Hej igen
Jeg gik selv igang igår, da jeg fandt et spørgsmål der indeholdt dette link og jeg må indrømme at jeg tilhører en af de godtroende der har troet på en gratis mobil:
http://www.eksperten.dk/artikler/1123Så her er der 4 logfiler:
HIJACKTHIS:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:19:24, on 25-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Administrator\Desktop\AV jul 2007\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.eksperten.dk/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IE Privacy Keeper - Last IE Window Detector - {1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPKbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - :C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: avast! Antivirus.lnk = C:\Program Files\Alwil Software\Avast4\ashAvast.exe
O4 - Startup: Sygate Personal Firewall.lnk = C:\Program Files\Sygate\SPF\Smc.exe
O8 - Extra context menu item: Convert link target to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -
res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -
res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -
res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF -
res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {D799B0E4-BEDE-41d2-AEE0-1E3A1C4EF918} - C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe (HKCU)
O9 - Extra 'Tools' menuitem: IE Privacy Keeper - {D799B0E4-BEDE-41d2-AEE0-1E3A1C4EF918} - C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe (HKCU)
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) -
http://downol.dr.dk/download/netradio/Rawflow.cabO16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) -
http://kpssemsrv03.udd.sembsc.dk/qp2.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191957133718O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) -
http://kpssemsrv02.udd.sembsc.dk/dwa7W.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\HP_Administrator\Desktop\skrivebord\index.htm
--
End of file - 7794 bytes
COMBOFIX:
ComboFix 07-12-21.4 - HP_Administrator 2007-12-25 9:23:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.467 [GMT 1:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\AV jul 2007\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\pskill.exe
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2007-11-25 to 2007-12-25 )))))))))))))))))))))))))))))))
.
2007-12-25 00:48 . 2007-12-25 00:48 <DIR> d-------- C:\Program Files\CCleaner
2007-12-25 00:43 . 2007-12-25 00:43 <DIR> d-------- C:\Program Files\Windows Defender
2007-12-25 00:41 . 2007-12-25 00:41 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2007-12-20 17:03 . 2007-12-20 17:03 268 --ah----- C:\sqmdata05.sqm
2007-12-20 17:03 . 2007-12-20 17:03 244 --ah----- C:\sqmnoopt05.sqm
2007-12-20 04:57 . 2007-12-20 04:57 268 --ah----- C:\sqmdata04.sqm
2007-12-20 04:57 . 2007-12-20 04:57 244 --ah----- C:\sqmnoopt04.sqm
2007-12-17 20:36 . 2007-12-17 20:36 <DIR> d-------- C:\Program Files\FM Modifier 2.2
2007-12-16 10:49 . 2007-12-16 11:10 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\DVD Profiler
2007-12-16 10:48 . 2007-12-16 10:48 <DIR> d-------- C:\Program Files\DVD Profiler
2007-12-10 22:17 . 2007-12-10 22:17 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2007-12-10 22:17 . 2007-12-10 22:17 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Thunderbird
2007-12-10 22:17 . 2007-12-10 22:17 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Talkback
2007-12-10 22:17 . 2007-12-10 22:17 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-10 22:00 . 2007-12-10 21:44 55,778 --a------ C:\200611090030_cms6dognvestsjaelland.jpg
2007-12-10 22:00 . 2007-12-10 22:00 18,432 --ahs---- C:\Thumbs.db
2007-12-10 22:00 . 2007-12-10 22:00 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2007-12-10 21:35 . 2007-12-03 15:35 293,956 --a------ C:\20020515RealMadridRaul2wp.jpg
2007-12-10 21:35 . 2007-06-18 20:13 221,203 --a------ C:\APTOPIX_SPAIN_SOCCE_258634f.jpg
2007-12-10 21:35 . 2007-12-10 21:20 17,366 --a------ C:\LogoRealMadrid1.jpg
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-25 00:31 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\uTorrent
2007-12-25 00:12 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-12-25 00:03 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-25 00:03 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2007-12-20 20:21 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2007-12-16 00:17 --------- d-----w C:\Program Files\MagicISO
2007-12-09 19:00 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\dvdcss
2007-11-18 10:28 --------- d-----w C:\Program Files\HAM
2007-11-14 20:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-14 20:28 102,800 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2007-11-14 18:10 --------- d-----w C:\Program Files\Hattrick Coach Professional
2007-11-07 17:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2007-11-07 17:38 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Songbird1
2007-11-03 21:10 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\TVU Networks
2007-11-03 21:09 --------- d-----w C:\Program Files\TVUPlayer
2007-10-30 17:37 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Hoyle Card Games
2007-10-30 17:35 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Hoyle FaceCreator
2007-10-30 17:32 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-30 17:32 --------- d--h--r C:\Documents and Settings\HP_Administrator\Application Data\SecuROM
2005-05-12 05:36 12,288 -c--a-w C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-04-23 15:46]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-10 13:00 C:\WINDOWS\system32\rundll32.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 14:32 C:\WINDOWS\KHALMNPR.Exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 23:17]
"nwiz"="nwiz.exe" [2007-04-19 12:26 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-10 13:00 C:\WINDOWS\system32\rundll32.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 15:08 C:\WINDOWS\RTHDCPL.exe]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
avast! Antivirus.lnk - C:\Program Files\Alwil Software\Avast4\ashAvast.exe [2006-07-06 07:22:29]
Sygate Personal Firewall.lnk - C:\Program Files\Sygate\SPF\Smc.exe [2004-10-15 18:40:56]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\Documents and Settings\HP_Administrator\Desktop\skrivebord\index.htm
FriendlyName=
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MA111 Configuration Utility.lnk]
backup=C:\WINDOWS\pss\MA111 Configuration Utility.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Smart Wizard Wireless Settings.lnk]
backup=C:\WINDOWS\pss\Smart Wizard Wireless Settings.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 01:12 483328 --a--c--- C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-09-25 19:11 94208 --a------ C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
2005-10-27 11:00 299008 --------- C:\Program Files\Creative\Shared Files\CamTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Messaging]
C:\Program Files\Logitech\Easy Messaging\MobilePhoneSuite.exe --nogui
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\feedreader.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 00:47 31016 --a------ C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 06:12 49152 --a--c--- C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-08-15 19:15 271672 --a------ C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2006-01-17 12:03 53248 --a--c--- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2006-01-17 12:03 135168 --a--c--- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2005-09-25 19:11 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2004-12-14 02:23 663552 --a--c--- C:\Windows\Creator\Remind_XP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIDEBAR]
C:\Program Files\Desktop Sidebar\dsidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-08-27 10:14 36975 --a--c--- C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVCHOSTS]
2007-01-10 14:11 241664 ---hs---- C:\Program Files\Common Files\Microsoft Shared\DAO\PCD\SVCHOST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopDesk]
C:\Nye programmer\TopDesk\topdesk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
R0 dontgo;Promise Removable Disk Control Driver;C:\WINDOWS\system32\DRIVERS\DontGo.sys [2004-06-30 05:25]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 16:11]
R2 gearsec;gearsec;C:\WINDOWS\system32\gearsec.exe [2003-12-02 08:49]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-10-03 21:57]
S2 MSF32;MSF32;L:\DC++\MySecretFolder\MSF32.SYS []
S3 V0330VID;WebCam Vista;C:\WINDOWS\system32\DRIVERS\V0330Vid.sys [2006-09-12 18:00]
S3 vdiskbus;Virtual Disk Bus;C:\WINDOWS\system32\DRIVERS\vdiskbus.sys []
S3 wg121;NETGEAR WG121 802.11g Wireless USB2.0 Adapter;C:\WINDOWS\system32\DRIVERS\wg121nd5.sys []
S3 WLAN_USB;Wireless LAN USB Driver;C:\WINDOWS\system32\DRIVERS\MA111nd5.sys [2002-12-23 18:36]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27ee2912-7ede-11dc-ac97-0015f2a41a5a}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4acc2e92-0369-11db-8bb1-806d6172696f}]
\Shell\AutoRun\command - \DC++\Downloads\USB-Toolbox.v2.2.Multilanguage.WinAll-LAXiTY\USBToolBox\USBToolBox\ToolBox.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-21 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-12-22 10:48:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-13 11:32:18 C:\WINDOWS\Tasks\Internettjenester.job"
- C:\Program Files\Hewlett-Packard\SDP\HPSdpApp.exeb/remind /LaunchPoint reminder /App C:\Program Files\Hewlett-Packard\Internet Services\StartIS.aml
"2007-12-25 08:18:55 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-12-25 09:29:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-25 9:29:56
ROOTLOG:
********************************* ROOTCHK-(5-12-07)-LOG, by ejvindh
25-12-2007 9:20:29,21
The rootkits that are detected by this tool were not found.
********************************* ROOTCHK-LOG-end
catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-12-25 09:20:32
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg41]
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"
scanning hidden files ...
hidden processes: 0
hidden services: 0
hidden files: 0
SUPERANTISPYWARE LOG:
SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 12/25/2007 at 02:17 AM
Application Version : 3.7.1018
Core Rules Database Version : 3366
Trace Rules Database Version: 1365
Scan type : Complete Scan
Total Scan Time : 01:05:12
Memory items scanned : 179
Memory threats detected : 0
Registry items scanned : 8292
Registry threats detected : 0
File items scanned : 58804
File threats detected : 81
Adware.Tracking Cookie
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad1.emediate[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.pointroll[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@qxl.adservinginternational[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@clicktorrent[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bs.serving-sys[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.bolddk[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bluestreak[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@click.tdc-online[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@clickaider[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@4.adbrite[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@eas.apm.emediate[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@888[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@seasnve.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adfair[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediafire[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads2.jubii[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ncom.banneradministration[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@torrent-finder[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@philips.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adserver.banneradministration[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cgi-bin[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ipoint.targetpoint[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adtech[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@indextools[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@magasindn.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.dk-kogebogen[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.gamershell[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.zanox[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-adidas.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.yieldmanager[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.adbrite[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@partypoker[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@edsa.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@kickapps[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@nabosex[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@qxl.banneradministration[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@eas4.emediate[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@community.finditquick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@2o7[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.estart[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@advertising[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@linkto.mediafire[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media.adrevolver[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-youtube.hitbox[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adbrite[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-deltatre.hitbox[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cassava[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@eboks.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@statcounter[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tipsbladet.banneradministration[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@track.adform[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@rocku.adbureau[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@questionmarket[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@partygaming.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.nabosex[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@statse.webtrendslive[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@specificclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@stat.onestat[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@premiumtv.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@server.iad.liveperson[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@serving-sys[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tradedoubler[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediaplex[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@saxopolagroup.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tribalfusion[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@overture[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@zedo[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sexnoveller[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@usenext[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@videoegg.adbureau[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@server.cpmstar[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@stat.postdanmark[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@zbox.zanox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.sexnoveller[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.mediafire[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@m1_track_2007_11[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@statsmanager[1].txt
Så endnu engang håber jeg at der sidder en venlig sjæl derude, der kan hjælpe mig
Med venlig hilsen
Thomas
