ComboFix 09-08-29.01 - Administrator 30.08.09 13:35.1.1 - NTFSx86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.1023.827 [GMT 2:00] Kjører fra: c:\documents and settings\Administrator\Skrivebord\ComboFix.exe ADVARSEL -DENNE MASKINEN HAR IKKE GJENOPPRETTINGSKONSOLLEN INSTALLERT !! . ((((((((((((((((((((((((((((((((((((((( Andre slettinger ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Installer\d3802.msp c:\windows\Installer\WinRMSrv.msi . ((((((((((((((((((((((((((( Filer Opprettet Fra 2009-07-28 til 2009-08-30 ))))))))))))))))))))))))))))))))) . 2009-08-30 10:25 . 2009-08-30 10:25 -------- d-----w- c:\documents and settings\Administrator\Programdata\Malwarebytes 2009-08-30 10:24 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-30 10:24 . 2009-08-30 10:24 -------- d-----w- c:\programfiler\Malwarebytes' Anti-Malware 2009-08-30 10:24 . 2009-08-30 10:24 -------- d-----w- c:\documents and settings\All Users\Programdata\Malwarebytes 2009-08-30 10:24 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-30 10:08 . 2009-08-30 10:08 -------- d-----w- c:\programfiler\CCleaner 2009-08-30 10:05 . 2009-08-30 10:05 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache 2009-08-30 10:05 . 2009-08-30 10:05 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2009-08-30 10:04 . 2009-08-30 10:04 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2009-08-25 21:54 . 2009-08-25 21:53 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-08-24 20:59 . 2009-07-10 13:31 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll 2009-08-03 17:20 . 2009-08-03 17:20 -------- d-----w- c:\windows\system32\wbem\Repository . (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-30 11:23 . 2006-06-03 15:53 -------- d-----w- c:\programfiler\Fellesfiler\Symantec Shared 2009-08-30 10:53 . 2008-09-10 19:44 19936 ----a-w- c:\documents and settings\Administrator\Lokale innstillinger\Programdata\GDIPFONTCACHEV1.DAT 2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:04 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 17:01 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-16 14:43 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:43 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 10:45 . 2004-08-04 12:00 76800 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:16 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:22 . 2006-06-03 15:08 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:16 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-03 19:11 . 2004-08-04 12:00 1294336 ----a-w- c:\windows\system32\quartz.dll . (((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret ))))))))))))))))))))))))))))))))))))))))))))) . . *Merk* tomme oppføringer & gyldige standardoppføringer vises ikke REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10b.exe" [2009-02-03 240544] ""="c:\programfiler\Internet Explorer\iexplore.exe" [2009-03-08 638816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\programfiler\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544] "SynTPLpr"="c:\programfiler\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492] "SynTPEnh"="c:\programfiler\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316] "ATIPTA"="c:\programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-19 339968] "Cpqset"="c:\programfiler\HPQ\Default Settings\cpqset.exe" [2005-01-14 233534] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-02 122939] "hpWirelessAssistant"="c:\programfiler\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-01-21 790528] "CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-04-13 88209] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\ BTTray.lnk - c:\programfiler\WIDCOMM\Bluetooth-programvare\BTTray.exe [2005-5-31 577597] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 2004-11-10 00:19 38912 ----a-w- c:\programfiler\HPQ\IAM\Bin\AsWlnPkg.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli AsWlnPkg [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^DVD Check.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\DVD Check.lnk backup=c:\windows\pss\DVD Check.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Hurtigstart for Adobe Reader.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Hurtigstart for Adobe Reader.lnk backup=c:\windows\pss\Hurtigstart for Adobe Reader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start-meny^Programmer^Oppstart^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programfiler\\LimeWire\\LimeWire.exe"= "c:\\Programfiler\\uTorrent\\uTorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 S2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [04.08.04 14:00 14336] S2 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"c:\programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?] S3 cxbu0wdm;CardMan 3x21;c:\windows\system32\drivers\cxbu0wdm.sys [09.02.09 20:34 84608] S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [03.05.04 18:26 80384] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance REG_MULTI_SZ ASChannel [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver) 2009-08-30 c:\windows\Tasks\User_Feed_Synchronization-{75A5F327-1C78-4E95-AB81-3E0A3F9DCFD3}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31] . - - - - TOMME PEKERE FJERNET - - - - Notify-WgaLogon - (no file) . ------- Tilleggsskanning ------- . IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 FF - ProfilePath - ---- FIREFOX POLICIES ---- c:\programfiler\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".no"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-30 13:45 Windows 5.1.2600 Service Pack 3 NTFS skanner skjulte prosesser ... skanner skjulte autostart-oppføringer ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\programfiler\HPQ\Default Settings\cpqset.exe?????????3?7?0?-??????? ?d?B?????????????hLC???????? skanner skjulte filer ... skanning vellykket skjulte filer: 0 ************************************************************************** . --------------------- LÅSTE REGISTERNØKLER --------------------- [HKEY_USERS\S-1-5-21-57989841-602609370-839522115-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f3,de,bf,4c,c3,52,c8,41,ae,b2,b7,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f3,de,bf,4c,c3,52,c8,41,ae,b2,b7,\ . --------------------- DLL'er Lastet Av Kjørende Prosesser --------------------- - - - - - - - > 'winlogon.exe'(760) c:\windows\system32\Ati2evxx.dll c:\programfiler\HPQ\IAM\Bin\AsWlnPkg.dll c:\programfiler\HPQ\IAM\Bin\TrayIcon.dll c:\programfiler\HPQ\IAM\Bin\ItMsg.dll c:\programfiler\HPQ\IAM\bin\HPBrand.dll - - - - - - - > 'lsass.exe'(816) c:\programfiler\HPQ\IAM\bin\AsWlnPkg.dll . Tidspunkt ferdig: 2009-08-30 13:47 ComboFix-quarantined-files.txt 2009-08-30 11:47 Pre-Run: 58 165 329 920 byte ledig Post-Run: 58 266 705 920 byte ledig 148 --- E O F --- 2009-08-26 14:57