Her komme alle 3 logs i et post :
(HJT I NY version)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:27:46, on 01-04-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Programmer\Flles filer\Symantec Shared\ccSvcHst.exe
C:\Programmer\Flles filer\Symantec Shared\ccProxy.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\system32\spoolsv.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\Compaq\Compaq Management Agents\cpqalert.exe
C:\Windows\Cpqdiag\Cpqdfwag.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\Programmer\Maxtor\Sync\SyncServices.exe
C:\Windows\System32\NMSSvc.exe
C:\Windows\System32\svchost.exe
C:\Programmer\Flles filer\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmer\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\Programmer\RealVNC\VNC4\WinVNC4.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\Programmer\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Windows\system32\PROMon.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\Windows\System32\usbtapnp.exe
C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Programmer\Flles filer\Symantec Shared\ccApp.exe
C:\Programmer\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Windows\system32\ctfmon.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Ahead\Nero BackItUp\NBJ.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\Flles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmer\Flles filer\Symantec Shared\VAScanner\comHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\HPZipm12.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Programmer\Symantec\LiveUpdate\AUPDATE.EXE
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programmer\Flles filer\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Programmer\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [USBTA] C:\Windows\System32\usbtapnp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\Windows\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Programmer\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Flles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Flles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Flles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Programmer\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\Windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programmer\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\Windows\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\Windows\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZCxdm409YYDK
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tdconline.dk/start
O15 - Trusted Zone:
www.portalbank.dkO16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) -
https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.10.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} -
https://webdl.symantec.com/activex/symdlmgr.cabO16 - DPF: {8C379EAB-FB26-4B71-BB5C-05B4C96E4851} (Hjemmeside.KvikFoto) -
http://www.123hjemmeside.dk/builder/pages/KvikFoto-1-0-5.CABO20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatisk LiveUpdate-planlgning - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Flles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmer\Flles filer\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Flles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmer\Flles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmer\Flles filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Programmer\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\Windows\Cpqdiag\Cpqdfwag.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programmer\Flles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmer\Flles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Programmer\Maxtor\Sync\SyncServices.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\Windows\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmer\Flles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmer\Flles filer\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Programmer\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programmer\RealVNC\VNC4\WinVNC4.exe
--
End of file - 10996 bytes
_______________________________________________
ComboFix 08-03-30.5 - Administrator 2008-04-01 12:57:49.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.427 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Skrivebord\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
TimedOut: progfile.dat
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-03-01 to 2008-04-01 )))))))))))))))))))))))))))))))
.
2008-03-30 18:58 . 2006-10-04 16:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-03-30 18:58 . 2006-10-04 16:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-03-30 18:58 . 2006-10-04 16:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-03-30 18:57 . 2008-03-30 18:57 <DIR> d-------- C:\Programmer\Windows Media Connect 2
2008-03-30 18:52 . 2008-03-30 18:52 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-30 18:52 . 2008-03-30 18:55 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-30 18:52 . 2008-03-31 22:46 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-03-28 16:30 . 2008-03-28 16:30 99 --a------ C:\WINDOWS\wininit.ini
2008-03-28 14:15 . 2008-03-28 14:15 <DIR> d-------- C:\Programmer\RealVNC
2008-03-28 14:01 . 2008-03-28 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-28 14:00 . 2008-03-28 14:00 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2008-03-28 14:00 . 2008-03-28 14:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-03-26 11:45 . 2008-03-26 11:45 <DIR> d-------- C:\Programmer\CCleaner
2008-03-21 16:15 . 2008-03-21 16:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-21 16:14 . 2008-03-28 14:00 <DIR> d-------- C:\Programmer\Flles filer\Wise Installation Wizard
2008-03-21 09:42 . 2008-03-28 14:25 <DIR> d-------- C:\Programmer\Spybot - Search & Destroy
2008-03-21 09:42 . 2008-03-31 14:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-20 19:28 . 2008-03-20 19:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-19 11:43 . 2008-03-19 11:43 <DIR> d-------- C:\Programmer\Maxtor
2008-03-19 11:43 . 2008-03-19 11:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Maxtor
2008-03-19 11:40 . 2008-03-19 11:40 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-03-19 11:40 . 2008-03-19 11:40 <DIR> d-------- C:\Programmer\MSXML 6.0
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-01 11:03 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-04-01 10:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-28 11:57 --------- d-----w C:\Programmer\Yahoo!
2008-03-26 21:30 --------- d-----w C:\Programmer\Flles filer\Symantec Shared
2008-03-21 14:15 --------- d-----w C:\Programmer\Lavasoft
2008-03-21 14:15 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-03-21 10:17 --------- d-----w C:\Programmer\Flles filer\LogiShrd
2008-03-21 10:07 --------- d-----w C:\Programmer\Logitech
2008-03-19 09:44 --------- d--h--w C:\Programmer\InstallShield Installation Information
2008-03-06 20:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-03-06 20:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-03-06 20:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
2008-01-11 05:40 44,544 ----a-w C:\Windows\system32\dllcache\pngfilt.dll
2005-11-04 20:55 159 ---h--w C:\Documents and Settings\Administrator\hpothb07.dat
2005-05-11 22:36 12,288 ----a-w C:\Windows\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\Windows\system32\ctfmon.exe" [2004-08-27 02:53 15360]
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" [2006-10-13 18:20 20058152]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 21:26 68856]
"NBJ"="C:\Programmer\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 17:03 1957888]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 17:03 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\System32\igfxtray.exe" [2003-04-07 00:19 155648]
"HotKeysCmds"="C:\Windows\System32\hkcmd.exe" [2003-04-07 00:07 114688]
"CPQEASYACC"="C:\Programmer\COMPAQ\Easy Access Button Support\StartEAK.exe" [2001-12-14 15:01 32768]
"PROMon.exe"="PROMon.exe" [2002-03-25 11:36 73728 C:\WINDOWS\system32\PROMon.exe]
"ChkAdmin"="C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE" [2002-01-24 18:03 81920]
"USBTA"="C:\Windows\System32\usbtapnp.exe" [2001-01-09 18:14 126976]
"HPDJ Taskbar Utility"="C:\Windows\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 10:08 172032]
"HP Software Update"="C:\Programmer\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
"DeviceDiscovery"="C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 20:56 40960]
"Share-to-Web Namespace Daemon"="C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42 69632]
"CamMonitor"="C:\Programmer\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 00:23 90112]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2006-02-21 11:41 77824]
"NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"ccApp"="C:\Programmer\Flles filer\Symantec Shared\ccApp.exe" [2007-03-14 20:10 116328]
"UserFaultCheck"="C:\Windows\system32\dumprep 0 -u" [ ]
"Symantec PIF AlertEng"="C:\Programmer\Flles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"mxomssmenu"="C:\Programmer\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 15:53 169264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"CPQDFWAG"="C:\Windows\Cpqdiag\CpqDfwAg.exe" [2001-10-25 17:56 212992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\Windows\System32\CTFMON.EXE" [2004-08-27 02:53 15360]
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Speed Launch.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]
HP Image Zone Hurtig start.lnk - C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2005-05-12 01:49:24 73728]
LUMIX Simple Viewer.lnk - C:\Programmer\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2006-08-14 10:58:03 57344]
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Skype\\Phone\\Skype.exe"=
R1 ClntMgmt;Compaq Client Management Driver;C:\Windows\system32\Drivers\ClntMgmt.sys [2002-01-16 14:48]
R2 Automatisk LiveUpdate-planlgning;Automatisk LiveUpdate-planlgning;"C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 12:57]
R2 CpqDfwWebAgent;Compaq Remote Diagnostics Enabling Agent;C:\Windows\Cpqdiag\Cpqdfwag.exe [2001-10-25 17:56]
R2 cpqWebDmi;Compaq DMI Web Agent;C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe [2002-01-24 18:09]
R2 Maxtor Sync Service;Maxtor Service;C:\Programmer\Maxtor\Sync\SyncServices.exe [2007-09-28 13:24]
R2 NMSSvc;Intel(R) NMS;C:\Windows\System32\NMSSvc.exe [2002-03-04 10:35]
R3 DUSBTAWAN;miniVigor128 NDISWAN Driver;C:\Windows\system32\DRIVERS\musbwn2k.sys [2001-01-31 12:43]
R3 FakeWDMmdm;DWDMCOMM;C:\Windows\system32\DRIVERS\dusbcomm.sys [2001-06-22 20:40]
R3 NMSCFG;NIC Management Service Configuration Driver;C:\Windows\system32\drivers\NMSCFG.SYS [2002-03-04 10:35]
S3 iComp;Grabster AV 400;C:\Windows\system32\DRIVERS\p2usbwdm.sys [2004-09-02 11:02]
S3 mDTA128;miniVigor USB;C:\Windows\system32\DRIVERS\musbta2k.sys [2001-09-06 18:38]
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-01 13:03:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-01 13:04:53
ComboFix-quarantined-files.txt 2008-04-01 11:04:38
Pre-Run: 14,735,290,368 byte ledig
Post-Run: 14,726,250,496 byte ledig
.
2008-03-31 20:48:08 --- E O F ---
_____________________________________________
SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 04/01/2008 at 01:27 PM
Application Version : 4.0.1154
Core Rules Database Version : 3426
Trace Rules Database Version: 1418
Scan type : Quick Scan
Total Scan Time : 00:14:17
Memory items scanned : 661
Memory threats detected : 0
Registry items scanned : 424
Registry threats detected : 0
File items scanned : 5871
File threats detected : 2
Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@windowsmedia[1].txt
_____________________________________________
CCleaner:
RENSNING FRDIG - (3.950 sek)
------------------------------------------------------------------------------------------
8,33MB fjernet.
------------------------------------------------------------------------------------------
Detaljer om de slettede filer
------------------------------------------------------------------------------------------
IE midlertidige Internet filer (446 filer) 3,60MB
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt 105 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@www.islandshunden[1].txt 122 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@rad.msn[2].txt 750 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@www.portalbank[1].txt 116 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@lavenderfleece[1].txt 92 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@m.webtrends[2].txt 187 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@google[2].txt 136 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@google[3].txt 135 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@onlinestores.metaservices.microsoft[1].txt 147 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@windowsmedia[1].txt 143 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@chart[1].txt 94 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt 426 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[2].txt 86 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@e2.emediate[1].txt 298 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@google[1].txt 128 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@hit.gemius[2].txt 223 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@req.connect.wunderloop[2].txt 228 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@track.adform[1].txt 271 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@wunderloop[1].txt 115 bytes
C:\Documents and Settings\Administrator\Cookies\administrator@www.krak[2].txt 251 bytes
Markeret til sletning: C:\Documents and Settings\Administrator\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat
Markeret til sletning: C:\Documents and Settings\Administrator\Cookies\index.dat
Markeret til sletning: C:\Documents and Settings\Administrator\Lokale indstillinger\Oversigt\History.IE5\index.dat
Markeret til sletning: C:\Documents and Settings\Administrator\Lokale indstillinger\Oversigt\History.IE5\MSHist012008040120080402\index.dat
C:\Windows\system32\wbem\Logs\FrameWork.log 17,29KB
C:\Windows\system32\wbem\Logs\wbemess.log 49,43KB
C:\Windows\system32\wbem\Logs\wmiprov.log 3,07KB
C:\Windows\0.log 0 bytes
C:\Windows\comsetup.log 16,09KB
C:\Windows\FaxSetup.log 48,31KB
C:\Windows\iis6.log 52,45KB
C:\Windows\imsins.log 1,34KB
C:\Windows\KB926239.log 5,51KB
C:\Windows\KB929399.log 9,12KB
C:\Windows\KB936782.log 9,09KB
C:\Windows\KB939683.log 8,85KB
C:\Windows\KB941569.log 10,21KB
C:\Windows\MedCtrOC.log 3,32KB
C:\Windows\MSCompPackV1.log 3,42KB
C:\Windows\msgsocm.log 2,41KB
C:\Windows\msmqinst.log 14,73KB
C:\Windows\netfxocm.log 8,46KB
C:\Windows\ntdtcsetup.log 9,77KB
C:\Windows\ocgen.log 22,78KB
C:\Windows\ocmsn.log 3,02KB
C:\Windows\setupact.log 0 bytes
C:\Windows\setupapi.log 0,12MB
C:\Windows\setuperr.log 0 bytes
C:\Windows\spupdsvc.log 1,79KB
C:\Windows\tabletoc.log 2,43KB
C:\Windows\tsoc.log 22,04KB
C:\Windows\updspapi.log 748 bytes
C:\Windows\WMFDist11.log 30,06KB
C:\Windows\wmp11.log 18,62KB
C:\Windows\wmsetup.log 8,52KB
C:\Windows\wmsetup10.log 515 bytes
C:\Windows\Wudf01000Inst.log 11,54KB
C:\Windows\imsins.BAK 1,34KB
C:\Windows\Debug\UserMode\userenv.log 0,19MB
C:\Documents and Settings\Administrator\Application Data\Google\Local Search History\google%2Eweb.w 14 bytes
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\LS99A7LJ\skype.com\#ui\preferences.sol 233 bytes
C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 348 bytes
C:\Documents and Settings\Administrator\Lokale indstillinger\Application Data\Microsoft\Terminal Server Client\Cache\bcache22.bmc 4,02MB
------------------------------------------------------------------------------------------
