Hej igen
Det tog lidt tid, men den er forhåbentlig givet godt ud 
ComboFix 10-03-21.02 - Annegrethe Jansler 22-03-2010 8:09.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1033.18.2046.1449 [GMT 1:00]
Kører fra: c:\documents and settings\Annegrethe Jansler\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\documents and settings\Annegrethe Jansler\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100321-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Dannede nyt systemgendannelsespunkt
advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\windows\system32\ccdcf1_g.dll
c:\windows\system32\Data
.
((((((((((((((((((((((((((((( Filer skabt fra 2010-02-22 til 2010-03-22 )))))))))))))))))))))))))))))))))))
.
2010-03-20 16:00 . 2010-03-20 16:00 ———— d——-w- c:\documents and settings\Annegrethe Jansler\Application Data\Common Toolkit Suite
2010-03-20 15:21 . 2010-03-20 15:21 ———— d——-w- c:\documents and settings\All Users\Application Data\Common Toolkit Suite
2010-03-20 15:20 . 2010-03-22 07:21 ———— d——-w- c:\program files\Common Files\Common Toolkit Suite
2010-03-20 15:19 . 2010-03-20 15:21 ———— dc-h—w- c:\documents and settings\All Users\Application Data\{E434619C-846F-4697-8739-15F436DE9B2F}
2010-03-20 15:17 . 2010-03-20 15:17 ———— d——-w- c:\documents and settings\Annegrethe Jansler\Application Data\Fighters
2010-03-20 15:17 . 2010-03-20 15:17 ———— d——-w- c:\documents and settings\Annegrethe Jansler\Local Settings\Application Data\PackageAware
2010-03-20 15:15 . 2010-03-20 15:15 ———— d——-w- c:\documents and settings\All Users\Application Data\Fighters
2010-03-20 15:15 . 2010-03-20 15:20 ———— d——-w- c:\program files\Fighters
2010-03-20 14:44 . 2010-03-20 14:44 ———— d——-w- c:\documents and settings\Annegrethe Jansler\Application Data\Uniblue
2010-03-17 17:37 . 2010-02-12 10:03 293376 ———w- c:\windows\system32\browserchoice.exe
2010-03-15 14:21 . 2010-03-20 12:26 ———— d——-w- c:\program files\Windows Live Safety Center
2010-03-10 05:32 . 2009-10-23 15:28 3558912 ———w- c:\windows\system32\dllcache\moviemk.exe
2010-02-22 12:22 . 2010-03-18 12:32 ———— d——-w- c:\documents and settings\Annegrethe Jansler\Local Settings\Application Data\Temp
2010-02-20 18:33 . 2010-02-20 18:40 43520 ——a-w- c:\windows\system32\CmdLineExt03.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-22 07:31 . 2008-06-21 10:46 ———— d——-w- c:\documents and settings\Annegrethe Jansler\Application Data\Skype
2010-03-21 09:07 . 2009-08-03 15:49 0 -c—a-w- c:\documents and settings\Annegrethe Jansler\Local Settings\Application Data\prvlcl.dat
2010-03-21 04:09 . 2006-06-14 15:37 87352 ——a-w- c:\documents and settings\Annegrethe Jansler\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-20 17:39 . 2009-06-03 07:35 ———— d——-w- c:\program files\Malwarebytes’ Anti-Malware
2010-03-20 16:33 . 2009-06-01 11:00 ———— d——-w- c:\program files\CCleaner
2010-03-20 16:27 . 2007-11-21 22:02 ———— d——-w- c:\documents and settings\Annegrethe Jansler\Application Data\Azureus
2010-03-20 16:05 . 2006-06-07 08:23 ———— d—h—w- c:\program files\InstallShield Installation Information
2010-03-20 15:50 . 2010-01-23 18:46 ———— d——-w- c:\program files\Kalypso
2010-03-20 15:49 . 2006-08-11 15:27 ———— d——-w- c:\program files\GSC Game World
2010-03-20 15:47 . 2006-07-30 16:26 ———— d——-w- c:\program files\UBISOFT
2010-03-20 15:46 . 2006-09-24 18:20 ———— d——-w- c:\program files\FirstClass
2010-03-19 15:22 . 2006-10-03 16:09 ———— d——-w- c:\program files\Common Files\Symantec Shared
2010-03-09 13:46 . 2006-06-07 08:18 ———— d——-w- c:\program files\Common Files\Java
2010-03-09 13:46 . 2010-03-09 13:46 503808 ——a-w- c:\documents and settings\Annegrethe Jansler\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-42752881-n\msvcp71.dll
2010-03-09 13:46 . 2010-03-09 13:46 499712 ——a-w- c:\documents and settings\Annegrethe Jansler\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-42752881-n\jmc.dll
2010-03-09 13:46 . 2010-03-09 13:46 348160 ——a-w- c:\documents and settings\Annegrethe Jansler\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-42752881-n\msvcr71.dll
2010-03-09 13:46 . 2010-03-09 13:46 61440 ——a-w- c:\documents and settings\Annegrethe Jansler\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6431798d-n\decora-sse.dll
2010-03-09 13:46 . 2010-03-09 13:46 12800 ——a-w- c:\documents and settings\Annegrethe Jansler\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6431798d-n\decora-d3d.dll
2010-03-09 13:46 . 2006-06-07 08:18 ———— d——-w- c:\program files\Java
2010-03-01 19:36 . 2007-08-25 18:05 139456 ——a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-01 19:36 . 2007-08-25 18:05 190160 ——a-w- c:\windows\system32\PnkBstrB.exe
2010-02-18 10:39 . 2010-03-20 15:21 3253480 -c—a-w- c:\documents and settings\All Users\Application Data\{E434619C-846F-4697-8739-15F436DE9B2F}\SPAMfighter_Client.exe
2010-02-14 16:47 . 2008-04-23 14:39 ———— d——-w- c:\program files\Firefly Studios
2010-02-08 13:38 . 2006-06-14 15:28 ———— d——-w- c:\program files\HP
2010-02-04 06:56 . 2007-02-12 09:43 ———— d——-w- c:\program files\Google
2010-01-31 11:10 . 2010-01-31 11:10 45056 ——a-r- c:\documents and settings\Annegrethe Jansler\Application Data\Microsoft\Installer\{E14B8A08-42B3-4676-9E91-1D39F8158DA1}\NewShortcut2_E14B8A0842B346769E911D39F8158DA1.exe
2010-01-31 11:10 . 2010-01-31 11:10 45056 ——a-r- c:\documents and settings\Annegrethe Jansler\Application Data\Microsoft\Installer\{E14B8A08-42B3-4676-9E91-1D39F8158DA1}\NewShortcut1_E14B8A0842B346769E911D39F8158DA1.exe
2010-01-30 09:14 . 2010-01-30 09:14 14069760 ——a-w- c:\documents and settings\Annegrethe Jansler\ntuser.dat.tmp
2010-01-30 09:14 . 2010-01-30 09:14 245760 ——a-w- c:\documents and settings\LocalService\NTUSER.DAT.tmp
2010-01-30 09:14 . 2010-01-30 09:14 241664 ——a-w- c:\documents and settings\NetworkService\NTUSER.DAT.tmp
2010-01-30 09:06 . 2010-01-30 09:03 ———— d——-w- c:\program files\RegSupreme
2010-01-29 17:08 . 2010-01-29 17:02 ———— d——-w- c:\program files\Windows Live
2010-01-29 17:08 . 2010-01-29 17:08 ———— d——-w- c:\program files\Microsoft Sync Framework
2010-01-29 17:07 . 2010-01-29 17:07 ———— d——-w- c:\program files\Microsoft SQL Server Compact Edition
2010-01-29 17:03 . 2010-01-29 17:03 ———— d——-w- c:\program files\Microsoft
2010-01-29 17:02 . 2010-01-29 17:02 ———— d——-w- c:\program files\Windows Live SkyDrive
2010-01-07 15:07 . 2009-06-03 07:35 38224 ——a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-06-03 07:35 19160 ——a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:50 . 2006-06-07 08:03 353792 ——a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 17:47 . 2006-07-30 17:36 107888 ——a-w- c:\windows\system32\CmdLineExt.dll
2006-06-17 08:42 . 2006-06-17 07:01 88 -csh—r- c:\windows\system32\526FE2B864.sys
2007-11-24 19:47 . 2007-11-24 19:47 56 -csh—r- c:\windows\system32\64B8E26F52.sys
2007-11-24 19:47 . 2006-06-17 07:01 1682 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
“{A3BC75A2-1F87-4686-AA43-5347D756017C}”= “c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll” [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2b733a82-1062-47d4-a310-4de03404dc15}]
2010-03-02 09:26 2349080 ——a-w- c:\program files\danish.ilsc\tbdan1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 07:55 1090816 ——a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{2b733a82-1062-47d4-a310-4de03404dc15}”= “c:\program files\danish.ilsc\tbdan1.dll” [2010-03-02 2349080]
“{CCC7A320-B3CA-4199-B1A6-9F516DD69829}”= “c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll” [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{2b733a82-1062-47d4-a310-4de03404dc15}]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
“{2B733A82-1062-47D4-A310-4DE03404DC15}”= “c:\program files\danish.ilsc\tbdan1.dll” [2010-03-02 2349080]
“{CCC7A320-B3CA-4199-B1A6-9F516DD69829}”= “c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll” [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{2b733a82-1062-47d4-a310-4de03404dc15}]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Skype”=“c:\program files\Skype\Phone\Skype.exe” [2008-06-03 21718312]
“SetDefaultMIDI”=“MIDIDef.exe” [2004-12-22 24576]
“PcSync”=“c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2006-06-27 1449984]
“Creative Detector”=“c:\program files\Creative\MediaSource\Detector\CTDetect.exe” [2004-12-02 102400]
“Google Update”=“c:\documents and settings\Annegrethe Jansler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe” [2010-02-04 135664]
“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2009-08-05 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“hpqSRMon”=“c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe” [2007-08-22 80896]
“avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp.exe” [2009-11-24 81000]
“AVG8_TRAY”=“c:\progra~1\AVG\AVG8\avgtray.exe” [2010-03-19 2046816]
“iTunesHelper”=“c:\program files\iTunes\iTunesHelper.exe” [2009-10-28 141600]
“sfagent”=“c:\program files\Fighters\SPAMfighter\sfagent.exe” [2010-02-18 386696]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2005-12-14 7323648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
“RunNarrator”=“Narrator.exe” [2008-04-14 53760]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\ANYCOM\Blue USB-200-250\BTTray.exe [2006-8-18 561213]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
HP Image Zone Hurtig start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-11 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-02 21:31 11952 ——a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVSCHED32
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 01:06 40048 -c—a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2005-09-15 08:47 57344 ———w- c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 02:12 94208 ——a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 19:17 49152 ——a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
2005-06-08 12:44 196608 ——a-w- c:\program files\Logitech\Video\ManifestEngine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 00:54 417792 ——a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
2004-12-22 16:40 24576 ——a-w- c:\windows\MIDIDEF.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 ———w- c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
2005-09-19 06:42 1159168 ———w- c:\program files\Creative\VoiceCenter\AndreaVC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\\system32\\sessmgr.exe”=
“c:\\Program Files\\Messenger\\msmsgs.exe”=
“c:\\WINDOWS\\system32\\dpvsetup.exe”=
“c:\\WINDOWS\\system32\\dpnsvr.exe”=
“c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe”=
“c:\\Program Files\\GameSpy Arcade\\Aphex.exe”=
“c:\\Program Files\\World of Warcraft\\WoW-2.0.3-enGB-downloader.exe”=
“c:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.10.6448-enGB-downloader.exe”=
“c:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enGB-downloader.exe”=
“c:\\Program Files\\WS_FTP\\WS_FTP95.exe”=
“c:\\Program Files\\Azureus\\Azureus.exe”=
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“c:\\Program Files\\SmartFTP Client\\SmartFTP.exe”=
“c:\\Program Files\\World of Warcraft\\WoW-1.12.0-enGB-downloader.exe”=
“c:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enGB-patch-downloader.exe”=
“c:\\WINDOWS\\system32\\mmc.exe”=
“c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe”=
“c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe”=
“c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe”=
“c:\\WINDOWS\\system32\\PnkBstrA.exe”=
“c:\\WINDOWS\\system32\\PnkBstrB.exe”=
“c:\\Program Files\\AVG\\AVG8\\avgupd.exe”=
“c:\\Program Files\\AVG\\AVG8\\avgnsx.exe”=
“c:\\Program Files\\Bonjour\\mDNSResponder.exe”=
“c:\\Program Files\\iTunes\\iTunes.exe”=
“c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe”=
“c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe”=
“c:\\Program Files\\Skype\\Phone\\Skype.exe”=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“3724:TCP”= 3724:TCP:Blizzard Downloader: 3724
“53:TCP”= 53:TCP:websrvx
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27-12-2007 21:52 715248]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [03-06-2009 09:00 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [02-08-2009 22:31 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [02-08-2009 22:31 108552]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03-06-2009 09:00 20560]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [02-08-2009 22:30 297752]
R2 Common Toolkit Service;Common Toolkit Service;c:\program files\Common Files\Common Toolkit Suite\FighterSuiteService.exe [18-02-2010 11:38 684680]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\Fighters\SPAMfighter\sfus.exe [18-02-2010 11:38 189064]
S2 gupdate;Tjenesten Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [04-02-2010 07:57 135664]
S3 jfdcd;jfdcd;\??\c:\docume~1\ANNEGR~1\LOCALS~1\Temp\jfdcd.sys—> c:\docume~1\ANNEGR~1\LOCALS~1\Temp\jfdcd.sys [?]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [31-10-2009 17:12 40448]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Indhold af mappen ‘Planlagte Opgaver’
2010-01-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 06:56]
2010-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 06:56]
2010-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2326295475-2065508634-3725981300-1005Core.job
- c:\documents and settings\Annegrethe Jansler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-22 06:56]
2010-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2326295475-2065508634-3725981300-1005UA.job
- c:\documents and settings\Annegrethe Jansler\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-22 06:56]
2010-03-19 c:\windows\Tasks\Norton Security Scan for Annegrethe Jansler.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-13 11:50]
2010-03-22 c:\windows\Tasks\SLOW-PCfighter-Annegrethe Jansler-Startup.job
- c:\program files\Fighters\SLOW-PCfighter\SLOW-PCfighter.exe [2010-03-10 14:33]
2010-03-22 c:\windows\Tasks\User_Feed_Synchronization-{377361DA-5D6E-45F0-A401-A5E0D02987BD}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
———- Yderligere scanning———-
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.janslerbooking.dk/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki ... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Send til &Bluetooth;-enhed… - c:\program files\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm
Trusted Zone: danid.dk
Trusted Zone: danskebank.dk
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {1469FF24-47F6-11D2-8805-006008C537E3} - hxxp://www.kps.dk/codebase/ffmail.cab
DPF: {19D6A3D5-EA50-4C3B-88F0-79627C325570} - hxxp://iloapp.cvjob.dk/gallery/executable/IlosoftMultipleImageUpload.dll
DPF: {1E69721D-9104-11D3-82D3-D06650C10000} - hxxp://www.diaform.dk/menu/config/version5_ny/codebase/Dafolo.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.53.0.cab
DPF: {92EB6641-286A-11D2-A68E-00A0C996A6DD} - hxxp://www.kps.dk/codebase/jfsignature.cab
DPF: {9DF01F00-08E7-4DBE-9070-94841463B3FE} - hxxps://danid.dk/csp/authenticode/csp.exe
DPF: {AD90E8D1-3B47-11D2-A696-00A0C996A6DD} - hxxp://www.kps.dk/codebase/jfcrypto.cab
DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
DPF: {F4F6546F-FBA9-11D1-8AFB-080009ECFDC5} - hxxp://www.diaform.dk/menu/config/version5_ny/codebase/listbox.cab
FF - ProfilePath - c:\documents and settings\Annegrethe Jansler\Application Data\Mozilla\Firefox\Profiles\487kbviw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.janslerbooking.dk/
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - TOMME GENVEJE FJERNET - - - -
URLSearchHooks-*{2b733a82-1062-47d4-a310-4de03404dc15} - (no file)
WebBrowser-{A171924A-D394-41EC-8B3B-B943844F01F5} - (no file)
MSConfigStartUp-CTFMON - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-22 08:28
Windows 5.1.2600 Service Pack 3 NTFS
scanner skjulte processer ...
scanner skjulte autostarter ...
scanner skjulte filer ...
scanning gennemført med succes
skjulte filer: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys prosync1.sys hal.dll sfsync04.sys sfsync02.sys iastor.sys spwf.sys >>UNKNOWN [0x8A940944]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9e69cb8
\Driver\atapi -> sfsync04.sys @ 0xb9e41a7c
\Driver\iaStor -> prosync1.sys @ 0xba5b0661
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Intel(R) PRO/1000 PL Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb9bf7bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9c04a21
SendHandler -> NDIS.sys @ 0xb9be287b
user & kernel MBR OK
**************************************************************************
.
——————————- LÅSTE REGISTRERINGS NØGLER——————————-
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EA20B5D7-213B-BF6A-A687F1F5E27AC26F}\{EEE35091-0AEA-CF92-BEFE1061EF739928}\{47B248DC-A6E0-641B-BA973614FEEFC865}*]
“NRDFOBLVNAUE2QOGEQXAH1Y2DD1”=hex:01,00,01,00,00,00,00,00,b0,0a,ac,41,7a,16,04,
de,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
——————————- DLLs startet under kørende Processer——————————-
- - - - - - - > ‘explorer.exe’(2916)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_dan.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\program files\SmartFTP Client\smarthook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
————————————Andre kørende processer————————————
.
c:\program files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\dllhost.exe
c:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\windows\system32\msiexec.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Gennemført tid: 2010-03-22 08:36:19 - maskinen blev genstartet
ComboFix-quarantined-files.txt 2010-03-22 07:36
ComboFix2.txt 2009-06-03 07:33
Pre-Kørsel: 176.589.545.472 bytes free
Post-Kørsel: 176.585.814.016 byte ledig
Current=5 Default=5 Failed=4 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - B53296EDC6BB400F81E0D97672AB8E9B
