Combot rapport:
ComboFix 10-08-11.05 - WormHeart 12-08-2010 16:23:13.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.2046.1696 [GMT 2:00]
Kører fra: c:\documents and settings\WormHeart\Skrivebord\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\WormHeart\Skrivebord\CFScript.txt
advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\WormHeart\Application Data\inst.exe
.
((((((((((((((((((((((((((((( Filer skabt fra 2010-07-12 til 2010-08-12 )))))))))))))))))))))))))))))))))))
.
2010-08-12 14:07 . 2010-08-12 14:07 -------- d-----w- c:\documents and settings\WormHeart\Application Data\Malwarebytes
2010-08-12 14:07 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-12 14:07 . 2010-08-12 14:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-12 14:07 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-12 14:07 . 2010-08-12 14:07 -------- d-----w- c:\programmer\Malwarebytes' Anti-Malware
2010-08-07 06:03 . 2010-08-07 06:03 61440 ----a-w- c:\documents and settings\WormHeart\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2eb11621-n\decora-sse.dll
2010-08-07 06:03 . 2010-08-07 06:03 503808 ----a-w- c:\documents and settings\WormHeart\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-270fb8b0-n\msvcp71.dll
2010-08-07 06:03 . 2010-08-07 06:03 499712 ----a-w- c:\documents and settings\WormHeart\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-270fb8b0-n\jmc.dll
2010-08-07 06:03 . 2010-08-07 06:03 348160 ----a-w- c:\documents and settings\WormHeart\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-270fb8b0-n\msvcr71.dll
2010-08-07 06:03 . 2010-08-07 06:03 12800 ----a-w- c:\documents and settings\WormHeart\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2eb11621-n\decora-d3d.dll
2010-08-05 12:21 . 2010-08-05 12:22 -------- d-----w- c:\documents and settings\WormHeart\Application Data\vlc
2010-08-05 01:55 . 2010-08-05 01:57 -------- d-----w- C:\ArmyBuilder
2010-08-05 01:51 . 2010-08-05 01:51 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-08-05 01:51 . 2010-08-05 01:51 47360 ----a-w- c:\documents and settings\WormHeart\Application Data\pcouffin.sys
2010-08-05 01:51 . 2010-08-05 01:51 -------- d-----w- c:\documents and settings\WormHeart\Application Data\Vso
2010-08-05 01:50 . 2010-02-09 13:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-08-05 01:50 . 2010-02-09 13:37 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-08-05 01:50 . 2010-02-09 13:37 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-08-05 01:50 . 2010-02-09 13:37 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-08-05 01:50 . 2010-02-09 13:37 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-08-05 01:50 . 2010-02-09 13:37 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-08-05 01:50 . 2010-02-09 13:37 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-08-05 01:50 . 2010-08-05 01:50 -------- d-----w- c:\programmer\VSO
2010-08-02 12:16 . 2010-08-02 12:16 -------- d-----w- c:\programmer\Fælles filer\Java
2010-08-02 09:29 . 2010-08-02 09:29 -------- d-----w- c:\documents and settings\NetworkService\Lokale indstillinger\Application Data\Google
2010-08-02 09:24 . 2010-08-02 09:25 -------- d-----w- c:\documents and settings\WormHeart\Lokale indstillinger\Application Data\Temp
2010-08-02 09:24 . 2010-08-02 09:24 -------- d-----w- c:\documents and settings\LocalService\Lokale indstillinger\Application Data\Google
2010-08-02 09:24 . 2010-08-02 09:27 -------- d-----w- c:\documents and settings\WormHeart\Lokale indstillinger\Application Data\Google
2010-08-02 09:24 . 2010-08-02 09:26 -------- d-----w- c:\programmer\Google
2010-08-02 06:07 . 2010-08-02 06:07 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-31 19:03 . 2010-07-31 19:03 -------- d-----w- c:\documents and settings\WormHeart\Application Data\Ahead
2010-07-31 19:02 . 2010-08-02 06:07 -------- d-----w- c:\programmer\Fælles filer\Ahead
2010-07-31 19:02 . 2010-08-02 06:07 -------- d-----w- c:\programmer\Ahead
2010-07-29 13:57 . 2008-04-14 16:05 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-07-15 12:49 . 2010-07-15 12:49 -------- d-----w- c:\documents and settings\WormHeart\Phone Browser
2010-07-15 12:45 . 2010-07-15 13:02 -------- d-----w- c:\documents and settings\WormHeart\Application Data\FileZilla
2010-07-15 12:45 . 2010-07-15 12:46 -------- d-----w- c:\programmer\FileZilla FTP Client
2010-07-15 06:07 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-07-14 17:24 . 2010-07-14 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-07-14 17:15 . 2010-07-14 17:15 -------- d-----w- c:\programmer\Adobe Media Player
2010-07-14 17:13 . 2010-07-14 17:13 -------- d-----w- c:\programmer\Fælles filer\Adobe AIR
2010-07-14 17:10 . 2010-07-14 17:10 -------- d-----w- c:\programmer\Fælles filer\Macrovision Shared
2010-07-14 14:11 . 2010-07-14 14:11 61440 ----a-w- c:\documents and settings\WormHeart\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4785d4c8-n\decora-sse.dll
2010-07-14 14:11 . 2010-07-14 14:11 503808 ----a-w- c:\documents and settings\WormHeart\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5b27377a-n\msvcp71.dll
2010-07-14 14:11 . 2010-07-14 14:11 499712 ----a-w- c:\documents and settings\WormHeart\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5b27377a-n\jmc.dll
2010-07-14 14:11 . 2010-07-14 14:11 348160 ----a-w- c:\documents and settings\WormHeart\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5b27377a-n\msvcr71.dll
2010-07-14 14:11 . 2010-07-14 14:11 12800 ----a-w- c:\documents and settings\WormHeart\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4785d4c8-n\decora-d3d.dll
2010-07-14 14:11 . 2010-07-14 14:11 -------- d-----w- c:\windows\Sun
2010-07-14 14:11 . 2010-07-17 03:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-14 14:11 . 2010-08-02 12:16 -------- d-----w- c:\programmer\Java
2010-07-14 13:46 . 2010-07-14 13:46 13264416 ----a-w- c:\documents and settings\WormHeart\Application Data\Dropbox\cache\Dropbox-update-0.7.110.exe
2010-07-14 13:45 . 2010-07-14 13:46 91696 ----a-w- c:\documents and settings\WormHeart\Application Data\Dropbox\bin\Uninstall.exe
2010-07-14 13:44 . 2010-08-12 14:28 -------- d-----w- c:\documents and settings\WormHeart\Application Data\Dropbox
2010-07-14 13:42 . 2010-07-14 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-07-14 13:42 . 2010-07-14 13:42 -------- d-----w- c:\documents and settings\WormHeart\Application Data\Office Genuine Advantage
2010-07-14 13:41 . 2010-07-14 13:41 -------- d-----w- c:\documents and settings\WormHeart\Application Data\Windows Search
2010-07-14 13:25 . 2010-07-14 13:25 -------- d-----w- c:\documents and settings\WormHeart\Application Data\AdobeUM
2010-07-14 13:24 . 2010-08-02 09:37 -------- d-----w- c:\documents and settings\WormHeart\Lokale indstillinger\Application Data\Adobe
2010-07-14 13:23 . 2010-07-14 17:16 -------- d-----w- c:\programmer\Fælles filer\Adobe
2010-07-14 13:20 . 2010-07-14 13:20 -------- d-----w- c:\programmer\VideoLAN
2010-07-14 13:14 . 2010-07-14 13:14 -------- d-----w- c:\documents and settings\WormHeart\Lokale indstillinger\Application Data\Electronic Arts
2010-07-14 13:13 . 2010-07-14 13:13 -------- d--h--r- c:\documents and settings\WormHeart\Application Data\SecuROM
2010-07-14 13:13 . 2010-07-14 13:13 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-07-14 13:09 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-07-14 13:08 . 2010-07-14 13:08 -------- d-----w- c:\windows\Logs
2010-07-14 12:59 . 2010-07-14 12:59 -------- d-sh--w- c:\documents and settings\WormHeart\IECompatCache
2010-07-14 12:58 . 2010-07-14 12:58 -------- d-sh--w- c:\documents and settings\WormHeart\PrivacIE
2010-07-14 12:53 . 2010-07-14 12:53 -------- d-----w- c:\windows\nview
2010-07-14 12:53 . 2007-06-28 22:43 356352 ----a-w- c:\windows\system32\nvudisp.exe
2010-07-14 12:53 . 2007-06-28 23:54 356352 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-07-14 12:51 . 2010-07-14 12:51 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-07-14 12:51 . 2010-07-14 12:51 -------- d-sh--w- c:\documents and settings\WormHeart\IETldCache
2010-07-14 12:49 . 2010-07-15 06:10 -------- d-----w- c:\windows\ie8updates
2010-07-14 12:47 . 2010-07-14 12:48 -------- dc-h--w- c:\windows\ie8
2010-07-14 12:46 . 2010-06-24 12:24 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-14 12:46 . 2010-06-24 12:24 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-14 12:46 . 2010-06-24 12:25 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-07-14 12:46 . 2010-06-24 12:24 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-07-14 12:46 . 2010-06-24 12:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-14 12:46 . 2010-06-24 12:24 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-14 12:46 . 2010-06-24 15:54 11077120 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-07-14 12:46 . 2010-04-16 11:43 41984 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-07-14 12:43 . 2008-04-13 18:39 7552 -c--a-w- c:\windows\system32\dllcache\mskssrv.sys
2010-07-14 12:42 . 2010-07-14 12:42 -------- d-----w- c:\documents and settings\WormHeart\Application Data\PC Suite
2010-07-14 12:42 . 2010-07-14 12:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-07-14 02:56 . 2010-07-14 02:56 -------- d-----w- c:\windows\Cache
2010-07-14 02:35 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-07-14 02:31 . 2005-12-05 05:12 20640 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-07-14 02:31 . 2010-08-02 07:03 -------- d-----w- c:\programmer\Winamp
2010-07-14 02:25 . 2010-07-14 02:25 -------- d-----w- c:\documents and settings\WormHeart\Application Data\Samsung
2010-07-14 02:25 . 2010-07-14 02:25 -------- d-----w- c:\programmer\Fælles filer\PCSuite
2010-07-14 02:25 . 2010-07-14 02:25 -------- d-----w- c:\programmer\DIFX
2010-07-14 02:25 . 2007-09-17 13:53 21632 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-07-14 02:25 . 2010-07-14 02:25 -------- d-----w- c:\programmer\PC Connectivity Solution
2010-07-14 02:25 . 2010-07-14 02:25 -------- dc----w- c:\windows\system32\DRVSTORE
2010-07-14 02:25 . 2007-05-02 14:31 90624 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-07-14 02:25 . 2010-07-14 02:25 -------- d-----w- c:\programmer\Samsung
2010-07-14 02:25 . 2008-10-08 01:52 27108571 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{2958B04A-0905-4689-B8D8-2F511E03AEBA}\Samsung_PC_Studio_7_7.1.41.8.exe
2010-07-14 02:25 . 2010-07-14 02:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2010-07-14 01:26 . 2010-07-14 01:26 -------- d-----w- c:\programmer\DAEMON Tools Toolbar
2010-07-14 01:26 . 2010-07-14 12:42 -------- d-----w- c:\programmer\DAEMON Tools Lite
2010-07-14 01:24 . 2010-07-14 01:24 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-14 01:24 . 2010-07-14 01:24 -------- d-----w- c:\documents and settings\WormHeart\Application Data\DAEMON Tools
2010-07-14 01:13 . 2010-07-14 01:13 -------- d-----w- c:\programmer\CDisplay
2010-07-14 00:23 . 2010-07-14 00:23 -------- d-----w- c:\documents and settings\WormHeart\Lokale indstillinger\Application Data\Identities
2010-07-14 00:23 . 2010-08-03 05:36 -------- d-----w- c:\programmer\Windows Desktop Search
2010-07-14 00:23 . 2010-07-14 00:23 -------- d-----w- c:\windows\system32\GroupPolicy
2010-07-14 00:22 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2010-07-14 00:22 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2010-07-14 00:22 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2010-07-14 00:22 . 2010-07-14 00:22 -------- d-----w- c:\programmer\Windows Media Connect 2
2010-07-14 00:21 . 2010-07-14 00:22 -------- d-----w- C:\a5d1e0fb2b62ce486f65a12fe912
2010-07-14 00:21 . 2010-07-14 00:22 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-07-14 00:21 . 2010-07-14 00:21 -------- d-----w- c:\windows\system32\LogFiles
2010-07-14 00:21 . 2010-07-14 00:21 -------- d-----w- C:\70fcd7968db1b899e9
2010-07-14 00:05 . 2001-08-17 21:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2010-07-14 00:05 . 2008-04-14 15:37 58112 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-07-14 00:04 . 2001-08-17 20:13 27165 ----a-w- c:\windows\system32\drivers\fetnd5.sys
2010-07-14 00:04 . 2008-04-14 16:05 75264 ----a-w- c:\windows\system32\usbui.dll
2010-07-14 00:04 . 2008-04-13 18:36 44672 ----a-w- c:\windows\system32\drivers\uagp35.sys
2010-07-14 00:02 . 2004-08-27 12:00 85532 -c--a-w- c:\windows\system32\dllcache\dgsetup.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-12 13:03 . 2004-08-27 12:00 77994 ----a-w- c:\windows\system32\perfc006.dat
2010-08-12 13:03 . 2004-08-27 12:00 447596 ----a-w- c:\windows\system32\perfh006.dat
2010-08-02 09:37 . 2010-07-13 22:20 81224 ----a-w- c:\documents and settings\WormHeart\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2010-07-14 12:52 . 2010-07-13 22:22 -------- d-----w- c:\programmer\Fælles filer\InstallShield
2010-07-14 00:26 . 2010-07-14 00:26 -------- d-----w- c:\programmer\MSBuild
2010-07-14 00:26 . 2010-07-14 00:26 -------- d-----w- c:\programmer\Reference Assemblies
2010-07-13 23:46 . 2010-07-13 22:13 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-13 23:02 . 2010-07-13 22:38 -------- d-----w- c:\programmer\Microsoft Works
2010-07-13 22:39 . 2010-07-13 22:39 -------- d-----w- c:\programmer\Microsoft.NET
2010-07-13 22:23 . 2010-07-13 22:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-13 22:23 . 2010-07-13 22:22 -------- d-----w- c:\programmer\Symantec
2010-07-13 22:23 . 2010-07-13 22:22 -------- d-----w- c:\programmer\NavNT
2010-07-13 22:22 . 2010-07-13 22:22 -------- d-----w- c:\programmer\Fælles filer\Symantec Shared
2010-07-13 22:13 . 2010-07-13 22:13 -------- d-----w- c:\programmer\microsoft frontpage
2010-07-13 22:12 . 2010-07-13 22:12 -------- d-----w- c:\programmer\Onlinetjenester
2010-07-13 22:11 . 2010-07-13 22:11 -------- d-----w- c:\programmer\Fælles filer\Tjenester
2010-07-13 22:10 . 2010-07-13 22:10 21644 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-30 12:32 . 2004-08-27 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:25 . 2004-08-27 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2004-08-27 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-27 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-27 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2010-07-13 22:11 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2004-08-27 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-02 02:55 . 2010-07-14 13:10 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-06-02 02:55 . 2010-07-14 13:10 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-06-02 02:55 . 2010-07-14 13:10 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-05-26 09:41 . 2010-07-14 13:10 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-05-26 09:41 . 2010-07-14 13:10 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-05-26 09:41 . 2010-07-14 13:10 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-05-26 09:41 . 2010-07-14 13:10 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-05-26 09:41 . 2010-07-14 13:10 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\WormHeart\Application Data\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\WormHeart\Application Data\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\WormHeart\Application Data\Dropbox\bin\DropboxExt.13.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programmer\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="c:\programmer\NavNT\vptray.exe" [2001-09-24 73728]
"SamsungPCSuiteTrayApplication"="c:\programmer\Samsung\Samsung PC Studio 7\LaunchApplication.exe" [2008-08-06 278016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"nwiz"="nwiz.exe" [2007-06-28 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"AdobeCS4ServiceManager"="c:\programmer\Fælles filer\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\programmer\Fælles filer\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Samsung.PCSync"="c:\programmer\Samsung\Samsung PC Studio 7\PcSync2.exe" [2007-12-04 1241088]
c:\documents and settings\WormHeart\Menuen Start\Programmer\Start\
Dropbox.lnk - c:\documents and settings\WormHeart\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\WormHeart\\Dokumenter\\eMule\\emule.exe"=
"c:\\Documents and Settings\\WormHeart\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programmer\\Fælles filer\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programmer\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programmer\\Google\\Google Earth\\plugin\\geplugin.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
S2 gupdate;Google Update Service (gupdate);c:\programmer\Google\Update\GoogleUpdate.exe [02-08-2010 11:24 136176]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14-07-2010 03:24 717296]
.
Indhold af mappen 'Planlagte Opgaver'
2010-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-08-02 09:24]
2010-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-08-02 09:24]
2010-08-12 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Yderligere scanning -------
.
uStart Page =
hxxp://zipstat.dk/zipstat/stats.php?brugernavn=wormheart&show%5B0%5D=BasicStatsIE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-08-12 16:28
Windows 5.1.2600 Service Pack 3 NTFS
scanner skjulte processer ...
scanner skjulte autostarter ...
scanner skjulte filer ...
scanning gennemført med succes
skjulte filer: 0
**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
[HKEY_USERS\S-1-5-21-117609710-507921405-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:9b,f6,4f,26,00,ae,72,2a,76,05,73,5a,b5,10,6e,41,42,7e,ac,64,05,
86,da,21,7c,e5,bd,3b,bc,d8,ab,d1,91,49,9a,84,f5,94,27,a5,fc,a6,36,d8,9c,54,\
"rkeysecu"=hex:c2,da,44,62,a8,ea,15,2d,ca,35,61,02,66,50,7a,b5
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs startet under kørende Processer ---------------------
- - - - - - - > 'winlogon.exe'(644)
c:\programmer\Fælles filer\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\NavLogon.dll
- - - - - - - > 'explorer.exe'(564)
c:\documents and settings\WormHeart\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programmer\Samsung\Samsung PC Studio 7\PhoneBrowser.dll
c:\programmer\Samsung\Samsung PC Studio 7\PCSCM_Samsung.dll
c:\programmer\Samsung\Samsung PC Studio 7\Lang\PhoneBrowser_eng.nlr
c:\programmer\Samsung\Samsung PC Studio 7\Resource\PhoneBrowser_Samsung.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\programmer\NavNT\defwatch.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\RUNDLL32.EXE
c:\programmer\NavNT\rtvscan.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\MsgSys.EXE
.
**************************************************************************
.
Gennemført tid: 2010-08-12 16:31:48 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2010-08-12 14:31
Pre-Kørsel: 93.376.061.440 byte ledig
Post-Kørsel: 93.876.748.288 byte ledig
- - End Of File - - B30C9101E71ADDB84AFFE0090D3EF566
Ny bruger
Nybegynder
Opret
Preview
