ComboFix 09-08-18.04 - Familien 19-08-2009 17:41.2.2 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.2047.1761 [GMT 2:00]
Kører fra: c:\documents and settings\Familien\Skrivebord\Ny mappe\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Familien\Skrivebord\Ny mappe\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
Inficeret kopi af c:\windows\system32\mspmsnsv.dll blev fundet og desinficeret
Genskabt kopi fra - c:\windows\system32\dllcache\mspmsnsv.dll
.
((((((((((((((((((((((((((((( Filer skabt fra 2009-07-19 til 2009-08-19 )))))))))))))))))))))))))))))))))))
.
2009-08-19 14:54 . 2009-08-19 14:54 -------- d-----w- c:\documents and settings\Administrator\Lokale indstillinger\Application Data\Adobe
2009-08-16 08:23 . 2009-08-16 16:23 -------- d-----w- c:\documents and settings\Administrator\Skrivebord
2009-08-16 08:23 . 2009-08-16 08:27 -------- d-----w- c:\documents and settings\Administrator
2009-08-16 08:23 . 2009-08-16 08:24 -------- d-----w- c:\documents and settings\Administrator\Lokale indstillinger\Application Data\Microsoft
2009-08-16 08:23 . 2009-07-15 19:59 -------- d--h--w- c:\documents and settings\Administrator\Printere
2009-08-16 08:23 . 2009-07-15 19:59 -------- d--h--w- c:\documents and settings\Administrator\Andre computere
2009-08-16 08:23 . 2009-07-15 19:59 -------- d-----w- c:\documents and settings\Administrator\Foretrukne
2009-08-16 08:23 . 2009-07-15 19:59 -------- d-----w- c:\documents and settings\Administrator\Dokumenter
2009-08-16 08:23 . 2009-07-15 19:59 -------- d-----r- c:\documents and settings\Administrator\Menuen Start
2009-08-16 08:23 . 2009-07-15 18:07 -------- d--h--w- c:\documents and settings\Administrator\Skabeloner
2009-08-15 13:15 . 2009-08-15 13:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Fallout3
2009-08-15 13:15 . 2008-09-16 22:20 121064 ----a-w- c:\documents and settings\All Users\Application Data\Fallout3\setup.exe
2009-08-15 13:13 . 2009-08-15 13:15 -------- d-----w- c:\windows\LastGood
2009-08-15 13:12 . 2009-08-15 13:12 -------- d-----w- c:\windows\system32\xlive
2009-08-13 05:48 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-08 11:01 . 2009-08-10 17:07 -------- d-----w- c:\documents and settings\Familien\Lokale indstillinger\Application Data\ArmA 2
2009-08-08 09:07 . 2007-03-15 14:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2009-08-08 08:35 . 2009-08-08 08:35 -------- d-----w- c:\documents and settings\Familien\Application Data\DAEMON Tools Pro
2009-08-08 08:32 . 2009-08-08 08:32 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-08-08 08:32 . 2009-08-08 08:32 -------- d-----w- c:\programmer\DAEMON Tools Toolbar
2009-08-08 08:32 . 2009-08-09 05:32 -------- d-----w- c:\programmer\DAEMON Tools Lite
2009-08-05 09:00 . 2009-08-05 09:00 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-29 17:49 . 2009-07-29 17:49 -------- d-----w- c:\documents and settings\Familien\Application Data\vlc
2009-07-29 17:01 . 2009-07-03 16:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-29 17:01 . 2009-07-03 16:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-27 17:29 . 2009-07-27 17:29 -------- d-----w- c:\documents and settings\Familien\Application Data\AdobeUM
2009-07-26 16:43 . 2009-07-26 16:43 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-07-26 16:43 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-07-26 16:43 . 2009-07-26 16:43 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-07-26 16:43 . 2009-07-26 16:43 -------- d-----w- c:\documents and settings\Familien\Application Data\TuneUp Software
2009-07-26 16:42 . 2009-07-26 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-07-26 16:42 . 2009-07-26 16:46 -------- d-----w- c:\programmer\TuneUp Utilities 2009
2009-07-26 16:40 . 2009-07-26 16:40 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-07-24 07:08 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-07-23 16:43 . 2009-07-23 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-07-23 12:59 . 2009-07-23 12:59 -------- d-----w- c:\programmer\Microsoft
2009-07-23 12:54 . 2009-07-23 12:54 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-23 12:53 . 2009-07-23 12:53 -------- d-----w- c:\programmer\MSBuild
2009-07-23 12:53 . 2009-07-23 12:53 -------- d-----w- c:\programmer\Reference Assemblies
2009-07-23 12:53 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-07-23 12:53 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-07-23 12:53 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-07-23 12:53 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-07-23 12:53 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-07-23 12:53 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-07-23 12:53 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-07-23 12:23 . 2009-07-23 12:23 -------- d-----w- c:\programmer\Fælles filer\Windows Live
2009-07-23 12:21 . 2009-08-01 14:54 -------- d-----w- c:\programmer\Microsoft Silverlight
2009-07-23 12:20 . 2009-07-23 12:20 -------- d-----w- c:\documents and settings\Familien\Lokale indstillinger\Application Data\Identities
2009-07-23 12:20 . 2009-07-23 12:20 -------- d-----w- c:\documents and settings\Familien\Application Data\Windows Desktop Search
2009-07-23 12:20 . 2009-07-23 12:20 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-23 12:20 . 2009-07-24 07:39 -------- d-----w- c:\programmer\Windows Desktop Search
2009-07-23 12:20 . 2009-07-23 12:20 -------- d-----w- c:\windows\system32\GroupPolicy
2009-07-23 12:19 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-07-23 12:19 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-07-23 12:19 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-07-23 12:16 . 2009-07-23 12:16 -------- d-----w- c:\programmer\Windows Media Connect 2
2009-07-23 12:15 . 2009-07-23 12:16 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-07-23 12:15 . 2009-07-23 12:15 -------- d-----w- c:\windows\system32\LogFiles
2009-07-23 12:13 . 2009-07-23 12:14 -------- d-----w- c:\windows\system32\URTTemp
2009-07-22 17:49 . 2009-07-22 17:50 -------- d-----w- c:\documents and settings\Familien\Lokale indstillinger\Application Data\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-17 15:36 . 2009-07-15 19:59 -------- d-----w- c:\programmer\Vuze
2009-08-17 15:36 . 2009-07-15 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-16 16:38 . 2009-08-16 15:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-16 09:44 . 2009-08-16 09:44 -------- d-----w- c:\documents and settings\Familien\Application Data\Malwarebytes
2009-08-16 08:59 . 2009-08-16 08:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-08-16 08:59 . 2009-08-16 08:58 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware
2009-08-16 08:58 . 2009-08-16 08:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-15 14:40 . 2009-07-15 19:59 -------- d-----w- c:\documents and settings\Familien\Application Data\Azureus
2009-08-15 13:33 . 2004-08-27 12:00 619584 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-08-15 13:28 . 2009-07-15 20:05 -------- d-----w- c:\documents and settings\Familien\Application Data\DAEMON Tools Lite
2009-08-15 13:15 . 2009-07-15 19:17 -------- d--h--w- c:\programmer\InstallShield Installation Information
2009-08-05 09:00 . 2004-08-27 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 11:36 . 2009-08-16 08:59 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2009-08-16 08:58 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-26 16:57 . 2009-07-15 18:19 42552 ----a-w- c:\documents and settings\Familien\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-07-26 16:54 . 2004-08-27 12:00 90840 ----a-w- c:\windows\system32\perfc006.dat
2009-07-26 16:54 . 2004-08-27 12:00 479040 ----a-w- c:\windows\system32\perfh006.dat
2009-07-18 21:00 . 2009-07-18 21:00 -------- d-----w- c:\programmer\VideoLAN
2009-07-17 19:03 . 2004-08-27 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 12:36 . 2009-07-15 18:10 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-17 11:15 . 2009-07-15 18:56 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-16 20:27 . 2009-07-16 20:28 2052376 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-16 20:26 . 2009-07-15 19:50 57 ----a-w- c:\documents and settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BR_cat.bat
2009-07-15 20:05 . 2009-07-15 20:05 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-15 20:00 . 2009-07-15 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-07-15 19:59 . 2009-07-15 19:59 -------- d-----w- c:\programmer\Fælles filer\i4j_jres
2009-07-15 19:54 . 2009-07-15 19:53 65 ----a-w- c:\windows\system32\bd9420cn.dat
2009-07-15 19:53 . 2009-07-15 19:52 -------- d-----w- c:\programmer\Brother
2009-07-15 19:52 . 2009-07-15 19:52 -------- d-----w- c:\programmer\Common Files
2009-07-15 19:52 . 2009-07-15 19:26 -------- d-----w- c:\programmer\Fælles filer\InstallShield
2009-07-15 19:51 . 2009-07-15 19:51 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-07-15 19:51 . 2009-07-15 19:51 -------- d-----w- c:\programmer\Fælles filer\ScanSoft Shared
2009-07-15 19:51 . 2009-07-15 19:51 -------- d-----w- c:\programmer\ScanSoft
2009-07-15 19:51 . 2009-07-15 19:51 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-07-15 19:50 . 2009-07-15 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
2009-07-15 19:48 . 2009-07-15 19:46 -------- d-----w- c:\programmer\Spybot - Search & Destroy
2009-07-15 19:31 . 2009-07-15 19:31 -------- d-----w- c:\programmer\AMD
2009-07-15 19:30 . 2009-07-15 19:30 -------- d-----w- c:\programmer\Analog Devices
2009-07-15 19:17 . 2009-07-15 19:17 -------- d-----w- c:\programmer\Siemens
2009-07-15 19:17 . 2009-07-15 19:17 -------- d-----w- c:\programmer\FiberBredbaand
2009-07-15 19:17 . 2009-07-15 19:17 -------- d-----w- c:\documents and settings\Familien\Application Data\InstallShield
2009-07-15 19:00 . 2009-07-15 19:00 -------- d-----w- c:\programmer\CCleaner
2009-07-15 18:56 . 2009-07-15 18:56 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-15 18:56 . 2009-07-15 18:56 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-15 18:56 . 2009-07-15 18:56 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-15 18:55 . 2009-07-15 18:55 -------- d-----w- c:\programmer\AVG
2009-07-15 18:55 . 2009-07-15 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-15 18:29 . 2009-07-15 18:29 -------- d-----w- c:\programmer\Fælles filer\Adobe
2009-07-15 18:27 . 2009-07-15 18:26 8 ----a-w- c:\windows\system32\nvModes.dat
2009-07-15 18:26 . 2009-07-15 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-07-15 18:11 . 2009-07-15 18:11 -------- d-----w- c:\programmer\microsoft frontpage
2009-07-15 18:09 . 2009-07-15 18:09 -------- d-----w- c:\programmer\Onlinetjenester
2009-07-15 18:09 . 2009-07-15 18:09 -------- d-----w- c:\programmer\Fælles filer\Tjenester
2009-07-15 18:08 . 2009-07-15 18:08 21644 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-13 21:43 . 2004-08-27 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:59 . 2004-08-27 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-21 06:46 . 2009-07-15 18:20 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-16 14:39 . 2004-08-27 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:39 . 2004-08-27 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:44 . 2004-08-27 12:00 77824 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:15 . 2004-08-27 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2009-07-15 18:07 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:28 . 2009-06-10 06:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 06:28 . 2009-06-10 06:28 5890048 ----a-w- c:\windows\system32\nvdispsr.dll
2009-06-10 06:28 . 2009-06-10 06:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 06:28 . 2009-06-10 06:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 06:28 . 2009-06-10 06:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 06:28 . 2009-06-10 06:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 06:28 . 2009-06-10 06:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 06:28 . 2009-06-10 06:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 06:16 . 2004-08-27 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-10 04:03 . 2009-07-15 18:20 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 04:03 . 2009-06-10 04:03 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 04:03 . 2009-06-10 04:03 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 04:03 . 2009-06-10 04:03 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 04:03 . 2009-06-10 04:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 04:03 . 2009-06-10 04:03 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-10 04:03 . 2009-06-10 04:03 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 04:03 . 2009-06-10 04:03 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 04:03 . 2009-06-10 04:03 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 04:03 . 2009-06-10 04:03 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 04:03 . 2009-06-10 04:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-03 19:11 . 2004-08-27 12:00 1295360 ----a-w- c:\windows\system32\quartz.dll
2009-05-24 22:24 . 2008-05-26 20:18 350208 ------w- c:\windows\system32\mssph.dll
.
------- Sigcheck -------
[7] 2004-08-27 12:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtServicePackUninstall$\ntfs.sys
[7] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\ServicePackFiles\i386\ntfs.sys
- 2009-08-15 13:33 619584 4DFB45D14330ACE7FD32EE8DBCF50C97 c:\windows\system32\drivers\ntfs.sys
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\programmer\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-15 1948440]
"SoundMAXPnP"="c:\programmer\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"SSBkgdUpdate"="c:\programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\programmer\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-18 57393]
"IndexSearch"="c:\programmer\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-18 40960]
"ControlCenter2.0"="c:\programmer\Brother\ControlCenter2\brctrcen.exe" [2005-07-22 933888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2004-10-27 61952]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-15 18:56 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmer\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmer\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Programmer\\FiberBredbaand\\Adgangsklient\\app\\TangoManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [15-07-2009 20:56 108552]
R3 ENETNT5;tango(R) Access PPPoE WAN Miniport;c:\windows\system32\drivers\ENET2K.SYS [15-07-2009 21:17 63136]
R3 SSN_3PV6;PPPv6 Miniport Driver 1;c:\windows\system32\drivers\SSN_3PV6.sys [15-07-2009 21:17 31872]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [15-07-2009 20:56 335752]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [15-07-2009 20:55 907032]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [15-07-2009 20:55 298776]
S2 TangoCoreService;Tango Core Service;c:\programmer\Siemens\Common\TangoCoreService.exe [15-07-2009 21:17 173600]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [26-07-2009 18:43 604488]
S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE [30-03-2009 16:28 1533808]
S3 ENDETECT;ENDETECT;c:\progra~1\FIBERB~1\ADGANG~1\app\ENDETECT.SYS [15-07-2009 21:17 13496]
S3 NTSTPL1;NTSTPL1;c:\progra~1\FIBERB~1\ADGANG~1\app\NTSTPL1.SYS [15-07-2009 21:17 24640]
S3 NTSTPL2;NTSTPL2;c:\progra~1\FIBERB~1\ADGANG~1\app\NTSTPL2.SYS [15-07-2009 21:34 24640]
S3 RAWESR;RAWESR;c:\progra~1\FIBERB~1\ADGANG~1\app\RAWESR.SYS [15-07-2009 21:17 15776]
S3 TAPBIND;TAPBIND;c:\progra~1\FIBERB~1\ADGANG~1\app\TAPBIND1.SYS [15-07-2009 21:17 56640]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Indhold af mappen 'Planlagte Opgaver'
2009-08-15 c:\windows\Tasks\1-Click Maintenance.job
- c:\programmer\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54]
2009-08-15 c:\windows\Tasks\User_Feed_Synchronization-{AABACC46-A535-49A1-95B3-EEC8E4083EA8}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Yderligere scanning -------
.
uStart Page =
hxxp://www.google.dk/IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-08-19 17:51
Windows 5.1.2600 Service Pack 3 NTFS
scanner skjulte processer ...
scanner skjulte autostarter ...
scanner skjulte filer ...
scanning gennemført med succes
skjulte filer: 0
**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
[HKEY_USERS\S-1-5-21-1220945662-1336601894-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Gennemført tid: 2009-08-19 17:54 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2009-08-19 15:54
ComboFix2.txt 2009-08-19 15:12
Pre-Kørsel: 45.957.230.592 byte ledig
Post-Kørsel: 45.906.415.616 byte ledig
253 --- E O F --- 2009-08-13 19:42
HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:42, on 19-08-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Familien\Skrivebord\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.dk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Hjælp til tilmelding til Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmer\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TangoManager] C:\PROGRA~1\FIBERB~1\ADGANG~1\app\TANGOM~1.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programmer\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmer\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksporter til Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) -
http://www.extrafilm.dk/ImageUploader5.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247776176359O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248348950640O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Tango Core Service (TangoCoreService) - Unknown owner - C:\Programmer\Siemens\Common\TangoCoreService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 5138 bytes
Ny bruger
Nybegynder
Opret
Preview
