Hej igen, ja det er noget snavs jeg har fået ind, men sådan er det når ens 2 nevøer sidder og roder med ens pc :o)
Første log fil:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:55, on 05-07-2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Lars Vilandt\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D0CF1C11-4503-4114-996E-E687D4E86057} - C:\Windows\system32\urQKCVMf.dll (file missing)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [9a2aa44e] rundll32.exe "C:\Windows\system32\dmfqobmj.dll",b
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) -
https://netsupport2.tdconline.dk/sdccommon/download/tgctlar.cabO16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) -
https://netsupport2.tdconline.dk/sdccommon/download/tgctlsi.cabO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) -
http://upload.facebook.com/controls/FacebookPhotoUploader5.cabO16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) -
http://www.instantaction.com/download/iaplayer.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PCI Latency Tool Service (LtcyCfgSvc) - Unknown owner - C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SpyHunter3 Service - Enigma Software Group, Inc. - C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9935 bytes
Anden log fil:
SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 07/05/2008 at 10:29 AM
Application Version : 4.0.1154
Core Rules Database Version : 3497
Trace Rules Database Version: 1404
Scan type : Complete Scan
Total Scan Time : 00:24:06
Memory items scanned : 216
Memory threats detected : 1
Registry items scanned : 7877
Registry threats detected : 38
File items scanned : 19298
File threats detected : 97
Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\URQKCVMF.DLL
C:\WINDOWS\SYSTEM32\URQKCVMF.DLL
Trojan.Vundo-Variant/Small
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D72C2A4-9AC6-4727-A705-CEA1F0220B78}
HKCR\CLSID\{5D72C2A4-9AC6-4727-A705-CEA1F0220B78}
HKCR\CLSID\{5D72C2A4-9AC6-4727-A705-CEA1F0220B78}\InprocServer32
HKCR\CLSID\{5D72C2A4-9AC6-4727-A705-CEA1F0220B78}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\URQPJHYV.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{5D72C2A4-9AC6-4727-A705-CEA1F0220B78}
Trojan.Vundo-Variant/Small-GEN
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0CF1C11-4503-4114-996E-E687D4E86057}
HKCR\CLSID\{D0CF1C11-4503-4114-996E-E687D4E86057}
HKCR\CLSID\{D0CF1C11-4503-4114-996E-E687D4E86057}\InprocServer32
HKCR\CLSID\{D0CF1C11-4503-4114-996E-E687D4E86057}\InprocServer32#ThreadingModel
Trojan.Net-MSV/VPS-Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EC77EAFC-62D0-42B4-B2FB-64D6B18C5BDD}
HKCR\CLSID\{EC77EAFC-62D0-42B4-B2FB-64D6B18C5BDD}
HKCR\CLSID\{EC77EAFC-62D0-42B4-B2FB-64D6B18C5BDD}
HKCR\CLSID\{EC77EAFC-62D0-42B4-B2FB-64D6B18C5BDD}\InprocServer32
HKCR\CLSID\{EC77EAFC-62D0-42B4-B2FB-64D6B18C5BDD}\InprocServer32#ThreadingModel
HKCR\CLSID\{EC77EAFC-62D0-42B4-B2FB-64D6B18C5BDD}\ProgID
HKCR\CLSID\{EC77EAFC-62D0-42B4-B2FB-64D6B18C5BDD}\Programmable
HKCR\CLSID\{EC77EAFC-62D0-42B4-B2FB-64D6B18C5BDD}\TypeLib
HKCR\CLSID\{EC77EAFC-62D0-42B4-B2FB-64D6B18C5BDD}\VersionIndependentProgID
C:\WINDOWS\KGQFWELTGBN.DLL
Trojan.Unclassified/GTS
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{DFD3C411-B6E4-49E6-A4D9-88F45FE2556D}
HKCR\CLSID\{DFD3C411-B6E4-49E6-A4D9-88F45FE2556D}
HKCR\CLSID\{DFD3C411-B6E4-49E6-A4D9-88F45FE2556D}
HKCR\CLSID\{DFD3C411-B6E4-49E6-A4D9-88F45FE2556D}\InprocServer32
HKCR\CLSID\{DFD3C411-B6E4-49E6-A4D9-88F45FE2556D}\InprocServer32#ThreadingModel
HKCR\CLSID\{DFD3C411-B6E4-49E6-A4D9-88F45FE2556D}\ProgID
HKCR\CLSID\{DFD3C411-B6E4-49E6-A4D9-88F45FE2556D}\Programmable
HKCR\CLSID\{DFD3C411-B6E4-49E6-A4D9-88F45FE2556D}\TypeLib
HKCR\CLSID\{DFD3C411-B6E4-49E6-A4D9-88F45FE2556D}\VersionIndependentProgID
HKCR\nqgpedlr.1
HKCR\nqgpedlr
HKCR\TypeLib\{28EAF37D-F93D-4D40-8F70-654CC2FCBA2E}
HKCR\TypeLib\{28EAF37D-F93D-4D40-8F70-654CC2FCBA2E}\1.0
HKCR\TypeLib\{28EAF37D-F93D-4D40-8F70-654CC2FCBA2E}\1.0\0
HKCR\TypeLib\{28EAF37D-F93D-4D40-8F70-654CC2FCBA2E}\1.0\0\win32
HKCR\TypeLib\{28EAF37D-F93D-4D40-8F70-654CC2FCBA2E}\1.0\FLAGS
HKCR\TypeLib\{28EAF37D-F93D-4D40-8F70-654CC2FCBA2E}\1.0\HELPDIR
C:\WINDOWS\NQGPEDLR.DLL
Trojan.Net-MU/Gen
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#uninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#DisplayName
Trojan.AnyCracks/Gen
C:\USERS\LARS VILANDT\APPDATA\ROAMING\MICROSOFT\DTSC\5499.EXE
Adware.Tracking Cookie
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@www.googleadservices[2].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@www.googleadservices[3].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@ad.yieldmanager[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@bluestreak[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@ad.bolddk[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@revsci[2].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@www.googleadservices[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@mediaplex[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@www.fullreleases[3].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@edge.ru4[2].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@www.fullreleases[2].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@stats.gamestop[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@valueclick[2].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@adlegend[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@server.iad.liveperson[3].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@server.iad.liveperson[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@indextools[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@xiti[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@anad.tacoda[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@anat.tacoda[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@fastclick[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@overture[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@msnportal.112.2o7[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@media.adrevolver[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@usenext[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@eas.apm.emediate[2].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@serv12.bluffmedia[2].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@statse.webtrendslive[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@atdmt[2].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@208.122.40[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@searchfeed[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@wwsop2008.122.2o7[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@208.122.40[3].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@ads.tripod.lycos[2].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@edcgruppen.112.2o7[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@bs.serving-sys[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@tribalfusion[2].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@adtech[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@adfair[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@apmebf[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@crackdb[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@burstnet[2].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@adbrite[2].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@richmedia.yahoo[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@spylog[2].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@adrevolver[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@www.burstnet[2].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@serving-sys[2].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@stat.onestat[2].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@atwola[2].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@track.adform[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@ad2.doublepimp[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@warezreleases[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@adinterax[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@2o7[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@tradedoubler[2].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@clicktorrent[2].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@questionmarket[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@specificclick[2].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@imrworldwide[2].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@msnaccountservices.112.2o7[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@advertising[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@ads.revsci[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@doubleclick[2].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@telmore.112.2o7[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@e2.emediate[2].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@anheuserbusch.122.2o7[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@forum.usenext[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@yadro[2].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@ilead.itrack[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@playnetwork.112.2o7[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@crackserialkeygen[2].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@tacoda[1].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@bold.adservinginternational[2].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@ads.pointroll[2].txt
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@dynamic.media.adrevolver[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@iacas.adbureau[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@mediaplex[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@msnportal.112.2o7[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@atdmt[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@bs.serving-sys[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@adtech[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@serving-sys[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@track.adform[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@specificclick[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@advertising[2].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@doubleclick[1].txt
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\lars_vilandt@adopt.specificclick[2].txt
Adware.Vundo-Variant/J
C:\WINDOWS\AXRFGVEK.DLL
Trojan.Dropper/Gen
C:\WINDOWS\ENWA.EXE
C:\WINDOWS\MRVTDPQE.EXE
Adware.Vundo/Variant
C:\WINDOWS\OKMDEPGB.DLL
Og så den sidte Log fil:
ComboFix 08-07-04.3 - Lars Vilandt 2008-07-05 12:00:21.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1030.18.1155 [GMT 2:00]
Running from: C:\Users\Lars Vilandt\Desktop\virus\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\dtsc
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\dtsc\16096.dll
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\dtsc\17676.dll
C:\Users\Lars Vilandt\AppData\Roaming\Microsoft\dtsc\id
C:\Windows\resources\VoidSDRAM.dll
C:\Windows\System32\778670
C:\Windows\System32\778670\778670.dll
C:\Windows\system32\bitnefcr.dll
C:\WINDOWS\System32\fMVCKQru.ini
C:\WINDOWS\System32\fMVCKQru.ini2
C:\WINDOWS\System32\JkkmoUtv.ini
C:\WINDOWS\System32\JkkmoUtv.ini2
C:\Windows\system32\jmboqfmd.ini
C:\Windows\system32\oixmnqvb.ini
C:\Windows\system32\rcfentib.ini
----- BITS: Possible infected sites -----
hxxp://theinstalls.com.
((((((((((((((((((((((((( Files Created from 2008-06-05 to 2008-07-05 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-05 09:52 --------- d-----w C:\Users\Lars Vilandt\AppData\Roaming\Skype
2008-07-05 07:54 --------- d-----w C:\Users\Lars Vilandt\AppData\Roaming\SUPERAntiSpyware.com
2008-07-05 07:54 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com
2008-07-05 07:54 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-07-05 07:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-05 07:48 --------- d-----w C:\Program Files\CCleaner
2008-07-05 06:50 --------- d-----w C:\Users\Lars Vilandt\AppData\Roaming\UseNeXT
2008-07-04 20:52 89,088 ----a-w C:\Windows\System32\dmfqobmj.dll
2008-07-04 00:21 --------- d-----w C:\Program Files\Full Tilt Poker
2008-07-03 23:21 --------- d-----w C:\Users\Lars Vilandt\AppData\Roaming\Azureus
2008-07-03 22:00 --------- d-----w C:\Program Files\File Scavenger 3.2
2008-07-03 21:55 --------- d-----w C:\ProgramData\Azureus
2008-06-20 23:56 --------- d-----w C:\Users\Lars Vilandt\AppData\Roaming\CoreFTP
2008-06-20 22:54 --------- d-----w C:\Program Files\UseNeXT
2008-06-20 18:28 --------- d-----w C:\Program Files\JalbumWin
2008-06-20 17:27 --------- d-----w C:\Users\Lars Vilandt\AppData\Roaming\JAlbum
2008-06-15 07:05 --------- d-----w C:\Program Files\Panda Security
2008-06-14 05:15 42,656 ----a-w C:\Users\Lars Vilandt\AppData\Roaming\nvModes.dat
2008-06-13 22:35 --------- d-----w C:\Program Files\Red Kawa
2008-06-13 22:35 --------- d-----w C:\Program Files\AviSynth 2.5
2008-06-13 22:04 --------- d---a-w C:\ProgramData\TEMP
2008-06-13 22:03 --------- d-----w C:\Program Files\NoAdware5.0
2008-06-13 16:21 --------- d-----w C:\Program Files\Browser Hijack Recover
2008-06-13 04:22 --------- d-----w C:\Users\Lars Vilandt\AppData\Roaming\Uniblue
2008-06-12 16:28 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-06-12 16:20 102,664 ----a-w C:\Windows\system32\drivers\tmcomm.sys
2008-06-12 01:39 --------- d-----w C:\Users\Lars Vilandt\AppData\Roaming\SecondLife
2008-06-12 01:27 --------- d-----w C:\Program Files\Windows Mail
2008-06-12 00:55 --------- d-----w C:\Program Files\Enigma Software Group
2008-06-11 14:59 --------- d-----w C:\ProgramData\Lavasoft
2008-06-11 14:57 --------- d-----w C:\Program Files\Lavasoft
2008-06-10 15:42 --------- d-----w C:\Program Files\Cucusoft
2008-06-10 15:27 --------- d-----w C:\Users\Lars Vilandt\AppData\Roaming\Pavtube
2008-06-10 15:26 --------- d-----w C:\Users\Lars Vilandt\AppData\Roaming\Download Manager
2008-06-09 22:38 --------- d-----w C:\ProgramData\Microsoft Help
2008-06-09 03:23 --------- d-----w C:\Users\Lars Vilandt\AppData\Roaming\Nexon
2008-06-09 03:21 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-06-06 11:28 --------- d-----w C:\Program Files\uTorrent
2008-06-06 11:28 --------- d-----w C:\Program Files\CoreFTP
2008-06-06 10:14 --------- d-----w C:\Program Files\Alcohol Soft
2008-06-06 10:10 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-06-06 09:53 --------- d-----w C:\Program Files\DVD Decrypter
2008-06-05 21:58 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-05 14:24 --------- d-----w C:\ProgramData\FLEXnet
2008-06-05 14:15 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-05 11:02 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-06-02 09:00 --------- d-----w C:\Program Files\Support.com
2008-05-31 13:35 --------- d-----w C:\Users\Lars Vilandt\AppData\Roaming\Apple Computer
2008-05-31 10:15 --------- d-----w C:\Users\Lars Vilandt\AppData\Roaming\Thunderbird
2008-05-31 10:15 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-28 19:08 --------- d-----w C:\Users\Lars Vilandt\AppData\Roaming\cmw
2008-05-28 19:08 --------- d-----w C:\Program Files\winpwn
2008-05-24 15:28 --------- d-----w C:\ProgramData\Apple Computer
2008-05-24 15:28 --------- d-----w C:\Program Files\QuickTime
2008-05-24 15:28 --------- d-----w C:\Program Files\iTunes
2008-05-24 15:28 --------- d-----w C:\Program Files\iPod
2008-05-24 15:28 --------- d-----w C:\Program Files\Bonjour
2008-05-24 15:26 --------- d-----w C:\Program Files\Apple Software Update
2008-05-24 15:25 --------- d-----w C:\ProgramData\Apple
2008-05-24 15:25 --------- d-----w C:\Program Files\Common Files\Apple
2008-05-12 20:37 --------- d-----w C:\Users\Lars Vilandt\AppData\Roaming\ACD Systems
2008-05-12 20:36 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-05-12 20:35 --------- d-----w C:\ProgramData\ACD Systems
2008-05-12 20:35 --------- d-----w C:\Program Files\ACD Systems
2008-05-12 17:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-05-10 01:21 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-05-09 09:26 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-05-08 06:08 --------- d-----w C:\Users\Lars Vilandt\AppData\Roaming\Media Player Classic
2008-05-08 03:33 --------- d-----w C:\Program Files\PCI Latency Tool 3
2008-05-05 00:15 --------- d-----w C:\Users\Lars Vilandt\AppData\Roaming\Ahead
2008-05-03 11:11 0 ----a-w C:\Users\Lars Vilandt\AppData\Roaming\wklnhst.dat
2008-05-03 06:24 905,400 ----a-w C:\Windows\System32\winresume.exe
2008-05-03 06:24 613,888 ----a-w C:\Windows\System32\wpd_ci.dll
2008-05-03 06:24 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-05-03 06:24 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-05-03 06:24 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-05-03 06:24 229,888 ----a-w C:\Windows\System32\msshsq.dll
2008-05-03 06:24 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-05-03 06:24 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-05-03 06:24 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-05-03 04:38 174 --sha-w C:\Program Files\desktop.ini
2008-05-03 04:20 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-05-03 04:20 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-05-03 04:20 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-05-03 04:19 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-05-03 04:19 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-05-03 04:19 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-05-03 04:19 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-05-03 04:19 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-05-03 04:19 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-05-03 04:19 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-05-03 04:19 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-05-03 04:19 2,923,520 ----a-w C:\Windows\explorer.exe
2008-05-03 04:19 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-05-03 04:17 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-05-03 04:17 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-05-03 04:14 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-05-03 04:13 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-05-03 04:13 7,680 ----a-w C:\Windows\System32\spwmp.dll
.
[code]<pre>
----a-w 325,204 2006-12-21 18:56:28 C:\SwSetup\SP34746\WCAMC\FW_210_Silence Install .exe
</pre>[/code]
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-05-03 06:01 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-05-03 08:13 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29 165784]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-06-06 12:15 4608]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
"Device Detector"="DevDetect.exe" [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 08:02 815104]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 17:32 167936]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 13:39 46704]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 17:12 107112]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-11-28 06:34 134808]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-11 19:51 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-11 19:51 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-11 19:51 81920]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"9a2aa44e"="C:\Windows\system32\dmfqobmj.dll" [2008-07-04 22:52 89088]
"nwiz"="nwiz.exe" [N/A]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-05 02:42:13 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1922583515-2520021141-4155528976-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E1BAF740-5042-456C-8259-6C5B0569DC42}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{F6C6D607-4C33-4196-A33F-221CE6899A1E}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{BD189C8F-93D9-45A9-8469-4A11B0E0F58A}"= UDP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{F3381CB9-B9BE-4D2C-8B88-9529A79B29B2}"= TCP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{383FD4CA-289B-426F-B3F0-73FC3BA03F25}"= UDP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{B2370CE2-EA15-4007-A56C-2F02EAA8A7AE}"= TCP:C:\Program Files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{38AA6F68-526A-47F5-91DC-D17BA5C351AA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{53D338E2-1A2D-4C63-882C-2BD412AA0641}C:\\program files\\hp\\quickplay\\qp.exe"= UDP:C:\program files\hp\quickplay\qp.exe:HP QuickPlay
"UDP Query User{0FD8EEEC-3315-407A-8DC0-06A38F0CC9FC}C:\\program files\\hp\\quickplay\\qp.exe"= TCP:C:\program files\hp\quickplay\qp.exe:HP QuickPlay
"{DA1956D5-03A8-486C-BF43-7F13D0D6B27E}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{FB541038-6A42-4794-B65A-D3D5ADC5A575}C:\\games\\secondlife\\slvoice.exe"= UDP:C:\games\secondlife\slvoice.exe:SLVoice
"UDP Query User{9570FECE-260C-4A21-994C-405DDF8AE033}C:\\games\\secondlife\\slvoice.exe"= TCP:C:\games\secondlife\slvoice.exe:SLVoice
"{BBE019F4-D89D-42B6-B3AB-46E9E073662F}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{169B5E85-B482-450F-A33A-AC718C3F6AA7}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{47B8810E-8F09-4C14-84DB-14FB183BC328}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D9D758DF-65D1-4580-A046-23820362381D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2BBA169B-8BF7-46E1-A058-94B2A2A1BE7F}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{CDB4A5F0-DA02-4C55-9E4D-38739A65DD16}C:\\program files\\secondlifereleasecandidate\\slvoice.exe"= UDP:C:\program files\secondlifereleasecandidate\slvoice.exe:SLVoice
"UDP Query User{0823F28E-6018-4C28-834E-CC651D454CA9}C:\\program files\\secondlifereleasecandidate\\slvoice.exe"= TCP:C:\program files\secondlifereleasecandidate\slvoice.exe:SLVoice
"{ECAE64EE-E5FF-41C8-8613-3F951B4A647E}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{83BFDDD8-9797-4F29-BBF1-83DEDD4F9C80}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{DD25AE8B-678C-4DC2-B5EB-2236F1D6997F}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{FEC71FF1-2876-43C2-A772-4C070463BF7F}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{AE4BE2B3-69BC-4B1C-911A-B7B875626D28}C:\\program files\\vuze\\azureus.exe"= UDP:C:\program files\vuze\azureus.exe:Azureus
"UDP Query User{25538DB6-AA37-421E-A905-A127B54D36E6}C:\\program files\\vuze\\azureus.exe"= TCP:C:\program files\vuze\azureus.exe:Azureus
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R3 LtcyCfgWDM;PCI Latency Tool Driver Service;C:\Windows\system32\DRIVERS\LtcyCfgWDM.sys [2005-12-26 00:24]
S3 ST50220;Sonix ST50220 USB Video Camera Driver;C:\Windows\system32\Drivers\ST50220.sys [2006-11-24 17:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{961994f4-18bc-11dd-a897-806e6f6e6963}]
\shell\AutoRun\command - E:\ShelExec.exe language.htm
.
- - - - ORPHANS REMOVED - - - -
BHO-{D0CF1C11-4503-4114-996E-E687D4E86057} - C:\Windows\system32\urQKCVMf.dll
SSODL-axrfgvek-{36EDA8C6-160B-4F1E-92AA-601ED81A476D} - C:\Windows\axrfgvek.dll
SSODL-okmdepgb-{13DCEE36-4725-46DD-80C1-5712BFD9F81D} - C:\Windows\okmdepgb.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-05 12:06:27
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\Users\Lars Vilandt\AppData\Local\Temp\Cab67E6.tmp
C:\Users\Lars Vilandt\AppData\Local\Temp\Tar67E7.tmp
C:\Users\Lars Vilandt\AppData\Local\Temp\WER2AD8.tmp.hdmp
C:\Users\Lars Vilandt\AppData\Local\Temp\WER6856.tmp.mdmp
scan completed successfully
hidden files: 4
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\Windows\Explorer.exe
-> C:\Windows\system32\dmfqobmj.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\audiodg.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\PCI Latency Tool 3\LtcyCfgSvc.exe
C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\drivers\XAudio.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\WINDOWS\System32\conime.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\WerFault.exe
.
**************************************************************************
.
Completion time: 2008-07-05 12:11:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-05 10:11:22
Systemet kan ikke finde meddelelsesteksten for meddelelsesnummer 0x2379 i meddelelsesfilen for Application.
Post-Run: 61,575,626,752 byte ledig
277 --- E O F --- 2008-06-25 06:18:27