Noget snavs?

==== COMBOFIX ====

ComboFix 08-11-21.03 - Johnny Rasmussen 2008-11-21 22:25:32.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1030.18.646 [GMT 1:00]
Kører fra: d:\documents and settings\Johnny Rasmussen\Skrivebord\ComboFix.exe
* Dannede nyt systemgendannelsespunkt
* Resident AV is active


[COLOR=RED][B]advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !![/B][/COLOR]
.

(((((((((((((((((((((((((((((  Filer skabt fra 2008-10-21 til 2008-11-21  )))))))))))))))))))))))))))))))))))
.

2008-11-21 19:57 . 2008-11-21 19:57    <DIR>    d--------    d:\documents and settings\Johnny Rasmussen\Application Data\Malwarebytes
2008-11-21 19:57 . 2008-11-21 19:57    <DIR>    d--------    d:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-21 19:57 . 2008-11-21 19:57    <DIR>    d--------    c:\programmer\Malwarebytes' Anti-Malware
2008-11-21 19:57 . 2008-10-22 16:10    38,496    --a------    d:\windows\system32\drivers\mbamswissarmy.sys
2008-11-21 19:57 . 2008-10-22 16:10    15,504    --a------    d:\windows\system32\drivers\mbam.sys
2008-11-21 18:41 . 2008-11-21 18:41    <DIR>    d--------    c:\programmer\Trend Micro
2008-11-21 18:29 . 2008-11-21 18:29    <DIR>    d--------    c:\programmer\WorldOfGooDemo
2008-11-19 17:06 . 2008-11-19 17:06    <DIR>    d--------    c:\programmer\Paint.NET
2008-11-12 23:48 . 1999-04-13 00:00    1,046,288    --a------    d:\windows\system32\msjet35.dll
2008-11-12 23:48 . 2001-08-23 08:51    684,896    --a------    d:\windows\system32\pvdt80.ocx
2008-11-12 23:48 . 1996-11-08 04:48    368,912    --a------    d:\windows\system32\vbar332.dll
2008-11-12 23:48 . 1998-04-24 00:00    252,176    --a------    d:\windows\system32\msrd2x35.dll
2008-11-12 23:48 . 1997-07-01 00:00    250,128    --a------    d:\windows\system32\MSEXCL35.DLL
2008-11-12 23:48 . 1997-06-23 00:00    165,648    --a------    d:\windows\system32\MSTEXT35.DLL
2008-11-12 23:48 . 1998-04-24 00:00    123,664    --a------    d:\windows\system32\msjint35.dll
2008-11-12 23:48 . 1998-04-24 00:00    24,848    --a------    d:\windows\system32\msjter35.dll
2008-11-12 23:48 . 2000-03-10 13:52    24,848    --a------    d:\windows\system32\msdart32.dll
2008-11-12 23:47 . 2008-11-12 23:47    <DIR>    d--------    d:\programmer\Fælles filer\Intergraph
2008-11-12 23:47 . 2008-11-12 23:48    <DIR>    d--------    c:\programmer\SmartSketch
2008-11-12 23:47 . 2000-05-22 00:00    608,448    --a------    d:\windows\system32\COMCTL32.OCX
2008-11-12 23:47 . 1999-05-07 00:00    244,232    --a------    d:\windows\system32\MSFLXGRD.OCX
2008-11-12 23:47 . 2000-05-22 00:00    209,608    --a------    d:\windows\system32\TABCTL32.OCX
2008-11-12 23:47 . 2000-05-22 00:00    203,976    --a------    d:\windows\system32\RICHTX32.OCX
2008-11-12 23:47 . 1999-05-07 00:00    198,640    --a------    d:\windows\system32\MCI32.OCX
2008-11-12 23:47 . 1998-06-24 00:00    164,144    --a------    d:\windows\system32\COMCT232.OCX
2008-11-12 23:47 . 1999-05-07 00:00    140,288    --a------    d:\windows\system32\COMDLG32.OCX
2008-11-12 23:47 . 1998-06-24 00:00    137,000    --a------    d:\windows\system32\Msmapi32.ocx
2008-11-12 23:43 . 1998-10-29 16:45    306,688    --a------    d:\windows\IsUninst.exe
2008-11-12 19:00 . 2008-09-04 18:17    1,106,944    -----c---    d:\windows\system32\dllcache\msxml3.dll
2008-11-12 19:00 . 2008-10-24 12:21    455,296    -----c---    d:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 17:48 . 2008-11-14 01:21    <DIR>    d--------    c:\programmer\CARDIO PC LINK
2008-11-12 17:48 . 2008-11-12 17:48    3,370,768    --a------    d:\windows\system32\VFP6R.DLL
2008-11-12 17:48 . 2008-11-12 17:48    875,520    --a------    d:\windows\system32\VFP6RENU.DLL
2008-11-12 17:48 . 2008-11-12 17:48    103,744    --a------    d:\windows\system32\MSCOMM32.OCX
2008-11-12 17:48 . 2008-11-12 17:48    89,600    --a------    d:\windows\system32\MSCAL.OCX
2008-11-12 17:48 . 2008-11-12 17:48    24,990    --a------    d:\windows\system32\VFP6RUN.EXE
2008-11-12 17:47 . 2005-07-25 10:04    48,640    ---------    d:\windows\system32\drivers\ser2pl.sys
2008-11-11 01:21 . 2008-11-19 20:46    <DIR>    d--------    d:\documents and settings\Johnny Rasmussen\Application Data\LimeWire
2008-11-06 21:03 . 2008-11-10 16:55    <DIR>    d--------    c:\programmer\lynx
2008-11-05 15:12 . 2008-11-05 15:12    <DIR>    d--------    c:\programmer\Opera
2008-11-05 14:43 . 2008-11-05 14:48    <DIR>    d--------    c:\programmer\ImageMagick
2008-10-28 19:13 . 2008-10-28 19:13    <DIR>    d--------    c:\programmer\EBCD
2008-10-28 19:12 . 2008-10-28 19:15    <DIR>    d--------    d:\documents and settings\Johnny Rasmussen\Application Data\GetRightToGo
2008-10-28 01:13 . 2008-10-15 17:37    337,408    -----c---    d:\windows\system32\dllcache\netapi32.dll
2008-10-23 17:25 . 2008-10-23 17:25    <DIR>    d--------    c:\programmer\Microsoft Synchronization Services
2008-10-23 17:25 . 2008-10-23 17:25    <DIR>    d--------    c:\programmer\Microsoft SQL Server Compact Edition
2008-10-23 17:25 . 2008-10-23 17:25    <DIR>    d--------    c:\programmer\Microsoft SQL Server
2008-10-23 17:21 . 2008-10-23 17:21    <DIR>    d--------    c:\programmer\Microsoft.NET
2008-10-23 17:21 . 2008-10-23 17:25    <DIR>    d--------    c:\programmer\Microsoft Visual Studio 9.0
2008-10-23 17:21 . 2008-10-23 17:21    <DIR>    d--------    c:\programmer\Microsoft SDKs
2008-10-23 17:19 . 2008-10-23 17:19    <DIR>    d--------    d:\windows\system32\XPSViewer
2008-10-23 17:19 . 2008-10-23 17:19    <DIR>    d--------    c:\programmer\Reference Assemblies
2008-10-23 17:18 . 2008-10-23 17:19    <DIR>    d--------    D:\3f29b071425b8f8a0ab082f10833df8d
2008-10-23 17:18 . 2008-07-06 13:06    1,676,288    ---------    d:\windows\system32\xpssvcs.dll
2008-10-23 17:18 . 2008-07-06 13:06    1,676,288    -----c---    d:\windows\system32\dllcache\xpssvcs.dll
2008-10-23 17:18 . 2008-07-06 11:50    597,504    -----c---    d:\windows\system32\dllcache\printfilterpipelinesvc.exe
2008-10-23 17:18 . 2008-07-06 13:06    575,488    ---------    d:\windows\system32\xpsshhdr.dll
2008-10-23 17:18 . 2008-07-06 13:06    575,488    -----c---    d:\windows\system32\dllcache\xpsshhdr.dll
2008-10-23 17:18 . 2008-07-06 13:06    117,760    ---------    d:\windows\system32\prntvpt.dll
2008-10-23 17:18 . 2008-07-06 13:06    89,088    -----c---    d:\windows\system32\dllcache\filterpipelineprintproc.dll

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-21 18:35    ---------    d-----w    c:\programmer\uTorrent
2008-11-13 22:00    ---------    d-----w    d:\documents and settings\Johnny Rasmussen\Application Data\uTorrent
2008-11-12 16:46    ---------    d--h--w    c:\programmer\InstallShield Installation Information
2008-11-01 23:25    ---------    d-----w    d:\documents and settings\Johnny Rasmussen\Application Data\SystemRequirementsLab
2008-11-01 23:25    ---------    d-----w    c:\programmer\SystemRequirementsLab
2008-10-24 11:21    455,296    ----a-w    d:\windows\system32\drivers\mrxsmb.sys
2008-10-23 22:54    ---------    d-----w    d:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-23 16:19    ---------    d-----w    c:\programmer\MSBuild
2008-10-17 20:35    ---------    d-----w    d:\documents and settings\Johnny Rasmussen\Application Data\Apple Computer
2008-10-17 20:26    ---------    d-----w    d:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-17 20:26    ---------    d-----w    c:\programmer\iTunes
2008-10-17 20:26    ---------    d-----w    c:\programmer\iPod
2008-10-17 20:18    ---------    d-----w    c:\programmer\Safari
2008-10-16 13:13    202,776    ----a-w    d:\windows\system32\wuweb.dll
2008-10-16 13:13    1,809,944    ----a-w    d:\windows\system32\wuaueng.dll
2008-10-16 13:12    561,688    ----a-w    d:\windows\system32\wuapi.dll
2008-10-16 13:12    323,608    ----a-w    d:\windows\system32\wucltui.dll
2008-10-16 13:09    92,696    ----a-w    d:\windows\system32\cdm.dll
2008-10-16 13:09    51,224    ----a-w    d:\windows\system32\wuauclt.exe
2008-10-16 13:09    43,544    ----a-w    d:\windows\system32\wups2.dll
2008-10-16 13:08    34,328    ----a-w    d:\windows\system32\wups.dll
2008-10-08 09:31    ---------    d-----w    c:\programmer\MSXML 4.0
2008-10-08 08:51    ---------    d--h--w    d:\documents and settings\All Users\Application Data\CanonBJ
2008-10-08 08:50    ---------    d--h--w    c:\programmer\CanonBJ
2008-10-06 16:45    ---------    d-----w    d:\programmer\Fælles filer\Nero
2008-10-06 16:45    ---------    d-----w    d:\documents and settings\Johnny Rasmussen\Application Data\Nero
2008-10-06 16:43    ---------    d-----w    d:\documents and settings\All Users\Application Data\Nero
2008-10-06 16:43    ---------    d-----w    c:\programmer\Nero
2008-10-06 15:59    ---------    d-----w    c:\programmer\CDIMAGEGUI
2008-10-06 15:40    8,636    ----a-w    d:\windows\system32\MODIFYPE.EXE
2008-10-01 11:01    32,000    ----a-w    d:\windows\system32\drivers\usbaapl.sys
2008-10-01 09:12    ---------    d-----w    c:\programmer\PokerStars
2008-09-30 15:43    1,286,152    ----a-w    d:\windows\system32\msxml4.dll
2008-09-24 18:06    ---------    d-----w    d:\documents and settings\All Users\Application Data\Apple Computer
2008-09-24 18:06    ---------    d-----w    c:\programmer\Bonjour
2008-09-24 18:05    ---------    d-----w    d:\programmer\Fælles filer\Apple
2008-09-23 23:57    ---------    d-----w    c:\programmer\Java
2008-09-23 23:52    ---------    d-----w    d:\programmer\Fælles filer\Java
2008-09-23 20:20    ---------    d-----w    c:\programmer\WinRar-SelfExtract
2008-09-22 18:38    ---------    d-----w    c:\programmer\MSN Messenger
2008-09-22 18:37    ---------    d-----w    c:\programmer\QuickTime
2008-09-22 18:36    ---------    d-----w    d:\documents and settings\All Users\Application Data\Apple
2008-09-22 18:36    ---------    d-----w    c:\programmer\Apple Software Update
2008-09-15 15:27    1,846,400    ----a-w    d:\windows\system32\win32k.sys
2008-09-10 01:14    1,307,648    ------w    d:\windows\system32\msxml6.dll
2008-09-04 17:17    1,106,944    ----a-w    d:\windows\system32\msxml3.dll
2008-08-29 08:18    87,336    ----a-w    d:\windows\system32\dns-sd.exe
2008-08-29 07:53    61,440    ----a-w    d:\windows\system32\dnssd.dll
2008-08-26 08:27    826,368    ----a-w    d:\windows\system32\wininet.dll
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\programmer\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2004-12-15 5513216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 13:11 490952 c:\programmer\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-26 23:47 31016 c:\programmer\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2004-12-15 05:01 5513216 d:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2004-12-15 05:01 86016 d:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-ra------ 2004-09-23 22:44 57344 d:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
-ra------ 2004-09-24 19:06 2559488 d:\windows\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2004-12-15 05:01 1490944 d:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2004-09-23 20:27 77824 d:\windows\SOUNDMAN.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmer\\Adobe\\Adobe Flash CS3\\Flash.exe"=
"c:\\Programmer\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
"c:\\Programmer\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmer\\MSN Messenger\\livecall.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmer\\iTunes\\iTunes.exe"=
"c:\\Programmer\\Opera\\opera.exe"=

R1 epfwtdir;epfwtdir;d:\windows\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
S2 NOD32FiXTemDono;Eset Nod32 Boot;d:\windows\system32\regedt32.exe /s d:\windows\nod32fixtemdono.reg [2003-04-25 3584]
S3 USBAAPL;Apple Mobile USB Driver;d:\windows\system32\Drivers\usbaapl.sys [2008-09-24 32000]
S4 wampapache;wampapache;"c:\programmer\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice [2008-09-16 24635]
S4 wampmysqld;wampmysqld;c:\programmer\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe wampmysqld []

*Newly Created Service* - APPMGMT
*Newly Created Service* - PROCEXP90
.
- - - - TOMME GENVEJE FJERNET - - - -

MSConfigStartUp-WinampAgent - c:\programmer\Winamp\winampa.exe


.
------- Yderligere scanning -------
.
FireFox -: Profile - d:\documents and settings\Johnny Rasmussen\Application Data\Mozilla\Firefox\Profiles\5mr3l87f.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.dk/ig
FF -: plugin - c:\programmer\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll
FF -: plugin - c:\programmer\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-21 22:26:52
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
Gennemført tid: 2008-11-21 22:27:28
ComboFix-quarantined-files.txt  2008-11-21 21:27:21

Pre-Kørsel: 161.417.232.384 byte ledig
Post-Kørsel: 161,409,261,568 byte ledig

195    --- E O F ---    2008-11-12 21:19:39

==== HIJACKTHIS ====

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:32:21, on 21-11-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ctfmon.exe
C:\Programmer\ESET\ESET NOD32 Antivirus\egui.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\notepad.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [egui] "C:\Programmer\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmer\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmer\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

--
End of file - 2096 bytes

Ang. disse to linjer og evt. andet P2P relateret, så er det slettet.

2008-11-21 18:35    ---------    d-----w    c:\programmer\uTorrent
2008-11-13 22:00    ---------    d-----w    d:\documents and settings\Johnny Rasmussen\Application Data\uTorrent

c:\programmer\uTorrent (Der lå et andet ikon jeg havde brugt til programmet)
d:\documents and settings\Johnny Rasmussen\Application Data\uTorrent (Denne blev ikke slettet under afinstallationen, men er væk nu.

[Malwarebytes' Anti-Malware] har jo nappet en del 'snavs' ...

Godt du selv fixer det med "uTorrent" ...

Så det ser jo dermed pænt ud ...

Mange tak, ville bare lige være sikker på at det så okay ud.

Læg et svar og point er dine

Ping...
(Det var et [svar]..)