Her kommer lige 3 log filer:
Hijackthis:
-------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:24, on 27-10-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\keyhook.exe
C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe
C:\Programmer\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\acer\eRecovery\Monitor.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\kennie\Skrivebord\spywarefri\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.dk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://global.acer.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmer\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmer\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programmer\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programmer\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiSPower] "Rundll32.exe" SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programmer\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmer\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [IndexSearch] C:\Programmer\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmer\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programmer\Fælles filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Statusmonitor.lnk = C:\Programmer\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -
http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabO16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) -
http://dl.tvunetworks.com/TVUAx.cabO16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) -
http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206969775937O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) -
https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cabO16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) -
https://plugins.valueactive.eu/flashax/iefax.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
--
End of file - 7522 bytes
----------------------------------------
malwarebytes antimalware:
----------------------------------------
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3
27-10-2009 12:15:41
mbam-log-2009-10-27 (12-15-41).txt
Skan type: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 194119
Tid tilbagelagt: 49 minute(s), 31 second(s)
Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 1
Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)
Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)
Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)
Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)
Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)
Inficerede Mapper:
(Ingen mistænkelige filer fundet)
Inficerede Filer:
C:\Documents and Settings\kennie\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
---------------------------------------------
Combofix: (Bemærk at jeg har undladt at vise snapshot da denne tråd ellers ville fylde 15-20 sider)
----------------------------------------------
ComboFix 09-10-26.03 - kennie 27-10-2009 12:39.7.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.45.1030.18.958.596 [GMT 1:00]
Kører fra: c:\documents and settings\kennie\Skrivebord\spywarefri\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\839718926.dat
.
((((((((((((((((((((((((((((( Filer skabt fra 2009-09-27 til 2009-10-27 )))))))))))))))))))))))))))))))))))
.
2009-10-26 16:45 . 2009-10-26 16:45 -------- d-----w- C:\FOUND.008
2009-10-26 13:07 . 2009-10-26 13:07 -------- d-----w- C:\FOUND.007
2009-10-26 12:54 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-26 12:54 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-26 12:54 . 2009-10-26 12:54 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware
2009-10-22 15:06 . 2005-03-11 17:37 1986560 ----a-w- c:\windows\system32\AudFile.dll
2009-10-22 15:06 . 2005-02-24 12:11 1212416 ----a-w- c:\windows\system32\AudioInfos.dll
2009-10-22 15:06 . 2005-02-24 11:51 348160 ----a-w- c:\windows\system32\WMAFile.dll
2009-10-22 15:06 . 2003-01-26 11:41 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2009-10-22 15:06 . 2000-10-01 17:00 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2009-10-22 15:06 . 1998-07-12 21:00 15360 ----a-w- c:\windows\system32\inetfr.DLL
2009-10-22 15:06 . 1998-07-12 21:00 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2009-10-22 15:06 . 1998-07-12 17:00 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2009-10-13 17:31 . 2009-10-13 17:31 0 ----a-w- c:\documents and settings\kennie\temp.dat
2009-10-10 15:35 . 2009-10-10 15:35 -------- d--h--w- c:\windows\ie8
2009-10-10 15:28 . 2009-07-03 17:59 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-10-10 15:28 . 2009-07-03 17:59 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-26 13:37 . 2007-01-03 05:19 90112 ----a-w- c:\windows\DUMP7acd.tmp
2009-09-26 19:57 . 2009-09-26 19:57 -------- d-----w- c:\programmer\MagicDVDRipper
2009-09-26 19:46 . 2009-09-26 19:46 -------- d-----w- c:\documents and settings\kennie\Application Data\DeepBurner Pro
2009-09-18 12:34 . 2009-09-18 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-09-18 12:04 . 2009-09-18 12:04 -------- d-----w- c:\programmer\Fælles filer\Macrovision Shared
2009-09-18 08:09 . 2009-09-18 08:09 -------- d-----w- c:\documents and settings\kennie\Application Data\Download Manager
2009-09-16 05:17 . 2009-06-21 23:05 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-16 05:17 . 2009-06-21 23:05 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-16 05:17 . 2009-06-21 23:05 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-16 05:17 . 2009-09-16 05:17 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-09-03 22:12 . 2009-09-03 22:12 -------- d-----w- c:\programmer\Causeway
2009-08-24 17:32 . 2007-05-09 08:21 626336 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-08-21 20:15 . 2009-08-21 20:15 557568 ----a-w- c:\windows\system32\B4FM.dll
2007-08-25 15:04 . 2007-08-25 15:04 48 --sh--w- c:\windows\SB8FC43C8.tmp
.
------- Sigcheck -------
- 2009-08-24 17:32 . E2581681C59BEF5922907AC7B35FF763 . 626336 . . [------] . . c:\windows\system32\drivers\ntfs.sys
[7] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
- 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\SoftwareDistribution_0ld\Download\0e4a4fd5d0f98f05f5a58f414cbf0e7a\sp2qfe\ntfs.sys
- 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
- 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\SoftwareDistribution_0ld\Download\0e4a4fd5d0f98f05f5a58f414cbf0e7a\sp2gdr\ntfs.sys
- 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-06-21_16.02.10 )))))))))))))))))))))))))))))))))))))))))
------------dette er udeladt-----------------
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\programmer\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 10:58 1107200 ----a-w- c:\programmer\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmer\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programmer\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\programmer\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SUPERAntiSpyware"="c:\programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-18 2000112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programmer\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 98394]
"SynTPEnh"="c:\programmer\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 688218]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2005-03-04 32768]
"SetDefPrt"="c:\programmer\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-27 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-27 455168]
"PaperPort PTD"="c:\programmer\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-18 57393]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-27 59392]
"IndexSearch"="c:\programmer\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-18 40960]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-27 208952]
"eRecoveryService"="c:\windows\System32\Check.exe" [2005-03-23 245760]
"ControlCenter2.0"="c:\programmer\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" [2009-05-26 413696]
"AdobeCS4ServiceManager"="c:\programmer\Fælles filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2008-12-24 136600]
"Malwarebytes Anti-Malware (reboot)"="c:\programmer\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2005-02-25 49152]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-10-07 88363]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-02-23 77824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-3-8 331776]
Statusmonitor.lnk - c:\programmer\Brother\Brmfcmon\BrMfcWnd.exe [2007-1-10 802816]
Microsoft Office.lnk - c:\programmer\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmer\SUPERAntiSpyware\SASSEH.DLL" [2008-05-20 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-07 07:53 548352 ----a-w- c:\programmer\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-16 05:17 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programmer\\Messenger\\MSMSGS.EXE"=
"c:\\StubInstaller.exe"=
"c:\\Programmer\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmer\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Programmer\\Fælles filer\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [22-06-2009 00:05 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [22-06-2009 00:05 108552]
R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\SASDIFSV.SYS [10-10-2006 12:53 9968]
R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [09-01-2007 14:09 74480]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [22-06-2009 00:04 297752]
R3 SASENUM;SASENUM;c:\programmer\SUPERAntiSpyware\SASENUM.SYS [16-02-2006 16:51 4096]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [27-03-2009 10:14 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [27-03-2009 10:14 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [27-03-2009 10:14 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [27-03-2009 10:14 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [27-03-2009 10:14 98568]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys --> c:\windows\system32\Drivers\usbaapl.sys [?]
--- Andre Services/Drivers i Hukommelsen ---
*NewlyCreated* - MBR
*Deregistered* - mbr
.
.
------- Yderligere scanning -------
.
uStart Page =
hxxp://www.google.dk/uInternet Connection Wizard,ShellNext =
hxxp://global.acer.com/Trusted Zone: danskespil.dk\www
Trusted Zone: sydbank.dk
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} -
hxxps://plugins.valueactive.eu/flashax/iefax.cabFF - ProfilePath - c:\documents and settings\kennie\Application Data\Mozilla\Firefox\Profiles\axbkgqx6.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.dk/---- FIREFOX POLITIKKER ----
c:\programmer\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
.
- - - - TOMME GENVEJE FJERNET - - - -
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
HKCU-Run-AdobeBridge - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-10-27 12:45
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanner skjulte processer ...
scanner skjulte autostarter ...
scanner skjulte filer ...
scanning gennemført med succes
skjulte filer: 0
**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
[HKEY_USERS\S-1-5-21-1704592144-1855578193-1693350882-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D525ABFA-367F-1C60-AE4D-5793431FD82B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"nagheoghdilceficlpmhonjdlhfn"=hex:6a,61,6c,69,66,67,6e,6e,6d,6e,62,62,69,6c,
68,64,6c,64,6b,70,00,b9
"maaicnheiooeikbeioibnblkhc"=hex:6a,61,6e,69,65,70,6f,68,61,66,62,6b,67,63,61,
67,68,6c,6a,66,00,00
"ebejafhnkdinellommipbeibjlgimeacdalokafnll"=hex:66,61,6a,69,69,66,6a,69,65,67,
6a,6f,00,fa
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D525ABFA-367F-1C60-AE4D-5793431FD82B}\InProcServer32*]
"oamhlmlodhdanafnjmbeckeonmeojk"=hex:6a,61,6c,69,66,67,6e,6e,6d,6e,62,62,69,6c,
68,64,6c,64,6b,70,00,b9
"namhjmbcgodpbkbgooncfcmeooim"=hex:6a,61,6e,69,65,70,6f,68,61,66,62,6b,67,63,
61,67,68,6c,6a,66,00,b9
"gamhlmoobmgifm"=hex:66,61,6a,69,69,66,6a,69,65,67,6a,6f,00,fa
.
--------------------- DLLs startet under kørende Processer ---------------------
- - - - - - - > 'winlogon.exe'(656)
c:\programmer\SUPERAntiSpyware\SASWINLO.DLL
c:\programmer\Fælles filer\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Gennemført tid: 2009-10-27 12:46
ComboFix-quarantined-files.txt 2009-10-27 11:46
ComboFix2.txt 2009-06-21 17:03
ComboFix3.txt 2008-09-04 06:08
ComboFix4.txt 2008-08-16 07:45
ComboFix5.txt 2009-10-27 11:37
Pre-Kørsel: 3.958.472.704 byte ledig
Post-Kørsel: 3.939.401.728 byte ledig
- - End Of File - - A5D2384CE5DA9701F8D19A45AFA7D34F