ComboFix 09-12-21.08 - PC 23-12-2009 0:28.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.502.303 [GMT 1:00]
Kører fra: c:\documents and settings\PC\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\PC\Skrivebord\CFScript.txt.txt
AV: avast! antivirus 4.8.1368 [VPS 091222-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\PC\LOKALE~1\Temp\tmp2.tmp
c:\windows\system32\sfcfiles.dll . . . er inficeret!!
.
((((((((((((((((((((((((((((( Filer skabt fra 2009-11-22 til 2009-12-22 )))))))))))))))))))))))))))))))))))
.
2009-12-22 23:09 . 2009-12-22 23:09 -------- d-----w- c:\documents and settings\PC\Application Data\Malwarebytes
2009-12-22 23:09 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-22 23:09 . 2009-12-22 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-22 23:09 . 2009-12-22 23:09 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware
2009-12-22 23:09 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-22 22:25 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-22 22:25 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-22 22:25 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-12-22 22:25 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-22 22:25 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-12-22 22:25 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-12-22 22:25 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-22 22:25 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-22 22:24 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-22 22:24 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-12-22 22:24 . 2009-12-22 22:24 -------- d-----w- c:\programmer\Alwil Software
2009-12-22 22:20 . 2009-12-22 22:20 -------- d-----w- c:\programmer\CCleaner
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-22 23:02 . 2009-02-06 07:52 -------- d-----w- c:\programmer\Fælles filer\Panda Software
2009-12-10 15:23 . 2008-04-15 02:00 48482 ----a-w- c:\windows\system32\perfc006.dat
2009-12-10 15:23 . 2008-04-15 02:00 328232 ----a-w- c:\windows\system32\perfh006.dat
2009-10-29 07:44 . 2008-04-15 02:00 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:44 . 2008-04-15 02:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:44 . 2008-04-15 02:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 05:39 . 2008-04-15 02:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:39 . 2008-04-15 02:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-15 02:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:34 . 2008-04-15 02:00 270848 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:40 . 2008-04-15 02:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:40 . 2008-04-15 02:00 150016 ----a-w- c:\windows\system32\rastls.dll
.
(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
------- Sigcheck -------
- 2008-12-17 . 8ADD18C6AB9CF788DF7EBF08FDDC1EA7 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\programmer\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-17 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-17 126976]
"TrackPointSrv"="tp4mon.exe" [2008-04-14 82944]
"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [22-12-2009 23:25 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22-12-2009 23:25 20560]
.
------- Yderligere scanning -------
.
uStart Page =
https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fhl%3Dda%26tab%3Dwm%26ui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy&scc=1<mpl=default<mplcache=2&hl=dauInternet Connection Wizard,ShellNext = iexplore
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} -
hxxps://www.sparoj-netbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.30.cab.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-12-23 00:33
Windows 5.1.2600 Service Pack 3 NTFS
scanner skjulte processer ...
scanner skjulte autostarter ...
scanner skjulte filer ...
scanning gennemført med succes
skjulte filer: 0
**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------
- - - - - - - > 'explorer.exe'(3744)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\programmer\Alwil Software\Avast4\aswUpdSv.exe
c:\programmer\Alwil Software\Avast4\ashServ.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\windows\system32\tp4mon.exe
c:\programmer\Alwil Software\Avast4\ashMaiSv.exe
c:\programmer\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Gennemført tid: 2009-12-23 00:36:49 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2009-12-22 23:36
ComboFix2.txt 2009-12-22 22:04
Pre-Kørsel: 35.657.424.896 byte ledig
Post-Kørsel: 35.687.534.592 byte ledig
- - End Of File - - 7063678DAEEAAAAD80AE7CC3568ED53B
Her var den sidste log...
Tusind tak for hjælpen