Her er logfilen for den anden PC:
ComboFix 09-02-06.04 - Primby 2009-02-08 10:50:32.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1030.18.2046.1137 [GMT 1:00]
Kører fra: c:\users\Primby\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 081120-0] *On-access scanning enabled* (Updated)
* Dannede nyt systemgendannelsespunkt
.
ADS - Windows: deleted 24 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Primby\AppData\Roaming\inst.exe
c:\windows\system32\AutoRun.inf
.
((((((((((((((((((((((((((((( Filer skabt fra 2009-01-08 til 2009-02-08 )))))))))))))))))))))))))))))))))))
.
2009-02-06 18:55 . 2009-02-06 20:09 196,608 --a------ c:\windows\SPInstall.etl
2009-02-05 19:55 . 2009-02-05 19:55 <DIR> d-------- c:\users\Primby\AppData\Roaming\Malwarebytes
2009-02-05 19:55 . 2009-02-05 19:55 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-05 19:55 . 2009-02-05 19:55 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-05 19:55 . 2009-02-05 19:55 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-05 19:55 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-05 19:55 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-05 19:51 . 2009-02-05 19:51 <DIR> d-------- c:\program files\CCleaner
2009-01-28 17:41 . 2009-01-28 17:41 <DIR> d-------- c:\windows\System32\IOSUBSYS
2009-01-25 11:37 . 2009-01-25 11:37 <DIR> d-------- c:\users\All Users\Fighters
2009-01-25 11:37 . 2009-01-25 11:37 <DIR> d-------- c:\programdata\Fighters
2009-01-25 11:37 . 2009-01-25 11:38 <DIR> d-------- c:\program files\Fighters
2009-01-25 11:15 . 2009-01-25 11:15 <DIR> d--h-c--- c:\users\All Users\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-01-25 11:15 . 2009-01-25 11:15 <DIR> d--h-c--- c:\programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-01-25 11:15 . 2009-01-25 11:15 <DIR> d-------- c:\program files\Uniblue
2009-01-17 15:31 . 2009-01-17 15:31 <DIR> d-------- c:\program files\Datel
2009-01-14 19:11 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-10 12:06 . 2009-01-10 12:11 <DIR> d-------- c:\temp\pal33x5
2009-01-10 12:06 . 2009-02-04 17:44 <DIR> d-------- C:\temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-08 08:44 --------- d-----w c:\users\Primby\AppData\Roaming\OpenOffice.org2
2009-02-05 06:58 --------- d-----w c:\users\Primby\AppData\Roaming\TeraCopy
2009-01-28 16:40 --------- d-----w c:\program files\Google
2009-01-17 13:03 --------- d-----w c:\programdata\WinZip
2009-01-17 12:59 --------- d-----w c:\program files\SlySoft
2009-01-15 07:07 --------- d-----w c:\program files\Windows Mail
2009-01-14 08:22 2,100 ----a-w c:\users\Primby\AppData\Roaming\wklnhst.dat
2009-01-10 15:28 --------- d-----w c:\program files\DivX
2009-01-05 22:33 3,751,995 ----a-w c:\windows\System32\GPhotos.scr
2008-12-26 18:28 --------- d-----w c:\users\Primby\AppData\Roaming\ArcSoft
2008-12-26 18:23 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-26 18:23 --------- d-----w c:\program files\Common Files\ArcSoft
2008-12-26 18:23 --------- d-----w c:\program files\ArcSoft
2008-12-26 18:22 --------- d-----w c:\users\Primby\AppData\Roaming\SA33XX
2008-12-26 18:22 --------- d-----w c:\users\Primby\AppData\Roaming\InstallShield Installation Information
2008-12-26 18:22 --------- d-----w c:\users\Primby\AppData\Roaming\InstallShield
2008-12-26 18:22 --------- d-----w c:\program files\Philips
2008-12-26 12:26 --------- d-----w c:\program files\Common Files\Apple
2008-12-26 12:26 --------- d-----w c:\program files\Bonjour
2008-12-26 12:23 --------- d-----w c:\program files\Safari
2008-12-14 14:55 --------- d-----w c:\users\Primby\AppData\Roaming\CyberLink
2008-12-14 13:45 --------- d-----w c:\programdata\SlySoft
2008-12-14 13:04 --------- d-----w c:\program files\MagicDVDCopier
2008-12-14 11:55 47,360 ----a-w c:\users\Primby\AppData\Roaming\pcouffin.sys
2008-12-14 11:55 --------- d-----w c:\users\Primby\AppData\Roaming\Vso
2008-12-13 07:59 --------- d-----w c:\programdata\Microsoft Help
2008-12-12 10:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-12-12 10:11 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-12-11 00:33 86,016 ----a-w c:\windows\System32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\System32\dtu100.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\System32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\System32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\System32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\System32\dpu11.dll
2008-08-30 11:32 250,659 ----a-w c:\users\Primby\AppData\Roaming\mdbu.bin
2008-06-26 01:24 174 --sha-w c:\program files\desktop.ini
2007-11-10 11:05 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-11-10 11:05 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-11-10 11:05 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"Uniblue RegistryBooster 2009"="c:\program files\uniblue\registrybooster\StartRegistryBooster.exe" [2008-08-26 99624]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-26 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-22 29744]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-16 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-16 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-16 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"PhilipsSA33XXDM"="c:\program files\Philips\SA33XX\Philips Device Manager\Bin\LaunchDM.exe" [2007-08-02 40960]
"spywarefighterguard"="c:\program files\Fighters\spywarefighter\SpywarefighterUser.exe" [2008-11-18 180872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-05-07 c:\windows\SkyTel.exe]
c:\users\Primby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-03-16 393216]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Jensen AirLink 7554 Wlan Utility.lnk - c:\program files\JensenScandinavia\Jensen AirLink 7554 Wlan Utility\Installer\Win2k\AWU.exe [2007-11-10 630784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{96B0EC22-39E8-4C3E-B7ED-DB4C1FE8A89A}"= c:\program files\Home Cinema\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{18302E7B-70CB-40FC-8668-D35A38308130}"= c:\program files\Home Cinema\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{6958F648-C694-42C8-9596-EF93C7C854E7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{39BCB5D1-E7E1-4519-9D8D-8DA56A30E43E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{AC543C01-8D0A-48D1-B54B-675A1DE69C25}"= Disabled:UDP:h:\setup\HPZnui01.exe:hpznui01.exe
"{B963E224-C859-4B9F-806F-1D386E420ADD}"= Disabled:TCP:h:\setup\HPZnui01.exe:hpznui01.exe
"{728A2E18-31D5-4362-A4A7-7764CA5D0092}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{7AC82A5F-7820-4A00-BFB1-4717A6E831F0}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{2DD9E12D-293C-444B-8BAE-660E4B41E922}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{6BB32B18-0F60-494B-8D7E-E7D981A06736}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{6049B782-B394-4EA7-9AB1-B70367670E90}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{224FB7F5-D226-4DB6-9A8E-55266616C1EB}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{2924DD73-1666-42D8-B2C6-59543095D48D}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{075C65D0-ED13-46E3-89F8-E5CF82B8E4CA}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{30CE1497-26DC-46F5-948E-A3468453A757}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{69278805-727D-4659-B693-9DDE82086FA2}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{9E1171AA-2F33-46AC-817B-B21D207A9563}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{4579EBD9-DA30-4928-A273-B8E28D47DBD0}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{F855F2FD-AD79-4647-B842-D5FDC7489547}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{0EE0084E-D740-46C1-B41D-BBFD4E77A5DC}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{E55CC82E-1A81-40A8-BE63-5EB51617EF09}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{8B265520-AB5B-44F6-85EC-75AA0C6F5059}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{70CA09AB-8BE2-4AB2-8DD1-DA59CDE44762}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{01E5CFA1-1EF0-470C-96A0-3FADE6A7A3A6}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{12521B4E-E52C-4C9A-A745-1EEDA0CC63C6}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{EDA69842-7AA6-49E8-BA5C-FF0BB9EEB874}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"TCP Query User{A443CD2A-1BB3-4857-B1E2-DA8C667CA24C}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{FD768C52-D71F-4877-A536-79B43573FF9D}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{999C5AAB-FF52-4F5E-BCBA-FD3A9A5F5EE5}c:\\program files\\bang & olufsen\\beoplayer\\beoplayer.exe"= UDP:c:\program files\bang & olufsen\beoplayer\beoplayer.exe:BeoPlayer
"UDP Query User{BFCD6E8F-3112-4C9D-9412-F123122F627B}c:\\program files\\bang & olufsen\\beoplayer\\beoplayer.exe"= TCP:c:\program files\bang & olufsen\beoplayer\beoplayer.exe:BeoPlayer
"TCP Query User{EB08D9C2-303F-4B58-9F53-70D9DB4C7719}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{168D30A1-942F-4D3B-8674-DBDDD7888C43}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{B977E98F-7456-400A-9B6B-D0050A4A476E}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{7554A4E6-DFDA-4B03-A1B2-957CC72B75B2}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"{299302D9-6D82-4884-B950-310EA2560037}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{071019A7-53CD-45D6-A219-E1129229EB56}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{01ED1B74-EF42-44C9-A7B0-F694CDD20F55}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{573087E2-6EC4-4286-A553-CBBCE976B8EC}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
R0 ViBus;ViBus;c:\windows\System32\drivers\ViBus.sys [2007-06-21 16896]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\System32\drivers\ViPrt.sys [2007-06-21 52224]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-04-02 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-04-02 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2008-03-16 51792]
R2 PTK License-FIGHTERS-297811811;PTK License-FIGHTERS-297811811;c:\program files\Fighters\LicenseService.exe [2008-11-18 283272]
R2 PTK Live Update-FIGHTERS-297811811;PTK Live Update-FIGHTERS-297811811;c:\program files\Fighters\UpdateService.exe [2008-11-18 307848]
R2 PTK Scanner-FIGHTERS-297811811;PTK Scanner-FIGHTERS-297811811;c:\program files\Fighters\ScannerService.exe [2008-11-18 311944]
R2 PTK SharedAccess-FIGHTERS-297811811;PTK SharedAccess-FIGHTERS-297811811;c:\program files\Fighters\ConfigService.exe [2008-11-18 139912]
R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\System32\drivers\3xHybrid.sys [2007-05-09 1136600]
R3 Vfscan;Vfscan;c:\windows\System32\drivers\vffilter.sys [2008-11-18 15496]
R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [2007-06-21 13976]
S3 GoogleDesktopManager-061008-081103;Google Desktop-administrator 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2007-06-27 29744]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25852207-fafc-11dc-a5b4-0019e08d4317}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\m.exe /s
.
- - - - TOMME GENVEJE FJERNET - - - -
HKCU-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
.
------- Yderligere scanning -------
.
uStart Page =
hxxp://www.google.dk/uDefault_Search_URL =
hxxp://www.google.com/ieuInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%sIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-02-08 10:53:32
Windows 6.0.6001 Service Pack 1 NTFS
scanner skjulte processer ...
scanner skjulte autostarter ...
scanner skjulte filer ...
scanning gennemført med succes
skjulte filer: 0
**************************************************************************
.
Gennemført tid: 2009-02-08 10:55:28
ComboFix-quarantined-files.txt 2009-02-08 09:55:23
Pre-Kørsel: 146.543.849.472 byte ledig
Post-Kørsel: 146,513,752,064 byte ledig
197 --- E O F --- 2009-02-06 05:15:36