
222 --- E O F --- 2009-05-08 07:12