ComboFix 09-08-10.06 - Administrator 17-08-2009 10:05.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.256.86 [GMT 2:00]
Kører fra: c:\documents and settings\Administrator\Dokumenter\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Administrator\Dokumenter\CFScript.txt
AV: Stofa SafeSurf 8.00 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Stofa SafeSurf 8.00 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_JHQXSQC
((((((((((((((((((((((((((((( Filer skabt fra 2009-07-17 til 2009-08-17 )))))))))))))))))))))))))))))))))))
.
2009-08-16 07:58 . 2009-05-04 08:46 2835656 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\speedupmypc2009.exe
2009-08-16 07:57 . 2009-04-29 09:45 771368 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\9966075F\B74607BA\UBSysMan.dll
2009-08-16 07:57 . 2009-04-29 09:45 845128 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\58D97068\B74607BA\System.Data.SQLite.dll
2009-08-16 07:57 . 2009-04-29 09:45 395048 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\C77843B\B74607BA\SUMPBackend.dll
2009-08-16 07:57 . 2009-04-29 09:45 236840 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\683B013A\B74607BA\PowerSuiteBackendUtils.dll
2009-08-16 07:57 . 2009-04-29 09:45 519168 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\78B94F67\B74607BA\IsLicense40.dll
2009-08-16 07:57 . 2009-04-29 09:45 345008 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\4BF757A\B74607BA\IsLicense30.dll
2009-08-16 07:57 . 2009-04-29 09:45 54608 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\D720648F\B74607BA\Interop.IWshRuntimeLibrary.dll
2009-08-16 07:57 . 2009-04-29 09:45 197968 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\6A0591D6\B74607BA\ICSharpCode.SharpZipLib.dll
2009-08-16 07:57 . 2009-04-29 09:45 474408 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\62A3297F\B74607BA\AvalonCommon.dll
2009-08-16 07:57 . 2009-04-29 09:45 1250600 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\B430549D\B74607BA\SUMP.exe
2009-08-16 07:57 . 2009-04-29 09:45 614696 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\7AEFAE8C\B74607BA\Launcher.exe
2009-08-14 09:36 . 2009-08-14 09:36 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-08-13 11:06 . 2009-08-13 11:06 -------- d-----w- c:\programmer\CCleaner
2009-08-13 10:58 . 2009-08-13 10:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-08-13 10:57 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-13 10:57 . 2009-08-13 10:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-13 10:57 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-13 10:57 . 2009-08-13 10:58 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware
2009-08-13 08:30 . 2009-08-13 08:30 86528 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{36FE657A-F88B-4CB6-AAD3-34E3FB6F3AD9}\MsiIcon.exe
2009-08-13 08:27 . 2009-08-13 08:28 -------- d-----w- c:\programmer\CourseLab 2.4
2009-08-11 23:05 . 2009-08-11 23:05 -------- d-sh--w- c:\windows\system32\%USERPROFILE%
2009-08-11 20:12 . 2009-08-11 20:12 -------- d-----w- c:\programmer\Java
2009-08-11 20:11 . 2009-08-11 20:11 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-11 18:42 . 2009-08-11 18:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\F-Secure
2009-08-11 18:31 . 2009-08-11 18:31 -------- d-----w- c:\documents and settings\NetworkService\Lokale indstillinger\Application Data\F-Secure
2009-08-11 18:30 . 2008-09-23 13:35 79904 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2009-08-11 18:28 . 2009-08-15 10:33 -------- d-----w- c:\programmer\StofaSafeSurf
2009-08-11 18:13 . 2001-12-31 23:29 262144 ----a-w- c:\programmer\Uninstall Spy Blocker.dll
2009-08-11 18:10 . 2009-08-11 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg
2009-08-11 18:05 . 2009-08-11 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\f-secure
2009-08-10 15:14 . 2009-08-10 15:14 -------- d-----w- c:\programmer\Fælles filer\Adobe
2009-08-10 15:00 . 2009-08-10 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-10 15:00 . 2009-08-10 16:23 -------- d-----w- c:\programmer\NOS
2009-08-04 07:57 . 2009-08-16 07:58 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}
2009-08-03 18:50 . 2009-08-03 18:50 -------- d-----w- c:\programmer\JRE
2009-07-28 08:38 . 2004-06-10 14:34 53693 ----a-r- c:\windows\UNDPX2A.sys
2009-07-28 08:38 . 2004-06-10 14:31 135168 ----a-r- c:\windows\UNDPX2A.exe
2009-07-28 08:38 . 2004-06-09 23:42 15429 ----a-r- c:\windows\system32\drivers\Sacm2A.sys
2009-07-20 16:21 . 2009-07-22 09:14 -------- d-----w- c:\programmer\PhotoScape
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-16 13:00 . 2002-01-01 03:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\VoipBuster
2009-08-16 09:14 . 2009-05-07 04:54 1 ----a-w- c:\documents and settings\Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-08-16 08:22 . 2009-01-13 13:58 656360 ----a-w- c:\documents and settings\LocalService\Lokale indstillinger\Application Data\FontCache3.0.0.0.dat
2009-08-16 08:10 . 2008-04-26 09:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2009-08-16 07:24 . 2008-11-30 12:31 -------- d-----w- c:\programmer\Teach2000
2009-08-16 07:22 . 2008-12-02 14:46 -------- d-----w- c:\programmer\Teaching Templates Quiz Maker
2009-08-16 07:21 . 2001-12-31 23:01 71872 -c--a-w- c:\documents and settings\Administrator\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-08-16 07:14 . 2008-04-26 09:13 -------- d-----w- c:\programmer\Quiz
2009-08-16 07:04 . 2008-10-13 19:15 -------- d-----w- c:\programmer\ConTEXT
2009-08-11 20:12 . 2008-11-24 13:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-11 18:30 . 2002-09-16 11:00 531770 -c--a-w- c:\windows\system32\perfh006.dat
2009-08-11 18:30 . 2002-09-16 11:00 111130 -c--a-w- c:\windows\system32\perfc006.dat
2009-08-11 17:51 . 2008-05-16 16:52 -------- d-----w- c:\programmer\PeerGuardian2
2009-08-11 17:49 . 2008-05-21 04:46 -------- d-----w- c:\programmer\Lavasoft
2009-08-04 11:33 . 2008-06-19 14:29 17987 -c--a-w- c:\programmer\gpl-2.0.txt
2009-08-04 10:26 . 2008-05-21 05:02 -------- d-----w- c:\programmer\Spybot - Search & Destroy
2009-08-04 10:26 . 2008-05-21 05:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-03 18:49 . 2009-05-07 04:49 -------- d-----w- c:\programmer\OpenOffice.org 3
2009-07-04 20:41 . 2009-06-16 04:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\dvdcss
2008-04-29 06:37 . 2007-09-30 13:05 73 -c--a-w- c:\programmer\readme.txt
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\programmer\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"F-Secure Manager"="c:\programmer\StofaSafeSurf\Common\FSM32.EXE" [2008-09-23 182936]
"F-Secure TNB"="c:\programmer\StofaSafeSurf\FSGUI\TNBUtil.exe" [2008-09-23 957024]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2009-08-11 149280]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menuen Start^Programmer^Start^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Administrator\Menuen Start\Programmer\Start\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menuen Start^Programmer^Start^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Administrator\Menuen Start\Programmer\Start\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Bluetooth Manager.lnk]
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^BTTray.lnk]
backup=c:\windows\pss\BTTray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"PSI_SVC_2"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"idsvc"=3 (0x3)
"LexBceS"=2 (0x2)
"WSearch"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"aawservice"=2 (0x2)
"TOSHIBA Bluetooth Service"=2 (0x2)
"Apache2.2"=2 (0x2)
"BthServ"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programmer\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Programmer\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\uTorrent\\uTorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2556:TCP"= 2556:TCP:tqosdey
R4 Apache2.2;Apache2.2;c:\documents and settings\Administrator\Dokumenter\Downloads\MoodleWindowsInstaller-latest-19\server\apache\bin\apache.exe [x]
R4 F-Secure Filter;F-Secure File System Filter;c:\programmer\StofaSafeSurf\Anti-Virus\Win2K\FSfilter.sys [2008-09-23 39776]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\programmer\StofaSafeSurf\Anti-Virus\Win2K\FSrec.sys [2008-09-23 25184]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\programmer\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\programmer\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2009-08-14 33920]
S0 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2008-09-23 79904]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\programmer\StofaSafeSurf\HIPS\drivers\fshs.sys [2008-09-23 66720]
S1 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\programmer\StofaSafeSurf\Anti-Virus\minifilter\fsgk.sys [2009-08-14 99960]
S3 FSORSPClient;F-Secure ORSP Client;c:\programmer\StofaSafeSurf\ORSP Client\fsorsp.exe [2008-09-23 55904]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\Drivers\LCcFltr.Sys [2003-12-11 14092]
.
Indhold af mappen 'Planlagte Opgaver'
2009-08-16 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
2009-08-17 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
.
------- Yderligere scanning -------
.
uStart Page =
hxxp://www.google.dk/IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D}
LSP: c:\programmer\StofaSafeSurf\FSPS\program\fslsp.dll
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\programmer\CoreFTP\pftpns.dll
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} -
hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/digitalsignatur-csp.exeDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-08-17 10:25
Windows 5.1.2600 Service Pack 3 NTFS
scanner skjulte processer ...
scanner skjulte autostarter ...
scanner skjulte filer ...
scanning gennemført med succes
skjulte filer: 0
**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
[HKEY_USERS\S-1-5-21-484763869-920026266-682003330-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6178FCE1-B4ED-1D31-806F-6A3C93D4A270}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"gaciopjchhdbkj"=hex:61,69,70,6b,68,63,64,65,6c,64,69,6b,70,6e,63,68,66,62,6d,
65,69,64,6f,6d,6e,64,6e,65,67,66,69,6d,6d,62,65,6e,6a,62,6f,61,6f,68,63,64,\
.
--------------------- DLLs startet under kørende Processer ---------------------
- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3544)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\programmer\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\CTSVCCDA.EXE
c:\programmer\StofaSafeSurf\Anti-Virus\fsgk32st.exe
c:\programmer\StofaSafeSurf\Common\FSMA32.EXE
c:\programmer\StofaSafeSurf\Common\FSMB32.EXE
c:\programmer\StofaSafeSurf\Common\FCH32.EXE
c:\programmer\StofaSafeSurf\Anti-Virus\fsqh.exe
c:\programmer\StofaSafeSurf\Common\FAMEH32.EXE
c:\programmer\StofaSafeSurf\FSPC\fspc.exe
c:\windows\system32\locator.exe
c:\programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\CTxfispi.exe
c:\programmer\StofaSafeSurf\FSGUI\fsguidll.exe
c:\programmer\StofaSafeSurf\FWES\program\fsdfwd.exe
c:\windows\system32\wscntfy.exe
c:\programmer\StofaSafeSurf\FSAUA\program\fsaua.exe
c:\programmer\StofaSafeSurf\FSAUA\program\fsus.exe
c:\programmer\StofaSafeSurf\Anti-Virus\fsav32.exe
c:\programmer\StofaSafeSurf\Anti-Virus\fsgk32.exe
c:\programmer\StofaSafeSurf\Anti-Virus\fssm32.exe
.
**************************************************************************
.
Gennemført tid: 2009-08-17 11:12 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2009-08-17 09:12
Pre-Kørsel: 4.541.132.800 byte ledig
Post-Kørsel: 4.292.714.496 byte ledig
221 --- E O F --- 2009-03-16 15:03