Er der en der vil tjekke min log.
Malwarebytes' Anti-Malware 1.37Database version: 2279
Windows 5.1.2600 Service Pack 3
15-06-2009 08:07:52
mbam-log-2009-06-15 (08-07-52).txt
Skan type: Fuldstændig skanning (C:\|)
Objekter skannet: 119823
Tid tilbagelagt: 42 minute(s), 1 second(s)
Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 1
Inficerede Mapper: 0
Inficerede Filer: 1
Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)
Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)
Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)
Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)
Inficerede Registeringsdatabase Filer:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Inficerede Mapper:
(Ingen mistænkelige filer fundet)
Inficerede Filer:
c:\WINDOWS\system32\nmdfgds0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
ComboFix 09-06-14.02 - Andreas 15-06-2009 8:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.1015.644 [GMT 2:00]
Kører fra: c:\documents and settings\Andreas\Skrivebord\Sikkerhed\ComboFix.exe
AV: F-Secure Client Security 8.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Client Security 8.01 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_AVPsys
((((((((((((((((((((((((((((( Filer skabt fra 2009-05-15 til 2009-06-15 )))))))))))))))))))))))))))))))))))
.
2009-06-15 05:25 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-06-14 21:55 . 2009-06-14 21:55 -------- d-----w- c:\documents and settings\Andreas\Application Data\Malwarebytes
2009-06-14 21:55 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-14 21:55 . 2009-06-14 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-14 21:55 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-14 21:55 . 2009-06-14 21:55 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware
2009-06-14 21:46 . 2009-06-14 21:46 -------- d-----w- c:\programmer\CCleaner
2009-06-14 21:00 . 2009-06-14 21:00 -------- d-sh--w- c:\documents and settings\Andreas\IECompatCache
2009-06-14 20:59 . 2009-06-14 20:59 -------- d-sh--w- c:\documents and settings\Andreas\PrivacIE
2009-06-14 20:57 . 2009-06-14 20:57 -------- d-sh--w- c:\documents and settings\Andreas\IETldCache
2009-06-14 20:51 . 2009-04-30 21:15 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-14 20:51 . 2009-04-30 21:15 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-06-14 20:51 . 2009-04-30 21:15 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-14 20:51 . 2009-04-30 21:15 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-06-14 20:51 . 2009-06-14 20:51 -------- d-----w- c:\windows\ie8updates
2009-06-14 20:51 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-14 20:49 . 2009-06-14 20:51 -------- dc-h--w- c:\windows\ie8
2009-06-14 18:50 . 2009-06-14 20:56 -------- d-----w- c:\windows\system32\da-dk
2009-06-14 18:50 . 2009-06-14 18:50 -------- d-----w- c:\windows\l2schemas
2009-06-14 18:50 . 2009-06-14 18:50 -------- d-----w- c:\windows\system32\da
2009-06-14 17:58 . 2009-06-14 17:58 -------- d-----w- c:\programmer\Microsoft Silverlight
2009-06-14 17:45 . 2009-06-14 17:45 -------- d-----w- c:\programmer\Windows Defender
2009-06-14 09:22 . 2009-06-14 09:22 -------- d-----w- c:\programmer\MSXML 4.0
2009-06-13 23:29 . 2008-04-14 16:05 61952 ------w- c:\windows\system32\rasqec.dll
2009-06-13 23:28 . 2008-04-14 16:05 4639 -c----w- c:\windows\system32\dllcache\mplayer2.exe
2009-06-13 23:27 . 2008-04-14 16:06 299520 -c----w- c:\windows\system32\dllcache\drmclien.dll
2009-06-13 10:12 . 2008-06-14 17:35 272256 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-06-13 10:11 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-06-13 10:11 . 2009-03-06 14:20 284672 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-06-13 10:11 . 2009-02-09 11:26 2191616 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-13 10:11 . 2009-02-09 11:25 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-06-13 10:11 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-06-13 10:11 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-06-13 10:11 . 2009-02-09 10:53 730624 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-06-13 10:11 . 2009-02-09 10:53 682496 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-06-13 10:11 . 2009-02-09 10:53 719360 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-06-13 10:11 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-13 10:11 . 2009-02-09 11:25 2147840 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-06-13 10:11 . 2009-02-09 11:26 2026496 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-06-13 10:10 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-06-13 10:10 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-06-13 10:09 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-06-13 10:09 . 2008-05-01 14:36 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-06-13 10:09 . 2008-04-11 19:05 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-06-13 10:09 . 2008-10-03 10:03 247326 -c----w- c:\windows\system32\dllcache\strmdll.dll
2009-06-13 10:08 . 2008-10-15 16:37 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-06-13 10:08 . 2008-04-21 21:15 217088 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-06-13 07:35 . 2003-02-28 16:26 46352 ----a-w- c:\windows\setdebug.exe
2009-06-13 07:35 . 2003-02-28 16:26 139536 ----a-w- c:\windows\system32\javaee.dll
2009-06-13 07:35 . 2003-02-28 14:35 6550 ----a-w- c:\windows\jautoexp.dat
2009-06-13 07:35 . 2003-02-28 14:38 113 ----a-w- c:\windows\system32\zonedon.reg
2009-06-13 07:35 . 2003-02-28 14:38 113 ----a-w- c:\windows\system32\zonedoff.reg
2009-06-13 07:17 . 2009-06-13 07:17 13104 ----a-w- c:\documents and settings\Andreas\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-06-13 07:16 . 2009-06-13 07:16 -------- d-----w- c:\documents and settings\LocalService\Menuen Start
2009-06-13 07:15 . 2009-06-14 18:53 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2009-06-13 07:00 . 2009-06-14 18:50 -------- d-----w- c:\windows\peernet
2009-06-13 07:00 . 2009-06-13 07:00 -------- d-----w- c:\windows\provisioning
2009-06-13 06:55 . 2009-06-14 18:52 -------- d-----w- c:\windows\ServicePackFiles
2009-06-13 06:44 . 2009-06-14 18:51 -------- d-----w- c:\windows\EHome
2009-06-13 06:31 . 2008-04-14 07:06 11264 ------w- c:\windows\system32\spnpinst.exe
2009-06-13 06:31 . 2004-08-02 12:20 4569 ------w- c:\windows\system32\secupd.dat
2009-06-13 05:52 . 2009-06-13 05:52 -------- d-sh--w- c:\documents and settings\Andreas\UserData
2009-06-12 23:12 . 2009-06-12 23:13 -------- d-----w- c:\programmer\Fælles filer\Adobe
2009-06-12 23:11 . 2009-06-14 21:14 -------- d-----w- c:\documents and settings\Andreas\Lokale indstillinger\Application Data\Adobe
2009-06-12 23:10 . 2009-06-13 06:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-06-12 23:10 . 2009-06-13 06:04 -------- d-----w- c:\programmer\NOS
2009-06-12 22:45 . 2009-06-14 18:50 -------- d-----w- c:\windows\system32\bits
2009-06-12 22:44 . 2009-01-07 16:20 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-06-12 22:44 . 2009-06-14 20:51 -------- d--h--w- c:\windows\$hf_mig$
2009-06-12 21:54 . 2009-06-12 21:54 -------- d-----w- c:\documents and settings\NetworkService\Lokale indstillinger\Application Data\Google
2009-06-12 21:53 . 2009-06-12 21:59 -------- d-----w- c:\programmer\Google
2009-06-12 21:53 . 2009-06-12 21:54 -------- d-----w- c:\documents and settings\Andreas\Lokale indstillinger\Application Data\Google
2009-06-12 14:13 . 2009-06-12 14:13 -------- d-----w- c:\documents and settings\Andreas\Application Data\Intel
2009-06-12 14:12 . 2009-06-12 14:12 17119 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-06-12 14:12 . 2009-06-12 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2009-06-12 14:12 . 2004-10-15 08:20 1654784 ----a-w- c:\windows\system32\W29MLRES.DLL
2009-06-12 14:12 . 2009-06-12 14:12 -------- d-----w- c:\programmer\Intel
2009-06-12 14:04 . 2008-12-16 12:32 354304 ----a-w- c:\windows\system32\winhttp.dll
2009-06-12 14:04 . 2008-04-14 16:05 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
2009-06-12 14:04 . 2008-04-14 16:05 8192 ------w- c:\windows\system32\bitsprx2.dll
2009-06-12 14:04 . 2008-04-14 16:05 7168 ------w- c:\windows\system32\bitsprx3.dll
2009-06-12 14:02 . 2009-06-12 14:02 -------- d-----w- c:\documents and settings\Andreas\Application Data\F-Secure
2009-06-12 13:51 . 2009-06-12 14:05 33408 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-06-12 13:51 . 2009-06-12 13:51 -------- d-----w- c:\documents and settings\NetworkService\Lokale indstillinger\Application Data\F-Secure
2009-06-12 13:50 . 2009-03-02 10:53 79936 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2009-06-12 13:49 . 2009-06-12 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-06-12 13:49 . 2009-06-12 13:49 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg
2009-06-12 13:49 . 2009-06-15 05:25 -------- d-----w- c:\programmer\F-Secure
2009-06-12 13:46 . 2008-10-16 12:13 202776 ----a-w- c:\windows\system32\wuweb.dll
2009-06-12 13:46 . 2008-10-16 12:12 323608 ----a-w- c:\windows\system32\wucltui.dll
2009-06-12 13:46 . 2008-10-16 12:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-06-12 13:46 . 2008-10-16 12:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-06-12 13:46 . 2008-04-14 16:06 167424 ----a-w- c:\windows\system32\wuauclt1.exe
2009-06-12 13:46 . 2008-04-14 16:05 183296 ----a-w- c:\windows\system32\wuaueng1.dll
2009-06-12 13:21 . 2004-10-29 16:48 3222784 ----a-w- c:\windows\system32\drivers\w29n51.sys
2009-06-12 13:21 . 2004-10-15 08:20 458752 ----a-w- c:\windows\system32\w29NCPA.dll
2009-06-12 13:06 . 2003-06-02 16:55 87821 ----a-r- c:\windows\system32\Vxdif.dll
2009-06-12 13:06 . 2003-10-11 01:26 96079 ----a-r- c:\windows\system32\drivers\Apfiltr.sys
2009-06-12 13:06 . 2008-04-14 15:39 52864 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2009-06-12 13:06 . 2008-04-14 15:34 23296 ----a-w- c:\windows\system32\drivers\mouclass.sys
2009-06-12 13:06 . 2009-06-12 13:06 -------- d-----w- c:\programmer\Apoint2K
2009-06-12 13:02 . 2005-01-13 02:04 57984 ----a-r- c:\windows\system32\drivers\EMS7SK.sys
2009-06-12 13:02 . 2004-02-13 05:49 356352 ----a-r- c:\windows\EMCRI.dll
2009-06-12 13:02 . 2005-02-21 06:05 36992 ----a-r- c:\windows\system32\drivers\ESD7SK.sys
2009-06-12 13:02 . 2008-04-14 15:46 120320 ----a-w- c:\windows\system32\drivers\pcmcia.sys
2009-06-12 13:00 . 2004-12-02 08:36 70912 ----a-w- c:\windows\system32\drivers\Rtlnicxp.sys
2009-06-12 13:00 . 2009-06-12 13:00 -------- d-----w- c:\windows\OPTIONS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-14 19:07 . 2002-09-16 12:00 50718 ----a-w- c:\windows\system32\perfc006.dat
2009-06-14 19:07 . 2002-09-16 12:00 332326 ----a-w- c:\windows\system32\perfh006.dat
2009-06-14 18:55 . 2009-06-12 11:07 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-06-14 09:47 . 2009-06-14 09:47 13104 ----a-w- c:\documents and settings\Karen\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-06-14 09:47 . 2009-06-14 09:47 -------- d-----w- c:\documents and settings\Karen\Application Data\Intel
2009-06-13 07:35 . 2009-06-13 07:35 2678 ----a-w- c:\windows\java\Packages\Data\LV93NVVF.DAT
2009-06-13 07:35 . 2009-06-13 07:35 2678 ----a-w- c:\windows\java\Packages\Data\V97LZ9NL.DAT
2009-06-13 07:35 . 2009-06-13 07:35 2678 ----a-w- c:\windows\java\Packages\Data\UGFTBLFX.DAT
2009-06-13 07:35 . 2009-06-13 07:35 2678 ----a-w- c:\windows\java\Packages\Data\UF5BBTV9.DAT
2009-06-13 07:35 . 2009-06-13 07:35 2678 ----a-w- c:\windows\java\Packages\Data\TN5397RN.DAT
2009-06-12 13:06 . 2009-06-12 12:50 -------- d--h--w- c:\programmer\InstallShield Installation Information
2009-06-12 12:51 . 2009-06-12 12:51 -------- d-----w- c:\programmer\Realtek Sound Manager
2009-06-12 12:51 . 2009-06-12 12:51 -------- d-----w- c:\programmer\AvRack
2009-06-12 12:50 . 2009-06-12 12:50 -------- d-----w- c:\programmer\Fælles filer\InstallShield
2009-06-12 11:08 . 2009-06-12 11:08 -------- d-----w- c:\programmer\microsoft frontpage
2009-06-12 11:07 . 2009-06-12 11:07 558142 ----a-w- c:\windows\java\Packages\80U9J1ZV.ZIP
2009-06-12 11:07 . 2009-06-12 11:07 155995 ----a-w- c:\windows\java\Packages\1Z5FZRHJ.ZIP
2009-06-12 11:06 . 2009-06-12 11:04 -------- d-----w- c:\programmer\Onlinetjenester
2009-06-12 11:05 . 2009-06-12 11:05 -------- d-----w- c:\programmer\Fælles filer\Tjenester
2009-06-12 11:04 . 2009-06-12 11:04 21644 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-13 05:05 . 2002-09-16 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:33 . 2002-09-16 12:00 346624 ----a-w- c:\windows\system32\localspl.dll
2009-04-19 19:50 . 2002-09-16 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:53 . 2002-09-16 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-11-02 126976]
"Apoint"="c:\programmer\Apoint2K\Apoint.exe" [2003-06-18 151552]
"F-Secure Manager"="c:\programmer\F-Secure\Common\FSM32.EXE" [2009-03-02 182936]
"F-Secure TNB"="c:\programmer\F-Secure\FSGUI\TNBUtil.exe" [2009-03-02 1182304]
"IntelWireless"="c:\programmer\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 385024]
"EOUApp"="c:\programmer\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 356352]
"Adobe Reader Speed Launcher"="c:\programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-01-20 77824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-10-15 09:27 110592 ----a-w- c:\programmer\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [12-06-2009 15:51 33408]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [12-06-2009 15:50 79936]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\programmer\F-Secure\HIPS\drivers\fshs.sys [12-06-2009 15:50 67808]
R2 WinDefend;Windows Defender;c:\programmer\Windows Defender\MsMpEng.exe [03-11-2006 19:19 13592]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\programmer\F-Secure\Anti-Virus\minifilter\fsgk.sys [12-06-2009 15:50 86648]
S3 FSORSPClient;F-Secure ORSP Client;c:\programmer\F-Secure\ORSP Client\fsorsp.exe [12-06-2009 15:50 55904]
S4 F-Secure Filter;F-Secure File System Filter;c:\programmer\F-Secure\Anti-Virus\win2k\fsfilter.sys [12-06-2009 15:50 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\programmer\F-Secure\Anti-Virus\win2k\fsrec.sys [12-06-2009 15:50 25184]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Indhold af mappen 'Planlagte Opgaver'
2009-06-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programmer\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
LSP: c:\programmer\F-Secure\FSPS\program\FSLSP.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-15 08:31
Windows 5.1.2600 Service Pack 3 NTFS
scanner skjulte processer ...
scanner skjulte autostarter ...
scanner skjulte filer ...
scanning gennemført med succes
skjulte filer: 0
**************************************************************************
.
--------------------- DLLs startet under kørende Processer ---------------------
- - - - - - - > 'winlogon.exe'(1028)
c:\programmer\Intel\Wireless\Bin\LgNotify.dll
- - - - - - - > 'lsass.exe'(1084)
c:\programmer\F-Secure\FSPS\program\FSLSP.DLL
- - - - - - - > 'explorer.exe'(2952)
c:\windows\system32\webcheck.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\programmer\Intel\Wireless\Bin\EvtEng.exe
c:\programmer\Intel\Wireless\Bin\S24EvMon.exe
c:\programmer\F-Secure\Anti-Virus\fsgk32st.exe
c:\programmer\F-Secure\common\FSMA32.EXE
c:\programmer\F-Secure\Anti-Virus\fsgk32.exe
c:\programmer\Intel\Wireless\Bin\OProtSvc.exe
c:\programmer\F-Secure\common\FSMB32.EXE
c:\programmer\Intel\Wireless\Bin\RegSrvc.exe
c:\programmer\Intel\Wireless\Bin\ZCfgSvc.exe
c:\programmer\F-Secure\common\FCH32.EXE
c:\programmer\F-Secure\Anti-Virus\fssm32.exe
c:\programmer\F-Secure\common\FAMEH32.EXE
c:\programmer\F-Secure\common\FNRB32.exe
c:\programmer\F-Secure\Anti-Virus\fsqh.exe
c:\programmer\F-Secure\FSAUA\program\fsaua.exe
c:\programmer\F-Secure\common\FIH32.exe
c:\programmer\F-Secure\FWES\program\fsdfwd.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\windows\system32\CF12096.exe
c:\progra~1\F-Secure\common\FSM32.EXE
c:\progra~1\F-Secure\ANTI-V~1\fsav32.exe
c:\programmer\Apoint2K\ApntEx.exe
c:\progra~1\F-Secure\FSGUI\fsguidll.exe
.
**************************************************************************
.
Gennemført tid: 2009-06-15 8:34 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2009-06-15 06:34
Pre-Kørsel: 51.519.565.824 byte ledig
Post-Kørsel: 51.576.156.160 byte ledig
254 --- E O F --- 2009-06-14 09:28
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:38:32, on 15-06-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\F-Secure\Anti-Virus\fsgk32st.exe
C:\Programmer\F-Secure\Common\FSMA32.EXE
C:\Programmer\F-Secure\Anti-Virus\FSGK32.EXE
C:\Programmer\Intel\Wireless\Bin\OProtSvc.exe
C:\Programmer\F-Secure\Common\FSMB32.EXE
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmer\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Programmer\F-Secure\Common\FCH32.EXE
C:\Programmer\F-Secure\Anti-Virus\fssm32.exe
C:\Programmer\F-Secure\Common\FAMEH32.EXE
C:\Programmer\F-Secure\Common\FNRB32.EXE
C:\Programmer\F-Secure\Anti-Virus\fsqh.exe
C:\Programmer\F-Secure\FSAUA\program\fsaua.exe
C:\Programmer\F-Secure\Common\FIH32.EXE
C:\Programmer\F-Secure\FWES\Program\fsdfwd.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Apoint2K\Apoint.exe
C:\Programmer\F-Secure\Common\FSM32.EXE
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmer\F-Secure\Anti-Virus\fsav32.exe
C:\Programmer\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Apoint2K\Apntex.exe
C:\Programmer\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\explorer.exe
C:\Programmer\internet explorer\iexplore.exe
C:\Programmer\internet explorer\iexplore.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programmer\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programmer\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [IntelWireless] C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Programmer\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245002835625
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: EvtEng - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programmer\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Programmer\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Programmer\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programmer\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programmer\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Programmer\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 5731 bytes
