ComboFix 09-11-04.05 - admin 05-11-2009 11:33.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.447.227 [GMT 1:00]
Kører fra: c:\documents and settings\admin\Skrivebord\Combofix\BANAN.exe
AV: TDC Sikkerhedspakke 9.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: TDC Sikkerhedspakke 9.01 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-1119135687-1334582142-4069121260-1003
c:\recycler\S-1-5-21-1644491937-152049171-1708537768-1003
.
((((((((((((((((((((((((((((( Filer skabt fra 2009-10-05 til 2009-11-05 )))))))))))))))))))))))))))))))))))
.
2009-11-04 16:13 . 2009-11-04 16:13 -------- d-----w- c:\documents and settings\admin\Application Data\Malwarebytes
2009-11-04 16:13 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-04 16:13 . 2009-11-04 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-04 16:13 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-04 16:13 . 2009-11-04 16:13 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware
2009-11-04 15:32 . 2009-11-04 15:32 -------- d-----w- c:\programmer\CCleaner
2009-11-04 13:07 . 2009-11-04 13:07 -------- d-----w- c:\documents and settings\admin\Application Data\Canneverbe_Limited
2009-11-04 13:07 . 2009-11-04 13:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2009-11-04 13:07 . 2009-09-28 19:57 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-11-04 13:07 . 2009-11-04 13:07 -------- d-----w- c:\programmer\CDBurnerXP
2009-11-03 14:14 . 2009-11-04 11:43 -------- d-----w- c:\documents and settings\admin\Application Data\f-secure
2009-11-03 11:33 . 2009-11-03 11:33 -------- d-----w- c:\documents and settings\NetworkService\Lokale indstillinger\Application Data\F-Secure
2009-11-03 11:33 . 2009-11-03 11:38 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-11-03 11:32 . 2009-08-05 15:57 80000 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2009-11-03 11:31 . 2009-11-04 10:59 -------- d-----w- c:\programmer\TDCSikkerhedspakke
2009-11-03 11:30 . 2009-11-03 11:30 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg
2009-11-03 09:54 . 2009-11-03 11:32 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-10-25 16:41 . 2009-09-11 14:19 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-10-25 16:41 . 2009-06-25 08:26 54272 ------w- c:\windows\system32\dllcache\wdigest.dll
2009-10-25 16:41 . 2009-06-25 08:26 301568 ------w- c:\windows\system32\dllcache\kerberos.dll
2009-10-25 16:41 . 2009-06-24 11:18 92928 ------w- c:\windows\system32\dllcache\ksecdd.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-03 11:32 . 2002-10-04 22:25 84908 ----a-w- c:\windows\system32\perfc006.dat
2009-11-03 11:32 . 2002-10-04 22:25 461960 ----a-w- c:\windows\system32\perfh006.dat
2009-09-11 14:19 . 2002-09-16 02:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:04 . 2002-09-16 02:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:28 . 2002-09-16 02:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:28 . 2008-09-03 13:00 78336 ------w- c:\windows\system32\ieencode.dll
2009-08-29 07:28 . 2002-09-16 02:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:02 . 2002-09-16 02:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 13:36 . 2008-09-03 13:21 29856 ----a-w- c:\documents and settings\admin\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-14 290816]
"Display Settings"="c:\programmer\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 45056]
"QT4HPOT"="c:\progra~1\HPQ\ONE-TO~1\OneTouch.EXE" [2002-10-14 98304]
"Cpqset"="c:\programmer\HPQ\Default Settings\cpqset.exe" [2002-10-23 176197]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-15 196608]
"F-Secure Manager"="c:\programmer\TDCSikkerhedspakke\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\programmer\TDCSikkerhedspakke\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2002-08-15 28672]
"CARPService"="carpserv.exe" - c:\windows\system32\carpserv.exe [2003-05-21 4608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmer\\iTunes\\iTunes.exe"=
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [03-11-2009 12:33 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [03-11-2009 12:32 80000]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\programmer\TDCSikkerhedspakke\HIPS\drivers\fshs.sys [03-11-2009 12:31 68064]
R3 ALiIRDA;ALi Infrared Device Driver;c:\windows\system32\drivers\aliirda.sys [04-01-2003 00:17 26112]
R3 CALIAUD;Conexant AMC 3D Environmental Audio;c:\windows\system32\drivers\caliaud.sys [03-01-2003 15:20 292352]
R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [03-01-2003 15:20 273536]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [04-01-2003 00:17 16512]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\programmer\TDCSikkerhedspakke\Anti-Virus\minifilter\fsgk.sys [03-11-2009 12:31 101496]
R3 FSORSPClient;F-Secure ORSP Client;c:\programmer\TDCSikkerhedspakke\ORSP Client\fsorsp.exe [03-11-2009 12:31 55928]
S2 SampleScanner;USB-Flachbettscanner;c:\windows\system32\DRIVERS\ArtecGT.sys --> c:\windows\system32\DRIVERS\ArtecGT.sys [?]
S3 LEX_NIC_SERVICE;IEEE 802.11 Wireless NIC Win2000 Driver;c:\windows\system32\drivers\Express.sys [04-01-2003 00:17 57344]
S4 F-Secure Filter;F-Secure File System Filter;c:\programmer\TDCSikkerhedspakke\Anti-Virus\win2k\fsfilter.sys [03-11-2009 12:31 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\programmer\TDCSikkerhedspakke\Anti-Virus\win2k\fsrec.sys [03-11-2009 12:31 25184]
--- Andre Services/Drivers i Hukommelsen ---
*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Indhold af mappen 'Planlagte Opgaver'
2009-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Yderligere scanning -------
.
uStart Page =
hxxp://www.google.dk/mSearch Bar =
hxxp://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=0406&s=search&ap=b204uInternet Connection Wizard,ShellNext = "c:\programmer\Outlook Express\msimn.exe"
uInternet Settings,ProxyOverride = *.local
LSP: c:\programmer\TDCSikkerhedspakke\FSPS\program\FSLSP.DLL
DPF: DirectAnimation Java Classes -
file://c:\windows\Java\classes\dajava.cabDPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cabDPF: {D8575CE3-3432-4540-88A9-85A1325D3375} -
hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-11-05 11:43
Windows 5.1.2600 Service Pack 3 NTFS
scanner skjulte processer ...
scanner skjulte autostarter ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmer\HPQ\Default Settings\cpqset.exe???????????????n??|?????? ?X#B????????? ???l|B????????
scanner skjulte filer ...
scanning gennemført med succes
skjulte filer: 0
**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------
- - - - - - - > 'lsass.exe'(708)
c:\programmer\TDCSikkerhedspakke\FSPS\program\FSLSP.DLL
- - - - - - - > 'explorer.exe'(2272)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Gennemført tid: 2009-11-05 11:46
ComboFix-quarantined-files.txt 2009-11-05 10:46
Pre-Kørsel: 43.824.623.616 byte ledig
Post-Kørsel: 44.485.771.264 byte ledig
WindowsXP-KB310994-SP2-Home-BootDisk-DAN.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn