Her er resultatet fra RunThis.bat
SDFix: Version 1.113
Run by Administrator on 07-11-2007 at 08:44
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\SYSTEM32\NVCPL.DLL - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1253 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-11-07 08:47:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
IPC error: 2 Den angivne fil blev ikke fundet.
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\01f901000d18]
"000fdeb4554a"=hex:15,8f,82,fc,ae,61,fe,22,6d,e3,42,9c,bf,93,0a,94
"0012ee3e0a15"=hex:cb,29,f5,da,35,44,97,e8,ff,42,84,ec,36,d3,a7,72
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\01f901000d18]
"000fdeb4554a"=hex:15,8f,82,fc,ae,61,fe,22,6d,e3,42,9c,bf,93,0a,94
"0012ee3e0a15"=hex:cb,29,f5,da,35,44,97,e8,ff,42,84,ec,36,d3,a7,72
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:K›r en DLL som et program"
"C:\\Programmer\\Kazaa Lite K++\\Kazaa.kpp"="C:\\Programmer\\Kazaa Lite K++\\Kazaa.kpp:*:Enabled:Kazaa"
"C:\\Programmer\\Messenger\\msmsgs.exe"="C:\\Programmer\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Programmer\\eMule\\emule.exe"="C:\\Programmer\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\WINDOWS\\system32\\dxdiag.exe"="C:\\WINDOWS\\system32\\dxdiag.exe:*:Disabled:Microsoft DirectX Diagnostic Tool"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"C:\\Programmer\\Spybot - Search & Destroy\\SpybotSD.exe"="C:\\Programmer\\Spybot - Search & Destroy\\SpybotSD.exe:*:Enabled:Spybot - Search & Destroy"
"C:\\Programmer\\WebWriter4\\WebWrite.exe"="C:\\Programmer\\WebWriter4\\WebWrite.exe:*:Enabled:Stone's WebWriter HTML-editor"
"C:\\Programmer\\MSN Messenger\\msncall.exe"="C:\\Programmer\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Programmer\\InternetCalls.com\\InternetCalls\\InternetCalls.exe"="C:\\Programmer\\InternetCalls.com\\InternetCalls\\InternetCalls.exe:*:Enabled:InternetCalls"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"="C:\\Programmer\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Programmer\\MSN Messenger\\livecall.exe"="C:\\Programmer\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Programmer\\Tobit ClipInc\\Player\\ClipInc-Player.exe"="C:\\Programmer\\Tobit ClipInc\\Player\\ClipInc-Player.exe:*:Enabled:ClipInc. Player"
"C:\\Programmer\\Grisoft\\AVG7\\avginet.exe"="C:\\Programmer\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Programmer\\Grisoft\\AVG7\\avgcc.exe"="C:\\Programmer\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Programmer\\Grisoft\\AVG7\\avgemc.exe"="C:\\Programmer\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Programmer\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Programmer\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\\system32\\fxsclnt.exe:*:Disabled:Microsoft Fax Console"
"C:\\Programmer\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Programmer\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Disabled:Nero ShowTime"
"C:\\Programmer\\Ahead\\Nero ShowTime\\ShowTime.exe"="C:\\Programmer\\Ahead\\Nero ShowTime\\ShowTime.exe:*:Disabled:Nero ShowTime"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe:*:Enabled:Fjernsupport - Windows Messenger og samtale"
"C:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"="C:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Programmer\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Programmer\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Programmer\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Programmer\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Programmer\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Documents and Settings\\Ole Thorsen\\Lokale indstillinger\\Temporary Internet Files\\Content.IE5\\OXUC7QIC\\tdc_hastighedstest[1].exe"="C:\\Documents and Settings\\Ole Thorsen\\Lokale indstillinger\\Temporary Internet Files\\Content.IE5\\OXUC7QIC\\tdc_hastighedstest[1].exe:*:Enabled:TDC Hastighed"
"C:\\Programmer\\Skype\\Phone\\Skype.exe"="C:\\Programmer\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programmer\\MSN Messenger\\msncall.exe"="C:\\Programmer\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"="C:\\Programmer\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Programmer\\MSN Messenger\\livecall.exe"="C:\\Programmer\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Sun 8 Jul 2007 5,388,088 A..H. --- "C:\Programmer\Picasa2\setup.exe"
Sun 25 Feb 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 19 Sep 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRMBACKUP_2-00_200857\DRMv1.bak"
Fri 3 Mar 2006 312 A..H. --- "C:\program files\InterActual\InterActual Player\iti2.tmp"
Sun 25 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 25 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRMBACKUP_2-00_200857\Cache\Indiv01.tmp"
Finished!
og her rapporten fra ComboFix
ComboFix 07-11-07.3 - Ole Thorsen 2007-11-07 8:54:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.617 [GMT 1:00]
Running from: C:\Documents and Settings\Ole Thorsen\Skrivebord\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-10-07 to 2007-11-07 )))))))))))))))))))))))))))))))
.
2007-11-07 08:53 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-07 08:43 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-07 08:42 <DIR> d-------- C:\Documents and Settings\Administrator.OLESCOMPUTER.001\Skrivebord
2007-11-07 08:42 <DIR> d--h----- C:\Documents and Settings\Administrator.OLESCOMPUTER.001\Skabeloner
2007-11-07 08:42 <DIR> d--h----- C:\Documents and Settings\Administrator.OLESCOMPUTER.001\Printere
2007-11-07 08:42 <DIR> dr------- C:\Documents and Settings\Administrator.OLESCOMPUTER.001\Menuen Start
2007-11-07 08:42 <DIR> d--h----- C:\Documents and Settings\Administrator.OLESCOMPUTER.001\Lokale indstillinger
2007-11-07 08:42 <DIR> d-------- C:\Documents and Settings\Administrator.OLESCOMPUTER.001\Foretrukne
2007-11-07 08:42 <DIR> d-------- C:\Documents and Settings\Administrator.OLESCOMPUTER.001\Dokumenter
2007-11-07 08:42 <DIR> d-------- C:\Documents and Settings\Administrator.OLESCOMPUTER.001\Application Data\Sony Ericsson
2007-11-07 08:42 <DIR> d--h----- C:\Documents and Settings\Administrator.OLESCOMPUTER.001\Andre computere
2007-11-06 11:36 <DIR> d-------- C:\Documents and Settings\Ole Thorsen\Application Data\SUPERAntiSpyware.com
2007-11-06 11:06 <DIR> d-------- C:\Documents and Settings\Administrator.OLESCOMPUTER.000\Skabeloner
2007-11-06 11:06 <DIR> d-------- C:\Documents and Settings\Administrator.OLESCOMPUTER.000\Lokale indstillinger
2007-10-31 13:27 <DIR> d-------- C:\Programmer\Fælles filer\Application
2007-10-31 13:27 <DIR> d-------- C:\Programmer\Fælles filer\Ankiro
2007-10-23 14:49 <DIR> d-------- C:\Documents and Settings\Ole Thorsen\Application Data\Uniblue
2007-10-15 07:26 <DIR> d-------- C:\Programmer\Topala Software Solutions
2007-10-07 13:26 <DIR> d-------- C:\Documents and Settings\Ole Thorsen\Application Data\Printer Info Cache
2007-10-07 13:20 <DIR> d-------- C:\Documents and Settings\Ole Thorsen\Application Data\Image Zone Express
2007-10-07 13:16 <DIR> d-------- C:\Documents and Settings\Ole Thorsen\Application Data\HP
2007-10-07 13:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2007-10-07 13:14 <DIR> d-------- C:\Programmer\Fælles filer\HP
2007-10-07 13:11 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll
2007-10-07 13:11 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll
2007-10-07 13:09 <DIR> d-------- C:\Programmer\HP
2007-10-07 13:08 127,001 --a------ C:\WINDOWS\hpoins11.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-07 07:55 189,116,448 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-07 07:40 2,217,968 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-07 07:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-11-06 22:15 --------- d-----w C:\Programmer\Google
2007-11-06 16:49 --------- d-----w C:\Documents and Settings\Ole Thorsen\Application Data\Skype
2007-11-06 11:50 --------- d-----w C:\Programmer\SUPERAntiSpyware
2007-11-06 10:36 --------- d-----w C:\Programmer\Fælles filer\Wise Installation Wizard
2007-11-06 08:57 7,184 ----a-w C:\Programmer\hijackthis.log
2007-11-04 15:01 --------- d-----w C:\Programmer\eMule
2007-11-02 13:20 --------- d-----w C:\Programmer\SPAMfighter
2007-11-02 09:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-24 05:10 --------- d-----w C:\Programmer\Logitech
2007-10-24 05:10 --------- d-----w C:\Programmer\Fælles filer\Logitech
2007-10-23 14:00 --------- d-----w C:\Programmer\hp deskjet 3320 series
2007-10-17 09:21 --------- d-----w C:\Programmer\ListMaker
2007-10-16 08:38 --------- d-----w C:\Programmer\TweakNow RegCleaner Std
2007-10-11 07:51 --------- d-----w C:\Programmer\Java
2007-10-07 12:15 --------- d-----w C:\Programmer\Hewlett-Packard
2007-09-19 17:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-09-17 05:30 12,322,756 ------w C:\avg7qt.dat
2007-09-13 10:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2007-09-13 09:14 --------- d-----w C:\Documents and Settings\Ole Thorsen\Application Data\Teleca
2007-09-13 09:13 --------- d-----w C:\Programmer\Fælles filer\Teleca Shared
2007-09-13 09:12 --------- d-----w C:\Programmer\Sony Ericsson
2007-09-13 09:12 --------- d-----w C:\Programmer\Fælles filer\Sony Ericsson Shared
2007-09-13 09:12 --------- d-----w C:\Documents and Settings\Ole Thorsen\Application Data\Sony Ericsson
2007-09-13 09:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2007-09-13 09:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2007-09-11 07:05 --------- d--h--w C:\Programmer\InstallShield Installation Information
2007-09-11 07:05 --------- d-----w C:\Programmer\MiTAC Research (Shanghai) Ltd
2007-09-06 14:14 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-09-06 14:14 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-08-21 06:17 683,520 -c--a-w C:\WINDOWS\system32\inetcomm.dll
2006-06-23 14:43 168,048 -c--a-w C:\Documents and Settings\Ole Thorsen\DynGate_Setup.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-26 16:53 C:\WINDOWS\system32\bthprops.cpl]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"FLMOFFICE4DMOUSE"="C:\Programmer\Browser MOUSE\mouse32a.exe" [2006-04-12 09:23]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-23 06:00]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2004-12-16 18:55]
"SPAMfighter Agent"="C:\Programmer\SPAMfighter\SFAgent.exe" [2007-06-25 14:03]
"ZoneAlarm Client"="C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 15:14]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-26 16:53]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-25 19:51]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Hurtigstart.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader Hurtigstart.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^hp psc 1000 series.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\hp psc 1000 series.lnk
backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^TV Remote Control.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\TV Remote Control.lnk
backup=C:\WINDOWS\pss\TV Remote Control.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Ulead Photo Express 4.0 SE Calendar Checker .lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Ulead Photo Express 4.0 SE Calendar Checker .lnk
backup=C:\WINDOWS\pss\Ulead Photo Express 4.0 SE Calendar Checker .lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^USB Phone Driver Startup.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\USB Phone Driver Startup.lnk
backup=C:\WINDOWS\pss\USB Phone Driver Startup.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^ymetray.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASM]
"C:\Programmer\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMK08KB]
C:\Programmer\Muiltmedia keyboard Utility\1.3\KbdAp32A.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKey]
C:\WINDOWS\Twain_32\FlatBed\HotKey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Programmer\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Programmer\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\system32\LVCOMSX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]
C:\Programmer\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"C:\Programmer\Ahead\Nero BackItUp\NBJ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Programmer\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PVR Agent]
C:\Programmer\Zolid Multimedia\PVR Plus\TVR\Scheduled.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Programmer\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Programmer\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TeamViewer]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USIUDF_Eject_Monitor]
C:\Programmer\Fælles filer\Ulead Systems\DVD\USISrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"InCDsrv"=2 (0x2)
"Fax"=2 (0x2)
R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\DRIVERS\tffsport.sys
R3 Cap7134;Philips Cap7134 Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
R3 PhTVTune;Zolid WDM TVTuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
S1 ANVIOCTL;ANVIOCTL;C:\WINDOWS\system32\DRIVERS\anvioctl.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a84723e5-08f6-11da-832a-806d6172696f}]
\Shell\AutoRun\command
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-07-10 05:49:28 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Programmer\RegClean\RegClean.exe
"2007-10-23 13:49:36 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Programmer\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-10-23 13:49:36 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Programmer\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-11-07 08:56:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-07 8:56:47
.
--- E O F ---
Undervejs i ComboFix kom AVG to gange med en meddelelse om, at der var fundet trojanere.
Jeg klikkede på Heal knappen, og AVG svarede at det pågældende var fjernet
Smukke_Ole