Føj for en røvfuld tekst.. :D men her kommer i hvert fald den log du bad om.. :)
ComboFix 09-06-23.01 - Claus Jensen 24-06-2009 19:37.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.45.1030.18.3069.1521 [GMT 2:00]
Kører fra: c:\users\Claus Jensen\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\Claus Jensen\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2133496526-2615527274-1514351000-500
c:\$recycle.bin\S-1-5-21-3496768324-3357827210-2219702717-500
c:\$recycle.bin\S-1-5-21-2133496526-2615527274-1514351000-500\desktop.ini
c:\$recycle.bin\S-1-5-21-3496768324-3357827210-2219702717-500\desktop.ini
D:\Desktop.ini
.
((((((((((((((((((((((((((((( Filer skabt fra 2009-05-24 til 2009-06-24 )))))))))))))))))))))))))))))))))))
.
2009-06-23 20:47 . 2009-06-23 20:47 -------- d-----w- c:\windows\system32\js
2009-06-23 20:47 . 2009-06-23 20:47 -------- d-----w- c:\windows\system32\html
2009-06-23 20:47 . 2009-06-23 20:47 -------- d-----w- c:\windows\system32\css
2009-06-23 20:47 . 2009-06-23 20:47 -------- d-----w- c:\windows\system32\images
2009-06-23 20:47 . 2009-06-23 20:47 -------- d-----w- c:\program files\Business Objects
2009-06-23 20:41 . 2009-06-23 20:46 -------- d-----w- c:\program files\Microsoft SQL Server
2009-06-23 20:41 . 2009-06-23 20:41 -------- d-----w- c:\program files\Microsoft Device Emulator
2009-06-23 20:39 . 2009-06-23 20:40 -------- d-----w- c:\program files\Windows Mobile 5.0 SDK R2
2009-06-23 20:38 . 2009-06-23 20:38 -------- d-----w- c:\program files\Microsoft Synchronization Services
2009-06-23 20:38 . 2009-06-23 20:38 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-06-23 20:35 . 2009-06-23 20:35 18368 ----a-w- c:\programdata\Microsoft\VSA\9.0\1033\ResourceCache.dll
2009-06-23 20:35 . 2009-06-23 20:52 1680064 ----a-w- c:\programdata\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2009-06-23 20:28 . 2009-06-23 20:28 -------- d-----w- c:\programdata\PreEmptive Solutions
2009-06-23 20:21 . 2009-06-23 20:21 -------- d-----w- c:\windows\symbols
2009-06-23 20:20 . 2009-06-23 20:20 -------- d-----w- c:\windows\system32\1033
2009-06-23 20:18 . 2009-06-23 20:29 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-06-23 20:18 . 2009-06-23 20:23 -------- d-----w- c:\program files\HTML Help Workshop
2009-06-23 20:18 . 2009-06-23 20:18 -------- d-----w- c:\program files\Microsoft SDKs
2009-06-23 20:18 . 2009-06-23 20:18 -------- d-----w- c:\program files\CE Remote Tools
2009-06-23 20:18 . 2009-06-23 20:47 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-06-23 20:14 . 2009-06-23 20:15 -------- d-----w- c:\program files\Microsoft Web Designer Tools
2009-06-23 20:12 . 2009-06-23 20:12 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-06-23 19:28 . 2009-06-23 19:28 -------- d-----w- c:\users\Claus Jensen\AppData\Roaming\Malwarebytes
2009-06-23 19:28 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-23 19:28 . 2009-06-23 19:28 -------- d-----w- c:\programdata\Malwarebytes
2009-06-23 19:28 . 2009-06-23 19:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-23 19:28 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-23 19:21 . 2009-06-23 19:21 -------- d-----w- c:\program files\CCleaner
2009-06-17 16:55 . 2009-06-17 16:55 440152 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-16 14:52 . 2009-06-16 14:52 -------- d-----w- C:\Programs
2009-06-13 19:55 . 2009-06-13 19:55 -------- d-----w- c:\program files\Earth Resource Mapping
2009-06-13 15:50 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-13 15:50 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-09 23:43 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-09 23:43 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-09 23:43 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-07 19:51 . 2009-06-07 19:52 -------- d-----w- c:\windows\system32\Adobe
2009-06-04 00:38 . 1997-11-19 13:49 303616 ----a-w- c:\windows\IsUninst.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-24 17:43 . 2008-06-26 13:39 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-23 20:46 . 2008-06-26 12:21 638908 ----a-w- c:\windows\system32\perfh01D.dat
2009-06-23 20:46 . 2008-06-26 12:21 135782 ----a-w- c:\windows\system32\perfc01D.dat
2009-06-23 20:46 . 2008-06-26 12:14 94876 ----a-w- c:\windows\system32\perfc014.dat
2009-06-23 20:46 . 2008-06-26 12:14 493444 ----a-w- c:\windows\system32\perfh014.dat
2009-06-23 20:46 . 2008-06-26 12:06 99098 ----a-w- c:\windows\system32\perfc00B.dat
2009-06-23 20:46 . 2008-06-26 12:06 476730 ----a-w- c:\windows\system32\perfh00B.dat
2009-06-23 20:46 . 2008-06-26 11:59 95852 ----a-w- c:\windows\system32\perfc006.dat
2009-06-23 20:46 . 2008-06-26 11:59 513086 ----a-w- c:\windows\system32\perfh006.dat
2009-06-23 20:43 . 2009-01-17 18:55 -------- d-----w- c:\program files\Microsoft.NET
2009-06-23 20:36 . 2009-01-17 18:49 -------- d-----w- c:\programdata\Microsoft Help
2009-06-23 20:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2009-06-14 09:37 . 2009-01-18 00:25 -------- d-----w- c:\program files\Common Files\Steam
2009-06-10 01:09 . 2009-01-16 16:16 -------- d-----w- c:\program files\Microsoft Works
2009-05-22 10:34 . 2009-01-17 19:38 -------- d-----w- c:\users\Claus Jensen\AppData\Roaming\DVD Profiler
2009-05-13 01:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-10 15:24 . 2009-05-10 15:23 -------- d-----w- c:\users\Claus Jensen\AppData\Roaming\ADPHONE
2009-05-10 15:23 . 2009-05-10 15:23 -------- d-----w- c:\program files\ADPHONE3
2009-05-06 20:43 . 2009-05-06 20:42 -------- d-----w- c:\program files\Windows Live Safety Center
2009-04-24 16:05 . 2009-06-09 23:42 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-09 23:42 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-09 23:42 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-03-31 20:46 . 2009-04-17 14:57 9584 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\NCO20.dll
2009-01-23 00:22 . 2009-01-23 00:22 22 --sha-w- c:\windows\SMINST\HPCD.sys
2008-06-26 12:25 . 2008-06-26 12:25 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"Steam"="c:\utils\Steam\Steam.exe" [2009-06-14 1217784]
"DAEMON Tools"="c:\utils\DAEMON Tools\daemon.exe" [2007-08-22 167368]
"ADPHONE"="c:\program files\ADPHONE3\ADPHONE.EXE" [2009-03-18 1844496]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-03-13 699456]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-05-15 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-02 554288]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-17 136600]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"WinampAgent"="c:\utils\Winamp\winampa.exe" [2008-09-12 36352]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-03-21 91432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{513DF4C0-4564-4131-82EE-9D5118096707}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{92E492C6-0C11-46F8-B3E6-8499BD94B2E5}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{56F1E115-2B53-4AF8-A420-FF54139E4A80}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{A5767985-4A76-466C-860B-EF383D82BC1C}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{6CA84380-FD0F-46FD-B6B7-C3D6835182BD}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0ADD928C-971B-4258-ADE0-F2FF6608845C}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E4143718-FFA8-453C-A709-C1BB433272C1}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{177E5A54-8891-4B08-96A5-A0BA2B37CA3C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D8B02649-04D9-4D95-8B90-52A9916BB15C}"= c:\program files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0
"TCP Query User{E7125184-3497-4A42-BC90-C414356003D1}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{93943141-7C55-4D2F-9724-FE2F0BB809E6}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{1EB7BFBE-5492-47C2-A3BF-92EA23AB2F58}c:\\utils\\abc\\abc.exe"= UDP:c:\utils\abc\abc.exe:abc.exe
"UDP Query User{14D45482-CAE9-4590-A4C1-401792727377}c:\\utils\\abc\\abc.exe"= TCP:c:\utils\abc\abc.exe:abc.exe
"TCP Query User{76290B6D-A03C-4AFA-B798-FFBAC889D7BE}c:\\program files\\adphone3\\adphone.exe"= UDP:c:\program files\adphone3\adphone.exe:ADPHONE.exe
"UDP Query User{A78C4780-837D-471A-85CB-B9E74F1A542D}c:\\program files\\adphone3\\adphone.exe"= TCP:c:\program files\adphone3\adphone.exe:ADPHONE.exe
R0 hotcore3;hotcore3;c:\windows\System32\drivers\hotcore3.sys [16-01-2009 18:50 38448]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [01-02-2008 18:24 41456]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\AEstSrv.exe [27-12-2008 23:13 73728]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21-01-2008 04:23 21504]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [19-03-2008 02:24 24880]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [26-06-2008 17:19 341328]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\System32\vfsFPService.exe [28-04-2008 08:26 599344]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [26-06-2008 16:22 193840]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [24-01-2008 15:23 52736]
R3 vfs101x;vfs101x;c:\windows\System32\drivers\vfs101x.sys [28-04-2008 08:27 40752]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [21-05-2008 18:11 86672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Yderligere scanning -------
.
uStart Page =
hxxp://www.google.dk/mStart Page =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=83&bd=Pavilion&pf=cnnbIE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-06-24 19:46
Windows 6.0.6001 Service Pack 1 NTFS
scanner skjulte processer ...
scanner skjulte autostarter ...
scanner skjulte filer ...
scanning gennemført med succes
skjulte filer: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- DLLs startet under kørende Processer ---------------------
- - - - - - - > 'lsass.exe'(752)
c:\windows\system32\DPPWDFLT.dll
- - - - - - - > 'Explorer.exe'(964)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\wlanext.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
.
**************************************************************************
.
Gennemført tid: 2009-06-24 19:53 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2009-06-24 17:53
Pre-Kørsel: 9.684.762.624 byte ledig
Post-Kørsel: 9.767.751.680 byte ledig
226 --- E O F --- 2009-06-22 23:52
Slettet bruger
Ny bruger
Nybegynder
Opret
Preview
