ComboFix 10-02-20.04 - Christian 22-02-2010 17:12:25.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.1022.610 [GMT 3:00]
Kører fra: c:\documents and settings\Christian\Skrivebord\ComboFix\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Christian\Skrivebord\ComboFix\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
FILE ::
“c:\docume~1\CHRIST~1\LOKALE~1\Temp\musbehco.sys”
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.
———-\Legacy_MUSBEHCO
———-\Service_musbehco
((((((((((((((((((((((((((((( Filer skabt fra 2010-01-22 til 2010-02-22 )))))))))))))))))))))))))))))))))))
.
2010-02-09 13:04 . 2010-02-09 13:04 ———— d——-w- c:\documents and settings\Christian\Application Data\Malwarebytes
2010-02-09 13:04 . 2010-01-07 13:07 38224 ——a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-09 13:04 . 2010-02-09 13:04 ———— d——-w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-09 13:04 . 2010-01-07 13:07 19160 ——a-w- c:\windows\system32\drivers\mbam.sys
2010-02-09 13:04 . 2010-02-09 13:04 ———— d——-w- c:\programmer\Malwarebytes’ Anti-Malware
2010-02-07 15:31 . 2010-01-27 08:49 2066200 ——a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2010-01-29 17:43 . 2009-11-21 15:58 471552 ———w- c:\windows\system32\dllcache\aclayers.dll
2010-01-27 09:43 . 2010-01-27 09:43 ———— d——-w- c:\documents and settings\Christian\Application Data\Hardcore
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-09 12:56 . 2009-08-09 12:25 4580 ——a-w- c:\documents and settings\Christian\Application Data\wklnhst.dat
2010-02-08 19:11 . 2009-07-23 14:40 ———— d——-w- c:\documents and settings\Christian\Application Data\Skype
2010-02-08 18:05 . 2009-07-23 14:41 ———— d——-w- c:\documents and settings\Christian\Application Data\skypePM
2010-01-04 12:26 . 2009-11-07 07:43 ———— d——-w- c:\documents and settings\Christian\Application Data\gtk-2.0
2009-12-22 05:09 . 2004-08-27 08:00 668672 ———w- c:\windows\system32\wininet.dll
2009-12-22 05:09 . 2004-08-27 08:00 81920 ——a-w- c:\windows\system32\ieencode.dll
2009-12-10 16:54 . 2004-09-17 10:37 62862 ——a-w- c:\windows\system32\perfc006.dat
2009-12-10 16:54 . 2004-09-17 10:37 395314 ——a-w- c:\windows\system32\perfh006.dat
2009-11-30 14:51 . 2009-11-28 17:44 152576 ——a-w- c:\documents and settings\Christian\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-30 14:45 . 2009-11-28 17:43 79488 ——a-w- c:\documents and settings\Christian\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2006-07-14 04:05 . 2009-01-12 10:02 22 —sha-w- c:\windows\SMINST\HPCD.SYS
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ATIPTA”=“c:\programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-11-10 344064]
“SunJavaUpdateSched”=“c:\programmer\Java\jre1.5.0_06\bin\jusched.exe” [2005-11-10 36975]
“HP Software Update”=“c:\programmer\Hp\HP Software Update\HPWuSchd2.exe” [2005-02-16 49152]
“SynTPEnh”=“c:\programmer\Synaptics\SynTP\SynTPEnh.exe” [2005-06-19 729178]
“QPService”=“c:\programmer\HP\QuickPlay\QPService.exe” [2005-12-12 94208]
“eabconfg.cpl”=“c:\programmer\HPQ\Quick Launch Buttons\EabServr.exe” [2005-12-07 409600]
“Cpqset”=“c:\programmer\HPQ\Default Settings\cpqset.exe” [2005-08-01 233534]
“RecGuard”=“c:\windows\SMINST\RecGuard.exe” [2005-10-11 1187840]
“hpWirelessAssistant”=“c:\programmer\hpq\HP Wireless Assistant\HP Wireless Assistant.exe” [2005-12-13 507904]
“AVG8_TRAY”=“c:\progra~1\AVG\AVG8\avgtray.exe” [2009-12-15 2043160]
“WinampAgent”=“c:\programmer\Winamp\winampa.exe” [2008-08-03 36352]
“Adobe Reader Speed Launcher”=“c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2009-02-27 35696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]
c:\documents and settings\All Users\Menuen Start\Programmer\Start\
HP Photosmart Premier Hurtig start.lnk - c:\programmer\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-08 13:43 11952 ——a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\system32\\sessmgr.exe”=
“c:\\Programmer\\AVG\\AVG8\\avgemc.exe”=
“c:\\Programmer\\AVG\\AVG8\\avgupd.exe”=
“c:\\Programmer\\AVG\\AVG8\\avgnsx.exe”=
“c:\\Programmer\\Messenger\\msmsgs.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\Programmer\\Mozilla Firefox\\firefox.exe”=
“c:\\Programmer\\Skype\\Phone\\Skype.exe”=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [23-07-2009 22:15 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [23-07-2009 22:15 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [25-04-2009 13:31 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [25-04-2009 13:31 297752]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [22-08-2005 12:06 231424]
.
.
———- Yderligere scanning———-
.
uStart Page = hxxp://www.hp.com
IE: &Google; Search - c:\programmer\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate; English Word - c:\programmer\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\programmer\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\programmer\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\programmer\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\programmer\Google\GoogleToolbar1.dll/cmtrans.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-22 17:19
Windows 5.1.2600 Service Pack 3 NTFS
scanner skjulte processer ...
scanner skjulte autostarter ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmer\HPQ\Default Settings\cpqset.exe???????????????n??|?????? ???B????????? ???hLC????????
scanner skjulte filer ...
scanning gennemført med succes
skjulte filer: 0
**************************************************************************
.
——————————- LÅSTE REGISTRERINGS NØGLER——————————-
[HKEY_USERS\S-1-5-21-2143723599-425648659-2600594845-1006\Software\SecuROM\License information*]
“datasecu”=hex:9f,c2,17,92,d2,bc,7b,32,fb,13,7e,c3,95,c9,66,8c,ad,86,98,7e,f2,
12,3d,be,34,cf,12,6d,68,2c,ee,25,67,5b,3a,1a,d1,1c,41,19,1a,25,bf,b7,55,13,\
“rkeysecu”=hex:97,2a,0b,91,b1,a7,73,f6,ed,f6,bd,b3,1b,7a,4a,fb
.
——————————- DLLs startet under kørende Processer——————————-
- - - - - - - > ‘winlogon.exe’(856)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > ‘explorer.exe’(3396)
c:\progra~1\WINDOW~1\wmpband.dll
.
————————————Andre kørende processer————————————
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmer\Fælles filer\LightScribe\LSSrvc.exe
c:\programmer\Hewlett-Packard\Shared\hpqwmiex.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\programmer\AVG\AVG8\avgcsrvx.exe
c:\programmer\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msiexec.exe
c:\progra~1\hpq\Shared\HPQTOA~1.EXE
.
**************************************************************************
.
Gennemført tid: 2010-02-22 17:22:35 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2010-02-22 14:22
ComboFix2.txt 2010-02-21 12:58
Pre-Kørsel: 10.398.285.824 byte ledig
Post-Kørsel: 10.320.211.968 byte ledig
- - End Of File - - 18A5BD1456EC679A05C218CE702FC844
