log fra combofix:
ComboFix 09-06-09.01 - Per Jensen 09-06-2009 21:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.503.113 [GMT 2:00]
Kører fra: c:\documents and settings\Per Jensen\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Per Jensen\Skrivebord\CFScript.txt
AV: Norman Security Suite *On-access scanning disabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\PERJEN~1\LOKALE~1\Temp\install_flash_player.exe
c:\documents and settings\Per Jensen\ssllnch.exe
c:\windows\system32\IMSEventLogger.dll
c:\windows\system32\IMSMfcSupport.dll
c:\windows\system32\IMSSupport.dll
E:\Autorun.inf
E:\Desktop.ini
.
((((((((((((((((((((((((((((( Filer skabt fra 2009-05-09 til 2009-06-09 )))))))))))))))))))))))))))))))))))
.
2009-06-08 13:03 . 2009-06-08 13:03 -------- d-----w- c:\documents and settings\Per Jensen\Application Data\Malwarebytes
2009-06-08 13:03 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-08 13:03 . 2009-06-08 13:03 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware
2009-06-08 13:03 . 2009-06-08 13:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-08 13:03 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-02 12:50 . 2009-06-02 12:50 -------- d-----w- c:\documents and settings\Per Jensen\Application Data\Wireshark
2009-06-02 12:48 . 2009-06-02 12:49 -------- d-----w- c:\programmer\WinPcap
2009-06-02 12:37 . 2009-06-02 12:49 -------- d-----w- c:\programmer\Wireshark
2009-05-29 07:41 . 2009-05-29 07:41 -------- d-----w- c:\windows\system32\wbem\Repository
2009-05-25 05:41 . 2009-06-08 10:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-25 05:41 . 2009-06-08 10:17 -------- d-----w- c:\programmer\Spyware Doctor
2009-05-21 08:21 . 2009-05-21 08:21 -------- d-----w- c:\documents and settings\LocalService\Skrivebord
2009-05-21 07:57 . 2009-06-04 05:07 -------- d-----w- c:\programmer\Lavasoft
2009-05-21 07:57 . 2009-06-04 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-21 07:55 . 2009-05-21 07:55 -------- d-----w- c:\programmer\Adaware
2009-05-20 19:26 . 2009-05-20 19:26 2 ---h--w- c:\windows\sto453148.dat
2009-05-20 19:26 . 2009-05-20 19:26 2 ---h--w- c:\windows\sto452739.dat
2009-05-20 19:26 . 2009-05-20 19:26 2 ---h--w- c:\windows\sto452712.dat
2009-05-20 05:12 . 2009-05-20 05:12 2 ---h--w- c:\windows\sto453266.dat
2009-05-20 05:12 . 2009-05-20 05:12 2 ---h--w- c:\windows\sto452857.dat
2009-05-20 05:12 . 2009-05-20 05:12 2 ---h--w- c:\windows\sto452830.dat
2009-05-19 11:33 . 2009-05-19 11:33 2 ---h--w- c:\windows\sto453553.dat
2009-05-19 11:33 . 2009-05-19 11:33 2 ---h--w- c:\windows\sto453144.dat
2009-05-19 11:33 . 2009-05-19 11:33 2 ---h--w- c:\windows\sto453117.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-09 19:31 . 2007-10-30 13:43 -------- d-----w- c:\programmer\Norman
2009-06-08 12:11 . 2008-09-26 06:53 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2009-06-08 12:11 . 2004-09-17 10:35 78416 ----a-w- c:\windows\system32\perfc006.dat
2009-06-08 12:11 . 2004-09-17 10:35 430908 ----a-w- c:\windows\system32\perfh006.dat
2009-06-08 12:10 . 2008-11-03 13:59 -------- d-----w- c:\programmer\VPN klient
2009-06-08 10:17 . 2008-09-26 06:56 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2009-05-20 19:31 . 2008-06-19 07:54 -------- d-----w- c:\programmer\Google
2009-05-20 12:55 . 2008-01-07 12:09 -------- d-----w- c:\documents and settings\Per Jensen\Application Data\TeamViewer
2009-05-20 06:54 . 2008-03-05 10:11 -------- d-----w- c:\programmer\Avaya
2009-05-11 11:20 . 2008-04-03 06:53 -------- d-----w- c:\programmer\Forte label
2009-04-29 13:12 . 2009-04-29 13:10 -------- d-----w- c:\programmer\Mobile Partner
2009-04-24 11:57 . 2009-04-24 11:57 -------- d-----w- c:\programmer\CasinoAction
2009-04-16 08:14 . 2009-04-16 08:14 -------- d-----w- c:\programmer\svpniptun
2009-04-16 08:14 . 2009-04-16 08:14 52224 ----a-w- c:\documents and settings\Per Jensen\ftmepc.dll
2009-04-16 08:14 . 2009-04-16 08:14 9216 ----a-w- c:\documents and settings\Per Jensen\sslsocks.dll
2009-04-16 08:14 . 2009-04-16 08:14 126976 ----a-w- c:\documents and settings\Per Jensen\ssltun.dll
2009-04-16 04:59 . 2009-04-16 04:59 -------- d-----w- c:\documents and settings\LocalService\Application Data\Xerox
2009-04-06 05:23 . 2009-04-06 05:23 152576 ----a-w- c:\documents and settings\Per Jensen\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-02 07:03 . 2008-03-05 10:13 19000 ----a-w- c:\documents and settings\Per Jensen\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-03-19 07:52 . 2009-03-19 07:52 152576 ----a-w- c:\documents and settings\Per Jensen\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2008-02-27 13:53 . 2008-02-27 13:53 1306 ----a-w- c:\programmer\launch.ica
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MessengerPlus3"="c:\programmer\MessengerPlus! 3\MsgPlus.exe" [2008-04-23 190024]
"Google Update"="c:\documents and settings\Per Jensen\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\programmer\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"SynTPEnh"="c:\programmer\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761948]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"QlbCtrl"="c:\programmer\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-05-08 131072]
"Cpqset"="c:\programmer\HPQ\Default Settings\cpqset.exe" [2006-01-26 172094]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928]
"Norman ZANDA"="c:\programmer\Norman\Npm\Bin\ZLH.EXE" [2009-02-11 187504]
"PC Suite for Smartphones"="c:\programmer\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2006-04-25 487424]
"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" [2007-12-03 155648]
"PCSuiteTrayApplication"="c:\programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-28 222720]
"Adobe Photo Downloader"="c:\programmer\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-10 67488]
"Share-to-Web Namespace Daemon"="c:\programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"MessengerPlus3"="c:\programmer\MessengerPlus! 3\MsgPlus.exe" [2008-04-23 190024]
"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2008-04-14 177152]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2006-01-30 88203]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"PcSync"="c:\programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]
c:\documents and settings\All Users\Menuen Start\Programmer\Start\
ZyWALL SecuExtender.lnk - c:\programmer\svpniptun\FtmTray.exe [2009-4-16 204800]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Programmer\\NCP\\SecureClient\\NCPMON.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"c:\\Programmer\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=
"c:\\Programmer\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Programmer\\Avaya\\IP Office\\Manager\\Manager.exe"=
"c:\\Programmer\\Avaya\\IP Office\\Phone Manager\\PhoneManager.exe"=
"c:\\Programmer\\Avaya\\IP Office\\SoftConsole\\SoftConsole.exe"=
"c:\\Programmer\\typo3\\installer\\TYPO3Winstaller\\Apache\\bin\\Apache.exe"=
"c:\\Programmer\\Classic Poker\\UA.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\Azureus\\Azureus.exe"=
"c:\\Programmer\\Techlogica HTTP server\\Techlogica HTTP Server.exe"=
"c:\\Programmer\\Fælles filer\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmer\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Java\\jre6\\bin\\java.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 NGS;Norman General Security Driver;c:\programmer\Norman\Ngs\Bin\ngs.sys [03-04-2009 08:29 22712]
R1 NPROSEC;Norman Security driver;c:\programmer\Norman\Ngs\Bin\nprosec.sys [13-05-2009 07:17 53816]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\programmer\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [11-09-2007 01:45 124832]
R2 FullTunnel;Full Tunnel Mode Service;c:\programmer\svpniptun\FtmSrv.exe [16-04-2009 10:14 233472]
R2 ncpclcfg;ncpclcfg;c:\programmer\NCP\SecureClient\ncpclcfg.exe [31-10-2007 11:08 77824]
R2 ncprwsnt;ncprwsnt;c:\programmer\NCP\SecureClient\NCPRWSNT.EXE [31-10-2007 11:08 1019904]
R2 NcpSec;NcpSec;c:\programmer\NCP\SecureClient\NCPSEC.EXE [31-10-2007 11:08 45056]
R2 Ndiskio;Ndiskio;c:\programmer\Norman\Nse\Bin\Ndiskio.sys [30-10-2007 16:40 20448]
R2 NPROSECSVC;Norman Security service;c:\programmer\Norman\Ngs\Bin\nprosec.exe [13-05-2009 07:17 121912]
R2 NVOY;Norman Resource Provider;c:\programmer\Norman\Npm\Bin\nvoy.exe [03-04-2009 08:29 126008]
R2 rwsrsu;RwsRsu;c:\programmer\NCP\SecureClient\RWSRSU.exe [31-10-2007 11:08 266240]
R3 AVMWAN;AVM NDIS WAN CAPI Driver;c:\windows\system32\drivers\avmwan.sys [05-12-2008 12:47 37568]
R3 FtmDrv;ZyWALL SecuExtender Virtual NIC;c:\windows\system32\drivers\FtmDrv.sys [16-04-2009 10:14 14848]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [28-02-2006 19:05 87808]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [21-10-2005 13:19 36352]
R3 ncplentp;NCP Secure Client Adapter Driver;c:\windows\system32\drivers\ncplentp.sys [31-10-2007 11:08 73408]
R3 nsesvc;Norman Scanner Engine Service;c:\programmer\Norman\Nse\Bin\Nsesvc.exe [20-05-2009 07:21 310328]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [30-10-2007 16:40 19512]
R3 nvcoas;Norman Virus Control on-access component;c:\programmer\Norman\NVC\bin\Nvcoas.exe [23-02-2009 08:06 195640]
R3 Scheduler;Norman Scheduler Service;c:\programmer\Norman\Npm\Bin\scheduler.exe [13-05-2009 07:17 130104]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate1c9959e955ef8e1;Google Update Service (gupdate1c9959e955ef8e1);c:\programmer\Google\Update\GoogleUpdate.exe [23-02-2009 12:07 133104]
S3 fxusbase;AVM ISDN-stik FRITZ!X USB;c:\windows\system32\drivers\fxusbase.sys [05-12-2008 12:47 454912]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [13-01-2009 08:16 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [13-01-2009 08:16 8320]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06-11-2007 22:22 34064]
S3 NVCScheduler;Norman Virus Control Scheduler;"c:\programmer\Norman\Npm\Bin\Nvcsched.exe" --> c:\programmer\Norman\Npm\Bin\Nvcsched.exe [?]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [08-10-2005 12:00 22272]
S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys [23-05-2008 08:51 40788]
S3 VMProDBService;VMProDBService;c:\programmer\Avaya\IP Office\Voicemail Pro\VM\VMPDBSvc.exe [21-11-2007 22:27 102400]
S3 VoicemailProServer;VoicemailProServer;c:\programmer\Avaya\IP Office\Voicemail Pro\VM\VMProV5Svc.exe [21-11-2007 22:26 3641344]
S3 VPPP;DrayTek Virtual PPP Adapter;c:\windows\system32\drivers\VPPP.sys [18-06-2008 10:09 32784]
--- Andre Services/Drivers i Hukommelsen ---
*Deregistered* - mchInjDrv
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Indhold af mappen 'Planlagte Opgaver'
2009-06-09 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2009-02-23 10:07]
2009-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-814552024-205059043-3646978261-1005.job
- c:\documents and settings\Per Jensen\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 09:32]
.
- - - - TOMME GENVEJE FJERNET - - - -
HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET
SafeBoot-procexp90.Sys
.
------- Yderligere scanning -------
.
uStart Page =
hxxp://www.google.dk/uInternet Connection Wizard,ShellNext =
hxxp://www.hp.com/DPF: Microsoft XML Parser for Java -
file:///C:/WINDOWS/Java/classes/xmldso.cabDPF: {09987A35-84AC-4FB6-9144-4416BA5462BE} -
hxxp://www.winner-team.dk/images/windemox/demox.cabDPF: {19D6A3D5-EA50-4C3B-88F0-79627C325570} -
hxxps://www.one.com/static/controls/IlosoftMultipleImageUpload.dllDPF: {6D868B99-8B01-4B25-9BD1-ED37AFDF5E29} -
hxxp://www.ontrackdatarecovery.com/verifile/npvfasp.cabDPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} -
hxxp://webc.pinsensvenner.dk/controls/IlosoftImageUpload.dllDPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} -
hxxps://plugins.valueactive.eu/flashax/iefax.cab.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-06-09 21:32
Windows 5.1.2600 Service Pack 3 NTFS
scanner skjulte processer ...
scanner skjulte autostarter ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmer\HPQ\Default Settings\cpqset.exe????????P??????n??|?P???? ??4B????????? ????hB??????P?
scanner skjulte filer ...
scanning gennemført med succes
skjulte filer: 0
**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------
- - - - - - - > 'explorer.exe'(1020)
c:\programmer\Norman\nvc\bin\Niphk.dll
c:\programmer\MessengerPlus! 3\MsgPlusLoader.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\programmer\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\programmer\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\programmer\PC Connectivity Solution\ConnAPI.DLL
c:\programmer\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_dan.nlr
c:\programmer\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\programmer\Norman\Npm\Bin\elogsvc.exe
c:\programmer\Norman\Npm\Bin\Zanda.exe
c:\windows\system32\scardsvr.exe
c:\windows\system32\msdtc.exe
c:\programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\windows\system32\mqsvc.exe
c:\programmer\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\mqtgsvc.exe
c:\programmer\Norman\Npm\Bin\Njeeves.exe
c:\progra~1\ANALOG~1\Core\smax4pnp.exe
c:\progra~1\SYNAPT~1\SynTP\SynTPEnh.exe
c:\progra~1\HEWLET~1\HPQUIC~1\QLBCTRL.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\SMINST\SCHEDU~1.EXE
c:\progra~1\Norman\Npm\Bin\Zlh.exe
c:\progra~1\QUICKT~1\qttask.exe
c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
c:\programmer\PC Connectivity Solution\ServiceLayer.exe
c:\programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\programmer\Norman\NVC\bin\Nip.exe
c:\programmer\Norman\NVC\bin\CClaw.exe
.
**************************************************************************
.
Gennemført tid: 2009-06-09 21:43 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2009-06-09 19:43
Pre-Kørsel: 11.990.401.024 byte ledig
Post-Kørsel: 12.647.972.864 byte ledig
245 --- E O F --- 2009-05-13 05:54
Ny bruger
Nybegynder
Opret
Preview
