Combofix log:
ComboFix 09-06-29.07 - Ulrik 30-06-2009 23:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1033.18.2046.1655 [GMT 2:00]
Kører fra: c:\documents and settings\Ulrik\Desktop\ComboFix.exe
advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Ulrik\LOCALS~1\Temp\install_flash_player.exe
c:\windows\kb913800.exe
c:\windows\system32\TDSSorvd.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys
((((((((((((((((((((((((((((( Filer skabt fra 2009-05-28 til 2009-06-30 )))))))))))))))))))))))))))))))))))
.
2009-06-30 21:10 . 2009-06-30 21:10 -------- d-----w- c:\documents and settings\Ulrik\Application Data\Malwarebytes
2009-06-30 21:10 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-30 21:10 . 2009-06-30 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-30 21:10 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-30 21:10 . 2009-06-30 21:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-29 20:53 . 2009-06-29 20:53 -------- d-----w- c:\program files\CCleaner
2009-06-29 20:14 . 2009-06-29 20:14 -------- d-----w- c:\program files\Lavasoft
2009-06-29 20:14 . 2009-06-29 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-29 20:00 . 2009-06-29 20:00 -------- d-sh--w- c:\documents and settings\Ulrik\PrivacIE
2009-06-29 19:59 . 2009-06-29 19:59 -------- d-sh--w- c:\documents and settings\Ulrik\IECompatCache
2009-06-29 19:49 . 2009-06-29 19:49 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-29 19:48 . 2009-06-29 19:48 -------- d-sh--w- c:\documents and settings\Ulrik\IETldCache
2009-06-29 19:47 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-29 19:47 . 2009-06-29 19:47 -------- d-----w- c:\windows\ie8updates
2009-06-29 19:47 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-29 19:47 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-29 19:46 . 2009-06-29 19:46 -------- dc-h--w- c:\windows\ie8
2009-06-29 18:01 . 2009-06-29 18:01 -------- d-----w- C:\ESET.Smart.Security.NOD32.Antivirus.3.0.667-DB4Ever
2009-06-29 17:58 . 2009-06-29 17:58 -------- d-----w- c:\program files\UlisesSoft
2009-06-29 17:46 . 2009-06-29 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-06-29 17:26 . 2009-06-29 17:26 -------- d-----w- c:\documents and settings\Ulrik\Local Settings\Application Data\Symantec
2009-06-29 17:24 . 2009-06-29 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-18 10:55 . 2009-06-18 10:55 -------- d-----w- c:\program files\QuickTime
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-30 21:56 . 2007-10-13 10:27 -------- d-----w- c:\program files\Steam
2009-06-29 20:14 . 2009-03-26 18:11 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-29 20:08 . 2008-04-27 16:09 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-04 13:57 . 2007-02-08 17:11 -------- d-----w- c:\program files\World of Warcraft
2009-05-13 05:15 . 2006-03-04 03:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-10 11:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 13:03 . 2009-04-21 13:03 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-17 12:26 . 2004-08-10 11:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 11:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2007-02-21 21:51 . 2007-05-19 15:45 66672 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-02-21 21:51 . 2007-05-19 15:45 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-02-21 21:51 . 2007-05-19 15:45 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-02-21 21:51 . 2007-05-19 15:45 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-02-21 21:51 . 2007-05-19 15:45 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Steam"="c:\program files\Steam\Steam.exe" [2009-06-12 1217784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-09-13 7696384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-24 136600]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.6.6337-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\julikras\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Steam\\SteamApps\\julikras123\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\davidpratt\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 NGS;Norman General Security Driver;c:\virusfighter\Nvc\Bin\ngs.sys [26-03-2009 19:09 22712]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [20-12-2008 16:39 32000]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Indhold af mappen 'Planlagte Opgaver'
2009-03-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-06-30 c:\windows\Tasks\Søg efter opdateringer til Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - TOMME GENVEJE FJERNET - - - -
Notify-NavLogon - (no file)
.
------- Yderligere scanning -------
.
uStart Page =
hxxp://www.google.dk/uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) =
hxxp://g.msn.dk/0SEDADK/SAOS01?FORM=TOOLBRIE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {9C196458-4145-46AF-8A77-1506878DFECA} -
ftp://ftp.sektornet.dk/sektornet/skolekom/fcplugin.cabFF - ProfilePath - c:\documents and settings\Ulrik\Application Data\Mozilla\Firefox\Profiles\fhtedc7d.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-06-30 23:57
Windows 5.1.2600 Service Pack 3 NTFS
scanner skjulte processer ...
scanner skjulte autostarter ...
scanner skjulte filer ...
scanning gennemført med succes
skjulte filer: 0
**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
[HKEY_USERS\S-1-5-21-1229272821-261903793-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:2f,13,60,98,d3,87,21,7d,de,9d,3d,ce,22,72,68,80,5b,ae,9b,9e,6d,9c,05,
b7,e8,d0,a9,b5,93,5d,ed,a9,12,ae,aa,7e,c2,b3,89,c1,a9,02,bb,87,f5,aa,df,b9,\
"??"=hex:c1,94,61,d8,ca,1e,17,01,b6,6b,3b,b1,8b,7b,9e,0b
.
--------------------- DLLs startet under kørende Processer ---------------------
- - - - - - - > 'explorer.exe'(1504)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Gennemført tid: 2009-06-30 23:59 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2009-06-30 21:59
Pre-Kørsel: 274.401.873.920 bytes free
Post-Kørsel: 274.656.866.304 byte ledig
181 --- E O F --- 2009-06-29 19:47
