Så blev jeg endelig færdig, det var jo en ordentlig smøre, og skulle også have en bid mad med de gamle, selv helte skal jo spise ;)
SUPERAntiSpyware Scan Log
Generated 02/22/2008 at 08:44 PM
Application Version : 3.5.1016
Core Rules Database Version : 3407
Trace Rules Database Version: 1399
Scan type : Complete Scan
Total Scan Time : 00:31:41
Memory items scanned : 145
Memory threats detected : 0
Registry items scanned : 4152
Registry threats detected : 0
File items scanned : 24732
File threats detected : 146
Adware.Tracking Cookie
C:\Documents and Settings\kts\Cookies\kts@ehg-chrysler.hitbox[2].txt
C:\Documents and Settings\kts\Cookies\kts@media.adrevolver[2].txt
C:\Documents and Settings\kts\Cookies\kts@saxocom.112.2o7[1].txt
C:\Documents and Settings\kts\Cookies\kts@ads.as4x.tmcs[1].txt
C:\Documents and Settings\kts\Cookies\kts@1071887355[2].txt
C:\Documents and Settings\kts\Cookies\kts@hitbox[1].txt
C:\Documents and Settings\kts\Cookies\kts@adtech[2].txt
C:\Documents and Settings\kts\Cookies\kts@1072674847[1].txt
C:\Documents and Settings\kts\Cookies\kts@1066551392[1].txt
C:\Documents and Settings\kts\Cookies\kts@cracks[2].txt
C:\Documents and Settings\kts\Cookies\kts@eas.apm.emediate[2].txt
C:\Documents and Settings\kts\Cookies\kts@adserv.starforge-studios[1].txt
C:\Documents and Settings\kts\Cookies\kts@bluestreak[1].txt
C:\Documents and Settings\kts\Cookies\kts@3.adbrite[1].txt
C:\Documents and Settings\kts\Cookies\kts@coopdev.112.2o7[1].txt
C:\Documents and Settings\kts\Cookies\kts@data4.perf.overture[2].txt
C:\Documents and Settings\kts\Cookies\kts@freefind[2].txt
C:\Documents and Settings\kts\Cookies\kts@1067806006[1].txt
C:\Documents and Settings\kts\Cookies\kts@bannere.fyens[1].txt
C:\Documents and Settings\kts\Cookies\kts@1066448979[1].txt
C:\Documents and Settings\kts\Cookies\kts@bs.serving-sys[2].txt
C:\Documents and Settings\kts\Cookies\kts@amaena[1].txt
C:\Documents and Settings\kts\Cookies\kts@ehg-dig.hitbox[2].txt
C:\Documents and Settings\kts\Cookies\kts@edsa.122.2o7[1].txt
C:\Documents and Settings\kts\Cookies\kts@ad.ofir[2].txt
C:\Documents and Settings\kts\Cookies\kts@clicktorrent[1].txt
C:\Documents and Settings\kts\Cookies\kts@ad.yieldmanager[1].txt
C:\Documents and Settings\kts\Cookies\kts@cgi-bin[1].txt
C:\Documents and Settings\kts\Cookies\kts@doubleclick[2].txt
C:\Documents and Settings\kts\Cookies\kts@ads2.jubii[1].txt
C:\Documents and Settings\kts\Cookies\kts@1069384766[1].txt
C:\Documents and Settings\kts\Cookies\kts@casalemedia[2].txt
C:\Documents and Settings\kts\Cookies\kts@indextools[1].txt
C:\Documents and Settings\kts\Cookies\kts@82763522[2].txt
C:\Documents and Settings\kts\Cookies\kts@1067849426[1].txt
C:\Documents and Settings\kts\Cookies\kts@eas4.emediate[2].txt
C:\Documents and Settings\kts\Cookies\kts@mediaplex[2].txt
C:\Documents and Settings\kts\Cookies\kts@go.winantivirus[1].txt
C:\Documents and Settings\kts\Cookies\kts@adbrite[2].txt
C:\Documents and Settings\kts\Cookies\kts@adfair[1].txt
C:\Documents and Settings\kts\Cookies\kts@ads.dk-kogebogen[1].txt
C:\Documents and Settings\kts\Cookies\kts@ehg-nokiafin.hitbox[1].txt
C:\Documents and Settings\kts\Cookies\kts@1072372789[1].txt
C:\Documents and Settings\kts\Cookies\kts@adserver.banneradministration[1].txt
C:\Documents and Settings\kts\Cookies\kts@1070926688[1].txt
C:\Documents and Settings\kts\Cookies\kts@ads.expedia[1].txt
C:\Documents and Settings\kts\Cookies\kts@brightcove.112.2o7[1].txt
C:\Documents and Settings\kts\Cookies\kts@centrebet.advertserve[1].txt
C:\Documents and Settings\kts\Cookies\kts@ads.arto[1].txt
C:\Documents and Settings\kts\Cookies\kts@ad.zanox[1].txt
C:\Documents and Settings\kts\Cookies\kts@fastclick[1].txt
C:\Documents and Settings\kts\Cookies\kts@ads.beamfile[1].txt
C:\Documents and Settings\kts\Cookies\kts@ads.estart[2].txt
C:\Documents and Settings\kts\Cookies\kts@advertising[1].txt
C:\Documents and Settings\kts\Cookies\kts@apmebf[1].txt
C:\Documents and Settings\kts\Cookies\kts@1071125370[2].txt
C:\Documents and Settings\kts\Cookies\kts@advertstream[1].txt
C:\Documents and Settings\kts\Cookies\kts@adrevolver[1].txt
C:\Documents and Settings\kts\Cookies\kts@banners2.battleon[1].txt
C:\Documents and Settings\kts\Cookies\kts@kaboose.112.2o7[1].txt
C:\Documents and Settings\kts\Cookies\kts@outrider.112.2o7[1].txt
C:\Documents and Settings\kts\Cookies\kts@ad1.emediate[2].txt
C:\Documents and Settings\kts\Cookies\kts@banners.battleon[2].txt
C:\Documents and Settings\kts\Cookies\kts@indexstats[1].txt
C:\Documents and Settings\kts\Cookies\kts@1071700744[2].txt
C:\Documents and Settings\kts\Cookies\kts@netmediagroup[1].txt
C:\Documents and Settings\kts\Cookies\kts@politiken.112.2o7[1].txt
C:\Documents and Settings\kts\Cookies\kts@dk.drivecleaner[1].txt
C:\Documents and Settings\kts\Cookies\kts@tacoda[2].txt
C:\Documents and Settings\kts\Cookies\kts@server.cpmstar[2].txt
C:\Documents and Settings\kts\Cookies\kts@hit.stat[2].txt
C:\Documents and Settings\kts\Cookies\kts@mtg.banneradministration[1].txt
C:\Documents and Settings\kts\Cookies\kts@statcounter[1].txt
C:\Documents and Settings\kts\Cookies\kts@gyldendalbogklub.112.2o7[1].txt
C:\Documents and Settings\kts\Cookies\kts@microsoftwlmessengermkt.112.2o7[1].txt
C:\Documents and Settings\kts\Cookies\kts@mtrack[1].txt
C:\Documents and Settings\kts\Cookies\kts@online.adservicemedia[2].txt
C:\Documents and Settings\kts\Cookies\kts@cgi-bin[3].txt
C:\Documents and Settings\kts\Cookies\kts@tribalfusion[2].txt
C:\Documents and Settings\kts\Cookies\kts@e2.emediate[2].txt
C:\Documents and Settings\kts\Cookies\kts@questionmarket[1].txt
C:\Documents and Settings\kts\Cookies\kts@valueclick[1].txt
C:\Documents and Settings\kts\Cookies\kts@stat.novasol[1].txt
C:\Documents and Settings\kts\Cookies\kts@sonofon.112.2o7[1].txt
C:\Documents and Settings\kts\Cookies\kts@kanoodle[2].txt
C:\Documents and Settings\kts\Cookies\kts@media.hotels[1].txt
C:\Documents and Settings\kts\Cookies\kts@perf.overture[1].txt
C:\Documents and Settings\kts\Cookies\kts@track.adform[1].txt
C:\Documents and Settings\kts\Cookies\kts@mtgnewmedia[1].txt
C:\Documents and Settings\kts\Cookies\kts@overture[2].txt
C:\Documents and Settings\kts\Cookies\kts@stat.onestat[2].txt
C:\Documents and Settings\kts\Cookies\kts@stat.inleadmedia[1].txt
C:\Documents and Settings\kts\Cookies\kts@partypoker[2].txt
C:\Documents and Settings\kts\Cookies\kts@servlet[7].txt
C:\Documents and Settings\kts\Cookies\kts@mscracks[1].txt
C:\Documents and Settings\kts\Cookies\kts@statse.webtrendslive[1].txt
C:\Documents and Settings\kts\Cookies\kts@qxl.banneradministration[2].txt
C:\Documents and Settings\kts\Cookies\kts@eyewonder[1].txt
C:\Documents and Settings\kts\Cookies\kts@server.iad.liveperson[1].txt
C:\Documents and Settings\kts\Cookies\kts@www.clickmanage[2].txt
C:\Documents and Settings\kts\Cookies\kts@revsci[2].txt
C:\Documents and Settings\kts\Cookies\kts@sdi-media[1].txt
C:\Documents and Settings\kts\Cookies\kts@ilead.itrack[1].txt
C:\Documents and Settings\kts\Cookies\kts@pulz.banneradministration[1].txt
C:\Documents and Settings\kts\Cookies\kts@sexnoveller[1].txt
C:\Documents and Settings\kts\Cookies\kts@stats1.reliablestats[2].txt
C:\Documents and Settings\kts\Cookies\kts@stat.postdanmark[2].txt
C:\Documents and Settings\kts\Cookies\kts@ncom.banneradministration[2].txt
C:\Documents and Settings\kts\Cookies\kts@praisexposed[1].txt
C:\Documents and Settings\kts\Cookies\kts@sdimediagroup[1].txt
C:\Documents and Settings\kts\Cookies\kts@medialine[2].txt
C:\Documents and Settings\kts\Cookies\kts@saftigsex[1].txt
C:\Documents and Settings\kts\Cookies\kts@serving-sys[1].txt
C:\Documents and Settings\kts\Cookies\kts@drm[2].txt
C:\Documents and Settings\kts\Cookies\kts@tdc.112.2o7[1].txt
C:\Documents and Settings\kts\Cookies\kts@viastream.player.mtgnewmedia[2].txt
C:\Documents and Settings\kts\Cookies\kts@specificclick[2].txt
C:\Documents and Settings\kts\Cookies\kts@rezidor.112.2o7[1].txt
C:\Documents and Settings\kts\Cookies\kts@vhost.oddcast[2].txt
C:\Documents and Settings\kts\Cookies\kts@tdstats[1].txt
C:\Documents and Settings\kts\Cookies\kts@www.cracks[1].txt
C:\Documents and Settings\kts\Cookies\kts@stats.ilsemedia[1].txt
C:\Documents and Settings\kts\Cookies\kts@sexetc[2].txt
C:\Documents and Settings\kts\Cookies\kts@windowsmedia[1].txt
C:\Documents and Settings\kts\Cookies\kts@www.findalt[1].txt
C:\Documents and Settings\kts\Cookies\kts@wannafind[2].txt
C:\Documents and Settings\kts\Cookies\kts@zedo[1].txt
C:\Documents and Settings\kts\Cookies\kts@www.sex-kontakt[1].txt
C:\Documents and Settings\kts\Cookies\kts@www.soundclick[1].txt
C:\Documents and Settings\kts\Cookies\kts@www.sexnoveller[2].txt
C:\Documents and Settings\kts\Cookies\kts@tradedoubler[2].txt
C:\Documents and Settings\kts\Cookies\kts@winantivirus[1].txt
C:\Documents and Settings\kts\Cookies\kts@shopica[1].txt
C:\Documents and Settings\kts\Cookies\kts@www.burstnet[2].txt
C:\Documents and Settings\kts\Cookies\kts@roiservice[1].txt
C:\Documents and Settings\kts\Cookies\kts@soundclick[1].txt
C:\Documents and Settings\kts\Cookies\kts@www.gratispornofilm[2].txt
C:\Documents and Settings\kts\Cookies\kts@www.pornopower[2].txt
C:\Documents and Settings\kts\Cookies\kts@burstnet[1].txt
C:\Documents and Settings\kts\Cookies\kts@Counter[1].txt
C:\Documents and Settings\kts\Cookies\kts@green_credit_track_2006_01[1].txt
C:\Documents and Settings\kts\Cookies\kts@ikano_kash_track_2006_03[2].txt
C:\Documents and Settings\kts\Cookies\kts@metatrafficDPB[1].txt
C:\Documents and Settings\kts\Cookies\kts@tracking.dc-storm[2].txt
C:\Documents and Settings\kts\Cookies\kts@www.bannercamp[2].txt
C:\Documents and Settings\kts\Cookies\kts@www.bannercamp[3].txt
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:53:02, on 22-02-2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\system32\Brmfrmps.exe
C:\WINNT\system32\BrmfRsmg.exe
C:\Programmer\Canon\MultiPASS4\MPSERVIC.EXE
C:\WINNT\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINNT\system32\stisvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINNT\Explorer.EXE
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Creative\Shared Files\CAMTRAY.EXE
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\Canon\MultiPASS4\MPTBox.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Trend Micro\Internet Security 2007\pccguide.exe
C:\Programmer\Scansoft\PaperPort\pptd40nt.exe
C:\WINNT\system32\internat.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\internet explorer\iexplore.exe
C:\WINNT\system32\notepad.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.dk/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\Programmer\FlashFXP\IEFlash.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programmer\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Programmer\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmer\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programmer\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programmer\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Programmer\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Programmer\ladbrokesMPP\MPPoker.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) -
http://downol.dr.dk/download/netradio/Rawflow.cabO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cabO16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) -
https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exeO16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) -
http://www.turntool.com/ViewerInstall.exeO16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} -
http://activex.microgaming.com/dlhelper/version7/dlhelper.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/msnmessengersetupdownloader.cabO16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) -
https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exeO20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINNT\system32\Brmfrmps.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: MpService - Canon Inc. - C:\Programmer\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Beskyttelse mod spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
ComboFix 08-02-22.3 - kts 22-02-2008 20:56:05.2 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1030.18.143 [GMT 1:00]
Running from: C:\Documents and Settings\kts\Skrivebord\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((( Files Created from 2008-01-22 to 2008-02-22 )))))))))))))))))))))))))))))))
.
2008-02-22 20:56 . 22-02-08 20:56 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_430.dat
2008-02-22 19:49 . 22-02-08 20:51 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2008-02-22 19:49 . 22-02-08 19:49 <DIR> d-------- C:\Documents and Settings\kts\Application Data\SUPERAntiSpyware.com
2008-02-22 19:49 . 22-02-08 19:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2008-02-22 19:39 . 22-02-08 19:39 <DIR> d-------- C:\Programmer\CCleaner
2008-02-22 18:41 . 22-02-08 18:41 <DIR> d-------- C:\Programmer\Lavasoft
2008-02-22 18:41 . 22-02-08 18:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-22 18:49 --------- d-----w C:\Programmer\Fælles filer\Wise Installation Wizard
2008-02-22 17:06 --------- d-----w C:\Programmer\Trend Micro
2008-02-22 17:00 --------- d-----w C:\Documents and Settings\kts\Application Data\Lavasoft
2008-02-10 19:49 --------- d-----w C:\Documents and Settings\kts\Application Data\LimeWire
2007-12-14 10:32 12,632 ----a-w C:\WINNT\system32\lsdelete.exe
2004-03-12 14:55 271 ---h--w C:\Programmer\desktop.ini
2004-03-12 14:55 22,029 ---h--w C:\Programmer\folder.htt
2002-08-23 00:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
2001-11-22 13:08 712,704 ----a-w C:\WINNT\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [23-08-02 01:00 20752 C:\WINNT\system32\internat.exe]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [29-04-07 14:45 68856]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [10-01-07 15:14 1310720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [19-06-03 20:05 111888 C:\WINNT\system32\mobsync.exe]
"NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [17-11-03 19:33 3022848]
"nwiz"="nwiz.exe" [17-11-03 19:33 753664 C:\WINNT\system32\nwiz.exe]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [16-02-07 09:54 282624]
"Creative WebCam Tray"="C:\Programmer\Creative\Shared Files\CAMTRAY.EXE" [05-11-02 03:00 184320]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [09-07-01 10:50 155648]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [25-09-07 01:11 132496]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [14-03-07 18:05 257088]
"pccguide.exe"="C:\Programmer\Trend Micro\Internet Security 2007\pccguide.exe" [08-03-07 02:43 3429904]
"PaperPort PTD"="C:\Programmer\Scansoft\PaperPort\pptd40nt.exe" [24-09-02 12:17 45108]
"IndexSearch"="C:\Programmer\Scansoft\PaperPort\IndexSearch.exe" [24-09-02 12:46 36864]
"SetDefPrt"="C:\Programmer\Brother\Brmfl03a\BrStDvPt.exe" [03-07-03 14:31 45056]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [23-08-02 01:00 20752 C:\WINNT\system32\internat.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Programmer\Internet Explorer\Connection Wizard\icwconn1.exe" [19-06-03 20:05 187664]
C:\DOCUME~1\ALLUSE~1\MENUEN~1\PROGRA~1\Start\
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - D:\Programmer\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [20-12-06 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 19-10-06 09:12 258048 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
R0 viasraid;viasraid;C:\WINNT\system32\DRIVERS\viasraid.sys [05-08-03 07:14 ]
R2 BrSerial;Brother Serial Driver;C:\WINNT\system32\drivers\BrSerial.sys [15-03-02 11:13 ]
R2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINNT\system32\DRIVERS\NVxbar.sys [10-11-03 21:34 ]
S2 nvcap;nVidia WDM Video Capture (universal);C:\WINNT\system32\DRIVERS\nvcap.sys [10-11-03 21:34 ]
S3 BrUsbMdm;Brother MFC USB FaxModem driver;C:\WINNT\system32\Drivers\BrUsbMdm.sys [05-06-03 13:08 ]
S3 BrUsbScn;Brother MFC USB Scanner driver;C:\WINNT\system32\Drivers\BrUsbScn.sys [05-06-03 13:09 ]
S3 V0010bVd;Creative WebCam Vista #2;C:\WINNT\system32\DRIVERS\V0010bVd.sys [21-04-03 08:19 ]
S3 viafilter;VIA USB Filter;C:\WINNT\system32\Drivers\viausb.sys [18-06-03 16:48 ]
S4 Windows Display Diver;display;"C:\WINNT\display.exe" []
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-22 20:57:51
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 22-02-2008 20:58:33
ComboFix-quarantined-files.txt 2008-02-22 19:58:28
ComboFix2.txt 2008-02-22 19:02:01
er det stadig itu drevet bliver næste skridt nok skradespanden, og så en bærbar :)