er min pc iorden?
Hej ville spørge om min pc er iorden her er 3 logs:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:07:21, on 11-09-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Programmer\Trend Micro\RUBotted\TMRUBotted.exe
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Programmer\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Programmer\Fælles filer\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Martin juul\Skrivebord\Spywarefri\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/ig?hl=da
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\Msdxm6.ocx
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Programmer\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] "C:\WINDOWS\Logi_MwX.Exe"
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tilføj til Anti-Banner - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: FirstClass® - {02011FE3-C22B-451d-9A25-BF4DBB38B8E7} - C:\WINDOWS\Downloaded Program Files\fcplugin.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus-statistik - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1210605985604
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197624485629
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {E1E73B44-2D20-47A9-9CA2-B534CEBBF856} (F-Secure Health Check 1.0) - http://support.f-secure.com/enu/home/onlineservices/fshc/fscax.cab
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx
O18 - Protocol: fcp - {B3133379-8789-4D3C-9593-C205D7297501} - C:\WINDOWS\Downloaded Program Files\fcplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmer\Fælles filer\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Programmer\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Programmer\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programmer\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programmer\Fælles filer\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programmer\RealVNC\VNC4\WinVNC4.exe
--
End of file - 11032 bytes
ComboFix 08-09-10.04 - Martin juul 2008-09-11 20:42:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1030.18.538 [GMT 2:00]
Running from: C:\Documents and Settings\Martin juul\Skrivebord\Spywarefri\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Martin juul\Cookies\martin_juul@www.google[1].txt
C:\WINDOWS\BM5365bbb9.txt
C:\WINDOWS\BM5365bbb9.xml
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\dlrbnefe.ini
C:\WINDOWS\system32\edcgtyby.ini
C:\WINDOWS\system32\kmd.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\mdvjkxdm.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\ovochpgu.ini
C:\WINDOWS\system32\wxayyGgh.ini
C:\WINDOWS\system32\wxayyGgh.ini2
C:\WINDOWS\system32\yhwtmxtp.ini
----- BITS: Possible infected sites -----
http://ftp.hp.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6TO4
-------\Service_6to4
((((((((((((((((((((((((( Files Created from 2008-08-11 to 2008-09-11 )))))))))))))))))))))))))))))))
.
2008-09-11 18:29 . 2008-09-11 18:29 <DIR> d-------- C:\Documents and Settings\Martin juul\Application Data\Malwarebytes
2008-09-11 18:29 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-11 18:29 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-11 18:28 . 2008-09-11 18:30 <DIR> d-------- C:\Programmer\Malwarebytes' Anti-Malware
2008-09-11 18:28 . 2008-09-11 18:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-09 16:07 . 2008-09-09 16:07 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-09-06 14:39 . 2008-09-06 14:39 <DIR> d-------- C:\Documents and Settings\Martin juul\Application Data\ValuSoft
2008-09-06 14:30 . 2008-09-06 14:30 <DIR> d-------- C:\Programmer\Prison Tycoon 4
2008-09-06 10:11 . 2008-09-06 10:11 <DIR> d-------- C:\Programmer\HyCam2
2008-09-05 21:40 . 2008-09-05 21:40 <DIR> d-------- C:\Programmer\RealVNC
2008-09-05 18:31 . 2008-09-11 20:54 <DIR> d-------- C:\Documents and Settings\Martin juul\Application Data\Hamachi
2008-09-05 18:29 . 2008-09-05 18:31 <DIR> d-------- C:\Programmer\Hamachi
2008-09-02 19:32 . 2008-09-02 19:32 <DIR> d-------- C:\Documents and Settings\Martin juul\.housecall6.6
2008-09-01 19:23 . 2008-09-01 19:23 <DIR> d-------- C:\Levende
2008-09-01 18:44 . 2006-05-15 21:00 1,805,448 --a------ C:\WINDOWS\system32\cygwin1.dll
2008-09-01 17:34 . 2008-09-01 17:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-09-01 17:34 . 2008-09-01 17:41 1,156 --ah----- C:\IPH.PH
2008-08-30 20:54 . <DIR> C:\Programmer\Fælles filer\PCSuite
2008-08-30 20:50 . 2008-08-30 20:50 <DIR> d-------- C:\Programmer\PC Connectivity Solution
2008-08-30 20:38 . 2008-08-30 20:38 <DIR> d-------- C:\Documents and Settings\Martin juul\Application Data\HP
2008-08-29 21:53 . 2008-08-29 22:54 <DIR> d-------- C:\Programmer\Adventure Maker v4.5.2
2008-08-29 21:53 . 2000-04-21 04:52 844,048 --a------ C:\WINDOWS\system32\Msdxm6.ocx
2008-08-29 21:53 . 2002-12-12 01:14 602,624 --a------ C:\WINDOWS\system32\dx7vbC.dll
2008-08-29 21:53 . 2001-06-26 20:35 131,072 --a------ C:\WINDOWS\system32\ARButton.ocx
2008-08-29 21:53 . 1999-03-29 07:34 110,595 --a------ C:\WINDOWS\system32\Msscript1.ocx
2008-08-29 21:53 . 2002-01-17 05:22 102,400 --a------ C:\WINDOWS\system32\cpvButton.ocx
2008-08-29 21:53 . 2001-04-07 17:43 65,536 --a------ C:\WINDOWS\system32\FoxCBmp3.dl
2008-08-29 21:53 . 1998-06-14 03:53 44,544 --a------ C:\WINDOWS\system32\Gif89.dll
2008-08-29 21:24 . 2008-08-29 21:24 <DIR> d-------- C:\ubuntu-backup
2008-08-24 18:40 . 2008-08-24 18:41 <DIR> d-------- C:\PSP
2008-08-24 17:59 . 2008-08-24 17:59 <DIR> d-------- C:\Programmer\PiMPWare
2008-08-24 17:22 . 2008-08-24 17:43 <DIR> d-------- C:\Programmer\XCom Media Server
2008-08-24 16:30 . 2008-08-24 16:30 <DIR> d-------- C:\Programmer\TVersity
2008-08-24 12:06 . 2008-08-24 12:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-08-24 11:49 . 2008-08-24 11:49 <DIR> d-------- C:\Programmer\Messenger Plus! Live
2008-08-24 10:10 . 2008-08-24 10:10 164 --a------ C:\install.dat
2008-08-23 17:14 . 2008-08-23 17:14 <DIR> d-------- C:\Programmer\TVUPlayer
2008-08-23 15:33 . 2008-08-23 15:33 <DIR> d-------- C:\Programmer\Techland
2008-08-22 14:15 . 2008-08-22 14:15 <DIR> d-------- C:\Programmer\Paint.NET
2008-08-16 16:02 . 2008-08-31 10:29 <DIR> d-------- C:\Documents and Settings\Martin juul\Application Data\VMware
2008-08-16 15:54 . 2008-09-11 20:51 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\VMware
2008-08-16 15:51 . 2008-05-16 00:51 150,064 --a------ C:\WINDOWS\system32\vmnat.exe
2008-08-16 15:51 . 2008-05-16 00:51 121,392 --a------ C:\WINDOWS\system32\vmnetdhcp.exe
2008-08-16 15:51 . 2008-05-16 00:52 25,136 --a------ C:\WINDOWS\system32\drivers\vmnetuserif.sys
2008-08-16 15:51 . 2008-05-16 00:51 16,816 -ra------ C:\WINDOWS\system32\drivers\vmnetadapter.sys
2008-08-16 15:51 . 2008-05-16 00:51 13,104 -ra------ C:\WINDOWS\system32\vnetinst.dll
2008-08-16 15:50 . 2008-05-16 00:51 436,784 --a------ C:\WINDOWS\system32\vnetlib.dll
2008-08-16 15:50 . 2008-05-16 00:51 50,992 -ra------ C:\WINDOWS\system32\vmnetbridge.dll
2008-08-16 15:50 . 2008-05-16 00:51 28,592 -ra------ C:\WINDOWS\system32\drivers\vmnetbridge.sys
2008-08-16 15:50 . 2008-05-16 00:51 17,712 -ra------ C:\WINDOWS\system32\drivers\vmnet.sys
2008-08-16 15:49 . 2008-05-16 00:52 20,912 --a------ C:\WINDOWS\system32\drivers\VMkbd.sys
2008-08-16 15:44 . 2008-09-11 20:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\VMware
2008-08-16 15:43 . 2008-08-16 15:43 <DIR> d-------- C:\Programmer\VMware
2008-08-16 15:43 . <DIR> C:\Programmer\Fælles filer\VMware
2008-08-16 14:13 . 2008-08-16 14:15 <DIR> d-------- C:\Programmer\RSBoost
2008-08-15 22:57 . 2008-08-16 14:16 <DIR> d-------- C:\Programmer\URUSoft
2008-08-14 21:29 . 2008-05-01 16:36 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-14 21:28 . 2008-04-11 21:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 19:23 . 2008-09-04 19:30 <DIR> d-------- C:\Programmer\Zattoo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-11 18:55 18,844,704 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-11 18:50 495,648 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-11 18:50 40,844 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-11 18:50 253,268 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-11 16:36 --------- d-----w C:\Documents and Settings\Martin juul\Application Data\uTorrent
2008-09-11 16:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-06 12:30 --------- d--h--w C:\Programmer\InstallShield Installation Information
2008-09-05 22:25 --------- d-----w C:\Programmer\Electronic Arts
2008-09-05 16:29 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-09-02 16:38 --------- d-----w C:\Documents and Settings\Martin juul\Application Data\mIRC
2008-09-02 13:42 --------- d-----w C:\Programmer\mIRC
2008-08-31 06:01 --------- d-----w C:\Documents and Settings\Martin juul\Application Data\Nokia
2008-08-30 18:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-08-30 18:53 --------- d-----w C:\Programmer\Nokia
2008-08-30 18:52 --------- d-----w C:\Programmer\Fælles filer\Nokia
2008-08-30 08:10 --------- d-----w C:\Programmer\TuneUp Utilities 2008
2008-08-22 12:00 --------- d-----w C:\Programmer\Microsoft Silverlight
2008-08-17 16:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-17 09:56 --------- d-----w C:\Programmer\Ubisoft
2008-08-17 09:55 --------- d-----w C:\Programmer\Java
2008-08-17 09:47 --------- d-----w C:\Programmer\Fælles filer\Adobe
2008-08-10 11:13 --------- d-----w C:\Documents and Settings\Martin juul\Application Data\Jane s Hotel
2008-08-09 13:10 --------- d-----w C:\Programmer\Alcohol Soft
2008-08-09 12:10 --------- d-----w C:\Programmer\Realore
2008-08-09 12:00 --------- d-----w C:\Programmer\EA GAMES
2008-08-08 12:30 --------- d-----w C:\Documents and Settings\martin\Application Data\DNA
2008-08-06 17:02 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-05 10:02 --------- d-----w C:\Programmer\Google
2008-08-03 19:35 --------- d-----w C:\Programmer\TightVNC
2008-08-02 14:00 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-08-02 13:59 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-08-02 13:42 --------- d-----w C:\Programmer\Kaspersky Lab
2008-08-02 13:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-02 08:15 --------- d-----w C:\Programmer\Spybot - Search & Destroy
2008-08-01 17:43 --------- d-----w C:\Programmer\Net Tools
2008-08-01 17:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-01 11:25 --------- d-----w C:\Programmer\Maxis
2008-08-01 07:49 --------- d-----w C:\Programmer\DivX
2008-08-01 07:44 --------- d-----w C:\Programmer\WinAVI MP4 Converter
2008-07-31 21:47 --------- d-----w C:\Programmer\Red Kawa
2008-07-31 18:10 --------- d-----w C:\Programmer\danny_kay1710
2008-07-24 18:37 92,216 ----a-w C:\WINDOWS\bass.dll
2008-07-24 18:10 --------- d-----w C:\Programmer\TeamViewer3
2008-07-24 18:10 --------- d-----w C:\Documents and Settings\Martin juul\Application Data\TeamViewer
2008-07-23 11:37 --------- d-----w C:\Programmer\VirtualDJ
2008-07-23 08:36 729,088 ----a-w C:\WINDOWS\iun6002.exe
2008-07-22 21:39 --------- d-----w C:\Programmer\AceGain
2008-07-22 21:14 --------- d-----w C:\Programmer\Cyanide
2008-07-22 20:59 --------- d-----w C:\Documents and Settings\Martin juul\Application Data\Pro Cycling Manager 2008
2008-07-22 09:06 --------- d-----w C:\Programmer\MilkShape 3D 1.8.3
2008-07-22 08:57 --------- d-----w C:\Programmer\Blender Foundation
2008-07-22 08:57 --------- d-----w C:\Documents and Settings\Martin juul\Application Data\Blender Foundation
2008-07-21 12:32 --------- d-----w C:\Programmer\Trend Micro
2008-07-21 12:32 --------- d-----w C:\Documents and Settings\Martin juul\Application Data\InstallShield
2008-07-20 17:37 --------- d-----w C:\Documents and Settings\martin\Application Data\uTorrent
2008-07-20 14:44 --------- d-----w C:\Programmer\ViStart
2008-07-20 14:44 --------- d-----w C:\Documents and Settings\Martin juul\Application Data\ViStart
2008-07-20 12:53 --------- d-----w C:\Programmer\TrojanHunter 5.0
2008-07-18 21:11 --------- d-----w C:\Documents and Settings\Martin juul\Application Data\TrojanHunter
2008-07-18 11:08 --------- d-----w C:\Documents and Settings\martin\Application Data\BitTorrent
2008-07-18 09:00 --------- d-----w C:\Programmer\STOPzilla!
2008-07-18 08:50 --------- d-----w C:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-07-17 13:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-07-17 13:47 --------- d-----w C:\Programmer\Fælles filer\Symantec Shared
2008-07-17 13:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-16 16:53 --------- d-----w C:\Documents and Settings\martin\Application Data\Thinstall
2008-07-16 15:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\SITEguard
2008-07-16 06:54 --------- d-----w C:\Documents and Settings\martin\Application Data\Symantec
2008-07-15 22:30 --------- d-----w C:\Documents and Settings\martin\Application Data\Skype
2008-07-15 22:22 --------- d-----w C:\Documents and Settings\martin\Application Data\skypePM
2008-07-15 15:29 --------- d-----w C:\Programmer\Fælles filer\iS3
2008-07-15 15:13 --------- d-----w C:\Programmer\SUPERAntiSpyware
2008-07-15 15:13 --------- d-----w C:\Programmer\Fælles filer\Wise Installation Wizard
2008-07-15 15:13 --------- d-----w C:\Documents and Settings\martin\Application Data\SUPERAntiSpyware.com
2008-07-13 15:45 --------- d-----w C:\Programmer\nLite
2008-07-13 07:29 --------- d-----w C:\Programmer\SpywareGuard
2008-07-12 19:06 --------- d-----w C:\Programmer\PDM
2008-07-12 14:56 --------- d-----w C:\Documents and Settings\martin\Application Data\TrojanHunter
2008-07-12 13:27 --------- d-----w C:\Programmer\Tall Emu
2008-07-11 21:54 --------- d-----w C:\Documents and Settings\martin\Application Data\mIRC
2008-07-11 21:35 --------- d-----w C:\Programmer\Opera
2008-07-11 20:41 --------- d-----w C:\Documents and Settings\martin\Application Data\InstallShield
2008-07-11 20:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-07-11 20:15 --------- d-----w C:\Programmer\Fælles filer\InstallShield
2008-07-11 13:30 --------- d-----w C:\Documents and Settings\martin\Application Data\ViStart
2008-07-11 12:29 --------- d-----w C:\Programmer\Stardock
2007-12-16 18:13 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="C:\Programmer\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="C:\Programmer\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"nwiz"="C:\WINDOWS\system32\nwiz.exe" [2006-10-22 1622016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480]
"Logitech Utility"="C:\WINDOWS\Logi_MwX.Exe" [2003-12-17 19968]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 86016]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\Martin juul\Menuen Start\Programmer\Start\
Hamachi.lnk - C:\Programmer\Hamachi\hamachi.exe [2008-09-05 625952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^martin^Menuen Start^Programmer^Start^game.exe]
backup=C:\WINDOWS\pss\game.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 C:\Programmer\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-06-17 16:00 1249280 C:\Programmer\Nokia\Nokia PC Suite 7\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Mechanic Popup Stopper]
--a------ 2004-03-31 11:12 417280 C:\Programmer\iolo\System Mechanic 4\PopupStopper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TMRUBottedTray]
--a------ 2007-12-19 00:18 288088 C:\Programmer\Trend Micro\RUBotted\TMRUBottedTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
--a------ 2008-05-16 00:51 55856 C:\Programmer\VMware\VMware Workstation\hqtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
--a------ 2008-05-16 00:51 72240 C:\Programmer\VMware\VMware Workstation\vmware-tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2 (0x2)
"iPod Service"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"PLFlash DeviceIoControl Service"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"WinDefend"=2 (0x2)
"szserver"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Programmer\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\uTorrent\\uTorrent.exe"=
"C:\\Documents and Settings\\Martin juul\\Programmer\\uTorrent\\uTorrent.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"C:\\Programmer\\mIRC\\mirc.exe"=
"C:\\Programmer\\DNA\\btdna.exe"=
"C:\\Programmer\\BitTorrent\\bittorrent.exe"=
"C:\\Programmer\\Opera\\opera.exe"=
"C:\\Programmer\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 45848]
R2 RUBotted;Trend Micro RUBotted Service;C:\Programmer\Trend Micro\RUBotted\TMRUBotted.exe [2007-12-19 517456]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 24344]
R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\drivers\lccfltr.sys [2004-03-03 14095]
R3 TMPassthruMP;TMPassthruMP;C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2007-11-27 35216]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Programmer\LogMeIn\x86\RaInfo.sys [ ]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;C:\WINDOWS\system32\DRIVERS\libusb0.sys [2006-04-23 29184]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 TMPassthru;Trend Micro Passthru Ndis Service;C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2007-11-27 35216]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-06-23 355584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a68cf03-aafa-11dc-96b6-0014bf72ab17}]
\Shell\AutoRun\command - F:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c29c6d0-ce3d-11dc-a9e3-0014bf72ab17}]
\Shell\AutoRun\command - G:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
BHO-{A0BB5424-7529-49A0-A15E-0CC57DF57EB6} - (no file)
Toolbar-SITEguard - (no file)
HKLM-Run-LogitechCommunicationsManager - C:\Programmer\Fælles filer\LogiShrd\LComMgr\Communications_Helper.exe
Notify-iifdedBT - (no file)
MSConfigStartUp-Acrobat Assistant 8 - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-NeroFilterCheck - C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-PC Suite Tray - C:\Programmer\Nokia\Nokia PC Suite 6\PCSuite.exe
MSConfigStartUp-Vista Rainbar - C:\Programmer\Vista Rainbar\Rainmeter.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Martin juul\Application Data\Mozilla\Firefox\Profiles\btsr45ab.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.dk
FF -: plugin - C:\Programmer\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Programmer\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Programmer\Mozilla Firefox\plugins\npbtplug.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-11 20:53:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Programmer\Fælles filer\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Fælles filer\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Programmer\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Programmer\Fælles filer\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Programmer\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\Fælles filer\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Logitech\MouseWare\system\EM_EXEC.EXE
.
**************************************************************************
.
Completion time: 2008-09-11 21:01:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-11 19:01:17
Pre-Run: 39,515,701,248 byte ledig
Post-Run: 39,625,682,944 byte ledig
338 --- E O F --- 2008-08-29 19:55:19
Malwarebytes' Anti-Malware 1.28
Database version: 1141
Windows 5.1.2600 Service Pack 3
11-09-2008 20:30:13
mbam-log-2008-09-11 (20-30-13).txt
Skan type: Fuldstændig skanning (C:\|)
Objekter skannet: 65246
Tid tilbagelagt: 1 hour(s), 44 minute(s), 18 second(s)
Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 0
Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)
Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)
Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)
Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)
Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)
Inficerede Mapper:
(Ingen mistænkelige filer fundet)
Inficerede Filer:
(Ingen mistænkelige filer fundet)
Hilsen Martin :D
