Logfile of HijackThis v1.99.1
Scan saved at 12:12:23, on 06-01-2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Nana\Skrivebord\Hijackthis\alternativ.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.signon.stofanet.dk/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =
http://www.stofanet.dk/proxycnf.pacR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
ComboFix 08-01-04.1 - Nana 2008-01-06 12:03:51.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1030.18.372 [GMT 1:00]
Running from: C:\Documents and Settings\Nana\Skrivebord\Forsøg\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nana\Skrivebord\Forsøg\CFScript.txt
* Created a new restore point
FILE
C:\Windows\System32\Tilecomnu.com
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\_install.exe blev ikke fundet.
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Symantec\LiveSubscribe\Catalog.LiveSubscribe
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\1.Log.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\1.Product.Catalog.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\1.Settings.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2.Log.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2.Product.Catalog.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2.Settings.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\3.Log.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\3.Product.Catalog.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\3.Settings.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Configuration.Log.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$201.5$20microdefs2_microdefsb.curdefs_symalllanguages_livetri.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$201.5$20microdefs2_microdefsb.full_symalllanguages_livetri.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$201.5$20microdefs2_microdefsb.oct_symalllanguages_livetri.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$201.5$20microdefs25$20nav2003_microdefsb.curdefs_symalllanguages_livetri.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$201.5$20microdefs25$20nav2003_microdefsb.dec_symalllanguages_livetri.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$201.5$20microdefs25$20nav2003_microdefsb.jul_symalllanguages_livetri.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$201.5$20microdefs25$20nav2003_microdefsb.oct_symalllanguages_livetri.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\common$20client$20core_1.0_english_livetri.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem2711_symnet$20consumer_4.7.1_english\Message.exe
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem2711_symnet$20consumer_4.7.1_english\patch.dis
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem2711_symnet$20consumer_4.7.1_english\setup.exe
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem2711_symnet$20consumer_4.7.1_english\SNDUpdater.msi
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem2717_symnet$20consumer_5.4.4_english\Message.exe
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem2717_symnet$20consumer_5.4.4_english\patch.dis
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem2717_symnet$20consumer_5.4.4_english\setup.exe
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem2717_symnet$20consumer_5.4.4_english\SNDUpdater.msi
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem2717_symnet$20consumer_5.4.4_english\SymStore.dll
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ids$20$2d$20consumer_6.1.1_english_livetri.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\livereg_2.2.0_english_livetri.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\livetri.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\liveupdate_1.80_english_livetri.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\lrconsumer_1.0_english_livetri.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\minitri.flg
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\navnt$202003$20professional$20edition_9.00_english_livetri.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\navnt$202003$20professional$20edition_9.05_english_livetri.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\norton$20wmi$20core_1.2_english_livetri.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\norton$20wmi$20master$20patch_0.1_english_livetri.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\norton$20wmi$20shared_1.2_english_livetri.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\norton$20wmi$20user$20interface_1.2_english_livetri.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\scan$20$26$20deliver$20filter_1.0_english_livetri.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\scriptblocking_1.1_english_livetri.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\scss$20shared$20licensing_3.0_english_livetri.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\simon$20shared$20components_2.0_english_livetri.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\symevent$20installer$20$2d$20consumer_11.0_english_livetri.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\symevent$20installer$20$2d$20consumer_11.6_english_livetri.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\symnet$20consumer_4.7.1_english_livetri.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\symnet$20consumer_5.4.4_english_livetri.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\symnet$20consumer_5.5.1_english_livetri.zip
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Log.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Product.Catalog.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Settings.LiveUpdate
C:\Programmer\Fælles filer\Symantec Shared
C:\Programmer\Fælles filer\Symantec Shared\ccWebWnd.dll
C:\Programmer\Fælles filer\Symantec Shared\IraLsClt.dll
C:\Programmer\Fælles filer\Symantec Shared\LiveReg\Catalog.LiveSubscribe
C:\Programmer\Fælles filer\Symantec Shared\LiveReg\Defaults.liveReg
C:\Programmer\Fælles filer\Symantec Shared\LiveReg\iraDefA2.dll
C:\Programmer\Fælles filer\Symantec Shared\LiveReg\IraLrShl.exe
C:\Programmer\Fælles filer\Symantec Shared\LiveReg\iraLSCl2.dll
C:\Programmer\Fælles filer\Symantec Shared\LiveReg\iraLSUI.dll
C:\Programmer\Fælles filer\Symantec Shared\LiveReg\IraVcLc2.dll
C:\Programmer\Fælles filer\Symantec Shared\LiveReg\IraVcObj.dll
C:\Programmer\Fælles filer\Symantec Shared\LiveReg\LR2CHLP.HLP
C:\Programmer\Fælles filer\Symantec Shared\LiveReg\LrResEN.dll
C:\Programmer\Fælles filer\Symantec Shared\LiveReg\VcCleanUp.exe
C:\Programmer\Fælles filer\Symantec Shared\LiveReg\VcResEN.dll
C:\Programmer\Fælles filer\Symantec Shared\LiveReg\VcSetup.exe
C:\Programmer\Fælles filer\Symantec Shared\LiveReg\Watermrk.gif
C:\Programmer\Fælles filer\Symantec Shared\Security Center\sscnav.dll
C:\Programmer\Fælles filer\Symantec Shared\Security Center\sscnis56.dll
C:\Programmer\Fælles filer\Symantec Shared\Security Center\sscnis7.dll
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SSCOpts.dat
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymSCWb.dll
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSCNo.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Programmer\Fælles filer\Symantec Shared\Security Center\WSCHlpr.dll
C:\Programmer\Symantec
C:\Programmer\Symantec\LiveUpdate\1.Settings.Default.LiveUpdate
C:\Programmer\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Programmer\Symantec\LiveUpdate\AUPDATE.EXE
C:\Programmer\Symantec\LiveUpdate\LSETUP.EXE
C:\Programmer\Symantec\LiveUpdate\LuAll.cnt
C:\Programmer\Symantec\LiveUpdate\LUALL.EXE
C:\Programmer\Symantec\LiveUpdate\LUALL.HLP
C:\Programmer\Symantec\LiveUpdate\LuComServer.EXE
C:\Programmer\Symantec\LiveUpdate\LuComServerPS.DLL
C:\Programmer\Symantec\LiveUpdate\ludirloc.dat
C:\Programmer\Symantec\LiveUpdate\LUINFO.INF
C:\Programmer\Symantec\LiveUpdate\LUInit.exe
C:\Programmer\Symantec\LiveUpdate\LUInit.ini
C:\Programmer\Symantec\LiveUpdate\LUINSDLL.DLL
C:\Programmer\Symantec\LiveUpdate\LuResult.txt
C:\Programmer\Symantec\LiveUpdate\NDETECT.EXE
C:\Programmer\Symantec\LiveUpdate\NetDetectController.DLL
C:\Programmer\Symantec\LiveUpdate\ProductRegCom.DLL
C:\Programmer\Symantec\LiveUpdate\ProductRegComPS.DLL
C:\Programmer\Symantec\LiveUpdate\README.TXT
C:\Programmer\Symantec\LiveUpdate\S32LIVE1.DLL
C:\Programmer\Symantec\LiveUpdate\S32LUCP1.CPL
C:\Programmer\Symantec\LiveUpdate\S32LUIS1.DLL
C:\Programmer\Symantec\LiveUpdate\S32LUWI1.DLL
C:\Programmer\Symantec\LiveUpdate\SymantecRootInstaller.exe
.
((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 )))))))))))))))))))))))))))))))
.
2008-01-05 23:09 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-05 22:19 . 2008-01-06 09:29 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2008-01-05 22:15 . 2008-01-05 22:15 <DIR> d-------- C:\Programmer\CCleaner
2008-01-05 19:33 . 2008-01-05 19:37 2,100 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-05 17:38 . 2008-01-05 17:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-05 16:27 . 2008-01-05 16:27 <DIR> d--h----- C:\Programmer\InstallShield Installation Information
2008-01-05 16:26 . <DIR> C:\Programmer\Fælles filer\InstallShield
2008-01-05 10:47 . 2008-01-05 10:47 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-01-05 10:35 . 2008-01-05 10:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-05 10:34 . 2008-01-05 15:31 <DIR> d-------- C:\Documents and Settings\Nana\Application Data\SUPERAntiSpyware.com
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 21:19 --------- d-----w C:\Programmer\Fælles filer\Wise Installation Wizard
2008-01-03 16:38 --------- d-----w C:\Programmer\Trafikteori
2007-11-24 19:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
.
((((((((((((((((((((((((((((( snapshot@2008-01-05_23.10.36,11 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-05 21:59:13 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-06 10:51:28 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-05 21:59:13 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\index.dat
+ 2008-01-06 10:51:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\index.dat
- 2008-01-05 21:59:13 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-06 10:51:28 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat
- 2007-10-29 18:33:14 47,276 ----a-w C:\WINDOWS\system32\perfc006.dat
+ 2008-01-06 08:15:45 47,276 ----a-w C:\WINDOWS\system32\perfc006.dat
- 2007-10-29 18:33:14 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-06 08:15:45 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-10-29 18:33:14 324,960 ----a-w C:\WINDOWS\system32\perfh006.dat
+ 2008-01-06 08:15:45 324,960 ----a-w C:\WINDOWS\system32\perfh006.dat
- 2007-10-29 18:33:14 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-06 08:15:45 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-04-23 15:46 1318128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"HP Software Update"="C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 11:40 49152]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-09-14 10:13 286720]
"PCSuiteTrayApplication"="C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-28 13:12 222720]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-09 13:13 13312]
"PcSync"="C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 16:15 1634304]
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
R0 viaagp;VIA AGP-busfilter;C:\WINDOWS\System32\DRIVERS\viaagp.sys [2001-08-17 21:58]
R3 rtl8029;NT-driver til Realtek RTL8029(AS)-baseret PCI Ethernet-netværkskort;C:\WINDOWS\System32\DRIVERS\RTL8029.SYS [2001-08-17 20:12]
S2 MSWindows;Network Windows Service;"C:\WINDOWS\System32\urdvxc.exe" []
S4 Universal Printer NT Service;Universal Printer NT Service;"C:\WINDOWS\System32\dllcache\upnt.exe" []
.
Contents of the 'Scheduled Tasks' folder
"2008-01-06 11:08:41 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Programmer\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-06 12:09:00
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-06 12:09:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-06 11:09:35