Så er CCleaner helt clean :-)
SAS fandt intet overhoved og jeg kunne ikke finde en log
AVG AntiSpyware/Ewido, er blevet kørt og renset
Combofix Log:ComboFix 07-12-31.4 - Anastasia 2008-01-01 13:05:31.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1030.18.211 [GMT 1:00]
Running from: C:\Users\Anastasia\Desktop\Tino\ComboFix_6.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\_install.exe blev ikke fundet.
.
((((((((((((((((((((((((( Files Created from 2007-12-01 to 2008-01-01 )))))))))))))))))))))))))))))))
.
2008-01-01 12:59 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-01 12:25 . 2007-07-06 18:39 401,720 --a------ C:\Program Files\HJTrenamed.exe
2008-01-01 11:54 . 2008-01-01 11:54 <DIR> d-------- C:\Users\Anastasia\AppData\Roaming\SUPERAntiSpyware.com
2008-01-01 11:54 . 2008-01-01 11:54 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-01-01 11:54 . 2008-01-01 11:55 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-01 11:35 . 2008-01-01 11:35 <DIR> d-------- C:\Program Files\CCleaner
2008-01-01 11:23 . 2008-01-01 11:23 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-01-01 11:22 . 2008-01-01 11:22 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-01-01 11:22 . 2008-01-01 11:22 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-01-01 11:22 . 2008-01-01 11:22 2,048 --a------ C:\Windows\System32\asferror.dll
2008-01-01 11:19 . 2008-01-01 11:19 1,830,912 --a------ C:\Windows\System32\inetcpl.cpl
2008-01-01 11:19 . 2008-01-01 11:19 56,320 --a------ C:\Windows\System32\iesetup.dll
2008-01-01 11:19 . 2008-01-01 11:19 26,624 --a------ C:\Windows\System32\ieUnatt.exe
2008-01-01 11:18 . 2008-01-01 11:18 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-01-01 11:18 . 2008-01-01 11:18 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-01-01 11:18 . 2008-01-01 11:18 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-01-01 11:18 . 2008-01-01 11:18 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-01-01 11:12 . 2008-01-01 11:12 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-01-01 11:11 . 2008-01-01 11:12 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2008-01-01 11:11 . 2008-01-01 11:11 2,048 --a------ C:\Windows\System32\tzres.dll
2008-01-01 10:43 . 2008-01-01 10:43 <DIR> d-------- C:\ProgramData\Lavasoft
2008-01-01 10:43 . 2008-01-01 10:43 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-01 10:41 . 2008-01-01 11:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-08 14:44 . 2007-12-08 14:44 <DIR> d-------- C:\Program Files\Apple Software Update
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-01 10:20 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-08 13:50 --------- d-----w C:\ProgramData\Apple Computer
2007-12-08 13:50 --------- d-----w C:\Program Files\QuickTime
2007-11-29 21:44 --------- d-----w C:\ProgramData\Symantec
2007-11-29 12:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-29 11:51 --------- d-----w C:\ProgramData\Rosetta Stone
2007-11-18 02:02 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-15 16:20 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-15 16:20 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2007-11-15 16:20 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-15 16:20 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-15 16:20 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-11-15 16:20 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-15 16:20 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-15 16:20 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2007-11-15 16:19 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-15 16:19 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-15 16:19 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-15 16:19 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-15 16:19 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-15 16:19 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-15 16:16 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2007-11-15 16:16 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-11-15 16:16 73,216 ----a-w C:\Windows\system32\drivers\usbccgp.sys
2007-11-15 16:16 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2007-11-15 16:16 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2007-11-15 16:16 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2007-11-15 16:16 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2007-11-15 16:16 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
2007-11-15 16:14 --------- d-----w C:\Program Files\Windows Mail
2007-11-04 13:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-11 01:08 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-10-11 01:08 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-10-11 01:08 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-10-11 01:08 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-10-11 01:03 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-10-11 01:03 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-10-11 01:02 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2007-09-02 01:12 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2006-11-02 13:35 1196032]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2006-10-23 15:49 1092152]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-09-27 21:04 2321600]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-05 17:53 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 06:27 815104]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 06:37 4186112 C:\Windows\RtHDVCpl.exe]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-20 20:08 228088]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 23:08 107112]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 00:18 22696]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-01-10 10:00 18944]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe" [2007-01-18 09:19 484984]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"NetFxUpdate_v1.1.4322"="C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" [2004-08-10 16:20 106496]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 10:22]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2006-10-20 04:10]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-12-21 13:31]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-02-02 15:09]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-10-24 13:40]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1eb00ad2-436b-11dc-8966-806e6f6e6963}]
\shell\AutoRun\command - D:\autorun.exe
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
*Newly Created Service* - SASDIFSV
*Newly Created Service* - SASENUM
*Newly Created Service* - SASKUTIL
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {6173A4FC-D42D-69A6-52CA-A30496389760} /qb
.
Contents of the 'Scheduled Tasks' folder
"2007-11-23 19:28:01 C:\Windows\Tasks\Norton Internet Security - Kør fuld systemskanning - Anastasia.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
"2008-01-01 12:00:06 C:\Windows\Tasks\Recovery DVD Creator.job"
- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
"2008-01-01 12:00:05 C:\Windows\Tasks\Udvidet garanti.job"
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-01 13:11:32
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-01 13:13:33
.
2008-01-01 10:24:07 --- E O F ---
Hijackthis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:16:33, on 01-01-2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\taskeng.exe
C:\Users\Anastasia\Desktop\Tino\ewido_micro_3.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\HJTrenamed.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.dk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NetFxUpdate_v1.1.4322] "C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 1 v1.1.4322 GAC + NI NID
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O13 - Gopher Prefix:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS – Godkendelse af adgangskoder (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\symantec\liveupdate\LuComServer_3_2.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 7241 bytes