hejsa. her er der så lidt at kikke på.
ComboFix 07-10-17.8 - Yusuf Ali Sutcu 2007-10-18 12:31:25.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1030.18.152 [GMT 2:00]
Running from: C:\Documents and Settings\Yusuf Ali Sutcu\Skrivebord\Ny mappe\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data.\nfo
C:\Documents and Settings\All Users\Application Data.\nfo\keys.dat
C:\Documents and Settings\All Users\Application Data.\nfo\mon0104.dbd
C:\Documents and Settings\All Users\Application Data.\nfo\mon0106.ddx
C:\Documents and Settings\All Users\Application Data.\nfo\mon0204.ddx
C:\Documents and Settings\All Users\Application Data.\nfo\mon0315.ddx
C:\Documents and Settings\All Users\Application Data.\nfo\mon0412.ddx
C:\Documents and Settings\All Users\Application Data.\nfo\mon0504.ddx
C:\Documents and Settings\All Users\Application Data.\nfo\mon0904.ddx
C:\Documents and Settings\All Users\Application Data.\nfo\mon1125.ddx
C:\Documents and Settings\All Users\Application Data.\nfo\mon1204.ddx
C:\Documents and Settings\All Users\Application Data.\nfo\mon1215.dbd
C:\Documents and Settings\All Users\Application Data.\nfo\mon1215.dbd.old
C:\Documents and Settings\All Users\Application Data.\nfo\mon1909.ddx
C:\Documents and Settings\All Users\Application Data.\nfo\mon1920.dbd
C:\Documents and Settings\All Users\Application Data.\nfo\mon2007.dbd
C:\Documents and Settings\All Users\Application Data.\tatss
C:\Documents and Settings\All Users\Application Data.\tatss\patchme.exe
C:\Documents and Settings\All Users\Application Data.\vidmon
C:\Documents and Settings\All Users\Application Data.\vidmon\dpih.inf
C:\Documents and Settings\All Users\Application Data.\vidmon\vidmon.inf
C:\lswmv.ini
C:\Programmer\F‘lles filer\uninstall information
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\system32\nfomon
C:\WINDOWS\system32\nfomon\License.txt
C:\WINDOWS\system32\nfomon\nfo.ocx
C:\WINDOWS\system32\nfomon\nfom.dll
C:\WINDOWS\system32\vidmon
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NWSAPAGENT
-------\NwSapAgent
((((((((((((((((((((((((( Files Created from 2007-09-18 to 2007-10-18 )))))))))))))))))))))))))))))))
.
2007-10-18 12:29 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-18 11:20 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-10-18 11:18 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-10-18 11:18 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord
2007-10-18 11:18 <DIR> d--h----- C:\Documents and Settings\Administrator\Skabeloner
2007-10-18 11:18 <DIR> d--h----- C:\Documents and Settings\Administrator\Printere
2007-10-18 11:18 <DIR> dr------- C:\Documents and Settings\Administrator\Menuen Start
2007-10-18 11:18 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale indstillinger
2007-10-18 11:18 <DIR> dr------- C:\Documents and Settings\Administrator\Foretrukne
2007-10-18 11:18 <DIR> dr------- C:\Documents and Settings\Administrator\Dokumenter
2007-10-18 11:18 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2007-10-18 11:18 <DIR> d--h----- C:\Documents and Settings\Administrator\Andre computere
2007-10-18 11:14 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2007-10-18 11:14 <DIR> C:\Programmer\Fælles filer\Wise Installation Wizard
2007-10-18 11:14 <DIR> d-------- C:\Documents and Settings\Yusuf Ali Sutcu\Application Data\SUPERAntiSpyware.com
2007-10-18 11:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-18 10:51 <DIR> d-------- C:\Programmer\CCleaner
2007-10-18 03:00 <DIR> d-------- C:\Programmer\MSXML 4.0
2007-10-17 23:37 <DIR> d-------- C:\Documents and Settings\LocalService\Menuen Start
2007-10-17 22:38 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-10-17 22:38 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-10-17 22:38 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-10-17 22:22 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-17 21:39 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-10-17 21:37 <DIR> d-------- C:\WINDOWS\provisioning
2007-10-17 21:37 <DIR> d-------- C:\WINDOWS\peernet
2007-10-17 21:13 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2007-10-17 21:13 4,569 --------- C:\WINDOWS\system32\secupd.dat
2007-10-17 20:35 <DIR> d-------- C:\WINDOWS\pss
2007-10-17 20:34 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-10-17 20:34 331,776 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-10-17 20:34 40,960 --------- C:\WINDOWS\system32\dllcache\evtgprov.dll
2007-10-17 20:19 1,386,496 --a------ C:\WINDOWS\system32\msvbvm60.dll
2007-10-17 20:19 93,184 --a------ C:\WINDOWS\system32\dskquota.dll
2007-10-17 19:37 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2007-10-17 19:30 <DIR> d-------- C:\Programmer\SymNetDrv
2007-10-17 19:26 124,168 --a------ C:\WINDOWS\system32\SymStore.dll
2007-10-17 19:03 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-10-17 19:03 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-10-17 19:01 <DIR> d-------- C:\WINDOWS\system32\bits
2007-10-17 19:00 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2007-10-17 19:00 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-10-17 19:00 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-10-17 19:00 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-10-17 18:33 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-10-17 18:33 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-10-17 18:33 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-10-17 18:33 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-10-17 18:29 42,368 --a------ C:\WINDOWS\system32\drivers\agp440.sys
2007-10-17 18:15 148,658 C:\Programmer\Fælles filer\bde3d_re.exe
2007-10-17 18:15 24,576 --a------ C:\WINDOWS\system32\admparse.exe
2007-10-16 18:42 4,992 --a------ C:\WINDOWS\system32\drivers\loop.sys
2007-10-16 18:42 4,992 --a------ C:\WINDOWS\system32\dllcache\loop.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-18 10:34 --------- d-----w C:\Programmer\Fælles filer
2007-10-18 10:23 --------- d-----w C:\Programmer\MediaLoads Enhanced
2007-10-18 09:19 --------- d-----w C:\Programmer\DownloadWare
2007-10-17 21:08 --------- d-----w C:\Programmer\Fælles filer\System
2007-10-17 17:30 --------- d-----w C:\Programmer\Symantec
2007-10-17 17:29 --------- d-----w C:\Programmer\Fælles filer\Symantec Shared
2007-10-16 17:07 --------- d-----w C:\Documents and Settings\Yusuf Ali Sutcu\Application Data\MSN6
2003-05-22 14:23 81,408 --sha-w C:\Programmer\Thumbs.db
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WCOLOREAL"="C:\Programmer\COMPAQ\Coloreal\coloreal.exe" [2002-01-22 16:46]
"CPQEASYACC"="C:\Programmer\Compaq\Easy Access Button Support\StartEAK.exe" [2001-12-14 14:01]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 23:34]
"Smapp"="C:\Programmer\Analog Devices\SoundMAX\Smtray.exe" [2001-10-12 15:45]
"AutoLogon"="" []
"NAV Agent"="C:\PROGRA~1\NORTON~1\navapw32.exe" [2002-04-09 09:27]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-07 21:56]
"HPHUPD05"="C:\Programmer\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 05:03]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-10-17 19:30]
"RegistryMechanic"="" []
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 04:54]
"HP Software Update"="C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 12:40]
"HP Component Manager"="C:\Programmer\HP\hpcoretech\hpcmpmgr.exe" [2003-04-08 13:45]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 02:53]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 18:24]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-04-23 15:46]
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office\OSA9.EXE [2000-01-21 01:15:54]
Microsoft Works Calendar Reminders.lnk - C:\Programmer\F‘lles filer\Microsoft Shared\Works Shared\wkcalrem.exe [1999-08-06 09:53:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
.
Contents of the 'Scheduled Tasks' folder
"2004-06-15 17:19:06 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#7200#CN37A2C41HE0.job"
- C:\Programmer\HP\hpcoretech\comp\hpdarc.exe
"2007-10-18 05:18:00 C:\WINDOWS\Tasks\HP Usg Daily.job"
"2005-10-07 19:00:43 C:\WINDOWS\Tasks\Norton AntiVirus - Skan Denne computer.job"
"2007-10-18 10:27:25 C:\WINDOWS\Tasks\Symantec NetDetect.job"
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-10-18 12:36:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-18 12:38:02 - machine was rebooted
.
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 12:28:14, on 18-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Compaq\Easy Access Button Support\StartEAK.exe
C:\Programmer\Analog Devices\SoundMAX\Smtray.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programmer\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Programmer\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Programmer\ZyDAS Technology Corporation\ZyDAS Wireless LAN\ZDConfig.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Yusuf Ali Sutcu\Skrivebord\Ny mappe\alternativ.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
file://C:\WINDOWS\system32\SearchBar.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.dk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=0406&s=search&ap=b204R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=1c02&lc=0406&acR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [WCOLOREAL] C:\Programmer\COMPAQ\Coloreal\coloreal.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Programmer\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Programmer\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Programmer\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmer\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: updater.lnk = C:\Programmer\Common Files\updater\wupdater.exe
O4 - Global Startup: ZDConfig.lnk = C:\Programmer\ZyDAS Technology Corporation\ZyDAS Wireless LAN\ZDConfig.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\programmer\newdotnet\newdotnet6_30.dll' missing
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Backgammon -
http://download.games.yahoo.com/games/clients/y/at0_x.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192638743468O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey®) -
https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cabO16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) -
https://netbank.bgbank.dk/bgnetbank/activex/DanskeSikker.cabO20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Norton AntiVirus Auto Protect (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FÆLLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FÆLLES~1\SONYSH~1\AVLib\Sptisrv.exe
********************************* ROOTCHK-(21-09-07)-LOG, by ejvindh
18-10-2007 12:46:06,93
The rootkits that are detected by this tool were not found.
********************************* ROOTCHK-LOG-end
catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-10-18 12:46:07
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
hidden processes: 0
hidden services: 0
hidden files: 0