Diverse logs (Udfra guide af Fromsej)
En der gider at kigge mine logs igennem:Malwarebytes:
Malwarebytes' Anti-Malware 1.40
Database version: 2717
Windows 5.1.2600 Service Pack 3
30-08-2009 17:24:01
mbam-log-2009-08-30 (17-24-01).txt
Skan type: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 350056
Tid tilbagelagt: 54 minute(s), 28 second(s)
Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 2
Inficerede Mapper: 0
Inficerede Filer: 2
Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)
Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)
Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)
Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)
Inficerede Registeringsdatabase Filer:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Inficerede Mapper:
(Ingen mistænkelige filer fundet)
Inficerede Filer:
C:\Nexon\Combat Arms EU\game\CShell.dll (Malware.Packer.T) -> Quarantined and deleted successfully.
ComboFix:
ComboFix 09-08-29.01 - Michael Lehto 2009-08-30 17:43.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1030.18.2015.1511 [GMT 2:00]
Kører fra: d:\programmer\AntiVirus Programmer\ComboFix\ComboFix.exe
Kommandoer benyttet :: d:\programmer\AntiVirus Programmer\ComboFix\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090829-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\6e9cf8b3-6d73-42f9-998b-49557be83188.ocx
c:\windows\847beb90-beb2-4efc-a56c-d80f75b33780.ocx
c:\windows\fece165b-3700-4d5b-811c-0d19186b5cb9.ocx
c:\windows\Installer\13e9d1f.msp
c:\windows\system32\83ecf683-6e77-46ce-8756-d268873e08cb.dll
c:\windows\system32\91d65d0d-c85b-43c8-8f59-0026b1c5a251.dll
c:\windows\system32\e0970135-5d7f-46f9-b73d-4aa9e60bc9cd.dll
.
((((((((((((((((((((((((((((( Filer skabt fra 2009-07-28 til 2009-08-30 )))))))))))))))))))))))))))))))))))
.
2009-08-30 15:34 . 2009-08-30 15:36 53248 ----a-w- c:\windows\PSEXESVC.EXE
2009-08-30 14:26 . 2009-08-30 14:26 -------- d-----w- c:\documents and settings\Michael Lehto\Application Data\Malwarebytes
2009-08-30 14:26 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-30 14:26 . 2009-08-30 14:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-30 14:26 . 2009-08-30 14:26 -------- d-----w- c:\programmer\Malwarebytes Anti-Malware
2009-08-30 14:26 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-19 08:59 . 2009-05-20 13:44 195072 --s-a-r- c:\documents and settings\All Users\Application Data\Tarma Installer\{F8D3CD93-6B9B-46FF-B28F-009B7CC17116}\_Setup.dll
2009-08-19 08:59 . 2009-05-16 02:26 221696 --s---r- c:\documents and settings\All Users\Application Data\Tarma Installer\{F8D3CD93-6B9B-46FF-B28F-009B7CC17116}\Setup.exe
2009-08-14 10:14 . 2005-11-16 14:08 78976 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2009-08-13 07:43 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-10 10:00 . 2009-08-10 10:00 -------- d-----r- c:\documents and settings\LocalService\Foretrukne
2009-08-07 14:28 . 2009-08-07 14:28 -------- d-----w- c:\documents and settings\All Users\Application Data\farstone
2009-08-07 14:24 . 2009-08-30 15:47 14848 ---h--w- C:\logicinf.bin
2009-08-07 14:24 . 2008-07-07 06:36 84328 ----a-r- c:\windows\system32\drivers\dcsnap.sys
2009-08-07 14:24 . 2008-05-29 08:33 156160 ----a-r- c:\windows\system32\drivers\DCDisk.sys
2009-08-07 14:24 . 2008-03-26 05:54 512 --sh--r- C:\FARSBOOT.BIN
2009-08-07 14:24 . 2008-04-14 01:03 22528 ----a-r- c:\windows\system32\drivers\flbrc.sys
2009-08-07 14:24 . 2008-04-07 07:00 16896 ----a-r- c:\windows\system32\drivers\flbdisk.sys
2009-08-07 14:22 . 2009-08-07 14:22 -------- d-----w- c:\programmer\FarStone
2009-08-07 14:21 . 2008-04-25 09:04 6144 ----a-r- c:\windows\system32\drivers\sioctl.sys
2009-08-06 07:35 . 2009-07-03 16:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-06 07:35 . 2009-07-03 16:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-08-06 07:28 . 2009-08-06 07:28 152576 ----a-w- c:\documents and settings\Michael Lehto\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-05 09:00 . 2009-08-05 09:00 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 13:05 . 2009-08-04 13:01 46080 --s-a-r- c:\documents and settings\All Users\Application Data\Tarma Installer\{CEA2ECDE-4C07-4A4C-93C0-33BBA2D0ED39}\_Setup.dll
2009-08-04 13:05 . 2009-07-31 22:59 223744 --s---r- c:\documents and settings\All Users\Application Data\Tarma Installer\{CEA2ECDE-4C07-4A4C-93C0-33BBA2D0ED39}\Setup.exe
2009-08-04 10:45 . 2009-08-04 10:45 -------- d-----w- C:\SWKey
2009-08-04 09:03 . 2009-08-04 09:03 -------- d-----w- c:\documents and settings\Michael Lehto\Application Data\BoardDriverProtected
2009-08-04 08:45 . 2009-08-04 13:06 -------- d-----w- c:\programmer\BoardDriver
2009-08-04 08:25 . 2009-08-04 08:25 286720 ------w- c:\windows\Setup1.exe
2009-08-04 08:25 . 2009-08-04 08:25 73216 ----a-w- c:\windows\ST6UNST.EXE
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-30 15:40 . 2001-10-09 12:00 79372 ----a-w- c:\windows\system32\perfc006.dat
2009-08-30 15:40 . 2001-10-09 12:00 451330 ----a-w- c:\windows\system32\perfh006.dat
2009-08-29 11:47 . 2009-02-07 08:29 -------- d-----w- c:\programmer\Warcraft III
2009-08-29 11:33 . 2009-02-07 08:34 75356 ----a-w- c:\windows\War3Unin.dat
2009-08-28 14:48 . 2009-02-05 12:08 -------- d-----w- c:\documents and settings\Michael Lehto\Application Data\MySQL
2009-08-27 15:11 . 2009-06-13 20:53 275400 ----a-w- c:\documents and settings\LocalService\Lokale indstillinger\Application Data\FontCache3.0.0.0.dat
2009-08-20 13:52 . 2009-02-04 21:56 1738272 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\9.0\1033\ResourceCache.dll
2009-08-20 13:52 . 2009-02-04 21:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-19 14:59 . 2009-06-16 13:34 -------- d-----w- c:\documents and settings\Michael Lehto\Application Data\FileZilla
2009-08-19 08:59 . 2009-05-05 14:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2009-08-19 08:59 . 2009-05-05 14:03 -------- d-----w- c:\programmer\TEORIUNDERVISNING.dk
2009-08-17 16:10 . 2009-02-05 08:24 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-02-05 08:24 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-02-05 08:24 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-02-05 08:24 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-02-05 08:24 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-02-05 08:24 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-02-05 08:24 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-02-05 08:24 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-02-05 08:24 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-17 13:12 . 2009-06-16 13:34 -------- d-----w- c:\programmer\FileZilla FTP Client
2009-08-14 10:16 . 2009-05-02 17:09 8 ----a-w- c:\windows\system32\nvModes.dat
2009-08-07 11:15 . 2009-06-13 18:49 -------- d-----w- c:\programmer\Microsoft Silverlight
2009-08-06 13:40 . 2009-02-04 21:56 18368 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSA\9.0\1033\ResourceCache.dll
2009-08-06 13:37 . 2009-02-04 21:49 -------- d-----w- c:\programmer\Fælles filer\Merge Modules
2009-08-06 07:29 . 2009-02-05 10:54 -------- d-----w- c:\programmer\Java
2009-08-05 09:00 . 2004-08-26 14:53 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 11:10 . 2009-02-11 08:56 -------- d-----w- c:\programmer\Fælles filer\Wise Installation Wizard
2009-08-03 08:26 . 2009-02-25 10:33 0 ----a-w- c:\documents and settings\Michael Lehto\temp.dat
2009-07-25 03:23 . 2009-02-05 10:55 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 18:20 . 2009-07-21 18:03 -------- d-----w- c:\programmer\Microsoft ActiveSync
2009-07-21 18:03 . 2009-02-05 06:13 -------- d--h--w- c:\programmer\InstallShield Installation Information
2009-07-19 17:36 . 2009-07-19 17:36 34 ----a-w- c:\windows\system32\BD2030.DAT
2009-07-17 19:03 . 2004-08-26 14:53 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 10:21 . 2004-08-26 14:53 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:59 . 2004-08-26 14:53 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:26 . 2004-08-26 14:53 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:26 . 2004-08-26 14:53 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:26 . 2004-08-26 14:53 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:26 . 2004-08-26 14:53 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:26 . 2004-08-26 14:53 731648 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:26 . 2004-08-26 14:53 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-08-03 19:59 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:39 . 2004-08-26 14:53 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:39 . 2001-10-09 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 10:44 . 2004-08-26 14:53 77824 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:44 . 2004-08-26 14:53 81920 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-13 19:20 . 2009-06-13 19:20 295606 ----a-r- c:\documents and settings\Michael Lehto\Application Data\Microsoft\Installer\{3E421598-0E2D-4272-8734-3E2A0FF662EB}\_D5865FED309308192C9A8C.exe
2009-06-13 19:20 . 2009-06-13 19:20 295606 ----a-r- c:\documents and settings\Michael Lehto\Application Data\Microsoft\Installer\{3E421598-0E2D-4272-8734-3E2A0FF662EB}\_6FEFF9B68218417F98F549.exe
2009-06-10 14:15 . 2004-08-26 14:53 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2009-02-04 20:57 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:16 . 2004-08-26 14:53 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:11 . 2004-08-26 14:53 1295360 ----a-w- c:\windows\system32\quartz.dll
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\programmer\Fælles filer\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\programmer\Fælles filer\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\programmer\Fælles filer\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\programmer\Fælles filer\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\programmer\Fælles filer\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\programmer\Fælles filer\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\programmer\Fælles filer\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\programmer\Fælles filer\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\programmer\Fælles filer\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmer\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Google Update"="c:\documents and settings\Michael Lehto\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-05 133104]
"H/PC Connection Agent"="c:\programmer\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-10-11 36864]
"HControl"="c:\windows\ATK0100\HControl.exe" [2007-10-11 110592]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Wireless Console 2"="c:\programmer\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"Power_Gear"="c:\programmer\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"SynTPEnh"="c:\programmer\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"Acrobat Assistant 8.0"="c:\programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-08-10 16384000]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-08-03 1826816]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]
c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2009-2-7 295606]
Adobe Acrobat Synchronizer.lnk - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmer\\LeapFTP\\LeapFTP.exe"=
"c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmer\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms EU\CombatArms.exe"= c:\nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms EU\Engine.exe"= c:\nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms EU\\NMService.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Spil\\worms\\WA.exe"=
"d:\\Skole\\5. Semester\\EAIT-EC53-F09\\Opgaver\\Chess\\ChessServer\\vers1\\ChessTCPTournament.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programmer\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmer\\FileZilla FTP Client\\filezilla.exe"=
"c:\programmer\Microsoft ActiveSync\rapimgr.exe"= c:\programmer\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmer\Microsoft ActiveSync\wcescomm.exe"= c:\programmer\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmer\Microsoft ActiveSync\WCESMgr.exe"= c:\programmer\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\Spil\\CounterStrike\\hl.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57927:TCP"= 57927:TCP:Pando Media Booster
"57927:UDP"= 57927:UDP:Pando Media Booster
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 dcsnap;dcsnap;c:\windows\system32\drivers\dcsnap.sys [2009-08-07 84328]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 DCDisk;DCDisk;c:\windows\system32\drivers\DCDisk.sys [2009-08-07 156160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-05 20560]
R2 efbfs;Backup File Event Manager;c:\programmer\FarStone\DriveClone Pro\EFB\efbfs.exe [2009-08-07 28672]
R2 flbdisk;flbdisk;c:\windows\system32\drivers\flbdisk.sys [2009-08-07 16896]
R2 flbrc;flbrc;c:\windows\system32\drivers\flbrc.sys [2009-08-07 22528]
R2 Real time Backup Loader;Real time Backup Loader;c:\programmer\FarStone\DriveClone Pro\fsloader.exe [2008-03-26 90112]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2009-02-05 36608]
R3 SynMini;USB2.0 1.3M WebCam;c:\windows\system32\drivers\SynMini.sys [2009-02-05 1116544]
R3 SynScan;USB2.0 1.3M WebCam Still Image;c:\windows\system32\drivers\SynScan.sys [2009-02-05 7808]
S1 efbDisk;efbDisk; [x]
S2 Backup Scheduler;Backup Scheduler;c:\programmer\FarStone\DriveClone Pro\CBP\DCSchdlerSRVC.exe [2009-08-07 98304]
S3 SIoctl;SIoctl;c:\windows\system32\drivers\sioctl.sys [2009-08-07 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Indhold af mappen 'Planlagte Opgaver'
2009-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-764733703-725345543-1003Core.job
- c:\documents and settings\Michael Lehto\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2009-02-05 15:41]
2009-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-764733703-725345543-1003UA.job
- c:\documents and settings\Michael Lehto\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2009-02-05 15:41]
2009-08-30 c:\windows\Tasks\TestProject.job
- c:\programmer\MySQL\MySQL Tools for 5.0\MySQLAdministrator.exe [2009-01-29 13:24]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
FF - ProfilePath - c:\documents and settings\Michael Lehto\Application Data\Mozilla\Firefox\Profiles\7nbumn70.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.dk/
FF - plugin: c:\documents and settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Michael Lehto\Lokale indstillinger\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\programmer\Mozilla Firefox\plugins\npPandoWebInst.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-30 17:47
Windows 5.1.2600 Service Pack 3 NTFS
scanner skjulte processer ...
scanner skjulte autostarter ...
scanner skjulte filer ...
scanning gennemført med succes
skjulte filer: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\programmer\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\programmer\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- DLLs startet under kørende Processer ---------------------
- - - - - - - > 'explorer.exe'(2444)
c:\programmer\Fælles filer\TortoiseOverlays\TortoiseOverlays.dll
c:\programmer\TortoiseSVN\bin\TortoiseStub.dll
c:\programmer\TortoiseSVN\bin\TortoiseSVN.dll
c:\programmer\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\webcheck.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\programmer\Alwil Software\Avast4\aswUpdSv.exe
c:\programmer\Alwil Software\Avast4\ashServ.exe
c:\programmer\Bonjour\mDNSResponder.exe
c:\programmer\FarStone\DriveClone Pro\CBP\DCSchdler.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\FarStone\DriveClone Pro\EFB\EfbSchedule.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\programmer\TortoiseSVN\bin\TSVNCache.exe
c:\windows\system32\rundll32.exe
c:\windows\ATK0100\ATKOSD.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\programmer\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
c:\programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\programmer\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Gennemført tid: 2009-08-30 17:51 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2009-08-30 15:51
ComboFix2.txt 2009-08-30 15:38
Pre-Kørsel: 17,773,121,536 byte ledig
Post-Kørsel: 17,740,718,080 byte ledig
295 --- E O F --- 2009-08-28 14:50
Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:56, on 2009-08-30
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\FarStone\DriveClone Pro\CBP\DCSchdler.exe
C:\Programmer\FarStone\DriveClone Pro\EFB\efbfs.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\FarStone\DriveClone Pro\EFB\EfbSchedule.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\FarStone\DriveClone Pro\fsloader.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Wireless Console 2\wcourier.exe
C:\Programmer\ASUS\Power4 Gear\BatteryLife.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Java\jre6\bin\jusched.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programmer\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Michael Lehto\Lokale indstillinger\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michael Lehto\Lokale indstillinger\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Michael Lehto\Lokale indstillinger\Application Data\Google\Chrome\Application\chrome.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Wireless Console 2] "C:\Programmer\Wireless Console 2\wcourier.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Programmer\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Michael Lehto\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Backup Scheduler - Unknown owner - C:\Programmer\FarStone\DriveClone Pro\CBP\DCSchdlerSRVC.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Backup File Event Manager (efbfs) - FarStone Technology, Inc. - C:\Programmer\FarStone\DriveClone Pro\EFB\efbfs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: MySQL - Unknown owner - C:\Programmer\MySQL\MySQL.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Real time Backup Loader - Unknown owner - C:\Programmer\FarStone\DriveClone Pro\fsloader.exe
--
End of file - 9740 bytes
På forhånd tak.
Michael
