Kan du mon lige kigge på mine logs?
ComboFix 07-11-07.3 - Malik Chemnitz 07-11-2007 15:05:05.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1252.45.1030.18.391 [GMT 1:00]
Running from: C:\Documents and Settings\Malik Chemnitz\Skrivebord\Crapcleaner\ComboFix.exe
* Created a new restore point
.
Unable to gain System Privileges
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\svchost.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\__c0081409.dat
C:\WINDOWS\system32\ixdaibov.dllbox
C:\z.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-10-07 to 2007-11-07 )))))))))))))))))))))))))))))))
.
2007-11-07 14:12 114,316 ---hs---- C:\WINDOWS\system32\mpqss.ini2
2007-11-07 13:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-07 13:33 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2007-11-07 13:33 <DIR> C:\Programmer\Fælles filer\Wise Installation Wizard
2007-11-07 13:33 <DIR> d-------- C:\Documents and Settings\Malik Chemnitz\Application Data\SUPERAntiSpyware.com
2007-11-07 13:15 <DIR> d-------- C:\Programmer\CCleaner
2007-11-07 12:32 <DIR> d-------- C:\Documents and Settings\Malik Chemnitz\Application Data\AVG7
2007-11-07 12:31 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-07 12:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-07 12:19 <DIR> d-------- C:\Programmer\Registry Defender
2007-11-07 00:07 0 --a------ C:\z.dat
2007-11-06 23:45 87,104 --a------ C:\WINDOWS\system32\bogagkhw.dll
2007-11-06 23:43 81,472 --a------ C:\WINDOWS\system32\drepicor.dll
2007-11-06 23:41 100,066 ---hs---- C:\WINDOWS\system32\mpqss.bak2
2007-11-06 11:41 6,465 ---hs---- C:\WINDOWS\system32\mpqss.bak1
2007-11-06 11:34 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-06 11:32 82 --a------ C:\n.bat
2007-11-05 11:19 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-29 16:48 <DIR> d-------- C:\Programmer\Winamp Toolbar
2007-10-29 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2007-10-24 23:02 <DIR> d-------- C:\Documents and Settings\Malik Chemnitz\Shared
2007-10-24 23:02 <DIR> d-------- C:\Documents and Settings\Malik Chemnitz\Incomplete
2007-10-24 23:02 <DIR> d-------- C:\Documents and Settings\Malik Chemnitz\Application Data\LimeWire
2007-10-19 19:41 <DIR> d-------- C:\Documents and Settings\Malik Chemnitz\Application Data\InterVideo
2007-10-10 19:29 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-08 16:16 <DIR> d-------- C:\Documents and Settings\Malik Chemnitz\Application Data\uTorrent
2007-10-07 21:03 <DIR> d-------- C:\Programmer\Erusoft Audio CD Ripper
2007-10-07 20:36 <DIR> d-------- C:\fcr_output
2007-10-07 09:43 12 --a------ C:\WINDOWS\bthservsdp.dat
2007-10-07 09:12 274,432 --a------ C:\WINDOWS\system32\drivers\bthport.sys
2007-10-07 09:12 274,432 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys
2007-10-07 09:12 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
2007-10-07 09:12 18,944 --a--c--- C:\WINDOWS\system32\dllcache\bthusb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-07 13:55 --------- d-----w C:\Documents and Settings\Malik Chemnitz\Application Data\Skype
2007-11-07 13:52 --------- d-----w C:\Programmer\Fælles filer\Symantec Shared
2007-11-07 12:33 --------- d-----w C:\Programmer\Fælles filer
2007-11-07 11:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-11-07 11:15 --------- d-----w C:\Programmer\Symantec
2007-11-07 10:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-07 10:10 --------- d-----w C:\Programmer\Norton Security Scan
2007-11-05 10:23 --------- d-----w C:\Programmer\Winamp
2007-10-26 00:49 --------- d-----w C:\Documents and Settings\Malik Chemnitz\Application Data\Apple Computer
2007-10-11 04:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-06 15:38 --------- d-----w C:\Programmer\iTunes
2007-10-06 15:36 --------- d-----w C:\Programmer\iPod
2007-10-06 15:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-06 15:31 --------- d-----w C:\Programmer\Fælles filer\Apple
2007-10-06 15:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-10-06 05:34 --------- d-----w C:\Programmer\MioNet
2007-10-05 14:41 --------- d-----w C:\Programmer\Fælles filer\ArcSoft
2007-10-05 14:40 --------- d--h--w C:\Programmer\InstallShield Installation Information
2007-10-05 14:40 --------- d-----w C:\Programmer\Fælles filer\SPC500NC
2007-10-05 14:39 --------- d-----w C:\Programmer\Philips
2007-10-03 15:11 --------- d-----w C:\Programmer\Fælles filer\Adobe
2007-10-03 14:56 --------- d-----w C:\Documents and Settings\Malik Chemnitz\Application Data\AdobeUM
2007-09-22 18:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-09-21 16:15 --------- d-----w C:\Programmer\Nero
2007-09-21 16:15 --------- d-----w C:\Programmer\Fælles filer\Simple Star Shared
2007-09-21 16:15 --------- d-----w C:\Documents and Settings\Malik Chemnitz\Application Data\Nero
2007-09-21 16:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Simple Star Shared
2007-09-21 16:08 --------- d-----w C:\Documents and Settings\Malik Chemnitz\Application Data\Simple Star
2007-09-20 23:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-09-20 23:08 --------- d-----w C:\Programmer\Bonjour
2007-09-20 22:54 --------- d-----w C:\Programmer\Fælles filer\Macrovision Shared
2007-09-20 18:59 --------- d-----w C:\Programmer\Sony Ericsson
2007-09-20 14:56 --------- d-----w C:\Programmer\TEXTware
2007-09-20 14:48 --------- d--h--r C:\Documents and Settings\Malik Chemnitz\Application Data\SecuROM
2007-09-20 05:13 --------- d-----w C:\Programmer\IDM
2007-09-19 18:36 --------- d-----w C:\Programmer\TGTSoft
2007-09-19 15:32 --------- d-----w C:\Programmer\VstPlugins
2007-09-19 15:32 --------- d-----w C:\Programmer\Image-Line
2007-09-19 15:31 --------- d-----w C:\Programmer\ASIO4ALL v2
2007-09-19 10:07 --------- d-----w C:\Documents and Settings\Malik Chemnitz\Application Data\ArcSoft
2007-09-19 09:53 --------- d-----w C:\Programmer\MAGIX
2007-09-15 12:59 --------- d-----w C:\Programmer\Google
2007-09-15 12:40 --------- d-----w C:\Programmer\Fælles filer\Microsoft Shared
2007-09-15 12:38 --------- d-----w C:\Programmer\Fælles filer\System
2007-09-15 12:33 --------- d-----w C:\Programmer\MSBuild
2007-09-14 23:36 138 ----a-w C:\Documents and Settings\Malik Chemnitz\Application Data\wklnhst.dat
2007-09-13 18:09 --------- d-----w C:\Documents and Settings\Malik Chemnitz\Application Data\Ahead
2007-09-07 06:19 --------- d-----w C:\Programmer\Arto
2007-09-07 06:19 --------- d-----w C:\Documents and Settings\Malik Chemnitz\Application Data\Arto
2007-09-04 18:51 229,057 ----a-w C:\WINDOWS\Alcohol_Toolbar_Uninstaller_3656.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A628F9F-E722-4540-BBDE-10F69AB181DE}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 00:32]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 23:49 C:\WINDOWS\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 14:29 C:\WINDOWS\agrsmmsg.exe]
"THotkey"="C:\Programmer\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 14:02]
"TPSMain"="TPSMain.exe" [2005-08-03 15:42 C:\WINDOWS\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" []
"Tvs"="C:\Programmer\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 12:25]
"SmoothView"="C:\Programmer\TOSHIBA\TOSHIBA-zoomfunktion\SmoothView.exe" [2005-05-12 13:44]
"TFncKy"="TFncKy.exe" []
"TDispVol"="TDispVol.exe" [2005-09-16 13:48 C:\WINDOWS\system32\TDispVol.exe]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 05:20]
"IntelZeroConfig"="C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 11:37]
"IntelWireless"="C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 10:41]
"CFSServ.exe"="CFSServ.exe" []
"GrooveMonitor"="C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]
"QuickTime Task"="C:\Programmer\K-Lite Codec Pack\QuickTime\QTTask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-27 12:00 C:\WINDOWS\system32\bthprops.cpl]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-07 12:31]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 12:00]
"TOSCDSPD"="C:\Programmer\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 10:38]
"DVDXGhost"="E:\Chemnitz\Pro\DVD X Ghost\DVDXGhost.EXE" []
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" [2007-09-13 12:31]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"AlcoholAutomount"="C:\Programmer\Alcohol Soft\Alcohol 120\axcmd.exe" [2006-11-20 05:00]
"ArtoNotifier"="C:\Programmer\Arto\Notifier\ArtoNotifier.exe" [2006-10-10 16:33]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-04-23 15:46]
C:\Documents and Settings\Malik Chemnitz\Menuen Start\Programmer\Start\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54]
RegistryDefender.lnk - C:\Programmer\Registry Defender\RegistryDefender.exe [2007-04-03 11:47:44]
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
VPro500.lnk - C:\WINDOWS\VPro500.exe [2007-10-05 15:39:54]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1C1DD717-53B2-485E-A17B-C9977C205E10}"= C:\WINDOWS\system32\opnmmki.dll [ ]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ixdaibov]
ixdaibov.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnmmki]
opnmmki.dll
R2 MioNet;MioNet Service;C:\Programmer\MioNet\MioNetManager.exe -s C:\Programmer\MioNet\wrapper.conf
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe
S3 SPC610NC;Philips SPC500NC Webcam;C:\WINDOWS\system32\DRIVERS\SPC610NC.SYS
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9cfbae5c-5178-11dc-b677-00a0d1457c69}]
\Shell\AutoRun\command - E:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-11-02 17:09:24 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Programmer\Norton Security Scan\Nss.exe
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-11-07 15:18:49 - machine was rebooted
.
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 14:59:05, on 07-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Programmer\MioNet\MioNetManager.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\MioNet\jvm\bin\MioNet.exe
C:\Programmer\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programmer\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Programmer\TOSHIBA\ConfigFree\NDSTray.exe
C:\Programmer\TOSHIBA\Tvs\TvsTray.exe
C:\Programmer\TOSHIBA\TOSHIBA-zoomfunktion\SmoothView.exe
C:\Programmer\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programmer\TOSHIBA\TOSHIBA-programmer\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmer\TOSHIBA\ConfigFree\CFSServ.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\K-Lite Codec Pack\QuickTime\QTTask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Arto\Notifier\ArtoNotifier.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\VPro500.exe
C:\Programmer\Registry Defender\RegistryDefender.exe
C:\Programmer\Skype\Plugin Manager\skypePM.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Malik Chemnitz\Skrivebord\Crapcleaner\alternativ.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {9A628F9F-E722-4540-BBDE-10F69AB181DE} - (no file)
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Programmer\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\ixdaibov.dll (file missing)
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Programmer\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Programmer\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Programmer\TOSHIBA\TOSHIBA-zoomfunktion\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmer\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmer\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [DVDXGhost] E:\Chemnitz\Pro\DVD X Ghost\DVDXGhost.EXE
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmer\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ArtoNotifier] C:\Programmer\Arto\Notifier\ArtoNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: RegistryDefender.lnk = C:\Programmer\Registry Defender\RegistryDefender.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: VPro500.lnk = ?
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\programmer\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FLLESF~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0081409.dat
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: ixdaibov - ixdaibov.dll (file missing)
O20 - Winlogon Notify: opnmmki - opnmmki.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmer\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\heerpwkd.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Programmer\MioNet\MioNetManager.exe
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Programmer\Toshiba\TOSHIBA Applet\TAPPSRV.exe
********************************* ROOTCHK-(21-09-07)-LOG, by ejvindh
07-11-2007 15:02:06,75
The rootkits that are detected by this tool were not found.
********************************* ROOTCHK-LOG-end
catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-07 15:02:07
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000ea132781e]
"001b59b6fb5f"=hex:b5,58,3b,4d,97,88,14,8f,3a,06,ca,b6,e8,6f,8d,45
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:bc,bf,6e,bf,6f,41,fb,fb,37,fd,89,a2,17,cd,c3,86,e9,79,3b,48,46,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000ea132781e]
"001b59b6fb5f"=hex:b5,58,3b,4d,97,88,14,8f,3a,06,ca,b6,e8,6f,8d,45
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:bc,bf,6e,bf,6f,41,fb,fb,37,fd,89,a2,17,cd,c3,86,e9,79,3b,48,46,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000232
scanning hidden files ...
hidden processes: 0
hidden services: 0
hidden files: 0
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/07/2007 at 02:47 PM
Application Version : 3.7.1018
Core Rules Database Version : 3222
Trace Rules Database Version: 1233
Scan type : Complete Scan
Total Scan Time : 00:51:02
Memory items scanned : 756
Memory threats detected : 1
Registry items scanned : 6076
Registry threats detected : 5
File items scanned : 43296
File threats detected : 15
Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\SSQPM.DLL
C:\WINDOWS\SYSTEM32\SSQPM.DLL
HKLM\Software\Classes\CLSID\{9A628F9F-E722-4540-BBDE-10F69AB181DE}
HKCR\CLSID\{9A628F9F-E722-4540-BBDE-10F69AB181DE}
HKCR\CLSID\{9A628F9F-E722-4540-BBDE-10F69AB181DE}\InprocServer32
HKCR\CLSID\{9A628F9F-E722-4540-BBDE-10F69AB181DE}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9A628F9F-E722-4540-BBDE-10F69AB181DE}
Adware.Tracking Cookie
C:\Documents and Settings\Malik Chemnitz\Cookies\malik_chemnitz@atdmt[2].txt
C:\Documents and Settings\Malik Chemnitz\Cookies\malik_chemnitz@int.sitestat[4].txt
C:\Documents and Settings\Malik Chemnitz\Cookies\malik_chemnitz@imrworldwide[1].txt
C:\Documents and Settings\Malik Chemnitz\Cookies\malik_chemnitz@int.sitestat[3].txt
C:\Documents and Settings\Malik Chemnitz\Cookies\malik_chemnitz@mediaplex[2].txt
C:\Documents and Settings\Malik Chemnitz\Cookies\malik_chemnitz@adtech[2].txt
C:\Documents and Settings\Malik Chemnitz\Cookies\malik_chemnitz@serving-sys[1].txt
C:\Documents and Settings\Malik Chemnitz\Cookies\malik_chemnitz@bs.serving-sys[1].txt
C:\Documents and Settings\Malik Chemnitz\Cookies\malik_chemnitz@doubleclick[1].txt
C:\Documents and Settings\Malik Chemnitz\Cookies\malik_chemnitz@track.adform[1].txt
C:\Documents and Settings\Malik Chemnitz\Cookies\malik_chemnitz@adtech[1].txt
C:\Documents and Settings\Malik Chemnitz\Cookies\malik_chemnitz@mediaplex[1].txt
C:\Documents and Settings\Malik Chemnitz\Cookies\malik_chemnitz@sexyd8[2].txt
C:\Documents and Settings\Malik Chemnitz\Cookies\malik_chemnitz@www.clickxchange[1].txt
