Så kan jeg gå ind på denne side igen.. så det har i hvert fald hjulpet. Hvad skulle man gøre uden ComboFix?
ComboFix 10-03-19.04 - Nepper 03/19/2010 21:13:21.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.45.1030.18.3070.2320 [GMT 0:00]
Kører fra: c:\users\Nepper\Desktop\COMBOFIX\ComboFix.exe
Kommandoer benyttet :: c:\users\Nepper\Desktop\COMBOFIX\CFScript.txt
* Dannede nyt systemgendannelsespunkt
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-3162046719-3900228035-1747143039-500
c:\$recycle.bin\S-1-5-21-316374645-1690445076-2374167055-500
c:\program files\webserver
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\users\Nepper\AppData\Local\rdr_1268910834.exe
c:\users\Nepper\AppData\Local\rdr_1268911625.exe
c:\windows\ligh
c:\windows\system32\captcha.dll
c:\windows\system32\Connect.dll
c:\windows\system32\drivers\imapioko.sys
c:\windows\system32\erokosvc.dll
c:\windows\system32\oem3.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Tjenester )))))))))))))))))))))))))))))))))))))))))))))))))
.
———-\Legacy_APTO6KO
———-\Service_apto6ko
———-\Service_captcha
———-\Service_cpqoko6
((((((((((((((((((((((((((((( Filer skabt fra 2010-02-19 til 2010-03-19 )))))))))))))))))))))))))))))))))))
.
2010-03-19 21:23 . 2010-03-19 21:23 ———— d——-w- c:\users\Default\AppData\Local\temp
2010-03-19 20:17 . 2010-03-19 20:17 ———— d——-w- c:\program files\Windows Live Safety Center
2010-03-19 19:03 . 2010-03-19 19:03 108 ——a-w- C:\ComboFix.txt.bat
2010-03-19 14:04 . 2010-03-19 14:04 320000 ——a-w- c:\windows\system32\CF6657.exe
2010-03-18 14:55 . 2010-03-09 11:12 162640 ——a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-18 14:55 . 2010-03-09 11:08 19024 ——a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-18 14:55 . 2010-03-09 11:09 23376 ——a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-18 14:55 . 2010-03-09 11:12 46672 ——a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-18 14:55 . 2010-03-09 11:08 51792 ——a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-03-18 14:54 . 2010-03-09 11:24 38848 ——a-w- c:\windows\system32\avastSS.scr
2010-03-18 14:54 . 2010-03-09 11:24 153184 ——a-w- c:\windows\system32\aswBoot.exe
2010-03-18 14:53 . 2010-03-18 14:53 ———— d——-w- c:\programdata\Alwil Software
2010-03-18 14:53 . 2010-03-18 14:53 ———— d——-w- c:\program files\Alwil Software
2010-03-18 13:43 . 2010-03-18 13:43 ———— d——-w- c:\users\Nepper\AppData\Roaming\AVG8
2010-03-14 17:35 . 2010-03-14 17:35 ———— d——-w- c:\programdata\TVU Networks
2010-03-14 16:49 . 2010-03-14 16:49 ———— d——-w- c:\users\Nepper\AppData\Roaming\TVU Networks
2010-03-14 16:49 . 2010-03-14 16:49 ———— d——-w- c:\users\Nepper\AppData\Local\TVU Networks
2010-03-14 16:49 . 2010-03-14 16:49 ———— d——-w- c:\program files\PowerISO
2010-03-10 14:24 . 2010-02-20 23:54 24064 ——a-w- c:\windows\system32\nshhttp.dll
2010-03-10 14:24 . 2010-02-20 23:51 31232 ——a-w- c:\windows\system32\httpapi.dll
2010-03-10 14:24 . 2010-02-20 21:30 396800 ——a-w- c:\windows\system32\drivers\http.sys
2010-03-07 13:20 . 2010-02-12 10:49 293376 ——a-w- c:\windows\system32\browserchoice.exe
2010-02-27 21:49 . 2010-01-23 08:05 2048 ——a-w- c:\windows\system32\tzres.dll
2010-02-27 21:48 . 2010-01-25 12:58 473088 ——a-w- c:\windows\system32\secproc_isv.dll
2010-02-27 21:48 . 2010-01-25 12:58 154624 ——a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-27 21:48 . 2010-01-25 12:58 154112 ——a-w- c:\windows\system32\secproc_ssp.dll
2010-02-27 21:48 . 2010-01-25 12:58 472576 ——a-w- c:\windows\system32\secproc.dll
2010-02-27 21:48 . 2010-01-25 12:56 312320 ——a-w- c:\windows\system32\msdrm.dll
2010-02-27 21:48 . 2010-01-25 08:36 435712 ——a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-27 21:48 . 2010-01-25 08:36 515584 ——a-w- c:\windows\system32\RMActivate.exe
2010-02-27 21:48 . 2010-01-25 08:36 431104 ——a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-27 21:48 . 2010-01-25 08:35 523776 ——a-w- c:\windows\system32\RMActivate_isv.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-19 21:27 . 2009-03-03 19:33 230046 ——a-w- c:\programdata\nvModes.dat
2010-03-19 21:24 . 2008-05-13 23:28 2484 ——a-w- c:\windows\bthservsdp.dat
2010-03-19 21:15 . 2007-12-23 12:05 81296 ——a-w- c:\windows\system32\perfc006.dat
2010-03-19 21:15 . 2007-12-23 12:05 488634 ——a-w- c:\windows\system32\perfh006.dat
2010-03-19 19:05 . 2009-03-16 14:35 ———— d——-w- c:\program files\Common Files\Steam
2010-03-19 19:05 . 2009-12-24 17:13 ———— d——-w- c:\program files\Common Files\PX Storage Engine
2010-03-19 19:03 . 2008-09-13 16:25 ———— d——-w- c:\program files\Common Files\LightScribe
2010-03-19 18:58 . 2009-03-03 15:58 ———— d——-w- c:\program files\CCleaner
2010-03-19 18:57 . 2009-12-24 13:57 ———— d——-w- c:\program files\AskBarDis
2010-03-19 18:57 . 2008-10-03 18:56 ———— d——-w- c:\program files\Apple Software Update
2010-03-19 18:56 . 2009-03-13 15:13 ———— d——-w- c:\program files\Any Video Converter2
2010-03-19 18:55 . 2009-01-07 16:34 ———— d——-w- c:\program files\Any Video Converter
2010-03-19 18:11 . 2009-09-02 08:49 ———— d——-w- c:\users\Nepper\AppData\Roaming\Azureus
2010-03-18 14:31 . 2009-03-03 16:04 ———— d——-w- c:\program files\Malwarebytes’ Anti-Malware
2010-03-17 14:31 . 2009-05-04 13:45 ———— d——-w- c:\users\Nepper\AppData\Roaming\FrostWire
2010-03-14 17:35 . 2009-11-28 11:48 ———— d——-w- c:\program files\TVUPlayer
2010-03-11 20:53 . 2008-10-09 19:45 ———— d——-w- c:\programdata\Microsoft Help
2010-03-10 22:34 . 2006-11-02 11:18 ———— d——-w- c:\program files\Windows Mail
2010-03-10 19:24 . 2009-03-04 17:36 0 ——a-w- c:\users\Nepper\temp.dat
2010-03-02 18:19 . 2010-03-02 18:19 5115823 ——a-w- c:\programdata\Malwarebytes\Malwarebytes’ Anti-Malware\mbam-setup.exe
2010-02-28 16:39 . 2008-09-13 16:32 109096 ——a-w- c:\users\Nepper\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-27 18:27 . 2010-02-14 08:44 50354 ——a-w- c:\users\Nepper\AppData\Roaming\Facebook\uninstall.exe
2010-02-27 17:08 . 2010-02-14 08:43 ———— d——-w- c:\users\Nepper\AppData\Roaming\Facebook
2010-02-26 06:41 . 2010-02-26 06:41 847040 ——a-w- c:\users\Nepper\AppData\Roaming\Facebook\axfbootloader.dll
2010-02-26 06:41 . 2010-02-26 06:41 5582848 ——a-w- c:\users\Nepper\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2010-02-26 06:06 . 2010-02-26 06:06 2626360 ——a-w- c:\users\Nepper\AppData\Roaming\Mozilla\Firefox\Profiles\iwwkxohx.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2010-02-24 09:16 . 2009-10-11 17:34 181632 ———w- c:\windows\system32\MpSigStub.exe
2010-02-15 01:36 . 2008-09-27 19:47 7592 ——a-w- c:\users\Nepper\AppData\Local\d3d9caps.dat
2010-02-11 17:44 . 2008-11-02 21:01 ———— d——-w- c:\programdata\Spybot - Search & Destroy
2010-02-08 13:21 . 2009-03-02 16:52 ———— d——-w- c:\program files\Microsoft Silverlight
2010-02-08 12:13 . 2009-01-07 18:31 ———— d——-w- c:\program files\Google
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ——a-w- c:\users\Nepper\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
2010-01-27 20:13 . 2008-11-02 21:01 ———— d——-w- c:\program files\Spybot - Search & Destroy
2010-01-07 16:07 . 2009-03-03 16:04 38224 ——a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07 . 2009-03-03 16:04 19160 ——a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 06:38 . 2010-02-08 07:52 916480 ——a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-02-08 07:52 71680 ——a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-02-08 07:52 109056 ——a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-02-08 07:52 133632 ——a-w- c:\windows\system32\ieUnatt.exe
2009-12-28 12:36 . 2010-02-10 15:15 11776 ——a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-10 15:15 1327616 ——a-w- c:\windows\system32\quartz.dll
2009-12-28 12:34 . 2010-02-10 15:15 22528 ——a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:34 . 2010-02-10 15:15 31232 ——a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:34 . 2010-02-10 15:15 123904 ——a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:34 . 2010-02-10 15:15 13312 ——a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:33 . 2010-02-10 15:15 82944 ——a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:32 . 2010-02-10 15:15 50176 ——a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:30 . 2010-02-10 15:15 88576 ——a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:30 . 2010-02-10 15:15 65024 ——a-w- c:\windows\system32\avicap32.dll
2009-12-27 22:46 . 2008-12-09 17:30 1 ——a-w- c:\users\Nepper\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-21 15:39 . 2008-09-22 18:38 1794 ——a-w- c:\users\Nepper\AppData\Roaming\wklnhst.dat
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe” [2008-09-17 1232896]
“ehTray.exe”=“c:\windows\ehome\ehTray.exe” [2006-11-02 125440]
“msnmsgr”=“c:\program files\Windows Live\Messenger\msnmsgr.exe” [2009-07-26 3883856]
“WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe” [2006-11-02 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SynTPStart”=“c:\program files\Synaptics\SynTP\SynTPStart.exe” [2007-09-15 102400]
“OnScreenDisplay”=“c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe” [2007-09-04 554320]
“DpAgent”=“c:\program files\DigitalPersona\Bin\dpagent.exe” [2007-09-20 671744]
“HP Health Check Scheduler”=“c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe” [2008-06-16 75008]
“WAWifiMessage”=“c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe” [2007-01-08 311296]
“{0228e555-4f9c-4e35-a3ec-b109a192b4c2}”=“c:\program files\Google\Gmail Notifier\gnotify.exe” [2005-07-15 479232]
“hpWirelessAssistant”=“c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe” [2007-09-13 480560]
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe” [2008-03-28 1045800]
“MobileConnect”=“c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe” [2008-07-04 2072576]
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-10-11 149280]
“PWRISOVM.EXE”=“c:\program files\PowerISO\PWRISOVM.EXE” [2009-11-09 180224]
“avast5”=“c:\progra~1\ALWILS~1\Avast5\avastUI.exe” [2010-03-09 2769336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“ConsentPromptBehaviorAdmin”= 0 (0x0)
“EnableLUA”= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:2962850c38
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=“Service”
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Gyldendals Røde Ordbøger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Gyldendals Røde Ordbøger.lnk
backup=c:\windows\pss\Gyldendals Røde Ordbøger.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-08-08 12:11 490952 ——a-w- c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24 54840 ——a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 12:20 290088 ——a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 16:44 3883856 ——a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-12-04 01:42 13556256 ——a-w- c:\windows\System32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-12-04 01:42 92704 ——a-w- c:\windows\System32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-09-19 21:31 202032 ——a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-10-01 02:34 181544 ——a-w- c:\program files\HP\QuickPlay\QPService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 09:30 413696 ——a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07 2260480 —sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
R2 blaecorjt;Driver Task;c:\windows\system32\svchost.exe [2006-11-02 22016]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 135664]
R2 iwhmfu;Universal Time;c:\windows\system32\svchost.exe [2006-11-02 22016]
R2 sfvqlegdk;Time Driver;c:\windows\system32\svchost.exe [2006-11-02 22016]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-09-26 717296]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-03-09 51792]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-07-04 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
tapisrvs REG_MULTI_SZ cpqoko6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
sfvqlegdk
iwhmfu
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9df3fec2-dad1-11de-a102-00218608bda1}]
\shell\AutoRun\command - I:\setup_vmc_lite.exe /checkApplicationPresence
.
Indhold af mappen ‘Planlagte Opgaver’
2010-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 17:43]
2010-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 17:43]
2010-03-19 c:\windows\Tasks\User_Feed_Synchronization-{18C2776E-6B32-4002-81D8-508183F5A178}.job
- c:\windows\system32\msfeedssync.exe [2010-02-08 04:56]
.
.
———- Yderligere scanning———-
.
uStart Page = hxxp://google.dk/
mStart Page = about:blank
IE: E&ksporter; til Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send billede til &Bluetooth;-enhed… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send siden til &Bluetooth;-enhed… - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: danid.dk
Trusted Zone: nordbank.dk\www
Trusted Zone: nordjyskebank.dk
Trusted Zone: nordjyskebank.dk\portal4
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
FF - ProfilePath - c:\users\Nepper\AppData\Roaming\Mozilla\Firefox\Profiles\iwwkxohx.default\
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\users\Nepper\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\Nepper\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\Nepper\AppData\Roaming\Mozilla\Firefox\Profiles\iwwkxohx.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
——FIREFOX POLITIKKER——
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“ui.use_native_colors”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“ui.use_native_popup_windows”, false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“browser.enable_click_image_resizing”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“accessibility.browsewithcaret_shortcut.enabled”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“javascript.options.mem.high_water_mark”, 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“javascript.options.mem.gc_frequency”, 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.auth.force-generic-ntlm”, false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“svg.smil.enabled”, false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“ui.trackpoint_hack.enabled”, -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.debug”, false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.agedWeight”, 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.bucketSize”, 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.maxTimeGroupings”, 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.timeGroupingSize”, 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.boundaryWeight”, 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.prefixWeight”, 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“html5.enable”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref(“app.update.download.backgroundInterval”, 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref(“app.update.url.manual”, “http://www.firefox.com”);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref(“browser.search.param.yahoo-fr-ja”, “mozff”);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref(“browser.fixup.alternate.suffix”, “.dk”);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name”, “chrome://browser/locale/browser.properties”);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description”, “chrome://browser/locale/browser.properties”);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“xpinstall.whitelist.add”, “addons.mozilla.org”);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“xpinstall.whitelist.add.36”, “getpersonas.com”);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“lightweightThemes.update.enabled”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.allTabs.previews”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“plugins.hide_infobar_for_outdated_plugin”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“plugins.update.notifyUser”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“toolbar.customization.usesheet”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.taskbar.previews.enable”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.taskbar.previews.max”, 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.taskbar.previews.cachetime”, 20);
.
- - - - TOMME GENVEJE FJERNET - - - -
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
AddRemove-Any Video Converter_is1 - c:\program files\Any Video Converter2\unins000.exe
AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe
AddRemove-Broadcom 802.11b Network Adapter - c:\program files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe
AddRemove-CCleaner - c:\program files\CCleaner\uninst.exe
AddRemove-CNXT_AUDIO_HDA - c:\program files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe
AddRemove-CNXT_MODEM_HDAUDIO_HERMOSA_HSF - c:\program files\CONEXANT\CNXT_MODEM_HDAUDIO_HERMOSA_HSF\UIU32m.exe
AddRemove-CutePDF Writer Installation - c:\program files\Acro Software\CutePDF Writer\uninscpw.exe
AddRemove-PROR - c:\program files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe
AddRemove-SmartAudio - c:\program files\Conexant\SmartAudio\SETUP.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-19 21:27
Windows 6.0.6000 NTFS
scanner skjulte processer ...
scanner skjulte autostarter ...
scanner skjulte filer ...
scanning gennemført med succes
skjulte filer: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8531E1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8a4dcd1f
\Driver\ACPI -> acpi.sys @ 0x804699d6
\Driver\atapi -> 0x8531e1f8
IoDeviceObjectType -> SecurityProcedure -> ntkrnlpa.exe @ 0x82595467
\Device\Harddisk0\DR0 -> SecurityProcedure -> ntkrnlpa.exe @ 0x82595467
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\blaecorjt]
“ServiceDll”=“c:\users\Nepper\AppData\Roaming\jvnaqhis.dll”
—
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iwhmfu]
“ServiceDll”=“c:\windows\system32\jvnaqhis.dll”
—
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sfvqlegdk]
“ServiceDll”=“c:\windows\system32\jvnaqhis.dll”
.
——————————- LÅSTE REGISTRERINGS NØGLER——————————-
[HKEY_USERS\S-1-5-21-3162046719-3900228035-1747143039-1000\Software\SecuROM\License information*]
“datasecu”=hex:56,01,ad,a6,97,c4,6c,b9,70,14,34,89,9c,93,c3,a5,f0,5b,ea,5e,d3,
05,df,89,b1,70,04,ef,68,90,12,fb,07,52,3d,aa,19,70,63,9b,4b,d3,f8,e2,f3,e0,\
“rkeysecu”=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
——————————- DLLs startet under kørende Processer——————————-
- - - - - - - > ‘lsass.exe’(792)
c:\windows\system32\DPPWDFLT.dll
- - - - - - - > ‘Explorer.exe’(4800)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\windows\system32\btncopy.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\progra~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll
.
————————————Andre kørende processer————————————
.
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\windows\system32\rundll32.exe
c:\program files\Alwil Software\Avast5\AvastUI.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Gennemført tid: 2010-03-19 21:36:19 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2010-03-19 21:36
Pre-Kørsel: 397,475,840 byte ledig
Post-Kørsel: 546,656,256 byte ledig
- - End Of File - - F18F08236F19E167F835C93EF113995C
