Since a bad download yesterday I've been constantly receiving Red Alerts from Norton Antivirus about intrusion attempts by wierd urls/ips like jro1ni1l1.com, etc. The risk name is HTTPS Tidserv Request 2. The severity level is high.
I'm sorry I didn't read the warning about not running ComboFix before after I had runned it. What ComboFix discovered and removed was a rootkit and something named zango I believe. And Google Chrome is able to run again. I also got a notepad report after the scan that you might be interested in taking a look at.
Here is the report from ComboFix. The report language is in Norwegian btw. Just use google translate if you're having problems:)
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
ComboFix 10-06-22.03 - xxxxx 23.06.2010 14:49:43.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.47.1044.18.2046.1283 [GMT 2:00]
Kjører fra: c:\users\xxxxx\Desktop\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Opprettet nytt gjenopprettingspunkt
.
((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\ZangoSA
c:\programdata\ZangoSA\ZangoSA.dat
c:\programdata\ZangoSA\ZangoSA_kyf.dat
c:\programdata\ZangoSA\ZangoSAAbout.mht
c:\programdata\ZangoSA\ZangoSAau.dat
c:\programdata\ZangoSA\ZangoSAEULA.mht
c:\users\xxxxx\AppData\Roaming\inst.exe
c:\users\xxxxx\AppData\Roaming\Zango
c:\windows\system\BisonC07.dll
Infisert kopi av c:\windows\system32\drivers\nvstor.sys ble funnet og desinfisert
Gjenopprettet kopi fra - Kitty ate it :P
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2010-05-23 til 2010-06-23 )))))))))))))))))))))))))))))))))
.
2010-06-22 16:01 . 2010-06-22 16:41 -------- d-----w- c:\program files\ASCII Art Maker 1.7
2010-06-19 22:18 . 2010-06-19 22:18 -------- d-----w- c:\program files\Nucleus Kernel for FAT and NTFS Demo
2010-06-01 09:40 . 2010-06-06 11:43 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-26 19:31 . 2010-05-26 19:31 -------- d-----w- c:\program files\PFPortChecker
2010-05-26 19:23 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-23 13:01 . 2007-09-03 14:31 12 ----a-w- c:\windows\bthservsdp.dat
2010-06-23 12:55 . 2007-04-21 07:19 76478 ----a-w- c:\windows\system32\perfc014.dat
2010-06-23 12:55 . 2007-04-21 07:19 452334 ----a-w- c:\windows\system32\perfh014.dat
2010-06-23 12:22 . 2007-09-03 14:38 -------- d-----w- c:\program files\Launch Manager
2010-06-23 12:10 . 2007-09-03 14:30 32417 ----a-w- c:\users\xxxxx\AppData\Roaming\nvModes.dat
2010-06-23 06:25 . 2010-06-23 06:25 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbB8F6.tmp.exe
2010-06-22 20:13 . 2010-02-15 23:07 -------- d-----w- c:\users\xxxxx\AppData\Roaming\uTorrent
2010-06-22 18:30 . 2008-02-19 13:24 -------- d-----w- c:\program files\CCleaner
2010-06-18 19:03 . 2010-02-15 23:08 -------- d-----w- c:\program files\uTorrent
2010-06-09 18:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-09 10:47 . 2007-04-20 21:53 -------- d-----w- c:\programdata\Microsoft Help
2010-06-08 14:10 . 2007-09-04 17:26 680 ----a-w- c:\users\xxxxx\AppData\Local\d3d9caps.dat
2010-05-26 17:06 . 2010-06-09 08:31 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-09 08:31 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-15 14:28 . 2007-03-22 08:30 319984 ----a-w- c:\windows\DIFxAPI.dll
2010-05-15 14:28 . 2007-03-22 08:30 -------- d-----w- c:\program files\Realtek
2010-05-14 00:14 . 2008-01-28 17:14 72232 ----a-w- c:\users\Gjest\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-13 13:44 . 2007-09-11 18:04 -------- d-----w- c:\program files\Common Files\Java
2010-05-13 13:43 . 2007-09-11 18:05 -------- d-----w- c:\program files\Java
2010-05-06 04:01 . 2010-05-21 12:24 339504 ----a-w- c:\windows\system32\drivers\symtdiv.sys
2010-05-04 05:59 . 2010-06-09 08:31 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-09 08:31 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-09 08:31 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-09 08:31 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-09 08:31 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 05:03 . 2010-05-21 12:24 116784 ----a-w- c:\windows\system32\drivers\ironx86.sys
2010-04-27 12:45 . 2010-04-27 12:45 72856 ----a-w- c:\windows\system32\xliveinstallhost.exe
2010-04-27 12:45 . 2010-04-27 12:45 187544 ----a-w- c:\windows\system32\xliveinstall.dll
2010-04-22 03:02 . 2010-05-21 12:24 173104 ----a-w- c:\windows\system32\drivers\symefa.sys
2010-04-22 02:29 . 2010-05-21 12:24 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2010-04-22 02:29 . 2010-05-21 12:24 325680 ----a-w- c:\windows\system32\drivers\srtsp.sys
2010-04-12 15:29 . 2010-05-13 13:43 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-05 17:01 . 2010-06-09 08:31 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-04-02 15:17 . 2010-04-02 15:17 15426200 ----a-w- c:\windows\system32\xlive.dll
2010-04-02 15:17 . 2010-04-02 15:17 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2009-11-12 15:33 . 2009-11-12 15:33 294688 ----a-w- c:\program files\iTunesOutlookAddIn.dll
2009-11-12 15:33 . 2009-11-12 15:33 292640 ----a-w- c:\program files\iTunesPhotoProcessor.exe
2009-11-12 15:33 . 2009-11-12 15:33 384800 ----a-w- c:\program files\iTunesAdmin.dll
2009-11-12 15:33 . 2009-11-12 15:33 211232 ----a-w- c:\program files\iTunesHelper.dll
2009-11-12 15:33 . 2009-11-12 15:33 141600 ----a-w- c:\program files\iTunesHelper.exe
2009-11-12 15:33 . 2009-11-12 15:33 124192 ----a-w- c:\program files\iTunesMiniPlayer.dll
2009-11-12 15:33 . 2009-11-12 15:33 10358048 ----a-w- c:\program files\iTunes.exe
2009-11-12 15:33 . 2009-11-12 15:33 722160 ----a-w- c:\program files\CDDBControlApple.dll
2009-11-12 15:33 . 2009-11-12 15:33 648480 ----a-w- c:\program files\iPodUpdaterExt.dll
2009-11-12 15:33 . 2009-11-12 15:33 14769448 ----a-w- c:\program files\iTunes.dll
2009-11-12 15:33 . 2009-11-12 15:33 111912 ----a-w- c:\program files\ITDetector.ocx
2009-11-12 15:32 . 2009-11-12 15:32 59083 ----a-w- c:\program files\Acknowledgements.rtf
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-26 39408]
"Google Update"="c:\users\xxxxx\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-12-21 659456]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-01-17 151552]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 151552]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-02-06 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-06 7770112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-06 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunesHelper.exe" [2009-11-12 141600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-11 722256]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-20 124512]
"MaxtorOneTouch"="d:\maxtor\OneTouch\Utils\OneTouch.exe" [2004-12-22 823296]
"BisonInst0402"="c:\windows\BR040286.exe" [2007-05-08 53248]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-30 719664]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-4-21 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(B):e6,36,c6,bc,e6,97,ca,01
R2 gupdate;Googles oppdateringstjeneste (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 135664]
R3 GTMM Device Service;GTMM Device Service;c:\program files\Telenor\Mobilt Bredbånd\GtmmDeviceService.exe [2009-05-11 106496]
R3 GTUHSBUS;GT UHS BUS;c:\windows\system32\DRIVERS\gtuhsbus.sys [2009-02-04 63360]
R3 GTUHSNDISIPXP;GT UHS IP NDIS;c:\windows\system32\DRIVERS\gtuhs51.sys [2009-02-04 105856]
R3 GTUHSSER;GT UHS SER;c:\windows\system32\DRIVERS\gtuhsser.sys [2009-02-04 8064]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 WisINT15;WisINT15;c:\elements\1stboot\WisINT15.SYS [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-02-19 691696]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\SYMDS.SYS [2009-11-05 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{xxxxxx-xxx-xx-xx-xxxx}\NIS_17.1.0.19\Definitions\BASHDefs\20100619.001\BHDrvx86.sys [2010-05-22 691248]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{xxxxxx-xxxx-xxxx-xxxx-xxxxxx}\NIS_17.1.0.19\Definitions\IPSDefs\20100622.001\IDSvix86.sys [2010-05-28 344112]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1107000.00C\SYMTDIV.SYS [2010-05-06 339504]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe [2010-02-26 126392]
S2 SesamService;Sesam Control Service;c:\program files\Telenor\Mobilt Bredbånd\Sesam\BIN\SecMIPService.exe [2008-05-09 1216296]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-05-21 173352]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-27 102448]
S3 wtsmpadap;Sesam Virtual Adapter;c:\windows\system32\DRIVERS\wtsmpadap.sys [2008-04-29 39720]
S3 WtSmpFlt;Sesam Adapter;c:\windows\system32\DRIVERS\wtsmpflt.sys [2008-04-29 272424]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
2010-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 23:20]
2010-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 23:20]
2010-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-531375571-246743300-651663830-1000Core.job
- c:\users\xxxxx\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-20 09:03]
2010-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-531375571-246743300-651663830-1000UA.job
- c:\users\xxxxx\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-20 09:03]
.
.
------- Tilleggsskanning -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://no.intl.acer.yahoo.com
uInternet Settings,ProxyServer = 10.0.0.1:8080
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.no/0SENBNO/SAOS01?FORM=TOOLBR
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{xxxxx-xxx-xxxx-xxx-xxxxxxx} - {xxxxx-xxx-xxxx-xxx-xxxxxxx} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
.
- - - - TOMME PEKERE FJERNET - - - -
Toolbar-{xxxxx-xxx-xxxx-xxx-xxxxxxx} - (no file)
WebBrowser-{xxxxx-xxx-xxxx-xxx-xxxxxxx} - (no file)
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-23 15:06
Windows 6.0.6002 Service Pack 2 NTFS
skanner skjulte prosesser ...
skanner skjulte autostart-oppføringer ...
skanner skjulte filer ...
skanning vellykket
skjulte filer: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LÅSTE REGISTERNØKLER ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{xxxxx-xxxx-xxxx-xxxx-xxxxx}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{xxxxx-xxx-xxxx-xxx-xxxxxxx}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{xxxxx-xxx-xxxx-xxx-xxxxxxx8}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{xxxxx-xxx-xxxx-xxx-xxxxxxx}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{xxxxx-xxx-xxxx-xxx-xxxxxxx}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{xxxxx-xxx-xxxx-xxx-xxxxxxx}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{xxxxx-xxx-xxxx-xxx-xxxxxxx}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{xxxxx-xxx-xxxx-xxx-xxxxxxx}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{xxxxx-xxx-xxxx-xxx-xxxxxxx}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4xxxxx-xxx-xxxx-xxx-xxxxxxx}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{xxxxx-xxx-xxxx-xxx-xxxxxxx}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------
- - - - - - - > 'Explorer.exe'(2732)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
c:\acer\Empowering Technology\EPOWER\SysHook.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_nor.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Andre Kjørende Prosesser ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\windows\system32\DllHost.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\System32\rundll32.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\ehome\ehmsas.exe
c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Tidspunkt ferdig: 2010-06-23 15:14:34 - maskinen ble startet på nytt
ComboFix-quarantined-files.txt 2010-06-23 13:14
Pre-Run: 17 191 587 840 byte ledig
Post-Run: 17 073 840 128 byte ledig
- - End Of File - - 8DD882911C5538FEB239FE937003145F
Edited by keelhauled, 23 June 2010 - 11:46 AM.