Kan ikke slippe af med virus.... HJÆLP!

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

06-05-2010 14:19:25
mbam-log-2010-05-06 (14-19-25).txt

Skanningstype: Fuldstændig skanning (C:\|)
Objekter skannet: 165550
Tid gået: 46 minut(ter), 13 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 0
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 3

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
C:\WINDOWS\system32\drivers\foubr.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\ipsecndis.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\Drivers\ntndis.sys (Rootkit.Agent) -> Delete on reboot.

ComboFix 10-05-05.09 - Nicklas Buus Nielsen 06-05-2010  14:41:34.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.45.1030.18.3062.2627 [GMT 2:00]
Kører fra: c:\documents and settings\Nicklas Buus Nielsen\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Nicklas Buus Nielsen\Skrivebord\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Nicklas Buus Nielsen\Application Data\8E81E9B136C69AE32BA53BD9A0601058
c:\documents and settings\Nicklas Buus Nielsen\Application Data\8E81E9B136C69AE32BA53BD9A0601058\enemies-names.txt
c:\documents and settings\Nicklas Buus Nielsen\Application Data\8E81E9B136C69AE32BA53BD9A0601058\lsrslt.ini
c:\documents and settings\Nicklas Buus Nielsen\Lokale indstillinger\Application Data\puljerpri
c:\documents and settings\Nicklas Buus Nielsen\Lokale indstillinger\Application Data\puljerpri\jcfdrqqtssd.exe
c:\recycler\S-1-5-21-1293604063-0084207854-584075059-1639
c:\recycler\S-1-5-21-1747028361-7761623369-360555913-5601
c:\recycler\S-1-5-21-1916745339-2203135863-155885323-9810
c:\recycler\S-1-5-21-2665526117-3479345175-724478704-4243
c:\recycler\S-1-5-21-3840294088-4808799145-342085286-7803
c:\recycler\S-1-5-21-4134483267-5372267441-858828309-9701
c:\recycler\S-1-5-21-4187577286-3518816234-655189981-1516
c:\recycler\S-1-5-21-4335693222-1447265597-314157584-4363
c:\recycler\S-1-5-21-4720373698-9464036973-723980698-0221
c:\recycler\S-1-5-21-5541528253-8080418865-533292903-7316
c:\recycler\S-1-5-21-6547562576-9251803294-962663856-8799
c:\recycler\S-1-5-21-6977779018-9723204545-395109906-6572
c:\recycler\S-1-5-21-8025827125-5572636668-006804470-5602
c:\recycler\S-1-5-21-8926487473-4527525964-663735933-3555
c:\windows\pxysdb.dat
c:\windows\system32\kzp.4e
c:\windows\system32\rth.gde
c:\windows\system32\winstartup.log

Inficeret kopi af c:\windows\system32\drivers\pci.sys blev fundet og desinficeret
Genskabt kopi fra - Kitty had a snack :p
Inficeret kopi af c:\windows\system32\autochk.exe blev fundet og desinficeret
Genskabt kopi fra - c:\windows\ServicePackFiles\i386\autochk.exe

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


(((((((((((((((((((((((((((((  Filer skabt fra 2010-04-06 til 2010-05-06  )))))))))))))))))))))))))))))))))))
.

2010-05-06 11:25 . 2010-05-06 11:25    --------    d-----w-    c:\programmer\CCleaner
2010-05-03 13:17 . 2010-05-03 13:17    6153352    ----a-w-    c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-05-03 13:17 . 2010-05-03 13:16    8608    ----a-w-    c:\windows\system32\drivers\zhonrwfrj9.sys
2010-05-03 11:51 . 2010-05-03 11:51    --------    d-----w-    c:\documents and settings\Administrator\Lokale indstillinger\Application Data\Identities
2010-05-03 11:51 . 2010-05-03 11:51    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2010-05-03 11:49 . 2010-05-03 11:49    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Windows Search
2010-05-02 22:11 . 2010-05-02 22:11    --------    d-----w-    c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-02 22:02 . 2010-05-02 22:02    --------    d-sh--w-    c:\documents and settings\Administrator\IETldCache
2010-04-29 08:18 . 2010-04-29 08:18    --------    d-sh--w-    c:\windows\system32\config\systemprofile\IETldCache
2010-04-28 22:29 . 2010-04-28 22:29    --------    d-----w-    c:\documents and settings\Nicklas Buus Nielsen\Application Data\Malwarebytes
2010-04-28 22:29 . 2010-04-29 13:39    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-28 22:29 . 2010-05-03 13:36    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2010-04-28 22:29 . 2010-04-29 13:39    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-04-28 22:29 . 2010-04-28 22:29    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-28 21:55 . 2010-05-06 12:39    17408    ----a-w-    c:\windows\system32\rpcnetp.dll
2010-04-28 21:54 . 2010-05-06 12:38    17408    ----a-w-    c:\windows\system32\rpcnetp.exe
2010-04-28 21:51 . 2010-04-28 21:51    --------    d--h--w-    c:\windows\PIF
2010-04-28 21:29 . 2010-04-28 21:29    210816    -c--a-w-    c:\windows\system32\dllcache\ndis.sys
2010-04-28 20:26 . 2010-05-06 12:50    823808    ----a-w-    c:\windows\system32\drivers\foubr.sys
2010-04-28 19:57 . 2010-04-28 19:57    --------    d-----w-    c:\documents and settings\Nicklas Buus Nielsen\Application Data\Windows Search
2010-04-28 19:06 . 2010-04-28 19:06    96764    ----a-w-    c:\windows\system32\601116e0.exe
2010-04-28 19:03 . 2010-04-28 19:06    50990    ----a-w-    c:\windows\system32\gaddorekrk.exe
2010-04-13 08:19 . 2010-04-13 08:20    --------    d-----w-    c:\programmer\Fælles filer\Adobe

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-06 12:30 . 2009-10-21 23:54    --------    d-----w-    c:\documents and settings\All Users\Application Data\avg9
2010-04-29 07:55 . 2006-03-02 12:00    578560    ----a-w-    c:\windows\system32\user32.DLL
2010-04-28 21:41 . 2010-04-03 06:19    44544    ----a-w-    c:\windows\system32\agremove.exe
2010-04-28 21:29 . 2006-03-02 12:00    210816    ----a-w-    c:\windows\system32\drivers\ndis.sys
2010-04-28 18:55 . 2009-10-25 11:45    664    ----a-w-    c:\windows\system32\d3d9caps.dat
2010-04-24 03:15 . 2009-12-22 23:55    --------    d-----w-    c:\documents and settings\Nicklas Buus Nielsen\Application Data\vlc
2010-04-23 21:44 . 2010-02-14 10:43    --------    d-----w-    c:\documents and settings\Nicklas Buus Nielsen\Application Data\dvdcss
2010-04-21 07:22 . 2009-10-21 23:55    242896    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2010-04-12 05:25 . 2006-03-02 12:00    91038    ----a-w-    c:\windows\system32\perfc006.dat
2010-04-12 05:25 . 2006-03-02 12:00    479278    ----a-w-    c:\windows\system32\perfh006.dat
2010-04-07 12:39 . 2010-01-07 11:06    0    ----a-w-    c:\documents and settings\Nicklas Buus Nielsen\temp.dat
2010-03-24 18:17 . 2010-03-24 08:04    952768    ----a-w-    c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\10308\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04    70584    ----a-w-    c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\10308\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04    326056    ----a-w-    c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\10308\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04    326056    ----a-w-    c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\10308\AcrobatUpdater.exe
2010-03-15 15:54 . 2010-03-15 15:54    --------    d-----w-    c:\documents and settings\All Users\Application Data\Ableton
2010-03-15 15:54 . 2010-03-15 15:54    --------    d-----w-    c:\documents and settings\Nicklas Buus Nielsen\Application Data\Ableton
2010-03-15 15:49 . 2010-03-15 15:49    --------    d-----w-    c:\programmer\Ableton
2010-03-14 08:33 . 2010-03-14 08:33    12464    ----a-w-    c:\windows\system32\avgrsstx.dll
2010-03-14 08:33 . 2009-10-21 23:54    29512    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
2010-03-14 08:32 . 2009-10-21 23:54    216200    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2010-03-12 02:15 . 2010-02-20 16:58    --------    d-----w-    c:\documents and settings\Nicklas Buus Nielsen\Application Data\Skype
2010-03-11 13:08 . 2010-02-21 07:45    --------    d-----w-    c:\documents and settings\Nicklas Buus Nielsen\Application Data\skypePM
2010-03-10 06:17 . 2006-03-02 12:00    420352    ----a-w-    c:\windows\system32\vbscript.dll
2010-02-25 06:18 . 2006-03-02 12:00    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2006-03-02 12:00    455680    ----a-w-    c:\windows\system32\drivers\mrxsmb.sys
2010-02-24 11:24 . 2010-02-24 11:24    50354    ----a-w-    c:\documents and settings\Nicklas Buus Nielsen\Application Data\Facebook\uninstall.exe
2010-02-21 07:45 . 2010-02-21 07:45    56    ---ha-w-    c:\windows\system32\ezsidmv.dat
2010-02-19 23:47 . 2010-02-19 23:47    3604480    ----a-w-    c:\windows\system32\GPhotos.scr
2010-02-17 12:09 . 2006-03-02 12:00    2192512    ----a-w-    c:\windows\system32\ntoskrnl.exe
2010-02-16 19:09 . 2004-08-26 17:50    2069376    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-14 23:37    293376    ------w-    c:\windows\system32\browserchoice.exe
2010-02-12 04:34 . 2006-03-02 12:00    100864    ----a-w-    c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2006-03-02 12:00    226880    ----a-w-    c:\windows\system32\drivers\tcpip6.sys
2009-09-25 16:41 . 2009-09-25 16:41    1044480    ----a-w-    c:\programmer\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41    200704    ----a-w-    c:\programmer\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

• 2010-04-28 21:29 . !HASH: COULD NOT OPEN FILE !!!!! . 210816 . . [------] . . c:\windows\system32\drivers\ndis.sys
  

• 2010-04-28 21:29 . !HASH: COULD NOT OPEN FILE !!!!! . 210816 . . [------] . . c:\windows\system32\dllcache\ndis.sys
  

• 2008-04-13 19:20 . !HASH: COULD NOT OPEN FILE !!!!! . 182656 . . [------] . . c:\windows\ServicePackFiles\i386\ndis.sys
  

• 2006-03-02 12:00 . !HASH: COULD NOT OPEN FILE !!!!! . 182912 . . [------] . . c:\windows\$NtServicePackUninstall$\ndis.sys
  

• 2010-04-29 . 2CB8011BB85B29A5B3FE1DE93F35A30E . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.DLL
  

• 2010-04-29 . 2CB8011BB85B29A5B3FE1DE93F35A30E . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
  

[7] 2008-04-14 . A45B00E0410E44E7177A403ECAD4B12A . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[7] 2006-03-02 . B9730010E7364F87234D23CE0E05F0C3 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Windows Search.lnk - c:\programmer\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\zhonrwfrj9.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmer\\AVG\\AVG9\\avgemc.exe"=
"c:\\Programmer\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmer\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmer\\iTunes\\iTunes.exe"=
"c:\\Programmer\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmer\\BitLord\\BitLord.exe"=
"c:\\Programmer\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [22-10-2009 01:54 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [22-10-2009 01:55 242896]
R1 zhonrwfrj9;zhonrwfrj9.sys;c:\windows\system32\drivers\zhonrwfrj9.sys [03-05-2010 15:17 8608]
R2 avg9emc;AVG Free E-mail Scanner;c:\programmer\AVG\AVG9\avgemc.exe [14-03-2010 10:32 916760]
R2 avg9wd;AVG Free WatchDog;c:\programmer\AVG\AVG9\avgwdsvc.exe [14-03-2010 10:33 308064]
R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [15-07-2008 07:13 106496]
R2 FNF5SVC;Fn+F5 Service;c:\programmer\Lenovo\HOTKEY\FnF5svc.exe [24-10-2009 19:32 54560]
S0 nuzvo;nuzvo; [x]
S1 zvxhqphviv9;zvxhqphviv9;c:\windows\system32\drivers\zvxhqphviv9.sys --> c:\windows\system32\drivers\zvxhqphviv9.sys [?]
S1 zwusauaqj7;zwusauaqj7;c:\windows\system32\drivers\zwusauaqj7.sys --> c:\windows\system32\drivers\zwusauaqj7.sys [?]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [30-10-2006 10:57 37296]
S3 fs2_1394;fs2_1394;c:\windows\system32\drivers\fs2_1394.sys [18-11-2009 23:22 71936]
S3 fs2_avs;fs2_avs;c:\windows\system32\drivers\fs2_avs.sys [18-11-2009 23:22 24576]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [24-10-2009 18:23 40448]

--- Andre Services/Drivers i Hukommelsen ---

*Deregistered* - foubr
.
Indhold af mappen 'Planlagte Opgaver'

2010-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-152049171-682003330-1003Core.job
- c:\documents and settings\Nicklas Buus Nielsen\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2010-03-03 13:09]

2010-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-152049171-682003330-1003UA.job
- c:\documents and settings\Nicklas Buus Nielsen\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2010-03-03 13:09]
.
.
------- Yderligere scanning -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {12D945EB-C405-4BEC-8C45-AB38CFDF7511} = 208.67.222.222,208.67.220.220
TCP: {99279106-1236-4B5A-85E0-41E34D59AAEA} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\Nicklas Buus Nielsen\Application Data\Mozilla\Firefox\Profiles\otb6zye7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\Nicklas Buus Nielsen\Application Data\Mozilla\Firefox\Profiles\otb6zye7.default\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}\components\FFAlert.dll
FF - component: c:\programmer\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\programmer\Mozilla Firefox\extensions\{e150c600-6124-04b3-bb61-c606946a0b32}\components\29212c19.dll
FF - plugin: c:\documents and settings\Nicklas Buus Nielsen\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Nicklas Buus Nielsen\Lokale indstillinger\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programmer\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLITIKKER ----
c:\programmer\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
.
- - - - TOMME GENVEJE FJERNET - - - -

AddRemove-Stanton ScratchAmp Driver (V1.00) Setup - c:\programmer\Stanton\FinalScratch\uninst.exe Software\Stanton\1394AudioDriver_FinalScratch\Setup



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-06 14:49
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 


c:\windows\system32\mrflop.dll 24191 bytes executable
c:\windows\system32\mtflop.sys 8608 bytes executable

scanning gennemført med succes
skjulte filer: 2

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe >>UNKNOWN [0x8A40C0E0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba90cf28
\Driver\ACPI -> ACPI.sys @ 0xba77fcb8
\Driver\atapi -> atapi.sys @ 0xba5da852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
NDIS: Broadcom NetLink (TM) Fast Ethernet -> SendCompleteHandler -> NDIS.sys @ 0x8a3f3bb0
PacketIndicateHandler -> NDIS.sys @ 0x8a3e2a0d
SendHandler -> NDIS.sys @ 0x8a3f6b40
user & kernel MBR OK
copy of MBR has been found in sector 61 !
copy of MBR has been found in sector 62 !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\foubr]

.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(944)
c:\windows\system32\FpWinLogonNp.dll
c:\programmer\Lenovo Fingerprint Software\ATCSSINT.dll
c:\programmer\Lenovo Fingerprint Software\SharedResources.dll
c:\programmer\Lenovo Fingerprint Software\FPResource.dll
c:\windows\system32\mrflop.dll
c:\programmer\Lenovo\HOTKEY\tphklock.dll
c:\programmer\Bonjour\mdnsNSP.dll

- - - - - - - > 'explorer.exe'(2136)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\programmer\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\programmer\Fælles filer\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\programmer\Fælles filer\Adobe\Acrobat\ActiveX\PDFShell.DAN
.
------------------------ Andre kørende processer ------------------------
.
c:\programmer\Intel\Wireless\Bin\S24EvMon.exe
c:\programmer\AVG\AVG9\avgchsvx.exe
c:\programmer\AVG\AVG9\avgrsx.exe
c:\programmer\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\agrsmsvc.exe
c:\programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmer\Bonjour\mDNSResponder.exe
c:\programmer\Intel\Wireless\Bin\EvtEng.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Lenovo\PM Driver\PMSveH.exe
c:\programmer\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\SearchIndexer.exe
c:\programmer\AVG\AVG9\avgnsx.exe
c:\programmer\AVG\AVG9\avgcsrvx.exe
.
**************************************************************************
.
Gennemført tid: 2010-05-06  14:53:28 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2010-05-06 12:53

Pre-Kørsel: 41.336.037.376 byte ledig
Post-Kørsel: 41.260.457.984 byte ledig

- - End Of File - - 6E6CFDB341D8C6F747E19C71354C2443

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:55:54, on 06-05-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\FpLogonServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\AVG\AVG9\avgchsvx.exe
C:\Programmer\AVG\AVG9\avgrsx.exe
C:\Programmer\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\AVG\AVG9\avgwdsvc.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\LENOVO\HOTKEY\FNF5SVC.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Lenovo\PM Driver\PMSveH.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmer\AVG\AVG9\avgemc.exe
C:\Programmer\AVG\AVG9\avgnsx.exe
C:\Programmer\AVG\AVG9\avgcsrvx.exe
C:\Programmer\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Programmer\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{12D945EB-C405-4BEC-8C45-AB38CFDF7511}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{99279106-1236-4B5A-85E0-41E34D59AAEA}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{12D945EB-C405-4BEC-8C45-AB38CFDF7511}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmer\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Programmer\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmer\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe
O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Programmer\LENOVO\HOTKEY\FNF5SVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: PMSveH - Lenovo - C:\Programmer\Lenovo\PM Driver\PMSveH.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 4899 bytes