ComboFix 08-12-01.01 - Kristina Kjeldgaard 2008-12-02 18:08:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1030.18.219 [GMT 1:00]
Kører fra: d:\vir\ComboFix.exe
* Dannede nyt systemgendannelsespunkt
[COLOR=RED][B]advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\F3A81E55.exe
c:\documents and settings\Kristina Kjeldgaard\Kristina Kjeldgaard.exe
c:\windows\system32\WinCtrl32.dll
C:\xcrashdump.dat
.
((((((((((((((((((((((((((((( Filer skabt fra 2008-11-02 til 2008-12-02 )))))))))))))))))))))))))))))))))))
.
2008-12-21 18:08 . 2008-12-21 18:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-12-20 19:34 . 2008-12-20 19:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\HPSSUPPLY
2008-12-20 19:33 . 2008-12-20 19:34 <DIR> d-------- c:\programmer\HP
2008-12-20 19:33 . 2007-09-10 15:12 253,952 --a------ c:\windows\system32\HP1006LM.DLL
2008-12-20 19:33 . 2007-08-23 10:34 65,536 --a------ c:\windows\system32\HPPLVS.dll
2008-12-20 19:32 . 2008-12-20 19:33 <DIR> d--h----- c:\programmer\Avago-HP
2008-12-20 19:31 . 2008-12-20 19:31 <DIR> d--hs---- c:\windows\ftpcache
2008-12-19 21:22 . 2008-12-19 21:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2008-12-19 21:17 . 2008-12-01 20:26 <DIR> d-------- c:\programmer\SUPERAntiSpyware
2008-12-19 21:17 . 2008-12-19 21:17 <DIR> d-------- c:\documents and settings\Kristina Kjeldgaard\Application Data\SUPERAntiSpyware.com
2008-12-19 21:17 . 2008-12-19 21:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-19 21:16 . 2008-12-19 21:16 <DIR> d-------- c:\programmer\Fælles filer\Wise Installation Wizard
2008-12-19 21:14 . 2008-12-19 21:14 <DIR> d-------- c:\programmer\Alwil Software
2008-12-19 21:14 . 2003-03-18 22:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2008-12-19 20:13 . 2008-12-02 16:48 <DIR> d-------- c:\programmer\Malwarebytes' Anti-Malware
2008-12-19 20:13 . 2008-12-19 20:13 <DIR> d-------- c:\documents and settings\Kristina Kjeldgaard\Application Data\Malwarebytes
2008-12-19 20:13 . 2008-12-19 20:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-19 20:13 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-19 20:13 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-19 19:41 . 2008-12-19 19:41 <DIR> d-------- c:\programmer\CCleaner
2008-12-02 18:20 . 2008-12-02 18:20 4,474 --a------ c:\windows\GATHER.KM
2008-11-17 11:43 . 2008-11-17 11:43 <DIR> d-------- c:\windows\system32\da
2008-11-17 11:43 . 2008-11-17 11:43 <DIR> d-------- c:\windows\system32\bits
2008-11-17 11:43 . 2008-11-17 11:43 <DIR> d-------- c:\windows\l2schemas
2008-11-17 11:39 . 2008-11-17 11:43 <DIR> d-------- c:\windows\ServicePackFiles
2008-11-13 15:59 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-24 11:21 455,296 ------w c:\windows\system32\drivers\mrxsmb.sys
2008-09-14 00:02 194,560 ----a-w c:\windows\dior-screensaver.scr
2008-09-14 00:01 606,848 ----a-w c:\windows\flashax.exe
2008-09-14 00:01 12,288 ----a-w c:\windows\impborl.dll
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ibmmessages"="c:\programmer\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 442368]
"MsnMsgr"="c:\programmer\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"SUPERAntiSpyware"="c:\programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-01 1805552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPKMAPHELPER"="c:\programmer\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-05 897024]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2004-08-18 94208]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-12-25 208896]
"ATIPTA"="c:\programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"UC_Start"="c:\programmer\IBM\Updater\\ucstartup.exe" [2004-07-15 36864]
"UpdateManager"="c:\programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-09-02 127035]
"ibmmessages"="c:\programmer\IBM\Messages By IBM\\ibmmessages.exe" [2004-08-06 442368]
"IBMPRC"="c:\ibmtools\UTILS\ibmprc.exe" [2004-03-19 90112]
"QCWLICON"="c:\programmer\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2004-08-18 81920]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2004-07-29 110592]
"BMMLREF"="c:\programmer\ThinkPad\Utilities\BMMLREF.EXE" [2004-07-29 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2004-07-29 395776]
"SunJavaUpdateSched"="c:\programmer\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\programmer\iTunes\iTunesHelper.exe" [2007-08-15 271672]
"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"HPUsageTracking"="c:\programmer\HP\HP UT\bin\hppusg.exe" [2007-05-04 36864]
"S3TRAY2"="S3Tray2.exe" [2001-10-12 c:\windows\system32\S3Tray2.exe]
"TrackPointSrv"="tp4serv.exe" [2003-11-13 c:\windows\system32\tp4serv.exe]
"TP4EX"="tp4ex.exe" [2002-09-04 c:\windows\system32\TP4EX.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-07-13 24576]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmer\SUPERAntiSpyware\SASSEH.DLL" [2008-08-26 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-08-26 17:49 352256 c:\programmer\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2004-08-18 11:30 258048 c:\windows\system32\QConGina.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
Notification Packages REG_MULTI_SZ scecli pwdmon
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winlp83.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winnr83.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winos48.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 02:01 32768 c:\programmer\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Programmer\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Programmer\\IBM\\Updater\\ucsmb.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=
"c:\\Programmer\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\Ati2evxx.exe"=
R1 ANC;ANC;c:\windows\system32\drivers\ANC.SYS [2006-07-13 11520]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-19 78416]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.SYS [2006-07-13 2432]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\Tppwr.sys [2006-07-13 16384]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-19 20560]
R2 ibmfilter;ibmfilter;\??\c:\windows\system32\drivers\ibmfilter.sys [2004-09-24 64256]
R3 Tp4Track;IBM PS/2 TrackPoint Driver;c:\windows\system32\DRIVERS\tp4track.sys [1980-01-01 13904]
S0 Winlp83;Winlp83;c:\windows\system32\Drivers\Winlp83.sys []
S0 Winnr83;Winnr83;c:\windows\system32\Drivers\Winnr83.sys []
S0 Winos48;Winos48;c:\windows\system32\Drivers\Winos48.sys []
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.SYS [2006-07-13 12288]
.
Indhold af mappen 'Planlagte Opgaver'
2007-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
2007-03-03 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2004-07-29 09:37]
2008-12-02 c:\windows\Tasks\Søg efter opdateringer til Windows Live Toolbar.job
- c:\programmer\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - TOMME GENVEJE FJERNET - - - -
HKCU-Run-Kristina Kjeldgaard - c:\documents and settings\Kristina Kjeldgaard\Kristina Kjeldgaard.exe
HKLM-Run-{90BF8224-CD63-4081-A4C7-EF9A2CF6596F} - c:\documents and settings\All Users\Application Data\F3A81E55.exe
HKLM-Run-UC_SMB - (no file)
SafeBoot-Windh48.sys
SafeBoot-Winmq26.sys
SafeBoot-Winos15.sys
SafeBoot-Winos37.sys
SafeBoot-Winrw48.sys
SafeBoot-Winsw50.sys
SafeBoot-Winxc04.sys
.
------- Yderligere scanning -------
.
FireFox -: Profile - c:\documents and settings\Kristina Kjeldgaard\Application Data\Mozilla\Firefox\Profiles\zux8i7kd.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL -
hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FireFox -: prefs.js - STARTUP.HOMEPAGE -
hxxp://politiken.dk/.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-12-02 18:19:05
Windows 5.1.2600 Service Pack 3 NTFS
scanner skjulte processer ...
scanner skjulte autostarter ...
scanner skjulte filer ...
scanning gennemført med succes
skjulte filer: 0
**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------
- - - - - - - > 'winlogon.exe'(716)
c:\programmer\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(772)
c:\windows\system32\pwdmon.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\S24EvMon.exe
c:\programmer\Alwil Software\Avast4\aswUpdSv.exe
c:\programmer\Alwil Software\Avast4\ashServ.exe
c:\programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmer\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\windows\system32\QCONSVC.EXE
c:\windows\system32\spool\drivers\w32x86\3\HP1006MC.EXE
c:\windows\system32\ati2evxx.exe
c:\windows\system32\RegSrvc.exe
c:\windows\system32\TpKmpSvc.exe
c:\programmer\Alwil Software\Avast4\ashMaiSv.exe
c:\programmer\Alwil Software\Avast4\ashWebSv.exe
c:\programmer\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\programmer\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\programmer\Alwil Software\Avast4\ashDisp.exe
c:\programmer\iPod\bin\iPodService.exe
.
**************************************************************************
.
Gennemført tid: 2008-12-02 18:24:50 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2008-12-02 17:24:46
Pre-Kørsel: 6.264.307.712 byte ledig
Post-Kørsel: 6,572,711,936 byte ledig
204 --- E O F --- 2008-11-19 17:49:45