Malwarebytes
------------
Malwarebytes' Anti-Malware 1.40
Database version: 2557
Windows 5.1.2600 Service Pack 3
04-08-2009 16:14:15
mbam-log-2009-08-04 (16-14-15).txt
Skan type: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 170014
Tid tilbagelagt: 20 minute(s), 31 second(s)
Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 0
Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)
Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)
Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)
Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)
Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)
Inficerede Mapper:
(Ingen mistænkelige filer fundet)
Inficerede Filer:
(Ingen mistænkelige filer fundet)
-----------------------------------------------------------------
Combofix
-----------------------------------------------------------------
ComboFix 09-08-03.A2 - Navn 04-08-2009 16:34.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.3070.2380 [GMT 2:00]
Kører fra: c:\documents and settings\Navn\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Navn\Skrivebord\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.
((((((((((((((((((((((((((((( Filer skabt fra 2009-07-04 til 2009-08-04 )))))))))))))))))))))))))))))))))))
.
2009-08-04 01:55 . 2009-08-04 01:55 -------- d-----w- c:\programmer\QuickTime
2009-08-04 01:55 . 2009-08-04 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-02 00:50 . 2009-08-02 00:51 -------- d-----w- c:\programmer\Fælles filer\Jasc Software Inc
2009-08-02 00:50 . 2009-08-02 00:50 -------- d-----w- c:\programmer\Jasc Software Inc
2009-08-02 00:50 . 2009-08-02 00:50 -------- d-----w- c:\documents and settings\Navn\Application Data\Jasc Software Inc
2009-08-01 13:33 . 2009-08-01 13:33 0 ----a-w- c:\windows\nsreg.dat
2009-08-01 13:33 . 2009-08-01 13:33 -------- d-----w- c:\documents and settings\Navn\Lokale indstillinger\Application Data\Mozilla
2009-07-15 08:10 . 2009-07-29 12:38 -------- d--h--w- c:\windows\$hf_mig$
2009-07-14 10:39 . 2009-07-30 16:38 -------- d-----w- c:\documents and settings\Navn\Application Data\FileZilla
2009-07-14 10:39 . 2009-07-14 10:39 -------- d-----w- c:\programmer\FileZilla FTP Client
2009-07-12 01:26 . 2009-07-12 14:15 -------- d-----w- c:\programmer\Windows Live Safety Center
2009-07-11 17:06 . 2007-08-01 20:47 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-07-11 16:37 . 2009-07-11 17:10 -------- d-----w- c:\documents and settings\Navn\.housecall6.6
2009-07-10 20:34 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-07-10 20:33 . 2009-07-10 20:33 -------- d-----w- c:\programmer\Panda Security
2009-07-09 21:46 . 2009-07-09 21:47 -------- d-----w- c:\windows\SHELLNEW
2009-07-09 21:46 . 2009-07-09 21:46 -------- d-----w- c:\programmer\Microsoft.NET
2009-07-09 21:44 . 2009-07-09 21:44 -------- d--h--r- C:\MSOCache
2009-07-09 16:13 . 2009-08-04 14:40 -------- d-----w- c:\windows\system32\CatRoot2
2009-07-08 22:29 . 2009-07-08 22:42 31224320 ----a-w- c:\programmer\eav_nt32_dan.msi
2009-07-08 19:59 . 2009-07-08 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-07-08 19:37 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-07-08 19:37 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-07-07 15:21 . 2009-07-07 15:21 488960 ----a-w- c:\documents and settings\Navn\Application Data\Macromedia\Flash Player\
www.macromedia.com\bin\octoshape\pmv302-0811070-0-main.dll2009-07-07 15:20 . 2009-07-07 15:20 319488 ----a-w- c:\documents and settings\Navn\Application Data\Macromedia\Flash Player\
www.macromedia.com\bin\octoshape\octoshape.exe2009-07-05 22:47 . 2009-07-05 22:47 -------- d-----w- c:\documents and settings\Navn\Application Data\Panasonic
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-04 13:49 . 2009-04-27 15:47 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware
2009-08-04 13:48 . 2009-04-27 15:48 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-04 02:29 . 2009-04-19 14:48 -------- d-----w- c:\programmer\Eraser
2009-08-03 11:36 . 2009-04-27 15:47 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2009-04-27 15:47 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-03 00:45 . 2009-04-19 12:53 14 ----a-w- c:\windows\popcinfo.dat
2009-07-23 12:07 . 2009-04-19 16:35 -------- d-----w- c:\documents and settings\Navn\Application Data\Skype
2009-07-10 05:39 . 2008-05-08 00:47 92588 ----a-w- c:\windows\system32\perfc006.dat
2009-07-10 05:39 . 2008-05-08 00:47 483442 ----a-w- c:\windows\system32\perfh006.dat
2009-07-10 05:31 . 2009-04-10 09:19 34104 ----a-w- c:\documents and settings\Administrator\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-07-09 21:43 . 2009-04-19 12:33 2293 ----a-w- c:\programmer\License.xbin
2009-07-09 17:00 . 2009-04-19 12:30 -------- d-----w- c:\programmer\UltimateZip 2007
2009-07-05 22:45 . 2009-07-05 22:45 -------- d-----w- c:\programmer\Panasonic
2009-07-05 22:44 . 2009-04-10 09:17 -------- d--h--w- c:\programmer\InstallShield Installation Information
2009-07-05 22:44 . 2009-04-17 13:31 -------- d-----w- c:\documents and settings\Navn\Application Data\InstallShield
2009-07-03 16:59 . 2008-05-08 00:47 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 13:32 . 2009-07-02 13:32 -------- d-----w- c:\programmer\Fælles filer\Windows Live
2009-06-23 22:05 . 2009-04-18 23:40 -------- d-----w- c:\documents and settings\Navn\Application Data\OfficeUpdate12
2009-06-22 16:41 . 2009-06-22 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Diskeeper Corporation
2009-06-22 16:41 . 2009-06-22 16:41 -------- d-----w- c:\programmer\Diskeeper Corporation
2009-06-22 16:38 . 2009-06-22 16:38 34480664 ----a-w- c:\programmer\Diskeeper2007-Home.exe
2009-06-16 20:49 . 2009-04-10 09:11 -------- d-----w- c:\programmer\Java
2009-06-16 20:49 . 2009-06-16 20:49 152576 ----a-w- c:\documents and settings\Navn\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-16 16:23 . 2009-04-10 09:09 -------- d-----w- c:\programmer\Windows Desktop Search
2009-06-16 15:24 . 2009-06-16 15:24 390664 ----a-w- c:\documents and settings\Navn\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-16 14:39 . 2008-05-08 00:47 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:39 . 2008-05-08 00:47 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:58 . 2009-04-19 03:55 -------- d-----w- c:\programmer\FavOrg
2009-06-03 19:11 . 2008-05-08 00:47 1295360 ----a-w- c:\windows\system32\quartz.dll
2009-05-24 22:24 . 2008-05-26 21:18 350208 ----a-w- c:\windows\system32\mssph.dll
2009-05-21 09:33 . 2009-04-10 09:11 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-14 13:49 . 2009-05-14 13:49 94360 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-05-14 13:47 . 2009-05-14 13:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 13:41 . 2009-05-14 13:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-12 13:12 . 2008-05-08 06:10 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-11 01:20 . 2009-05-11 01:20 24 ----a-w- c:\windows\system32\Drv64_32.dat
2009-05-11 01:20 . 2009-05-11 01:20 350240 ----a-w- c:\windows\system32\PbsAuDrvPropPage_uk.dll
2009-05-11 01:20 . 2009-05-11 01:20 110752 ----a-w- c:\windows\system32\drivers\pbsaudrv.sys
2009-05-08 18:40 . 2009-05-08 18:30 171088 ----a-w- c:\programmer\dm_112472141710415213242.exe
2009-05-07 15:33 . 2008-05-08 00:47 346624 ----a-w- c:\windows\system32\localspl.dll
2008-06-17 17:18 . 2009-04-19 12:33 6292504 ----a-w- c:\programmer\SUPERAntiSpywarePro1241.exe
2008-03-10 21:25 . 2009-04-19 12:33 1114094 ----a-w- c:\programmer\MSPF10ENU.rar
2008-03-10 21:24 . 2009-04-19 12:44 1448082 ----a-w- c:\programmer\acdc3223.exe
2007-10-03 21:35 . 2009-04-19 12:33 2963760 ----a-w- c:\programmer\ntp495full.exe
2007-10-01 15:07 . 2009-04-19 12:33 11701480 ----a-w- c:\programmer\GP5FULL.exe
2007-04-19 12:41 . 2009-04-19 12:33 26043880 ----a-w- c:\programmer\R56532.EXE
2007-01-07 15:26 . 2009-04-19 12:33 384512 ----a-w- c:\programmer\GraphPaperPrinter.exe
2007-01-07 14:50 . 2009-04-19 12:29 3616048 ----a-w- c:\programmer\UltimateZip3.1.exe
2007-01-07 05:19 . 2009-04-19 12:33 2694679 ----a-w- c:\programmer\eraser582setup.exe
2007-01-07 05:05 . 2009-04-19 12:33 3053544 ----a-w- c:\programmer\WinDynomite.exe
2007-01-07 03:28 . 2009-04-19 12:33 665732 ----a-w- c:\programmer\emptemp2.8.3.exe
2007-01-07 03:24 . 2009-04-19 12:33 4900399 ----a-w- c:\programmer\schmaili841.exe
2007-01-07 03:01 . 2009-04-19 12:33 508872 ----a-w- c:\programmer\favorg.zip
2007-01-07 02:59 . 2009-04-19 14:29 150192 ----a-w- c:\programmer\TweakUi.exe
2009-07-15 21:26 . 2009-08-01 13:33 137208 ----a-w- c:\programmer\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programmer\Fælles filer\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
"Eraser"="c:\programmer\Eraser\eraser.exe" [2006-12-26 643072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\programmer\Analog Devices\Core\smax4pnp.exe" [2008-07-16 1044480]
"ATICCC"="c:\programmer\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"Dell AIO Printer A940"="c:\programmer\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-17 86102]
"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TkBellExe"="c:\programmer\Fælles filer\Real\Update_OB\realsched.exe" [2009-04-19 198160]
"PDVDDXSrv"="c:\programmer\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-04-02 128232]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"egui"="c:\programmer\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"QuickTime Task"="c:\programmer\QuickTime\QTTask.exe" [2009-05-26 413696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
c:\documents and settings\All Users\Menuen Start\Programmer\Start\
PHOTOfunSTUDIO -viewer-.lnk - c:\programmer\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2009-7-6 40960]
PolderbitS Audio Driver Monitor.lnk - c:\programmer\PolderbitS\Recorder\Driver\PBDriverMonitor_uk.exe [2009-5-11 157728]
Windows Search.lnk - c:\programmer\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmer\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 10:41 294912 ----a-w- c:\programmer\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10-07-2009 22:34 28544]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [10-04-2009 19:58 24064]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14-05-2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14-05-2009 15:49 94360]
R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\sasdifsv.sys [29-02-2008 16:03 8944]
R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [29-02-2008 16:03 51440]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [19-04-2009 02:32 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21-06-2008 04:54 66600]
R2 ekrn;ESET Service;c:\programmer\ESET\ESET NOD32 Antivirus\ekrn.exe [14-05-2009 15:47 731840]
R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [21-04-2006 08:22 70912]
R2 SbPF.Launcher;SbPF.Launcher;c:\programmer\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31-10-2008 07:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\programmer\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31-10-2008 07:24 1365288]
R3 k57w2k;Broadcom NetLink (TM) Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [10-04-2009 19:58 176640]
R3 PbsAuDrv;PolderbitS Audio Driver;c:\windows\system32\drivers\pbsaudrv.sys [11-05-2009 03:20 110752]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [19-04-2009 02:32 65576]
S3 SASENUM;SASENUM;c:\programmer\SUPERAntiSpyware\SASENUM.SYS [16-02-2006 16:51 4096]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Indhold af mappen 'Planlagte Opgaver'
2009-08-03 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
2009-08-04 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
2009-08-04 c:\windows\Tasks\User_Feed_Synchronization-{AB70C08D-88E4-409F-ACDB-1614B8500453}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Yderligere scanning -------
.
uStart Page =
hxxp://www.imdb.com/uInternet Connection Wizard,ShellNext = iexplore
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Navn\Application Data\Mozilla\Firefox\Profiles\fgrjbody.default\
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLITIKKER ----
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\programmer\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\programmer\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\programmer\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "
https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-08-04 16:42
Windows 5.1.2600 Service Pack 3 NTFS
scanner skjulte processer ...
scanner skjulte autostarter ...
scanner skjulte filer ...
scanning gennemført med succes
skjulte filer: 0
**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------
- - - - - - - > 'winlogon.exe'(996)
c:\programmer\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(4304)
c:\progra~1\WINDOW~2\wmpband.dll
c:\programmer\Microsoft Private Folder 1.0\ShellExt.dll
c:\windows\system32\PFLib.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmer\Roxio\Drag-to-Disc\Shellex.dll
c:\programmer\Fælles filer\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\programmer\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\programmer\SUPERAntiSpyware\SASSEH.DLL
c:\programmer\Microsoft Office\OFFICE11\msohev.dll
c:\programmer\Fælles filer\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\programmer\Fælles filer\Adobe\Acrobat\ActiveX\PDFShell.DAN
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\ati2evxx.exe
c:\programmer\Diskeeper Corporation\Diskeeper\DkService.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Microsoft Private Folder 1.0\PrfldSvc.exe
c:\windows\system32\searchindexer.exe
c:\programmer\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\programmer\ATI Technologies\ATI.ACE\CLI.exe
c:\programmer\Dell AIO Printer A940\dlbabmon.exe
c:\windows\system32\wscntfy.exe
c:\programmer\ATI Technologies\ATI.ACE\CLI.exe
.
**************************************************************************
.
Gennemført tid: 2009-08-04 16:46 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2009-08-04 14:45
Pre-Kørsel: 142.067.802.112 byte ledig
Post-Kørsel: 142.964.772.864 byte ledig
276 --- E O F --- 2009-07-29 12:38
-----------------------------------------------------------------
HijachThis
-----------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:53:32, on 04-08-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Programmer\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\Programmer\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmer\Analog Devices\Core\smax4pnp.exe
C:\Programmer\Dell AIO Printer A940\dlbabmgr.exe
C:\Programmer\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Dell AIO Printer A940\dlbabmon.exe
C:\Programmer\ESET\ESET NOD32 Antivirus\egui.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Eraser\eraser.exe
C:\Programmer\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
C:\Programmer\PolderbitS\Recorder\Driver\PBDriverMonitor_uk.exe
C:\Programmer\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.imdb.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmer\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Programmer\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Programmer\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Programmer\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ISUSPM] "C:\Programmer\Fælles filer\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eraser] C:\Programmer\Eraser\eraser.exe -hide
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: PHOTOfunSTUDIO -viewer-.lnk = C:\Programmer\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
O4 - Global Startup: PolderbitS Audio Driver Monitor.lnk = C:\Programmer\PolderbitS\Recorder\Driver\PBDriverMonitor_uk.exe
O4 - Global Startup: Windows Search.lnk = C:\Programmer\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cabO16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
http://acs.pandasoftware.com/activescan/cabs/as2stubie.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240093443390O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabO16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) -
http://www.sibelius.com/download/software/win/ActiveXPlugin.cabO16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -
http://ax.emsisoft.com/asquared.cabO16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) -
http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocxO20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Programmer\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Programmer\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Programmer\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Programmer\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Programmer\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programmer\Fælles filer\SureThing Shared\stllssvr.exe
--
End of file - 8714 bytes