her er så den nye log fra combofix:
ComboFix 09-08-08.04 - Susanne 09-08-2009 10:12.2.2 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.45.1030.18.3063.1863 [GMT 2:00]
Kører fra: c:\users\Susanne\Downloads\ComboFix.exe
Kommandoer benyttet :: c:\users\Susanne\Downloads\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\BrowserCtl
c:\program files\BrowserCtl\BrowserCtl.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BROWSERCTLDRV
-------\Service_browserctldrv
((((((((((((((((((((((((((((( Filer skabt fra 2009-07-09 til 2009-08-09 )))))))))))))))))))))))))))))))))))
.
2009-08-09 08:16 . 2009-08-09 08:18 -------- d-----w- c:\users\Susanne\AppData\Local\temp
2009-08-09 08:16 . 2009-08-09 08:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-08-09 08:16 . 2009-08-09 08:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-08 07:14 . 2008-11-26 16:16 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-08 07:14 . 2008-11-26 16:17 111184 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-08 07:14 . 2008-11-26 16:17 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-08 07:14 . 2008-11-26 16:16 50864 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-08 07:14 . 2008-11-26 16:15 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-08 07:14 . 2008-11-26 16:21 1236208 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-08 07:14 . 2008-11-26 16:17 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-08-07 09:37 . 2009-08-07 09:37 3942047 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-07 09:36 . 2009-08-07 09:36 -------- d-----w- c:\users\Susanne\AppData\Roaming\Malwarebytes
2009-08-07 09:36 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-07 09:36 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-07 09:36 . 2009-08-07 09:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-07 09:36 . 2009-08-07 09:36 -------- d-----w- c:\programdata\Malwarebytes
2009-08-07 09:27 . 2009-08-07 09:27 -------- d-----w- c:\program files\CCleaner
2009-08-06 08:31 . 2009-08-07 13:34 -------- d-----w- c:\program files\VIRUSfighter
2009-08-06 07:25 . 2009-08-07 13:28 -------- d-----w- c:\program files\Fighters
2009-08-06 07:25 . 2009-08-06 07:25 -------- d-----w- c:\programdata\Fighters
2009-08-05 15:13 . 2009-08-05 15:13 247 ----a-w- c:\windows\prxid93ps.dat
2009-07-15 06:16 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 06:16 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 06:16 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 06:16 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-09 08:16 . 2007-01-03 11:50 12 ----a-w- c:\windows\bthservsdp.dat
2009-08-08 07:21 . 2006-11-21 04:49 81790 ----a-w- c:\windows\system32\perfc006.dat
2009-08-08 07:21 . 2006-11-21 04:49 471658 ----a-w- c:\windows\system32\perfh006.dat
2009-08-08 07:14 . 2009-02-10 17:36 -------- d-----w- c:\program files\Alwil Software
2009-08-06 08:31 . 2007-12-12 05:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-21 21:52 . 2009-07-29 07:12 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 07:12 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 07:12 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 07:12 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 01:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-21 05:37 . 2009-06-14 13:32 -------- d-----w- c:\users\Susanne\AppData\Roaming\Roxio
2009-06-16 18:45 . 2008-12-18 18:37 117008 ----a-w- c:\users\Susanne\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-15 16:18 . 2009-06-15 16:18 -------- d-----w- c:\program files\Next Video Converter
2009-06-15 16:03 . 2009-06-15 16:03 -------- d-----w- c:\users\Susanne\AppData\Roaming\AVS4YOU
2009-06-15 16:03 . 2009-06-15 16:03 -------- d-----w- c:\programdata\AVS4YOU
2009-06-15 15:58 . 2009-06-15 15:57 -------- d-----w- c:\program files\AVS4YOU
2009-06-15 15:58 . 2009-06-15 15:57 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-06-14 17:56 . 2009-06-14 17:56 -------- d-----w- c:\users\Susanne\AppData\Roaming\InterVideo
2009-06-14 13:48 . 2007-12-12 05:50 -------- d-----w- c:\programdata\Roxio
2009-06-14 12:25 . 2007-12-12 05:45 -------- d-----w- c:\programdata\Sonic
2009-06-05 12:11 . 2009-06-05 12:11 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-22 11:05 . 2009-05-22 11:05 552 ----a-w- c:\users\Susanne\AppData\Local\d3d8caps.dat
2007-12-12 13:28 . 2007-12-12 13:27 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-19 2153472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-24 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-24 129560]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-05-08 331552]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 833072]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-06-05 71176]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-05 148888]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-06 177456]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-06-06 44168]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-12-18 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 08:04 49152 ----a-r- c:\windows\System32\DeviceNP.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{527513C3-F14B-4008-8053-403A7EC776E0}"= UDP:c:\windows\System32\lxbkcoms.exe:Lexmark Communications System
"{DA787F23-AD80-49C7-8778-A02718F028FD}"= TCP:c:\windows\System32\lxbkcoms.exe:Lexmark Communications System
"TCP Query User{1073DC4A-A50E-4EFC-A1C6-3AA30E68D7DB}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{0CCC4F79-B1EC-4EE0-BA39-F227365AFAF9}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{DDDFF8EF-5083-408C-A9F0-8829AEB8208F}"= UDP:c:\users\Susanne\AppData\Local\Temp\7zS7DE8.tmp\SymNRT.exe:Norton Removal Tool
"{649387F3-C4DD-41C4-9A1A-1A299832051D}"= TCP:c:\users\Susanne\AppData\Local\Temp\7zS7DE8.tmp\SymNRT.exe:Norton Removal Tool
"{E12009C0-F163-4E55-AEDD-C48EC543EF43}"= UDP:8085:browserctl
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [08-08-2009 09:14 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [08-08-2009 09:14 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [08-08-2009 09:14 51792]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [12-12-2007 07:43 540448]
S3 DAMDrv;DAMDrv;c:\windows\System32\drivers\DAMDrv.sys [12-12-2007 07:55 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\System32\flcdlock.exe [08-06-2007 10:06 172131]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Yderligere scanning -------
.
uStart Page =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DA_DK&c=74&bd=smb&pf=laptopmStart Page =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DA_DK&c=74&bd=smb&pf=laptopIE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Send billede til &Bluetooth-enhed... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send siden til &Bluetooth-enhed... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {DAF94F73-2AA6-44D8-A562-A28831820D34} -
hxxp://www.pixum.dk/apps/EasyUploadX.cab.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-08-09 10:17
Windows 6.0.6001 Service Pack 1 NTFS
scanner skjulte processer ...
scanner skjulte autostarter ...
scanner skjulte filer ...
scanning gennemført med succes
skjulte filer: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs startet under kørende Processer ---------------------
- - - - - - - > 'Explorer.exe'(3572)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\AEADISRV.EXE
c:\windows\System32\agrsmsvc.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\System32\conime.exe
c:\windows\SMINST\Scheduler.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\windows\System32\msiexec.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Gennemført tid: 2009-08-09 10:22 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2009-08-09 08:22
ComboFix2.txt 2009-08-08 07:05
Pre-Kørsel: 76.911.661.056 byte ledig
Post-Kørsel: 76.875.640.832 byte ledig
217 --- E O F --- 2009-08-07 10:24