Hvad skal jeg gøre med inficeret NFTS driver?
Kære kløgtige ekspert !Jeg har foretaget rensninger og scanninger som nedenstående, da jeg har et tilbagevendende problemer med smitfraud (jeg tror den er identificeret til NFTS drivers...!!) Er det korrekt?
Men jeg aner ikke hvad jeg skal køre nu?
(Vista + Windows + N360... som suppleres med SAS og CCleaner hver mdr)
P.f.t.
Lune augusthilsner
fra
CJJ
(cutpaste fra logfiler)
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 08/29/2010 at 04:38 PM
Application Version : 4.40.1002
Core Rules Database Version : 5425
Trace Rules Database Version: 3237
Scan type : Complete Scan
Total Scan Time : 02:46:07
Memory items scanned : 271
Memory threats detected : 0
Registry items scanned : 9985
Registry threats detected : 2
File items scanned : 174215
File threats detected : 0
Trojan.Smitfraud Variant/IE Anti-Spyware
HKU\S-1-5-21-3484765160-4247583211-1880310167-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034A523-D068-4BE8-A284-9DF278BE776E}
HKCR\CLSID\{9034A523-D068-4BE8-A284-9DF278BE776E}
______
SmitFraudFix v2.424
Scan done at 13:42:32,36, 29-08-2010
Run from C:\Users\Charlotte JuulJensen\Downloads\SmitfraudFix
OS: Microsoft Windows [version 6.0.6002] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\Program Files\Google\googletoolbar1.dll Deleted
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{29D6CEEB-39FD-496B-BD97-9791FD146791}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{86BCD618-9D5C-46F6-8D84-CDD6FB1F4ACF}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{29D6CEEB-39FD-496B-BD97-9791FD146791}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{86BCD618-9D5C-46F6-8D84-CDD6FB1F4ACF}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{29D6CEEB-39FD-496B-BD97-9791FD146791}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{86BCD618-9D5C-46F6-8D84-CDD6FB1F4ACF}: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK.2
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
ComboFix 10-08-28.02 - Charlotte JuulJensen 29-08-2010 17:02:53.2.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.45.1030.18.1015.689 [GMT 2:00]
Kører fra: c:\users\Charlotte JuulJensen\Downloads\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Dannede nyt systemgendannelsespunkt
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\fdgg34353edfgdfdf
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\inetko.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\system32\drivers\ntfs.sys . . . er inficeret!!
.
((((((((((((((((((((((((((((( Filer skabt fra 2010-07-28 til 2010-08-29 )))))))))))))))))))))))))))))))))))
.
2010-08-29 15:11 . 2010-08-29 15:15 -------- d-----w- c:\users\Charlotte JuulJensen\AppData\Local\temp
2010-08-29 15:11 . 2010-08-29 15:11 -------- d-----w- c:\users\Gæst\AppData\Local\temp
2010-08-29 15:11 . 2010-08-29 15:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-27 11:19 . 2010-08-27 17:28 -------- d-----w- c:\users\Charlotte JuulJensen\litteratur
2010-08-27 09:15 . 2010-08-27 16:53 -------- d-----w- c:\users\Charlotte JuulJensen\Gentofte
2010-08-27 09:13 . 2010-08-27 11:26 -------- d-----w- c:\users\Charlotte JuulJensen\~ Catering & Sundhed ~
2010-08-27 09:11 . 2010-08-27 11:09 -------- d-----w- c:\users\Charlotte JuulJensen\~ HRM, kommunikation & virksomhedsforståelse ~
2010-08-27 09:02 . 2010-08-27 11:36 -------- d-----w- c:\users\Charlotte JuulJensen\netværk
2010-08-27 08:46 . 2010-08-27 11:22 -------- d-----w- c:\users\Charlotte JuulJensen\Unbelievable
2010-08-27 08:43 . 2010-08-27 17:12 -------- d-----w- c:\users\Charlotte JuulJensen\Mails
2010-08-11 20:36 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-11 20:27 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-11 20:27 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-11 20:27 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-11 20:27 . 2010-06-11 16:16 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-11 20:20 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-11 20:16 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-11 20:16 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 20:16 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 20:15 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-29 14:55 . 2008-09-30 18:07 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-29 14:52 . 2007-02-06 02:40 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-29 11:42 . 2008-06-05 18:53 -------- d-----w- c:\program files\Google
2010-08-29 11:42 . 2010-08-29 11:42 691 ----a-w- c:\users\Charlotte JuulJensen\AppData\Roaming\GetValue.vbs
2010-08-29 11:42 . 2010-08-29 11:42 35 ----a-w- c:\users\Charlotte JuulJensen\AppData\Roaming\SetValue.bat
2010-08-29 11:42 . 2010-08-29 11:42 35 ----a-w- c:\users\Charlotte JuulJensen\AppData\Roaming\SetValue.bat
2010-08-29 09:11 . 2010-07-08 16:51 63488 ----a-w- c:\users\Charlotte JuulJensen\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-29 09:11 . 2009-06-15 15:26 117760 ----a-w- c:\users\Charlotte JuulJensen\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-29 07:05 . 2009-09-19 08:02 524288 --sha-w- c:\users\Gæst\NTUSER.DAT
2010-08-29 06:06 . 2007-02-05 09:17 474692 ----a-w- c:\windows\system32\perfh006.dat
2010-08-29 06:06 . 2007-02-05 09:17 82798 ----a-w- c:\windows\system32\perfc006.dat
2010-08-28 18:49 . 2008-06-04 14:27 106480 ----a-w- c:\users\Charlotte JuulJensen\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-28 07:24 . 2008-06-04 17:46 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-26 06:18 . 2008-06-08 20:46 59 ----a-w- c:\windows\wpd99.drv
2010-08-26 06:18 . 2008-06-08 20:46 -------- d-----w- c:\programdata\pdf995
2010-08-11 20:45 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-02 12:42 . 2008-06-04 15:47 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-02 12:41 . 2008-06-04 16:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-02 12:15 . 2008-07-02 14:25 -------- d-----w- c:\program files\CCleaner
2010-08-01 06:38 . 2008-07-04 07:24 -------- d-----w- c:\users\Charlotte JuulJensen\AppData\Roaming\Skype
2010-08-01 06:15 . 2008-07-04 07:28 -------- d-----w- c:\users\Charlotte JuulJensen\AppData\Roaming\skypePM
2010-07-08 06:20 . 2010-07-08 06:20 -------- d-----w- c:\program files\MSXML 4.0
2010-07-07 11:59 . 2008-08-06 22:50 -------- d-----w- c:\program files\Common Files\Logishrd
2010-07-07 11:36 . 2010-07-07 11:36 10134 ----a-r- c:\users\Charlotte JuulJensen\AppData\Roaming\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
2010-07-07 11:36 . 2010-07-07 11:36 10134 ----a-r- c:\users\Charlotte JuulJensen\AppData\Roaming\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
2010-07-07 11:35 . 2010-07-07 11:35 10134 ----a-r- c:\users\Charlotte JuulJensen\AppData\Roaming\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe
2010-07-07 11:31 . 2008-06-04 17:38 -------- d-----w- c:\programdata\LogiShrd
2010-07-07 11:31 . 2008-06-04 17:38 -------- d-----w- c:\programdata\Logitech
2010-07-07 11:31 . 2008-06-04 17:38 -------- d-----w- c:\program files\Logitech
2010-07-05 04:46 . 2008-06-04 15:48 -------- d-----w- c:\program files\lg_swupdate
2010-06-26 06:05 . 2010-08-12 06:17 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 06:17 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-12 06:17 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-12 06:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2005-05-26 12:35 . 2008-08-25 19:54 1422 ----a-w- c:\program files\ReadMe.txt
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2006-12-05 2486272]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-05 171448]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-09-14 148776]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LG Intelligent Update"="c:\program files\lg_swupdate\giljabistart.exe" [2008-11-22 251184]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 4317184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 815104]
"MGSysCtrl"="c:\program files\LG Software\System Control Manager\MGSysCtrl.exe" [2007-01-23 565248]
"InstantBurn"="c:\progra~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe" [2006-12-04 589824]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"hcenter"="c:\program files\Support.com\bin\tgcmd.exe" [2005-04-08 1757184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-09-14 161064]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 36864]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-07 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-07 774168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
EZ-DUB Finder.lnk - c:\program files\INITIO\EZ-DUB Finder v1.3.2\inihid.exe [2008-8-25 176128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-6-4 805392]
Opdateringsagent.lnk - c:\program files\Connect it\Connect it\AutoUpdateSrv.exe [2010-4-28 667648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-07-08 16:50 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):a4,cd,b4,af,37,12,ca,01
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-24 103040]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-07-08 12872]
R3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl.sys [2009-06-05 39424]
S0 CLBStor;InstantBurn Storage Helper Driver; [x]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2006-11-20 38400]
S0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2006-11-17 31360]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2010-01-20 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2010-01-20 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2010-01-20 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100827.001\IDSvix86.sys [2010-05-28 344112]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-07-08 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-07-08 67656]
S2 CLBUDF;CyberLink UDF Filesystem; [x]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2010-01-20 117640]
S2 NishService;Evil Driver Daemon;c:\program files\LG Software\System Control Manager\edd.exe [2006-03-02 40960]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2006-11-22 5120]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
S3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [2006-07-03 9088]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-05-11 329728]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [2010-01-20 48688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 15:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Yderligere scanning -------
.
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: adobe.com
Trusted Zone: elitedaters.com\dk
Trusted Zone: sydbank.dk
Trusted Zone: www.dr.dk
DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
.
- - - - TOMME GENVEJE FJERNET - - - -
URLSearchHooks-{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - (no file)
Toolbar-{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - (no file)
WebBrowser-{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC} - (no file)
**************************************************************************
scanner skjulte processer ...
scanner skjulte autostarter ...
scanner skjulte filer ...
scanning gennemført med succes
skjulte filer:
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs startet under kørende Processer ---------------------
- - - - - - - > 'Explorer.exe'(9116)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\pnidui.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\o2flash.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\windows\system32\DllHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\RacAgent.exe
.
**************************************************************************
.
Gennemført tid: 2010-08-29 17:32:21 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2010-08-29 15:29
ComboFix2.txt 2008-10-01 19:16
Pre-Kørsel: 16.335.441.920 byte ledig
Post-Kørsel: 15.360.221.184 byte ledig
- - End Of File - - 7E4D7FA38D46926A0204B4E9DB5F294E