ComboFix 10-03-20.06 - Oem user 21-03-2010 20:36:01.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.502.201 [GMT 1:00]
Kører fra: c:\documents and settings\Oem user\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Oem user\Skrivebord\CFScript.txt.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programmer\rnamfler\radhslib.dll
c:\programmer\rnamfler\radprlib.dll
c:\windows\system32\oem1.inf
.
((((((((((((((((((((((((((((( Filer skabt fra 2010-02-21 til 2010-03-21 )))))))))))))))))))))))))))))))))))
.
2010-03-21 12:38 . 2010-03-21 12:38 ———— d——-w- C:\found.000
2010-03-18 16:42 . 2010-03-18 16:42 ———— d-sh—w- c:\documents and settings\Oem user\IECompatCache
2010-03-18 16:38 . 2010-03-18 16:38 ———— d——-w- c:\documents and settings\Oem user\Lokale indstillinger\Application Data\Threat Expert
2010-03-18 16:32 . 2010-03-18 16:32 ———— d-sh—w- c:\documents and settings\LocalService\IETldCache
2010-03-18 16:24 . 2010-03-18 16:24 ———— d——-w- c:\programmer\Defraggler
2010-03-18 16:20 . 2010-03-18 16:20 52224 ——a-w- c:\documents and settings\Oem user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-18 16:20 . 2010-03-18 16:20 117760 ——a-w- c:\documents and settings\Oem user\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-18 16:19 . 2010-03-18 16:19 ———— d——-w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-03-18 16:19 . 2010-03-18 16:19 ———— d——-w- c:\programmer\SUPERAntiSpyware
2010-03-18 16:19 . 2010-03-18 16:19 ———— d——-w- c:\documents and settings\Oem user\Application Data\SUPERAntiSpyware.com
2010-03-18 16:19 . 2010-03-18 16:19 ———— d——-w- c:\programmer\Fælles filer\Wise Installation Wizard
2010-03-18 15:20 . 2010-03-18 15:20 ———— d——-w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-03-18 15:20 . 2010-03-18 15:20 ———— d——-w- c:\documents and settings\Administrator\Lokale indstillinger\Application Data\Mozilla
2010-03-10 17:33 . 2010-03-10 17:56 ———— d——-w- c:\documents and settings\Oem user\Application Data\Voipwise
2010-03-10 08:23 . 2009-10-23 15:28 3558912 -c——w- c:\windows\system32\dllcache\moviemk.exe
2010-03-09 19:39 . 2010-03-09 19:39 ———— d-sh—w- c:\documents and settings\Oem user\PrivacIE
2010-03-09 14:18 . 2010-03-09 11:12 162640 ——a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 14:18 . 2010-03-09 11:09 23376 ——a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 14:18 . 2010-03-09 11:08 19024 ——a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 14:18 . 2010-03-09 11:12 46672 ——a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 14:18 . 2010-03-09 11:08 100432 ——a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 14:18 . 2010-03-09 11:08 94800 ——a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 14:18 . 2010-03-09 11:08 28880 ——a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-09 14:18 . 2010-03-09 11:24 153184 ——a-w- c:\windows\system32\aswBoot.exe
2010-03-09 14:18 . 2010-02-11 18:53 38848 ——a-w- c:\windows\system32\avastSS.scr
2010-03-09 14:18 . 2010-03-09 14:18 ———— d——-w- c:\programmer\Alwil Software
2010-03-09 14:18 . 2010-03-09 14:18 ———— d——-w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-09 14:04 . 2010-03-09 14:04 ———— d-sh—w- c:\documents and settings\Oem user\IETldCache
2010-03-09 13:31 . 2009-12-11 08:38 69120 -c——w- c:\windows\system32\dllcache\iecompat.dll
2010-03-09 13:30 . 2010-03-10 09:14 ———— d——-w- c:\windows\ie8updates
2010-03-09 13:28 . 2009-12-21 19:08 12800 -c——w- c:\windows\system32\dllcache\xpshims.dll
2010-03-09 13:28 . 2009-12-21 19:07 594432 -c——w- c:\windows\system32\dllcache\msfeeds.dll
2010-03-09 13:28 . 2009-12-21 19:07 55296 -c——w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-03-09 13:28 . 2009-12-21 19:07 1985536 -c——w- c:\windows\system32\dllcache\iertutil.dll
2010-03-09 13:28 . 2009-12-21 19:07 246272 -c——w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-09 13:27 . 2009-12-21 19:07 11070464 -c——w- c:\windows\system32\dllcache\ieframe.dll
2010-03-09 13:23 . 2010-03-09 13:27 ———— dc-h—w- c:\windows\ie8
2010-03-09 12:26 . 2010-03-09 12:26 ———— d——-w- c:\programmer\CCleaner
2010-03-09 11:53 . 2010-03-09 11:53 ———— d——-w- c:\programmer\AVG
2010-03-09 11:52 . 2010-03-09 11:58 ———— d——-w- c:\windows\SxsCaPendDel
2010-03-09 11:50 . 2010-03-09 11:50 ———— d——-w- c:\documents and settings\Oem user\Application Data\Malwarebytes
2010-03-09 11:50 . 2010-01-07 15:07 38224 ——a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-09 11:50 . 2010-03-09 11:50 ———— d——-w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-09 11:50 . 2010-01-07 15:07 19160 ——a-w- c:\windows\system32\drivers\mbam.sys
2010-03-09 11:50 . 2010-03-09 11:50 ———— d——-w- c:\programmer\Malwarebytes’ Anti-Malware
2010-03-05 19:05 . 2010-03-05 19:05 ———— d——-w- c:\programmer\Voipwise.com
2010-03-01 14:34 . 2010-03-02 12:06 ———— d——-w- c:\programmer\Microsoft Silverlight
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-21 19:33 . 2009-01-21 22:14 ———— d—-a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-21 19:29 . 2009-05-23 23:04 ———— d—h—r- c:\programmer\rnamfler
2010-03-18 16:25 . 2008-11-14 16:46 ———— d——-w- c:\programmer\Windows Live
2010-03-18 15:13 . 2008-11-15 20:02 ———— d——-w- c:\documents and settings\Oem user\Application Data\Paltalk
2010-03-18 15:13 . 2008-11-15 20:02 ———— d——-w- c:\programmer\Paltalk Messenger
2010-03-10 08:18 . 2006-03-02 12:00 79358 ——a-w- c:\windows\system32\perfc006.dat
2010-03-10 08:18 . 2006-03-02 12:00 450896 ——a-w- c:\windows\system32\perfh006.dat
2010-03-09 13:14 . 2009-05-24 23:22 ———— d——-w- c:\programmer\Google
2010-03-09 11:58 . 2008-11-14 16:16 ———— d——-w- c:\programmer\Fælles filer\Symantec Shared
2010-03-09 11:58 . 2008-11-14 16:18 ———— d——-w- c:\programmer\Symantec
2010-03-09 11:48 . 2008-11-14 16:18 ———— d——-w- c:\documents and settings\All Users\Application Data\Symantec
2009-12-31 16:50 . 2006-03-02 12:00 353792 ——a-w- c:\windows\system32\drivers\srv.sys
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ——a-w- c:\programmer\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ——a-w- c:\programmer\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“msnmsgr”=“c:\programmer\Windows Live\Messenger\msnmsgr.exe” [2009-07-26 3883856]
“SUPERAntiSpyware”=“c:\programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2010-02-18 2012912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Broadcom Wireless Manager UI”=“c:\windows\system32\WLTRAY.exe” [2008-10-30 1871872]
“IgfxTray”=“c:\windows\system32\igfxtray.exe” [2007-01-13 131072]
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2007-01-13 163840]
“Persistence”=“c:\windows\system32\igfxpers.exe” [2007-01-13 135168]
“avast5”=“c:\progra~1\ALWILS~1\Avast5\avastUI.exe” [2010-03-09 2769336]
“wrna3ls”=“c:\programmer\rnamfler\naomf.exe” [2006-04-01 1253448]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “c:\programmer\SUPERAntiSpyware\SASSEH.DLL” [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ——a-w- c:\programmer\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^PalTalk.lnk]
path=c:\documents and settings\All Users\Menuen Start\Programmer\Start\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38 34672 ——a-w- c:\programmer\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-08-24 10:20 88363 ——a-w- c:\windows\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Athan]
2008-08-18 02:03 1069056 ——a-w- c:\programmer\Athan\Athan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 16:05 1695232 —sh—w- c:\programmer\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:44 3883856 ——a-w- c:\programmer\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-07-27 12:48 1388544 ——a-w- c:\programmer\Analog Devices\SoundMAX\SMax4PNP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-11-28 23:01 136600 ——a-w- c:\programmer\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-11-14 16:33 185872 ——a-w- c:\programmer\Fælles filer\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
2008-11-10 11:22 9017648 ——a-w- c:\programmer\VoipBuster.com\VoipBuster\VoipBuster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Voipwise]
2010-02-16 13:16 9084720 ——a-w- c:\programmer\Voipwise.com\Voipwise\Voipwise.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wrna3ls]
2006-04-01 08:45 1253448 ——a-w- c:\programmer\rnamfler\naomf.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\system32\\sessmgr.exe”=
“c:\\Programmer\\VoipBuster.com\\VoipBuster\\VoipBuster.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\WINDOWS\\system32\\mmc.exe”=
“c:\\Programmer\\Messenger\\msmsgs.exe”=
“c:\\Programmer\\Java\\jre6\\bin\\java.exe”=
“c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Programmer\\Voipwise.com\\Voipwise\\Voipwise.exe”=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [09-03-2010 15:18 162640]
R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\sasdifsv.sys [17-02-2010 10:25 12872]
R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [17-02-2010 10:15 66632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [09-03-2010 15:18 19024]
R3 SASENUM;SASENUM;c:\programmer\SUPERAntiSpyware\SASENUM.SYS [17-02-2010 10:15 12872]
S2 Automatisk LiveUpdate-planlægning;Automatisk LiveUpdate-planlægning;“c:\programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe”—> c:\programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]
.
.
———- Yderligere scanning———-
.
uStart Page = hxxp://eu.ask.com?o=15204&l=dis
uInternet Connection Wizard,ShellNext = iexplore
IE: E&ksporter; til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: danskebank.dk
FF - ProfilePath - c:\documents and settings\Oem user\Application Data\Mozilla\Firefox\Profiles\jmk5zzzy.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.pointshop.dk/ep_startpage.asp?userid=181471&tjecksum=327373684&email=G-uniit15@hotmail.com&doAutoLogin=true
FF - prefs.js: keyword.URL -
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmer\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmer\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
——FIREFOX POLITIKKER——
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“ui.use_native_colors”, true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“ui.use_native_popup_windows”, false);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“browser.enable_click_image_resizing”, true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“accessibility.browsewithcaret_shortcut.enabled”, true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“javascript.options.mem.high_water_mark”, 32);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“javascript.options.mem.gc_frequency”, 1600);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“network.auth.force-generic-ntlm”, false);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“svg.smil.enabled”, false);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“ui.trackpoint_hack.enabled”, -1);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.debug”, false);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.agedWeight”, 2);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.bucketSize”, 1);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.maxTimeGroupings”, 25);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.timeGroupingSize”, 604800);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.boundaryWeight”, 25);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.prefixWeight”, 5);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“html5.enable”, false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox-branding.js - pref(“app.update.download.backgroundInterval”, 600);
c:\programmer\Mozilla Firefox\defaults\pref\firefox-branding.js - pref(“app.update.url.manual”, “http://www.firefox.com”);
c:\programmer\Mozilla Firefox\defaults\pref\firefox-branding.js - pref(“browser.search.param.yahoo-fr-ja”, “mozff”);
c:\programmer\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref(“browser.fixup.alternate.suffix”, “.dk”);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name”, “chrome://browser/locale/browser.properties”);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description”, “chrome://browser/locale/browser.properties”);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“xpinstall.whitelist.add”, “addons.mozilla.org”);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“xpinstall.whitelist.add.36”, “getpersonas.com”);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“lightweightThemes.update.enabled”, true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.allTabs.previews”, false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“plugins.hide_infobar_for_outdated_plugin”, false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“plugins.update.notifyUser”, false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“toolbar.customization.usesheet”, false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.taskbar.previews.enable”, false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.taskbar.previews.max”, 20);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.taskbar.previews.cachetime”, 20);
.
- - - - TOMME GENVEJE FJERNET - - - -
AddRemove-HijackThis - c:\documents and settings\Oem user\Lokale indstillinger\Temporary Internet Files\Content.IE5\7NQKVB7F\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-21 20:42
Windows 5.1.2600 Service Pack 3 NTFS
scanner skjulte processer ...
scanner skjulte autostarter ...
scanner skjulte filer ...
scanning gennemført med succes
skjulte filer: 0
**************************************************************************
.
——————————- DLLs startet under kørende Processer——————————-
- - - - - - - > ‘winlogon.exe’(688)
c:\programmer\SUPERAntiSpyware\SASWINLO.dll
c:\windows\System32\BCMLogon.dll
- - - - - - - > ‘explorer.exe’(2940)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
————————————Andre kørende processer————————————
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\programmer\Alwil Software\Avast5\AvastSvc.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\windows\system32\netdde.exe
c:\programmer\rnamfler\naofsvc.exe
c:\programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmer\Analog Devices\SoundMAX\SMAgent.exe
.
**************************************************************************
.
Gennemført tid: 2010-03-21 20:48:30 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2010-03-21 19:48
Pre-Kørsel: 86.737.395.712 byte ledig
Post-Kørsel: 86.743.957.504 byte ledig
- - End Of File - - 8A9AD29AC06BC05CF528D973A3690908
