div. logs. 3 stk.
Malwarebytes' Anti-Malware 1.28Database version: 1141
Windows 5.1.2600 Service Pack 3
12-09-2008 07:37:18
mbam-log-2008-09-12 (07-37-18).txt
Skan type: Fuldstændig skanning (C:\|)
Objekter skannet: 89792
Tid tilbagelagt: 27 minute(s), 10 second(s)
Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 1
Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)
Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)
Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)
Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)
Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)
Inficerede Mapper:
(Ingen mistænkelige filer fundet)
Inficerede Filer:
C:\Documents and Settings\Administrator\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:33, on 13-09-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Portrait Displays\Shared\DTSRVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\Philips Display\SmartControl II\DTHtml.exe
C:\Programmer\Razer\Habu\razerhid.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\Microsoft LifeChat\LifeChat.exe
C:\Programmer\Fælles filer\Portrait Displays\Shared\HookManager.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\programmer\steam\steam.exe
C:\Programmer\Fælles filer\Ahead\lib\NMBgMonitor.exe
C:\Programmer\Microsoft IntelliType Pro\dpupdchk.exe
C:\Programmer\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
C:\Programmer\uTorrent\uTorrent.exe
C:\Programmer\Razer\Habu\razerofa.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmer\internet explorer\iexplore.exe
C:\Documents and Settings\Administrator\Skrivebord\Spywarefri\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DT PHL] C:\Programmer\Philips Display\SmartControl II\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [Habu] C:\Programmer\Razer\Habu\razerhid.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [itype] "C:\Programmer\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LifeChat] "C:\Programmer\Microsoft LifeChat\LifeChat.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\programmer\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\lib\NMBgMonitor.exe"
O4 - HKLM\..\Policies\Explorer\Run: [GDm7YZc1ZE] C:\Documents and Settings\All Users\Application Data\gxkxanud\mzozknor.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: SMCWUSB-G 802.11g Wireless USB Utility.lnk = C:\Programmer\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
O4 - Global Startup: µTorrent.lnk = C:\Programmer\uTorrent\uTorrent.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programmer\Fælles filer\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
--
End of file - 6332 bytes
------------------------------------------------------------------
ComboFix 08-09-12.06 - Administrator 2008-09-13 11:06:23.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1030.18.616 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Skrivebord\Spywarefri\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-08-13 to 2008-09-13 )))))))))))))))))))))))))))))))
.
2008-09-12 07:12 . 2008-09-12 07:12 <DIR> d-------- C:\Programmer\Microsoft LifeChat
2008-09-12 06:50 . 2008-09-12 06:51 <DIR> d-------- C:\Programmer\Malwarebytes' Anti-Malware
2008-09-12 06:50 . 2008-09-12 06:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-12 06:50 . 2008-09-12 06:50 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-09-12 06:50 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-12 06:50 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-11 20:45 . 2008-09-11 20:45 <DIR> d-------- C:\Programmer\CCleaner
2008-09-11 20:41 . 2008-09-11 20:41 40,960 --a------ C:\WINDOWS\system32\drivers\796.exe
2008-09-11 20:33 . 2008-09-11 20:33 <DIR> d-------- C:\Programmer\mlsluod
2008-09-11 20:33 . 2008-09-11 20:33 40,960 --a------ C:\WINDOWS\system32\drivers\937.exe
2008-09-11 20:33 . 2008-09-11 20:33 32 --a-s---- C:\WINDOWS\system32\886959791.dat
2008-09-10 22:38 . 2008-09-10 22:38 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-09-08 22:27 . 2008-09-08 22:27 <DIR> d-------- C:\Programmer\arniWORX
2008-09-08 21:28 . 2008-04-13 20:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-09-08 21:20 . 2008-09-08 21:20 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Teleca
2008-09-08 21:19 . 2008-09-08 22:48 <DIR> d-------- C:\Programmer\Sony Ericsson
2008-09-08 21:19 . 2008-09-08 22:48 <DIR> d-------- C:\Programmer\Fælles filer\Teleca Shared
2008-09-08 21:19 . 2008-09-08 22:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-09-08 21:16 . 2008-09-08 21:16 89,872 --a------ C:\WINDOWS\system32\drivers\k750mdm.sys
2008-09-08 21:16 . 2008-09-08 21:16 81,728 --a------ C:\WINDOWS\system32\drivers\k750mgmt.sys
2008-09-08 21:16 . 2008-09-08 21:16 79,488 --a------ C:\WINDOWS\system32\drivers\k750obex.sys
2008-09-08 21:16 . 2008-09-08 21:16 55,216 --a------ C:\WINDOWS\system32\drivers\k750bus.sys
2008-09-08 21:16 . 2008-09-08 21:16 6,576 --a------ C:\WINDOWS\system32\drivers\k750mdfl.sys
2008-09-08 21:16 . 2008-09-08 21:16 6,144 --a------ C:\WINDOWS\system32\drivers\k750cmnt.sys
2008-09-08 21:16 . 2008-09-08 21:16 6,144 --a------ C:\WINDOWS\system32\drivers\k750cm.sys
2008-09-08 21:16 . 2008-09-08 21:16 5,744 --a------ C:\WINDOWS\system32\drivers\k750whnt.sys
2008-09-08 21:16 . 2008-09-08 21:16 5,744 --a------ C:\WINDOWS\system32\drivers\k750wh.sys
2008-09-08 06:37 . 2008-09-08 06:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Tunebite
2008-09-08 06:37 . 2008-02-20 13:47 27,936 --a------ C:\WINDOWS\system32\drivers\tbhsd.sys
2008-09-07 20:42 . 2008-09-08 06:22 16,896 --a------ C:\WINDOWS\system32\WinCtrl32(2).dll
2008-09-07 20:25 . 2008-09-08 06:31 <DIR> d-------- C:\Programmer\IE New Window Maximizer
2008-09-07 17:48 . 2008-09-08 06:37 <DIR> d-------- C:\Programmer\PixiePack Codec Pack
2008-09-07 17:46 . 2008-09-07 17:46 <DIR> d-------- C:\Programmer\RapidSolution
2008-09-07 17:46 . 2008-09-08 06:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RapidSolution
2008-09-07 17:24 . 2008-09-07 17:24 <DIR> d-------- C:\Programmer\Microsoft Silverlight
2008-09-07 16:41 . 2008-09-07 16:41 <DIR> d-------- C:\Programmer\uTorrent
2008-09-07 16:41 . 2008-09-13 11:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-09-07 15:59 . 2008-09-07 16:06 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-07 15:01 . 2008-09-07 15:01 244 --ah----- C:\sqmnoopt06.sqm
2008-09-07 15:01 . 2008-09-07 15:01 232 --ah----- C:\sqmdata06.sqm
2008-09-07 14:17 . 2008-09-07 14:17 268 --ah----- C:\sqmdata05.sqm
2008-09-07 14:17 . 2008-09-07 14:17 244 --ah----- C:\sqmnoopt05.sqm
2008-09-07 12:43 . 2008-09-07 12:43 <DIR> d-------- C:\WINDOWS\system32\da
2008-09-07 12:43 . 2008-09-07 12:43 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-07 12:43 . 2008-09-07 12:43 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-07 12:39 . 2008-09-07 12:45 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-07 12:06 . 2008-09-07 12:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ice Age 2
2008-09-07 12:06 . 2008-09-07 12:06 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-09-07 12:06 . 2008-09-07 12:06 1 --a------ C:\DXOkay.bin
2008-09-07 11:10 . 2004-08-26 17:48 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-09-06 17:58 . 2008-09-11 13:07 <DIR> d-------- C:\WINDOWS\system32\oodag
2008-09-06 17:58 . 2008-09-07 15:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ahead
2008-09-06 17:56 . 2008-09-06 17:56 <DIR> d-------- C:\Programmer\Nero
2008-09-06 17:56 . 2008-09-06 17:56 <DIR> d-------- C:\Programmer\Fælles filer\Ahead
2008-09-06 17:52 . 2008-09-06 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-09-06 17:07 . 2008-09-06 17:07 244 --ah----- C:\sqmnoopt04.sqm
2008-09-06 17:07 . 2008-09-06 17:07 232 --ah----- C:\sqmdata04.sqm
2008-09-06 17:05 . 2008-09-06 17:05 244 --ah----- C:\sqmnoopt03.sqm
2008-09-06 17:05 . 2008-09-06 17:05 232 --ah----- C:\sqmdata03.sqm
2008-09-06 17:03 . 2008-09-06 17:06 <DIR> d-------- C:\WINDOWS\nview
2008-09-06 17:03 . 2006-03-09 15:29 180,224 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-09-06 17:03 . 2008-09-13 10:22 50,257 --a------ C:\WINDOWS\system32\nvapps.xml
2008-09-06 17:03 . 2006-03-09 15:29 16,960 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-09-06 17:02 . 2006-03-09 17:59 180,224 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-09-06 16:59 . 2008-09-06 16:59 172 --ah----- C:\sqmnoopt02.sqm
2008-09-06 16:59 . 2008-09-06 16:59 172 --ah----- C:\sqmdata02.sqm
2008-09-06 16:43 . 2008-09-06 16:43 244 --ah----- C:\sqmnoopt01.sqm
2008-09-06 16:43 . 2008-09-06 16:43 232 --ah----- C:\sqmdata01.sqm
2008-09-06 16:41 . 2006-03-09 15:29 1,519,616 --a------ C:\WINDOWS\system32\nwiz.exe
2008-09-06 16:41 . 2006-03-09 15:29 1,466,368 --a------ C:\WINDOWS\system32\nview.dll
2008-09-06 16:41 . 2006-03-09 15:29 466,944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-09-06 16:41 . 2006-03-09 15:29 442,368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-09-06 16:41 . 2006-03-09 15:29 425,984 --a------ C:\WINDOWS\system32\keystone.exe
2008-09-06 16:41 . 2006-03-09 15:29 73,728 --a------ C:\WINDOWS\system32\nvtuicpl.cpl
2008-09-06 16:25 . 2008-09-06 16:25 <DIR> d-------- C:\Programmer\Trend Micro
2008-09-06 16:23 . 2008-09-06 16:23 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-09-06 16:23 . 2008-09-06 16:23 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-09-06 16:23 . 2008-09-06 16:23 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-09-06 16:23 . 2008-09-06 17:57 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-09-06 16:23 . 2008-09-06 16:23 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-09-06 16:10 . 2008-09-06 16:10 2,475 --a------ C:\WINDOWS\system32\CoverPirate-Printersettings.bin
2008-09-06 16:06 . 2008-09-06 16:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Elaborate Bytes
2008-09-06 15:56 . 2008-09-13 10:23 <DIR> d-------- C:\Programmer\Steam
2008-09-06 15:42 . 2008-09-06 15:45 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
2008-09-06 15:33 . 2008-09-06 15:33 <DIR> d-------- C:\Programmer\Intel
2008-09-06 15:32 . 2008-09-06 15:32 <DIR> d-------- C:\Programmer\Realtek Sound Manager
2008-09-06 15:32 . 2008-09-06 15:32 <DIR> d-------- C:\Programmer\Realtek AC97
2008-09-06 15:32 . 2008-09-06 15:32 <DIR> d-------- C:\Programmer\AvRack
2008-09-06 15:32 . 2006-11-17 06:40 18,804,736 -ra------ C:\WINDOWS\system32\alsndmgr.cpl
2008-09-06 15:32 . 2006-12-08 16:20 10,528,768 -ra------ C:\WINDOWS\system32\RTLCPL.exe
2008-09-06 15:32 . 2007-03-08 15:34 4,027,840 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-09-06 15:32 . 2006-11-17 06:42 577,536 -ra------ C:\WINDOWS\soundman.exe
2008-09-06 15:32 . 2006-07-31 12:19 315,392 -ra------ C:\WINDOWS\alcupd.exe
2008-09-06 15:32 . 2006-07-31 12:27 217,088 -ra------ C:\WINDOWS\Alcrmv.exe
2008-09-06 15:32 . 2006-10-18 03:53 147,456 -ra------ C:\WINDOWS\system32\RtlCPAPI.dll
2008-09-06 15:32 . 2002-02-05 14:54 141,016 -ra------ C:\WINDOWS\system32\alsndmgr.wav
2008-09-06 15:32 . 2006-08-01 16:02 49,152 -ra------ C:\WINDOWS\system32\ChCfg.exe
2008-09-06 15:32 . 2001-07-06 01:19 164 -ra------ C:\WINDOWS\avrack.ini
2008-09-06 15:31 . 2008-09-06 15:31 <DIR> d-------- C:\Programmer\Microsoft IntelliType Pro
2008-09-06 15:22 . 2008-04-13 20:45 6,272 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-09-06 15:10 . 2008-09-06 17:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Desktop Sidebar
2008-09-06 15:00 . 2008-04-14 18:05 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-09-06 15:00 . 2001-08-17 23:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-10 20:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-07 12:17 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-09-07 11:20 --------- d-----w C:\Programmer\MSN Messenger
2008-09-07 09:36 --------- d--h--w C:\Programmer\InstallShield Installation Information
2008-09-06 15:49 --------- d-----w C:\Programmer\Fælles filer\Adobe
2008-09-06 13:32 --------- d-----w C:\Programmer\Fælles filer\InstallShield
2008-09-06 12:28 --------- d-----w C:\Programmer\Alwil Software
2008-09-06 12:27 --------- d-----w C:\Programmer\Razer
2008-09-06 12:27 --------- d-----w C:\Programmer\DIFX
2008-09-06 12:25 --------- d-----w C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-09-06 12:11 --------- d-----w C:\Programmer\SMC
2008-09-06 12:11 --------- d-----w C:\Documents and Settings\Administrator\Application Data\DisplayTune
2008-09-06 12:10 --------- d-----w C:\Programmer\Philips Display
2008-09-06 12:10 --------- d-----w C:\Programmer\Fælles filer\Portrait Displays
2008-09-06 11:57 --------- d-----w C:\Programmer\MSBuild
2008-09-06 11:57 --------- d-----w C:\Programmer\Microsoft Works
2008-09-06 11:56 --------- d-----w C:\Programmer\Microsoft.NET
2008-09-06 11:50 --------- d-----w C:\Programmer\Winamp
2008-09-06 11:48 --------- d-----w C:\Programmer\OO Software
2008-09-06 11:45 --------- d-----w C:\Programmer\Skype
2008-09-06 11:45 --------- d-----w C:\Programmer\ImgBurn
2008-09-06 11:45 --------- d-----w C:\Programmer\Fælles filer\Skype
2008-09-06 11:45 --------- d-----w C:\Programmer\Elaborate Bytes
2008-09-06 11:45 --------- d-----w C:\Programmer\DVD Decrypter
2008-09-06 11:45 --------- d-----w C:\Programmer\D-Tools
2008-09-06 11:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-09-06 11:44 --------- d-----w C:\Programmer\Windows Media Connect 2
2008-09-06 11:12 --------- d-----w C:\Programmer\MSXML 4.0
2008-09-06 11:12 --------- d-----w C:\Programmer\microsoft frontpage
2008-09-06 11:04 --------- d-----w C:\Programmer\Onlinetjenester
2008-09-06 11:03 --------- d-----w C:\Programmer\Fælles filer\Tjenester
2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-23 16:33 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:48 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
.
------- Sigcheck -------
2005-05-25 21:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2002-12-31 14:00 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2008-04-13 21:20 361344 accf5a9a1ffaa490f33dba1c632b95e1 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\SoftwareDistribution\Download\911b84dc29bde76b4b99ee733285e3fa\sp2qfe\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\SoftwareDistribution\Download\911b84dc29bde76b4b99ee733285e3fa\sp3gdr\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\SoftwareDistribution\Download\911b84dc29bde76b4b99ee733285e3fa\sp3qfe\tcpip.sys
2008-04-13 21:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\99347e47d897dd2409ecd2a34a331d3a\tcpip.sys
2008-06-20 13:51 361600 9425b72f40257b45d45d24773273dad0 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 13:51 361600 9425b72f40257b45d45d24773273dad0 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot@2008-09-11_20.55.13.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 14:09:50 1,419,232 -c--a-w C:\WINDOWS\system32\DRVSTORE\xusb21_1A5FFD0898A3ADE446D972BD05D9A93BDBB6DA9A\x86\WdfCoInstaller01005.dll
+ 2007-08-28 15:05:12 55,808 -c--a-w C:\WINDOWS\system32\DRVSTORE\xusb21_1A5FFD0898A3ADE446D972BD05D9A93BDBB6DA9A\x86\xusb21.sys
- 2008-09-08 04:32:26 596,348 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2008-09-12 04:47:37 16,912 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2008-09-13 08:22:13 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_59c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Steam"="c:\programmer\steam\steam.exe" [2008-09-06 1271032]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmer\Fælles filer\Ahead\lib\NMBgMonitor.exe" [2005-09-08 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools-1033"="C:\Programmer\D-Tools\daemon.exe" [2004-08-22 81920]
"DT PHL"="C:\Programmer\Philips Display\SmartControl II\DTHtml.exe" [2007-07-27 292352]
"Habu"="C:\Programmer\Razer\Habu\razerhid.exe" [2007-05-11 176128]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"itype"="C:\Programmer\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 7561216]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 86016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"LifeChat"="C:\Programmer\Microsoft LifeChat\LifeChat.exe" [2008-08-21 267296]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2006-03-09 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
SMCWUSB-G 802.11g Wireless USB Utility.lnk - C:\Programmer\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe [2006-01-18 442368]
æTorrent.lnk - C:\Programmer\uTorrent\uTorrent.exe [2008-09-07 267056]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2007-01-29 15:36 25370152 C:\Programmer\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-03-10 19:45 35328 C:\Programmer\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsLivePhone]
--a------ 2006-12-04 10:33 709440 C:\PROGRA~1\MSNMES~1\DEVICE~1\msgrdvmn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmer\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmer\\MSN Messenger\\livecall.exe"=
"C:\\Programmer\\Skype\\Phone\\Skype.exe"=
"C:\\Programmer\\uTorrent\\uTorrent.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 HabuFltr;Habu Mouse;C:\WINDOWS\system32\drivers\habu.sys [2006-10-23 27776]
R3 SMCWGU(SMC);SMCWUSB-G 802.11g Wireless USB 2.0 Adapter(SMC);C:\WINDOWS\system32\DRIVERS\SMCWGU.sys [2005-12-16 408064]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
C:\Programmer\PixiePack Codec Pack\InstallerHelper.exe
.
- - - - ORPHANS REMOVED - - - -
HKLM-Explorer_Run-GDm7YZc1ZE - C:\Documents and Settings\All Users\Application Data\gxkxanud\mzozknor.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-13 11:08:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-09-13 11:10:17
ComboFix-quarantined-files.txt 2008-09-13 09:10:14
ComboFix2.txt 2008-09-11 18:55:33
Pre-Run: 37,979,799,552 byte ledig
Post-Run: 38,088,695,808 byte ledig
261 --- E O F --- 2008-09-10 20:42:01
**************************************************************************
Utorrent bruges til deling af dokumenter mellem en kammerat - fjernes ikke.
