ComboFix 10-07-19.02 - Administrator 22-07-2010 10:48:07.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.45.1030.18.3071.2266 [GMT 2:00]
Kører fra: c:\documents and settings\Administrator\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Administrator\Skrivebord\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Lokale indstillinger\Application Data\hlmajwykf
c:\documents and settings\Administrator\Lokale indstillinger\Application Data\rikwkmcpo
.
--------------- FCopy ---------------
c:\sfcfiles.dll --> c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_uavnc
((((((((((((((((((((((((((((( Filer skabt fra 2010-06-22 til 2010-07-22 )))))))))))))))))))))))))))))))))))
.
2010-07-22 08:43 . 2010-07-22 08:43 1580544 ------w- C:\sfcfiles.dll
2010-07-19 17:37 . 2010-05-06 04:01 361904 ----a-w- c:\windows\system32\drivers\symtdi.sys
2010-07-19 17:37 . 2010-04-22 03:02 173104 ----a-w- c:\windows\system32\drivers\symefa.sys
2010-07-19 17:37 . 2010-04-22 02:29 43696 ----a-w- c:\windows\system32\drivers\srtspx.sys
2010-07-19 17:37 . 2009-08-30 00:17 328752 ----a-r- c:\windows\system32\drivers\symds.sys
2010-07-19 17:37 . 2010-04-29 05:03 116784 ----a-w- c:\windows\system32\drivers\ironx86.sys
2010-07-19 17:37 . 2010-02-26 00:22 501888 ----a-w- c:\windows\system32\drivers\cchpx86.sys
2010-07-19 14:59 . 2010-07-19 14:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-07-19 14:58 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-19 14:58 . 2010-07-19 14:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-19 14:58 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-19 14:58 . 2010-07-19 14:58 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware
2010-07-19 13:20 . 2010-07-19 13:20 -------- d-----w- c:\documents and settings\LocalService\Dokumenter
2010-07-19 11:07 . 2010-07-19 11:07 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-07-19 11:07 . 2010-07-19 11:07 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-07-19 11:07 . 2010-07-19 11:12 -------- d-----w- c:\programmer\Fælles filer\Symantec Shared
2010-07-19 11:07 . 2010-07-19 11:07 -------- d-----w- c:\programmer\Symantec
2010-07-19 11:06 . 2010-07-19 19:17 -------- d-----w- c:\windows\system32\drivers\NIS
2010-07-19 11:06 . 2010-07-19 11:06 -------- d-----w- c:\programmer\Windows Sidebar
2010-07-19 11:06 . 2010-07-19 11:06 -------- d-----w- c:\programmer\Norton Internet Security
2010-07-19 11:06 . 2010-07-19 11:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-19 11:06 . 2010-07-19 11:06 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-07-19 11:06 . 2010-07-19 11:06 -------- d-----w- c:\programmer\NortonInstaller
2010-07-18 21:44 . 2010-07-18 21:44 -------- d-----w- c:\programmer\Enigma Software Group
2010-07-18 21:43 . 2010-07-19 11:19 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2010-06-25 21:43 . 2010-06-25 21:43 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-06-25 21:39 . 2010-06-25 21:44 -------- d-----w- c:\programmer\Deer Hunter Tournament
2010-06-25 20:52 . 2010-06-25 20:52 -------- d-----w- c:\programmer\Atari
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-22 08:55 . 2009-03-05 18:57 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-22 08:43 . 2006-06-05 18:19 1580544 ----a-w- c:\windows\system32\sfcfiles.dll
2010-07-21 17:37 . 2009-05-14 13:45 -------- d-----w- c:\programmer\SPAMfighter
2010-07-19 14:40 . 2010-03-31 18:39 -------- d-----w- c:\programmer\Illusion
2010-07-19 14:39 . 2010-03-08 17:59 -------- d-----w- c:\programmer\John Deere American Builder Deluxe
2010-07-19 14:37 . 2010-03-10 17:55 -------- d-----w- c:\programmer\Forklift Truck Simulator 2009
2010-07-19 14:36 . 2009-12-19 18:43 -------- d-----w- c:\programmer\Activision Value
2010-07-19 14:18 . 2010-05-25 18:24 -------- d-----w- c:\programmer\CCleaner
2010-07-19 11:17 . 2010-03-12 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-19 11:07 . 2010-07-19 11:07 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-07-19 11:07 . 2010-07-19 11:07 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-07-18 21:43 . 2010-03-09 17:45 -------- d-----w- c:\programmer\Fælles filer\Wise Installation Wizard
2010-07-15 17:27 . 2010-05-03 19:32 -------- d-----w- c:\programmer\Microsoft Silverlight
2010-06-29 21:31 . 2009-03-09 18:30 0 ----a-w- c:\documents and settings\Administrator\temp.dat
2010-06-25 20:53 . 2009-03-06 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-06-23 17:10 . 2002-09-16 11:00 83058 ----a-w- c:\windows\system32\perfc006.dat
2010-06-23 17:10 . 2002-09-16 11:00 456936 ----a-w- c:\windows\system32\perfh006.dat
2010-06-14 15:24 . 2009-03-05 18:58 95744 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
2010-06-14 14:30 . 2009-02-04 23:56 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-02 08:26 . 2004-08-26 15:49 1850880 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\programmer\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\programmer\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP ----
2010-07-19 11:19 . 2010-07-19 11:19 7069 ----a-w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP\WiseData.ini
2010-07-19 11:19 . 2010-07-19 11:19 131991 ----a-w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP\WiseCustomCalla11.dll
2010-07-19 11:19 . 2010-07-19 11:19 130755 ----a-w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP\WiseCustomCalla3.dll
2010-07-19 11:19 . 2010-07-19 11:19 130193 ----a-w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP\WiseCustomCalla4.dll
2010-07-19 11:19 . 2010-07-19 11:19 130112 ----a-w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP\WiseCustomCalla2.dll
2010-07-19 11:19 . 2010-07-19 11:19 131039 ----a-w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP\WiseCustomCalla.exe
2010-07-19 11:19 . 2010-07-19 11:19 27494 ----a-w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP\WiseCustomCall.dll
2010-07-18 21:43 . 2010-07-18 21:43 131991 ----a-w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP\WiseCustomCalla11.exe
------- Sigcheck -------
- 2010-07-22 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
- 2008-04-14 . 9C88478DFAFF22089045EE3B166C7809 . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\0a7e2be7ce3e791e393ff6250f4b2685\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DownloadAccelerator"="c:\programmer\DAP\DAP.EXE" [2009-03-05 2807296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ACU"="c:\programmer\Atheros\ACU.exe" [2007-05-03 376921]
"SPAMfighter Agent"="c:\programmer\SPAMfighter\SFAgent.exe" [2009-03-12 326792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-26 15360]
c:\documents and settings\Administrator\Menuen Start\Programmer\Start\
Adobe Gamma.lnk - c:\programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
PowerReg Scheduler V3.exe [2010-3-7 225280]
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menuen Start^Programmer^Start^MagicDisc.lnk]
path=c:\documents and settings\Administrator\Menuen Start\Programmer\Start\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04 39792 ----a-w- c:\programmer\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2004-08-26 16:53 110592 ----a-w- c:\windows\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-26 15:53 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 ----a-w- c:\programmer\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
2009-03-05 18:56 2807296 ----a-w- c:\programmer\DAP\DAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-26 17:02 1667584 ------w- c:\programmer\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-07-05 08:08 16380416 ------r- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 18:29 148888 ----a-w- c:\programmer\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-11-13 11:31 247144 ----a-w- c:\programmer\TomTom HOME 2\TomTomHOMERunner.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\BitLord\\BitLord.exe"=
"c:\\Programmer\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Programmer\\TomTom HOME 2\\xulrunner\\TomTomHOMERuntime.exe"=
"c:\\Programmer\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmer\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Programmer\\Autodesk\\Backburner\\manager.exe"=
"c:\\Programmer\\Autodesk\\Backburner\\server.exe"=
"c:\\Programmer\\Autodesk\\3ds Max 2010\\3dsmax.exe"=
"c:\\Programmer\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"c:\\Programmer\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"c:\\Documents and Settings\\Administrator\\Skrivebord\\Spil\\Valve\\hl.exe"=
"c:\\Programmer\\Counter-Strike 1.6\\hl.exe"=
"c:\\Programmer\\Atari\\Deer Hunter 2005\\DH2005.exe"=
"c:\\Programmer\\Deer Hunter Tournament\\DHT.exe"=
"c:\\Programmer\\Deer Hunter Tournament\\Updater.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10-02-2009 20:31 717296]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\symds.sys [19-07-2010 19:37 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\symefa.sys [19-07-2010 19:37 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100709.001\BHDrvx86.sys [19-07-2010 13:12 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys [19-07-2010 19:37 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [19-07-2010 19:37 116784]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\programmer\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [12-03-2009 18:36 86016]
R2 NIS;Norton Internet Security;c:\programmer\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [19-07-2010 19:36 126392]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\programmer\SPAMfighter\sfus.exe [12-03-2009 10:44 184968]
R2 TomTomHOMEService;TomTomHOMEService;c:\programmer\TomTom HOME 2\TomTomHOMEService.exe [13-11-2009 13:31 92008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programmer\Fælles filer\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [19-07-2010 13:11 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100720.001\IDSXpx86.sys [21-07-2010 10:05 331640]
S3 RenameMe;RenameMe;c:\windows\system32\RenameMe.sys [01-05-2010 20:36 8320]
.
Indhold af mappen 'Planlagte Opgaver'
2010-07-22 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-02-28 21:18]
.
.
------- Yderligere scanning -------
.
uStart Page =
hxxp://securityresponse.symantec.com/avcenter/fix_homepageIE: &Clean Traces - c:\programmer\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\programmer\DAP\dapextie.htm
IE: Download &all with DAP - c:\programmer\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: danid.dk
TCP: {2A402FDB-2814-4B8E-BEB1-104BEF3FB5DA} = 208.67.222.222,208.67.220.220
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} -
hxxps://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cabFF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cz60s7nv.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage -
hxxp://eu.ask.com?o=15458&l=disFF - prefs.js: keyword.URL -
hxxp://dk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_dk&p=FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLITIKKER ----
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programmer\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programmer\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programmer\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programmer\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "
chrome://browser/locale/browser.properties");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "
chrome://browser/locale/browser.properties");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-22 10:55
Windows 5.1.2600 Service Pack 2 NTFS
scanner skjulte processer ...
scanner skjulte autostarter ...
scanner skjulte filer ...
scanning gennemført med succes
skjulte filer: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8ADA81F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cfc3
\Driver\ACPI -> ACPI.sys @ 0xb9e67cb8
\Driver\atapi -> 0x8ada81f8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582414
ParseProcedure -> ntkrnlpa.exe @ 0x80581554
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582414
ParseProcedure -> ntkrnlpa.exe @ 0x80581554
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb9c83ba0
PacketIndicateHandler -> NDIS.sys @ 0xb9c72a0b
SendHandler -> NDIS.sys @ 0xb9c86b31
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NIS]
"ImagePath"="\"c:\programmer\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\programmer\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs startet under kørende Processer ---------------------
- - - - - - - > 'winlogon.exe'(1272)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2764)
c:\windows\system32\msi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\brss01a.exe
c:\windows\system32\acs.exe
c:\windows\system32\agrsmsvc.exe
c:\programmer\Fælles filer\Autodata Limited Shared\Service\ADCDLicSvc.exe
c:\windows\system32\crypserv.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Gennemført tid: 2010-07-22 11:00:52 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2010-07-22 09:00
ComboFix2.txt 2010-07-21 11:52
ComboFix3.txt 2010-07-20 11:52
Pre-Kørsel: 148.271.394.816 byte ledig
Post-Kørsel: 148.569.337.856 byte ledig
- - End Of File - - C8EFD9886D4C45DCB490351DF02CA544
