det tog sin tid men jeg er stadig med
SUPERAntiSpyware Scan Log
Generated 04/29/2006 at 12:10 PM
Core Rules Database Version : 2904
Trace Rules Database Version: 1038
Memory threats detected : 0
Registry threats detected : 3
File threats detected : 66
WeatherBug
[Daily Weather Forecast] C:\Programmer\Daily Weather Forecast\weather.exe
C:\Programmer\Daily Weather Forecast\weather.exe
C:\WINDOWS\Prefetch\WEATHER.EXE-0830DE9D.pf
Trojan.IE4321
[Olympic] C:\Documents and Settings\kenneth\Application Data\sgrunt\IE4321.exe
C:\Documents and Settings\kenneth\Application Data\sgrunt\IE4321.exe
C:\WINDOWS\Prefetch\IE4321.EXE-2FD66B8C.pf
Trojan.Windows Installer
[Windows installer] C:\winstall.exe
C:\winstall.exe
Adware.Tracking Cookie
C:\Documents and Settings\kenneth\Cookies\kenneth@cjultra21[1].txt
C:\Documents and Settings\kenneth\Cookies\kenneth@hitbox[2].txt
C:\Documents and Settings\kenneth\Cookies\kenneth@statcounter[1].txt
C:\Documents and Settings\kenneth\Cookies\kenneth@adtech[1].txt
C:\Documents and Settings\kenneth\Cookies\kenneth@sextracker[1].txt
C:\Documents and Settings\kenneth\Cookies\kenneth@atdmt[2].txt
C:\Documents and Settings\kenneth\Cookies\kenneth@doubleclick[1].txt
C:\Documents and Settings\kenneth\Cookies\kenneth@ad[2].txt
C:\Documents and Settings\kenneth\Cookies\kenneth@zedo[1].txt
C:\Documents and Settings\kenneth\Cookies\kenneth@clicktorrent[1].txt
C:\Documents and Settings\kenneth\Cookies\kenneth@www.anal-sexmovies[1].txt
C:\Documents and Settings\kenneth\Cookies\kenneth@sc[2].txt
C:\Documents and Settings\kenneth\Cookies\kenneth@advertising[1].txt
C:\Documents and Settings\kenneth\Cookies\kenneth@track.adform[2].txt
C:\Documents and Settings\kenneth\Cookies\kenneth@ad1.clickhype[1].txt
C:\Documents and Settings\kenneth\Cookies\kenneth@mediaplex[1].txt
C:\Documents and Settings\kenneth\Cookies\kenneth@cs.sexcounter[2].txt
C:\Documents and Settings\kenneth\Cookies\kenneth@stat.onestat[2].txt
C:\Documents and Settings\kenneth\Cookies\kenneth@image.masterstats[1].txt
C:\Documents and Settings\kenneth\Cookies\kenneth@media.fastclick[2].txt
C:\Documents and Settings\kenneth\Cookies\kenneth@1072379308[1].txt
C:\Documents and Settings\kenneth\Cookies\kenneth@as1.falkag[1].txt
C:\Documents and Settings\kenneth\Cookies\kenneth@cgi-bin[2].txt
C:\Documents and Settings\kenneth\Cookies\kenneth@cgi-bin[1].txt
C:\Documents and Settings\kenneth\Cookies\kenneth@adultfriendfinder[2].txt
C:\Documents and Settings\kenneth\Cookies\kenneth@e2.emediate[2].txt
C:\Documents and Settings\kenneth\Cookies\kenneth@ehg-lionsgate.hitbox[2].txt
C:\Documents and Settings\kenneth\Cookies\kenneth@vip.clickzs[1].txt
C:\Documents and Settings\kenneth\Cookies\kenneth@fastclick[2].txt
C:\Documents and Settings\kenneth\Cookies\kenneth@counter12.sextracker[1].txt
C:\Documents and Settings\kenneth\Cookies\kenneth@xxxcounter[1].txt
C:\Documents and Settings\kenneth\Cookies\kenneth@ad.yieldmanager[1].txt
C:\Documents and Settings\kenneth\Cookies\kenneth@geo.precisionclick[1].txt
C:\Documents and Settings\kenneth\Cookies\kenneth@tribalfusion[1].txt
C:\Documents and Settings\kenneth\Lokale indstillinger\Temp\Cookies\kenneth@adtech[2].txt
C:\Documents and Settings\kenneth\Lokale indstillinger\Temp\Cookies\kenneth@mediaplex[1].txt
C:\Documents and Settings\kenneth\Lokale indstillinger\Temp\Cookies\kenneth@track.adform[2].txt
Trojan.SpySheriff
C:\Program Files\SpySheriff\base.avd
C:\Program Files\SpySheriff\base001.avd
C:\Program Files\SpySheriff\base002.avd
C:\Program Files\SpySheriff\found.wav
C:\Program Files\SpySheriff\heur000.dll
C:\Program Files\SpySheriff\heur001.dll
C:\Program Files\SpySheriff\heur002.dll
C:\Program Files\SpySheriff\heur003.dll
C:\Program Files\SpySheriff\notfound.wav
C:\Program Files\SpySheriff\removed.wav
C:\Program Files\SpySheriff\SpySheriff.dvm
C:\Program Files\SpySheriff\SpySheriff.exe
C:\Program Files\SpySheriff\Uninstall.exe
C:\Program Files\SpySheriff
C:\Documents and Settings\kenneth\Lokale indstillinger\Temp\26648.exe
Dialer.Yes Limited
C:\WINDOWS\Downloaded Program Files\dai.exe
C:\Documents and Settings\kenneth\Application Data\Microsoft\Internet Explorer\Quick Launch\MicroPlugIn.lnk
C:\Documents and Settings\kenneth\Dokumenter\MicroPlugIn.lnk
C:\Documents and Settings\kenneth\Foretrukne\MicroPlugIn.lnk
C:\Documents and Settings\kenneth\Menuen Start\MicroPlugIn.lnk
C:\Documents and Settings\kenneth\Menuen Start\Programmer\MicroPlugIn.lnk
C:\RECYCLER\S-1-5-21-1547161642-854245398-725345543-1004\Dc3.lnk
C:\WINDOWS\Prefetch\DAI.EXE-24DDB755.pf
Dialer.InfoDialer
C:\Documents and Settings\kenneth\Lokale indstillinger\Temp\2370.exe
------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 12:16:06, on 29-04-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\Programmer\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Java\jre1.5.0_01\bin\jusched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\MSMSGS.EXE
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Fælles filer\Ahead\lib\NMBgMonitor.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\TEXTware\HotKey\Twalink.exe
C:\Programmer\Wireless LAN Utility\SiWake.exe
C:\Programmer\Wireless LAN Utility\SISCFG.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\kenneth\Skrivebord\VIRUS\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.google.dkR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = ?
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: HotKey.lnk = C:\Programmer\TEXTware\HotKey\Twalink.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SiWake.lnk = C:\Programmer\Wireless LAN Utility\SiWake.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone:
www.archiviosex.netO15 - Trusted Zone:
www.redfunny.comO15 - Trusted Zone:
www.sgrunt.bizO15 - Trusted Zone:
www.skymasters.bizO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/ (...)O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by110fd.bay110.hotmail.msn.com/ (...)O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/ (...)O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/ (...)O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmer\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmer\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
