Hej.
Jeg sidder her på min fars PC, og han brokker sig over, at han har virus, evt. spyware eller trojan.
Han bruger XP. Jeg har scannet med Combofix og Hijackthis.
Hvilke logs vil I se?
Han bruger Kaspersky og Spyware Terminator.
Nogle af hans filer er blå, ind på han C drev.
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 12:39:31, on 18-03-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Programmer\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Programmer\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Panda USB Vaccine\USBVaccine.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\CyberLink\PCM4Everio\EverioService.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\Fælles filer\Java\Java Update\jusched.exe
C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\TechSmith\Snagit 9\Snagit32.exe
C:\Programmer\TechSmith\Snagit 9\TSCHelp.exe
C:\Programmer\TechSmith\Snagit 9\SnagPriv.exe
C:\Programmer\TechSmith\Snagit 9\snagiteditor.exe
C:\Programmer\Windows Live\Contacts\wlcomm.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\msiexec.exe
C:\Programmer\TrendMicro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dk.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - (no file)
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programmer\myBabylon_English\tbmyBa.dll
R3 - URLSearchHook: Games Bar 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Programmer\Games_Bar_1\tbGam0.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmer\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmer\Crawler\Toolbar\ctbr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmer\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmer\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Hjælp til tilmelding til Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programmer\myBabylon_English\tbmyBa.dll
O2 - BHO: Games Bar 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Programmer\Games_Bar_1\tbGam0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Crawler; Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmer\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmer\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmer\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows; Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmer\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programmer\myBabylon_English\tbmyBa.dll
O3 - Toolbar: Games Bar 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Programmer\Games_Bar_1\tbGam0.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SpywareTerminator] “C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe”
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] “C:\Programmer\QuickTime\qttask.exe” -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Programmer\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [EverioService] “C:\Programmer\CyberLink\PCM4Everio\EverioService.exe”
O4 - HKLM\..\Run: [GrooveMonitor] “C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKLM\..\Run: [TkBellExe] “C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] “C:\Programmer\Fælles filer\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: [AVP] “C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe”
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Programmer\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [msnmsgr] “C:\Programmer\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU\..\Run: [swg] “C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘LOKAL TJENESTE’)
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘NETVÆRKSTJENESTE’)
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snagit 9.lnk = C:\Programmer\TechSmith\Snagit 9\Snagit32.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki ... - res://C:\Programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Programmer\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Programmer\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &Blog; det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: S&end; til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual; keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck; - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.myheritage.com/FP/ImageUploader/ImageUploader5.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263747653343
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmer\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avp - Kaspersky Lab - C:\Programmer\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Tjenesten Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmer\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmer\Spyware Terminator\sp_rsser.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Programmer\Yahoo!\SoftwareUpdate\YahooAUService.exe
—
End of file - 13667 bytes
ComboFix 10-03-17.07 - Odisho 18-03-2010 12:52:20.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.1023.709 [GMT 1:00]
Kører fra: c:\documents and settings\Mariam\Dokumenter\Hentede filer\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
Inficeret kopi af c:\windows\system32\DRIVERS\atapi.sys blev fundet og desinficeret
Genskabt kopi fra - Kitty ate it :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.
———-\Legacy_SSHNAS
((((((((((((((((((((((((((((( Filer skabt fra 2010-02-18 til 2010-03-18 )))))))))))))))))))))))))))))))))))
.
2010-03-18 09:14 . 2010-03-18 09:14 ———— dc——w- c:\documents and settings\Mariam\Application Data\TechSmith
2010-03-18 08:48 . 2010-03-18 08:48 ———— dc——w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2010-03-18 08:45 . 2010-03-18 08:48 ———— dc——w- c:\documents and settings\Mariam\Application Data\HpUpdate
2010-03-18 07:45 . 2010-03-18 09:23 ———— dc——w- c:\documents and settings\Mariam\Application Data\Image Zone Express
2010-03-18 07:44 . 2010-03-18 07:44 ———— dc——w- c:\documents and settings\Mariam\Application Data\HP
2010-03-16 20:30 . 2010-03-18 12:16 ———— dc——w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-03-16 20:26 . 2010-03-16 20:26 ———— dc——w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-03-11 14:29 . 2010-03-11 14:29 ———— dc——w- c:\documents and settings\Peter.ODISHO-J7HO4LAH\Application Data\Panda Security
2010-03-10 10:03 . 2010-03-10 10:09 ———— dc——w- c:\documents and settings\Mariam\Application Data\EmailNotifier
2010-03-10 10:03 . 2010-03-10 10:03 ———— dc——w- c:\documents and settings\All Users\Application Data\EmailNotifier
2010-03-08 23:16 . 2010-03-08 23:16 ———— d——-w- c:\documents and settings\Odisho\Application Data\Panda Security
2010-03-08 22:56 . 2010-03-08 22:56 ———— dc——w- c:\documents and settings\Default User\Application Data\Panda Security
2010-03-08 21:50 . 2010-03-08 21:50 ———— dc——w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-07 15:32 . 2010-03-07 15:32 ———— dc——w- c:\documents and settings\Mariam\Application Data\Leadertech
2010-03-04 15:16 . 2010-03-04 15:16 ———— d——-w- c:\documents and settings\Odisho\Application Data\uniblue
2010-02-26 17:40 . 2010-02-26 17:40 ———— d——-w- c:\documents and settings\Odisho\Application Data\dvdcss
2010-02-21 12:57 . 2010-02-21 12:57 ———— dc——w- c:\documents and settings\Mariam\Application Data\dvdcss
2010-02-21 12:57 . 2010-03-18 07:21 ———— dc——w- c:\documents and settings\Mariam\Application Data\vlc
2010-02-20 10:30 . 2010-02-20 10:30 ———— dc——w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-02-20 10:30 . 2010-03-16 14:02 ———— dc——w- c:\documents and settings\Peter.ODISHO-J7HO4LAH\Application Data\AVS4YOU
2010-02-19 13:15 . 2010-02-19 13:15 ———— dc——w- c:\documents and settings\Mariam\Application Data\Yahoo!
2010-02-17 15:51 . 2010-02-17 15:51 ———— dc——w- c:\documents and settings\Mariam\Application Data\AdobeUM
2010-02-17 15:00 . 2010-02-17 15:00 ———— dc——w- c:\documents and settings\Peter.ODISHO-J7HO4LAH\Application Data\TeamViewer
2010-02-17 14:54 . 2010-02-17 15:04 ———— dc——w- c:\documents and settings\Peter.ODISHO-J7HO4LAH\Application Data\Ventrilo
2010-02-17 14:50 . 2010-03-14 18:59 ———— dc——w- c:\documents and settings\Peter.ODISHO-J7HO4LAH\Application Data\mIRC
2010-02-17 12:37 . 2010-02-17 12:37 ———— dc——w- c:\documents and settings\Peter.ODISHO-J7HO4LAH\Application Data\AdobeUM
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-18 12:19 . 2010-01-17 21:21 ———— d——-w- c:\programmer\WinClamAVShield
2010-03-18 12:19 . 2010-01-17 15:34 ———— dc——w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-03-18 11:38 . 2010-03-18 11:38 388096 -c—a-r- c:\documents and settings\Mariam\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-18 11:38 . 2010-03-18 11:38 ———— d——-w- c:\programmer\TrendMicro
2010-03-18 08:14 . 2002-09-16 12:00 96512 -c—a-w- c:\windows\system32\drivers\atapi.sys
2010-03-18 06:46 . 2010-02-11 06:57 ———— dc——w- c:\documents and settings\Mariam\Application Data\Spyware Terminator
2010-03-17 21:47 . 2010-01-17 15:34 ———— d——-w- c:\programmer\Spyware Terminator
2010-03-17 19:20 . 2010-01-17 15:34 ———— d——-w- c:\documents and settings\Odisho\Application Data\Spyware Terminator
2010-03-17 19:01 . 2010-02-14 13:45 ———— dc——w- c:\documents and settings\Peter.ODISHO-J7HO4LAH\Application Data\Skype
2010-03-17 18:25 . 2010-01-18 14:29 ———— d——-w- c:\programmer\Steam
2010-03-17 16:06 . 2010-02-14 13:54 ———— dc——w- c:\documents and settings\Peter.ODISHO-J7HO4LAH\Application Data\skypePM
2010-03-16 22:05 . 2010-03-16 22:05 315408 -c—a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-03-16 21:23 . 2010-03-08 22:55 ———— d——-w- c:\programmer\Panda Security
2010-03-16 21:23 . 2010-03-16 21:23 932368 -c—a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-03-16 21:22 . 2010-03-16 21:22 678416 -c—a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-03-16 21:22 . 2010-03-16 21:22 604688 -c—a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-03-16 21:22 . 2010-03-16 21:22 1096208 -c—a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-03-16 21:22 . 2010-03-16 21:22 522768 -c—a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-03-16 21:20 . 2010-02-12 21:44 ———— dc——w- c:\documents and settings\All Users\Application Data\Panda Security
2010-03-16 21:20 . 2010-03-16 21:20 397328 -c—a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\oeas.dll
2010-03-16 21:20 . 2010-03-16 21:20 17936 -c—a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\kloehk.dll
2010-03-16 21:20 . 2010-03-16 21:20 109072 -c—a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-03-16 21:20 . 2010-03-16 21:20 80400 -c—a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-03-16 21:20 . 2010-03-16 21:20 315408 -c—a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-03-16 21:18 . 2009-02-24 04:39 573440 ——a-w- c:\windows\system32\Sexy Female Celebrities.scr
2010-03-16 20:38 . 2010-03-16 20:38 95259 ——a-w- c:\windows\system32\drivers\klick.dat
2010-03-16 20:38 . 2010-03-16 20:38 108059 ——a-w- c:\windows\system32\drivers\klin.dat
2010-03-16 20:30 . 2010-03-16 20:30 ———— d——-w- c:\programmer\Kaspersky Lab
2010-03-16 14:01 . 2010-02-20 10:28 ———— d——-w- c:\programmer\AVS4YOU
2010-03-16 14:01 . 2010-02-20 10:28 ———— d——-w- c:\programmer\Fælles filer\AVSMedia
2010-03-16 13:55 . 2010-02-16 12:04 ———— dc——w- c:\documents and settings\Peter.ODISHO-J7HO4LAH\Application Data\vlc
2010-03-15 14:24 . 2010-02-10 20:55 ———— dc——w- c:\documents and settings\Peter.ODISHO-J7HO4LAH\Application Data\Spyware Terminator
2010-03-14 20:45 . 2010-01-28 12:53 ———— d——-w- c:\documents and settings\Odisho\Application Data\MSN6
2010-03-14 11:21 . 2010-01-17 15:24 ———— d—h—w- c:\programmer\InstallShield Installation Information
2010-03-14 11:20 . 2010-03-14 11:01 ———— d——-w- c:\programmer\Ubisoft
2010-03-12 22:14 . 2010-01-17 20:21 ———— dc——w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-11 12:49 . 2010-01-17 15:34 ———— d——-w- c:\programmer\Crawler
2010-03-11 11:18 . 2010-03-10 09:57 ———— d——-w- c:\programmer\myBabylon_English
2010-03-11 11:08 . 2010-03-11 11:08 ———— d——-w- c:\programmer\Babylon
2010-03-10 21:10 . 2010-03-10 21:10 439816 ——a-w- c:\documents and settings\Odisho\Application Data\Real\Update\setup3.10\setup.exe
2010-03-10 19:26 . 2010-03-10 10:03 ———— d——-w- c:\programmer\BabylonXtra
2010-03-10 10:24 . 2010-03-10 10:23 ———— d——-w- c:\programmer\Games_Bar_1
2010-03-10 09:57 . 2010-03-10 09:57 ———— d——-w- c:\programmer\Conduit
2010-03-08 22:54 . 2010-01-21 20:32 ———— dc——w- c:\documents and settings\All Users\Application Data\Norton
2010-03-08 22:54 . 2010-01-22 17:36 ———— d——-w- c:\programmer\Fælles filer\Symantec Shared
2010-03-08 21:56 . 2010-01-21 20:32 ———— dc——w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-03-08 21:51 . 2010-03-08 21:51 ———— d——-w- c:\programmer\Fælles filer\PC Tools
2010-03-07 15:30 . 2010-03-07 15:30 ———— d——-w- c:\programmer\NovaLogic
2010-03-05 22:42 . 2010-03-05 22:33 ———— d——-w- c:\programmer\Opera
2010-03-04 22:44 . 2010-03-04 22:44 159080 -c—a-w- c:\documents and settings\LocalService\Lokale indstillinger\Application Data\FontCache3.0.0.0.dat
2010-03-04 15:13 . 2010-03-04 15:13 ———— d——-w- c:\programmer\Uniblue
2010-03-02 19:58 . 2010-03-02 19:58 147456 —sha-r- c:\windows\msnmgr.exe.VIR
2010-02-26 17:41 . 2010-01-19 20:28 ———— d——-w- c:\documents and settings\Odisho\Application Data\vlc
2010-02-23 01:00 . 2010-01-23 10:48 664 ——a-w- c:\windows\system32\d3d9caps.dat
2010-02-20 10:18 . 2010-02-20 10:18 ———— d——-w- c:\programmer\Zeallsoft
2010-02-19 16:00 . 2010-02-18 10:52 ———— d——-w- c:\programmer\mIRC
2010-02-18 20:37 . 2010-01-17 15:15 5749605 ——a-w- c:\windows\java\Packages\O4M0NNZR.ZIP
2010-02-18 15:27 . 2010-01-18 21:22 ———— d——-w- c:\documents and settings\Odisho\Application Data\HpUpdate
2010-02-17 15:29 . 2010-02-17 15:29 ———— d——-w- c:\programmer\PhotoScape
2010-02-17 14:54 . 2010-02-17 14:53 ———— d——-w- c:\programmer\Ventrilo
2010-02-17 14:53 . 2010-01-23 22:15 ———— d——-w- c:\programmer\Fælles filer\Wise Installation Wizard
2010-02-15 16:29 . 2010-02-15 16:28 ———— d——-w- c:\documents and settings\Odisho\Application Data\CyberLink
2010-02-15 16:28 . 2010-01-17 20:09 ———— dc——w- c:\documents and settings\All Users\Application Data\Cyberlink
2010-02-15 13:56 . 2010-02-15 13:56 503808 -c—a-w- c:\documents and settings\Peter.ODISHO-J7HO4LAH\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-16febca0-n\msvcp71.dll
2010-02-15 13:56 . 2010-02-15 13:56 348160 -c—a-w- c:\documents and settings\Peter.ODISHO-J7HO4LAH\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-16febca0-n\msvcr71.dll
2010-02-15 13:56 . 2010-02-15 13:56 61440 -c—a-w- c:\documents and settings\Peter.ODISHO-J7HO4LAH\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-20af6d5d-n\decora-sse.dll
2010-02-15 13:56 . 2010-02-15 13:56 499712 -c—a-w- c:\documents and settings\Peter.ODISHO-J7HO4LAH\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-16febca0-n\jmc.dll
2010-02-15 13:56 . 2010-02-15 13:56 12800 -c—a-w- c:\documents and settings\Peter.ODISHO-J7HO4LAH\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-20af6d5d-n\decora-d3d.dll
2010-02-14 14:13 . 2010-02-14 14:13 ———— dc——w- c:\documents and settings\Peter.ODISHO-J7HO4LAH\Application Data\HP
2010-02-12 21:44 . 2010-02-12 21:44 ———— d——-w- c:\programmer\Panda USB Vaccine
2010-02-12 16:41 . 2010-02-12 16:41 61440 -c—a-w- c:\documents and settings\Mariam\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3c6d9d71-n\decora-sse.dll
2010-02-12 16:41 . 2010-02-12 16:41 503808 -c—a-w- c:\documents and settings\Mariam\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-72f1961c-n\msvcp71.dll
2010-02-12 16:41 . 2010-02-12 16:41 499712 -c—a-w- c:\documents and settings\Mariam\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-72f1961c-n\jmc.dll
2010-02-12 16:41 . 2010-02-12 16:41 348160 -c—a-w- c:\documents and settings\Mariam\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-72f1961c-n\msvcr71.dll
2010-02-12 16:41 . 2010-02-12 16:41 12800 -c—a-w- c:\documents and settings\Mariam\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3c6d9d71-n\decora-d3d.dll
2010-02-12 10:03 . 2010-03-05 13:02 293376 ———w- c:\windows\system32\browserchoice.exe
2010-02-11 08:45 . 2010-02-11 08:45 ———— dc——w- c:\documents and settings\Mariam\Application Data\Office Genuine Advantage
2010-02-11 06:57 . 2010-02-11 06:57 69232 -c—a-w- c:\documents and settings\Mariam\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2010-02-10 20:54 . 2010-02-10 20:54 69232 -c—a-w- c:\documents and settings\Peter.ODISHO-J7HO4LAH\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2010-02-10 19:45 . 2010-02-10 19:45 ———— d——-w- c:\programmer\Ashampoo
2010-02-07 15:03 . 2010-02-07 15:02 ———— d——-w- c:\programmer\Drake Demo
2010-02-07 12:04 . 2010-01-22 14:47 ———— d——-w- c:\documents and settings\Odisho\Application Data\FTWeak
2010-02-07 09:46 . 2010-01-19 17:34 ———— d——-w- c:\documents and settings\Odisho\Application Data\Skype
2010-02-07 09:46 . 2010-01-19 17:36 ———— d——-w- c:\documents and settings\Odisho\Application Data\skypePM
2010-02-06 22:25 . 2010-02-06 22:25 ———— d——-w- c:\programmer\Fælles filer\DirectX
2010-02-06 22:24 . 2010-02-06 22:24 ———— d——-w- c:\documents and settings\Odisho\Application Data\Acclaim Entertainment
2010-02-06 22:23 . 2010-02-06 22:23 8854 ——a-r- c:\documents and settings\Odisho\Application Data\Microsoft\Installer\{D6E74815-64BA-4C3B-BCE0-B9CAC80BFBDF}\Uninstall_JuicedDemo_D6E7481564BA4C3BBCE0B9CAC80BFBDF.exe
2010-02-06 22:23 . 2010-02-06 22:23 45056 ——a-r- c:\documents and settings\Odisho\Application Data\Microsoft\Installer\{D6E74815-64BA-4C3B-BCE0-B9CAC80BFBDF}\NewShortcut7_D6E7481564BA4C3BBCE0B9CAC80BFBDF.exe
2010-02-06 22:23 . 2010-02-06 22:23 45056 ——a-r- c:\documents and settings\Odisho\Application Data\Microsoft\Installer\{D6E74815-64BA-4C3B-BCE0-B9CAC80BFBDF}\NewShortcut6_D6E7481564BA4C3BBCE0B9CAC80BFBDF.exe
2010-02-06 22:23 . 2010-02-06 22:23 45056 ——a-r- c:\documents and settings\Odisho\Application Data\Microsoft\Installer\{D6E74815-64BA-4C3B-BCE0-B9CAC80BFBDF}\NewShortcut5_D6E7481564BA4C3BBCE0B9CAC80BFBDF.exe
2010-02-06 22:23 . 2010-02-06 22:23 45056 ——a-r- c:\documents and settings\Odisho\Application Data\Microsoft\Installer\{D6E74815-64BA-4C3B-BCE0-B9CAC80BFBDF}\JuicedConfig.exe_D6E7481564BA4C3BBCE0B9CAC80BFBDF.exe
2010-02-06 22:23 . 2010-02-06 22:23 45056 ——a-r- c:\documents and settings\Odisho\Application Data\Microsoft\Installer\{D6E74815-64BA-4C3B-BCE0-B9CAC80BFBDF}\Juiced.exe_D6E7481564BA4C3BBCE0B9CAC80BFBDF.exe
2010-02-06 22:23 . 2010-02-06 22:23 4710 ——a-r- c:\documents and settings\Odisho\Application Data\Microsoft\Installer\{D6E74815-64BA-4C3B-BCE0-B9CAC80BFBDF}\ARPPRODUCTICON.exe
2010-02-06 22:23 . 2010-02-06 22:23 45056 ——a-r- c:\documents and settings\Odisho\Application Data\Microsoft\Installer\{D6E74815-64BA-4C3B-BCE0-B9CAC80BFBDF}\Juiced.exe1_D6E7481564BA4C3BBCE0B9CAC80BFBDF.exe
2010-02-06 22:21 . 2010-02-06 22:21 ———— d——-w- c:\programmer\Acclaim Entertainment
2010-02-05 09:51 . 2010-01-17 16:55 ———— d——-w- c:\programmer\Windows Live
2010-02-01 08:24 . 2010-02-01 08:24 69232 ——a-w- c:\documents and settings\Odisho\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2010-01-31 16:53 . 2010-01-30 13:06 ———— d——-w- c:\programmer\Logitech
2010-01-31 16:50 . 2010-01-30 13:06 ———— d——-w- c:\programmer\Fælles filer\LogiShrd
2010-01-31 16:12 . 2010-01-30 13:06 ———— dc——w- c:\documents and settings\All Users\Application Data\LogiShrd
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2009-12-31 10:53 2349080 ——a-w- c:\programmer\myBabylon_English\tbmyBa.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]
2010-02-22 11:05 2353176 ——a-w- c:\programmer\Games_Bar_1\tbGam0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}”= “c:\programmer\myBabylon_English\tbmyBa.dll” [2009-12-31 2349080]
“{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}”= “c:\programmer\Games_Bar_1\tbGam0.dll” [2010-02-22 2353176]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_CLASSES_ROOT\clsid\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
“{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}”= “c:\programmer\myBabylon_English\tbmyBa.dll” [2009-12-31 2349080]
“{BC04B34E-5DD8-465A-A5E0-86F7C11BC009}”= “c:\programmer\Games_Bar_1\tbGam0.dll” [2010-02-22 2353176]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_CLASSES_ROOT\clsid\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SpywareTerminatorUpdate”=“c:\programmer\Spyware Terminator\SpywareTerminatorUpdate.exe” [2010-01-17 3037696]
“msnmsgr”=“c:\programmer\Windows Live\Messenger\msnmsgr.exe” [2009-07-26 3883856]
“OM_Monitor”=“c:\programmer\OLYMPUS\OLYMPUS Master\Monitor.exe” [2005-11-29 57344]
“Google Update”=“c:\documents and settings\Odisho\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe” [2010-01-17 135664]
“Messenger (Yahoo!)”=“c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe” [2009-11-10 5244216]
“Search Protection”=“c:\programmer\Yahoo!\Search Protection\SearchProtection.exe” [2009-02-23 111856]
“swg”=“c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2010-01-21 39408]
“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ATIPTA”=“c:\programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2004-09-29 344064]
“SpywareTerminator”=“c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe” [2010-01-17 2166784]
“HP Software Update”=“c:\programmer\HP\HP Software Update\HPWuSchd2.exe” [2008-12-08 54576]
“QuickTime Task”=“c:\programmer\QuickTime\qttask.exe” [2007-04-27 282624]
“OM_Monitor”=“c:\programmer\OLYMPUS\OLYMPUS Master\FirstStart.exe” [2005-11-29 40960]
“EverioService”=“c:\programmer\CyberLink\PCM4Everio\EverioService.exe” [2008-04-03 151552]
“GrooveMonitor”=“c:\programmer\Microsoft Office\Office12\GrooveMonitor.exe” [2008-10-25 31072]
“TkBellExe”=“c:\programmer\Fælles filer\Real\Update_OB\realsched.exe” [2010-01-21 198160]
“SunJavaUpdateSched”=“c:\programmer\Fælles filer\Java\Java Update\jusched.exe” [2010-01-11 246504]
“AVP”=“c:\programmer\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe” [2009-10-20 340456]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE” [2008-04-14 15360]
c:\documents and settings\Odisho\Menuen Start\Programmer\Start\
Nikon Monitor.lnk - c:\programmer\F‘lles filer\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
c:\documents and settings\All Users\Menuen Start\Programmer\Start\
HP Digital Imaging Monitor.lnk - c:\programmer\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Snagit 9.lnk - c:\programmer\TechSmith\Snagit 9\Snagit32.exe [2009-10-15 6287176]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“FirewallOverride”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
“DisableMonitoring”=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\system32\\sessmgr.exe”=
“c:\\Programmer\\Spyware Terminator\\SpywareTerminatorUpdate.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqtra08.exe”=
“c:\\Programmer\\HP\\Digital Imaging\\bin\\hpqste08.exe”=
“c:\\Programmer\\HP\\Digital Imaging\\bin\\hpfccopy.exe”=
“c:\\Programmer\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe”=
“c:\\Programmer\\HP\\Digital Imaging\\Unload\\HpqDIA.exe”=
“c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE”=
“c:\\Programmer\\Microsoft Office\\Office12\\GROOVE.EXE”=
“c:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE”=
“c:\\Programmer\\Steam\\Steam.exe”=
“c:\\Programmer\\Skype\\Plugin Manager\\skypePM.exe”=
“c:\\Programmer\\Steam\\steamapps\\ppeetteerr870\\counter-strike\\hl.exe”=
“c:\\Programmer\\Yahoo!\\Messenger\\YahooMessenger.exe”=
“c:\\Programmer\\Windows Live\\Messenger\\wlcsdk.exe”=
“c:\\Programmer\\Real\\RealPlayer\\realplay.exe”=
“c:\\Programmer\\Steam\\steamapps\\ppeetteerr870\\condition zero\\hl.exe”=
“c:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Programmer\\Windows Live\\Sync\\WindowsLiveSync.exe”=
“c:\\Programmer\\Ventrilo\\Ventrilo.exe”=
“c:\\Programmer\\Opera\\opera.exe”=
“c:\\Programmer\\Steam\\steamapps\\common\\left 4 dead 2\\srcds.exe”=
“c:\\Programmer\\Skype\\Phone\\Skype.exe”=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14-10-2009 21:18 36880]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [17-01-2010 16:34 142592]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14-09-2009 14:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02-10-2009 19:39 19472]
S2 gupdate;Tjenesten Google Update (gupdate);c:\programmer\Google\Update\GoogleUpdate.exe [28-01-2010 20:47 135664]
.
Indhold af mappen ‘Planlagte Opgaver’
2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-01-28 19:46]
2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmer\Google\Update\GoogleUpdate.exe [2010-01-28 19:46]
2010-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-842925246-725345543-1003Core.job
- c:\documents and settings\Odisho\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2010-01-17 21:53]
2010-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-842925246-725345543-1003UA.job
- c:\documents and settings\Odisho\Lokale indstillinger\Application Data\Google\Update\GoogleUpdate.exe [2010-01-17 21:53]
2010-03-18 c:\windows\Tasks\PandaUSBVaccine.job
- c:\programmer\Panda USB Vaccine\RunInteractiveWin.exe [2010-02-12 15:45]
2010-03-18 c:\windows\Tasks\User_Feed_Synchronization-{B8A5000F-3717-4940-A9DE-4AA9AA343983}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
2010-03-18 c:\windows\Tasks\User_Feed_Synchronization-{C1AB835A-3C24-4D2E-B46C-38EF50E18D8B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
———- Yderligere scanning———-
.
IE: Add to Anti-Banner - c:\programmer\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: Crawler Search - tbr:iemenu
IE: E&ksporter; til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki ... - c:\programmer\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\programmer\Crawler\Toolbar\ctbr.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Mariam\Application Data\Mozilla\Firefox\Profiles\1cqnddic.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - google.dk
FF - plugin: c:\programmer\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\programmer\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmer\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
——FIREFOX POLITIKKER——
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“ui.use_native_colors”, true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“ui.use_native_popup_windows”, false);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“browser.enable_click_image_resizing”, true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“accessibility.browsewithcaret_shortcut.enabled”, true);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“javascript.options.mem.high_water_mark”, 32);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“javascript.options.mem.gc_frequency”, 1600);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“network.auth.force-generic-ntlm”, false);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“svg.smil.enabled”, false);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“ui.trackpoint_hack.enabled”, -1);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.debug”, false);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.agedWeight”, 2);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.bucketSize”, 1);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.maxTimeGroupings”, 25);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.timeGroupingSize”, 604800);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.boundaryWeight”, 25);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.prefixWeight”, 5);
c:\programmer\Mozilla Firefox\greprefs\all.js - pref(“html5.enable”, false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox-branding.js - pref(“app.update.download.backgroundInterval”, 600);
c:\programmer\Mozilla Firefox\defaults\pref\firefox-branding.js - pref(“app.update.url.manual”, “http://www.firefox.com”);
c:\programmer\Mozilla Firefox\defaults\pref\firefox-branding.js - pref(“browser.search.param.yahoo-fr-ja”, “mozff”);
c:\programmer\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref(“browser.fixup.alternate.suffix”, “.dk”);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name”, “chrome://browser/locale/browser.properties”);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description”, “chrome://browser/locale/browser.properties”);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“xpinstall.whitelist.add”, “addons.mozilla.org”);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“xpinstall.whitelist.add.36”, “getpersonas.com”);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“lightweightThemes.update.enabled”, true);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.allTabs.previews”, false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“plugins.hide_infobar_for_outdated_plugin”, false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“plugins.update.notifyUser”, false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“toolbar.customization.usesheet”, false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.taskbar.previews.enable”, false);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.taskbar.previews.max”, 20);
c:\programmer\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.taskbar.previews.cachetime”, 20);
.
- - - - TOMME GENVEJE FJERNET - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
AddRemove-ActiveScan 2.0 - c:\programmer\Panda Security\ActiveScan 2.0\as2uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-18 13:14
Windows 5.1.2600 Service Pack 3 NTFS
scanner skjulte processer ...
scanner skjulte autostarter ...
scanner skjulte filer ...
scanning gennemført med succes
skjulte filer: 0
**************************************************************************
.
——————————- LÅSTE REGISTRERINGS NØGLER——————————-
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
“88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977”=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1a,74,bd,c5,c1,f1,de,4f,8b,74,7e,\
“2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81”=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1a,74,bd,c5,c1,f1,de,4f,8b,74,7e,\
.
——————————- DLLs startet under kørende Processer——————————-
- - - - - - - > ‘winlogon.exe’(968)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > ‘explorer.exe’(2672)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
————————————Andre kørende processer————————————
.
c:\windows\System32\Ati2evxx.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\programmer\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmer\Spyware Terminator\sp_rsser.exe
c:\programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\programmer\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\programmer\Fælles filer\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\Ati2evxx.exe
c:\programmer\Panda USB Vaccine\USBVaccine.exe
c:\windows\system32\wscntfy.exe
c:\programmer\TechSmith\Snagit 9\TSCHelp.exe
c:\programmer\TechSmith\Snagit 9\SnagPriv.exe
c:\programmer\TechSmith\Snagit 9\snagiteditor.exe
.
**************************************************************************
.
Gennemført tid: 2010-03-18 13:26:40 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2010-03-18 12:26
Pre-Kørsel: 44.491.436.032 byte ledig
Post-Kørsel: 46.264.217.600 byte ledig
- - End Of File - - 5612B2F9408EA5288CE90F7C17FC6098
