Karise Larry
Jeg har nu fundet frem til følgende log-filer
ComboFix 08-05-24.1 - emil 2008-05-25 22:15:09.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1030.18.951 [GMT 2:00]
Running from: C:\Documents and Settings\emil\Skrivebord\Eksperten\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Programmer\PlayMP3z
C:\Programmer\PlayMP3z\uninstall.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\BM8f29ef09.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\fslulfxx.ini
C:\WINDOWS\system32\hrugwlpb.ini
C:\WINDOWS\system32\igbdajgf.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nkijndno.ini
C:\WINDOWS\system32\nofkvkyl.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\rjuqaiqk.ini
C:\WINDOWS\system32\TCdNTBeg.ini
C:\WINDOWS\system32\TCdNTBeg.ini2
.
((((((((((((((((((((((((( Files Created from 2008-04-25 to 2008-05-25 )))))))))))))))))))))))))))))))
.
2008-05-25 21:01 . 2008-05-25 21:01 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2008-05-25 21:01 . 2008-05-25 21:01 <DIR> d-------- C:\Documents and Settings\emil\Application Data\SUPERAntiSpyware.com
2008-05-25 21:01 . 2008-05-25 21:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-25 20:52 . 2008-05-25 20:52 <DIR> d-------- C:\Programmer\CCleaner
2008-05-25 19:43 . 2008-05-25 19:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-25 19:41 . 2008-05-25 19:41 <DIR> d-------- C:\Programmer\LSoft Technologies
2008-05-25 17:19 . 2008-05-25 17:20 <DIR> d-------- C:\Programmer\Spybot - Search & Destroy
2008-05-25 17:19 . 2008-05-25 17:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-23 23:23 . 2008-05-23 23:23 268 --ah----- C:\sqmdata08.sqm
2008-05-23 23:23 . 2008-05-23 23:23 244 --ah----- C:\sqmnoopt08.sqm
2008-05-23 07:42 . 2008-05-23 07:42 268 --ah----- C:\sqmdata07.sqm
2008-05-23 07:42 . 2008-05-23 07:42 244 --ah----- C:\sqmnoopt07.sqm
2008-05-22 22:11 . 2008-05-22 22:11 268 --ah----- C:\sqmdata06.sqm
2008-05-22 22:11 . 2008-05-22 22:11 244 --ah----- C:\sqmnoopt06.sqm
2008-05-22 18:03 . 2008-05-22 18:03 268 --ah----- C:\sqmdata05.sqm
2008-05-22 18:03 . 2008-05-22 18:03 244 --ah----- C:\sqmnoopt05.sqm
2008-05-21 22:18 . 2008-05-21 22:18 268 --ah----- C:\sqmdata04.sqm
2008-05-21 22:18 . 2008-05-21 22:18 244 --ah----- C:\sqmnoopt04.sqm
2008-05-17 14:03 . 2008-05-17 14:03 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-05-17 14:03 . 2008-05-17 14:03 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-05-17 13:55 . 2008-05-17 13:55 <DIR> dr-h----- C:\Documents and Settings\emil\Application Data\SecuROM
2008-05-17 13:55 . 2008-05-17 13:55 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-05-17 13:48 . 2008-05-17 13:48 <DIR> d-------- C:\Programmer\Aspyr
2008-05-17 13:33 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-05-17 13:33 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-05-09 17:22 . 2008-05-09 17:22 <DIR> d-------- C:\Programmer\GameSpy
2008-05-08 21:38 . 2008-05-08 21:38 22,328 --a------ C:\Documents and Settings\emil\Application Data\PnkBstrK.sys
2008-05-08 20:45 . 2008-05-09 16:08 <DIR> d-------- C:\Documents and Settings\emil\Application Data\IGN_DLM
2008-05-07 16:26 . 2008-05-07 16:26 268 --ah----- C:\sqmdata03.sqm
2008-05-07 16:26 . 2008-05-07 16:26 244 --ah----- C:\sqmnoopt03.sqm
2008-05-06 20:11 . 2008-05-06 20:11 268 --ah----- C:\sqmdata02.sqm
2008-05-06 20:11 . 2008-05-06 20:11 244 --ah----- C:\sqmnoopt02.sqm
2008-05-06 16:21 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-05-06 15:25 . 2008-05-09 16:18 <DIR> d-------- C:\Programmer\Electronic Arts
2008-05-06 07:28 . 2008-05-06 07:28 268 --ah----- C:\sqmdata01.sqm
2008-05-06 07:28 . 2008-05-06 07:28 244 --ah----- C:\sqmnoopt01.sqm
2008-05-05 19:36 . 2008-05-05 19:36 268 --ah----- C:\sqmdata00.sqm
2008-05-05 19:36 . 2008-05-05 19:36 244 --ah----- C:\sqmnoopt00.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-25 20:14 --------- d-----w C:\Documents and Settings\emil\Application Data\Skype
2008-05-25 19:00 --------- d-----w C:\Programmer\Fælles filer\Wise Installation Wizard
2008-05-25 17:48 --------- d-----w C:\Documents and Settings\emil\Application Data\skypePM
2008-05-25 14:53 --------- d-----w C:\Programmer\BrowsingEnhancer
2008-05-24 20:43 --------- d-----w C:\Programmer\Warcraft III
2008-05-06 13:25 --------- d--h--w C:\Programmer\InstallShield Installation Information
2008-04-27 19:07 --------- d-----w C:\Programmer\World of Warcraft
2008-04-21 15:43 --------- d-----w C:\Documents and Settings\emil\Application Data\LimeWire
2008-04-12 21:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar2
2008-04-12 21:37 --------- d-----w C:\Programmer\Kiwee Toolbar2
2008-03-25 19:58 --------- d-----w C:\Programmer\FBrowsingAdvisor
2008-03-25 19:58 --------- d-----w C:\Programmer\FBrowserAdvisor
2008-03-20 08:09 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-03 12:58 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2001-03-28 10:02 122,880 ----a-w C:\WINDOWS\inf\Agfa\Message.exe
.
------- Sigcheck -------
2004-08-27 14:00 14336 46fe2ed518fdfbfd289f014a3078575c C:\WINDOWS\system32\svchost.exe
2004-08-27 14:00 14336 46fe2ed518fdfbfd289f014a3078575c C:\WINDOWS\system32\dllcache\svchost.exe
2005-03-02 20:20 577024 b0c3b7a16fc7779566843e9ee1912649 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:51 578048 5b48d00db4c1d0c3d3af83a984a13020 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2004-08-27 14:00 577024 b9730010e7364f87234d23ce0e05f0c3 C:\WINDOWS\$NtUninstallKB890859$\user32.dll
2005-03-02 20:18 577024 0c1cdb3d46e1eaadf16269fa7dfaf490 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2007-03-08 17:38 577536 4e3d092a2600b8888f1874e7c9a7e0b7 C:\WINDOWS\system32\user32.dll
2007-03-08 17:38 577536 4e3d092a2600b8888f1874e7c9a7e0b7 C:\WINDOWS\system32\dllcache\user32.dll
2004-08-27 14:00 82944 3c83a9029bc93e4cdcf7975decfdae5d C:\WINDOWS\system32\ws2_32.dll
2004-08-27 14:00 82944 3c83a9029bc93e4cdcf7975decfdae5d C:\WINDOWS\system32\dllcache\ws2_32.dll
2004-08-27 14:00 502272 713ad65b9ff9cee0a43181b442d846eb C:\WINDOWS\system32\winlogon.exe
2004-08-27 14:00 502272 713ad65b9ff9cee0a43181b442d846eb C:\WINDOWS\system32\dllcache\winlogon.exe
2004-08-27 14:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys
2004-08-27 14:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
2004-08-27 14:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\dllcache\ip6fw.sys
2004-08-27 14:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
2005-03-02 20:13 2059520 610527b58729660ec06ecc71302e9490 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2007-02-28 18:08 2061952 08c79da378870aa75dc87f322ab69cca C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2004-08-27 14:00 2059392 5bdf130809cbd5cba13ab87bc7f579f0 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 20:08 2059392 5804d7bee5d970d98eaaf2c4fec49606 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 18:03 2060160 02d2e03fcc2d45c5facd5cd5d32700c8 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:03 2060160 02d2e03fcc2d45c5facd5cd5d32700c8 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:03 2060160 02d2e03fcc2d45c5facd5cd5d32700c8 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2005-03-02 20:13 2182144 1a7cb4ea702393225b2a21e610d3d91a C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 18:08 2184704 e4733821bb00d6d3581e07fb3f58abbe C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2004-08-27 14:00 2183552 f75d4f2cce1d9f2150fe45ec5ea91ac0 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 20:09 2181888 52a559a71e7547645d283ff3f84200b9 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:03 2182912 e6aaf110a1330e11e9745cf540fba81b C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 18:03 2182912 e6aaf110a1330e11e9745cf540fba81b C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 18:03 2182912 e6aaf110a1330e11e9745cf540fba81b C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2004-08-27 14:00 108032 55bbe54a196b1a9f99ec2e01f4ac1215 C:\WINDOWS\system32\services.exe
2004-08-27 14:00 108032 55bbe54a196b1a9f99ec2e01f4ac1215 C:\WINDOWS\system32\dllcache\services.exe
2004-08-27 14:00 13312 9086126fb5fd15ceb387121506400244 C:\WINDOWS\system32\lsass.exe
2004-08-27 14:00 13312 9086126fb5fd15ceb387121506400244 C:\WINDOWS\system32\dllcache\lsass.exe
2004-08-27 14:00 15360 8289923e26d00213080e3e3d7e219f4c C:\WINDOWS\system32\ctfmon.exe
2004-08-27 14:00 15360 8289923e26d00213080e3e3d7e219f4c C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-25_22.10.11.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-25 20:07:12 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-25 20:13:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-25 20:13:36 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5fc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "C:\Programmer\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll" [2008-04-03 10:52 265360]
[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= C:\Programmer\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll [2008-04-03 10:52 265360]
[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 14:00 15360]
"Steam"="c:\programmer\valve\steam\steam.exe" [2008-03-28 08:04 1271032]
"MsnMsgr"="C:\Programmer\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" [2007-12-07 16:08 21686568]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"SpybotSD TeaTimer"="C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 12:20 77824 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 21:07 7110656]
"nwiz"="nwiz.exe" [2005-07-20 21:07 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-07-20 21:07 86016]
"RemoteControl"="C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 14:03 188416]
"zBrowser Launcher"="C:\Programmer\Logitech\iTouch\iTouch.exe" [2002-11-23 02:15 631362]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 11:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"hcenter"="C:\Programmer\Support.com\bin\tgcmd.exe" [2003-07-07 10:50 1916928]
"zzzHPSETUP"="D:\Setup.exe" [ ]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"InCD"="C:\Programmer\Ahead\InCD\InCD.exe" [2004-08-27 04:01 1450096]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"KiweeHook"="C:\Programmer\Kiwee Toolbar2\1.5.131\kwtbaim.exe" [2008-04-03 10:51 56456]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 14:00 15360]
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Gamma Loader.lnk - C:\Programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-19 10:57:33 113664]
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
NaturalColorLoad.lnk - C:\Programmer\SEC\Natural Color\NaturalColorLoad.exe [2005-10-19 11:31:42 155715]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtrpmli]
awtrpmli.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\HP\\HP Software Update\\HPWUCli.exe"=
"C:\\Programmer\\LimeWire\\LimeWire.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmer\\World of Warcraft\\BackgroundDownloader.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Support.com\\TDCKabel\\hcenter.exe"=
"C:\\Programmer\\Support.com\\bin\\tgcmd.exe"=
"C:\\Programmer\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2002-11-08 11:50]
.
Contents of the 'Scheduled Tasks' folder
"2008-05-15 09:50:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2008-05-25 19:35:04 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
- C:\Programmer\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-25 22:16:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-25 22:17:30
ComboFix-quarantined-files.txt 2008-05-25 20:17:27
Pre-Run: 60,789,620,736 byte ledig
Post-Run: 60,778,557,440 byte ledig
223 --- E O F --- 2008-05-24 22:34:56
Hijackthislogfilen
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:01:59, on 25-05-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Ahead\InCD\InCDsrv.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Programmer\Support.com\bin\tgcmd.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Ahead\InCD\InCD.exe
C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Kiwee Toolbar2\1.5.131\kwtbaim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\programmer\valve\steam\steam.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\SEC\Natural Color\NaturalColorLoad.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Canon\CAL\CALMAIN.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\emil\Skrivebord\Eksperten\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Programmer\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Programmer\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [hcenter] "C:\Programmer\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe \RESET
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KiweeHook] "C:\Programmer\Kiwee Toolbar2\1.5.131\kwtbaim.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\programmer\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: &Windows Live Search -
res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&ksporter til Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: CabBuilder -
http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -
http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cabO16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) -
http://www.kortal.dk/ecwplugins/ncs.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: awtrpmli - awtrpmli.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmer\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 9351 bytes
SuperAntiSpyware
SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 05/25/2008 at 09:55 PM
Application Version : 4.0.1154
Core Rules Database Version : 3468
Trace Rules Database Version: 1459
Scan type : Complete Scan
Total Scan Time : 00:43:27
Memory items scanned : 451
Memory threats detected : 0
Registry items scanned : 5659
Registry threats detected : 8
File items scanned : 28005
File threats detected : 61
Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA}
HKCR\CLSID\{C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA}
HKCR\CLSID\{C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA}\InprocServer32
HKCR\CLSID\{C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\AWTRPMLI.DLL
HKCR\CLSID\{C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA}
Adware.Tracking Cookie
C:\Documents and Settings\emil\Cookies\emil@2o7[2].txt
C:\Documents and Settings\emil\Cookies\emil@date.ventivmedia[1].txt
C:\Documents and Settings\emil\Cookies\emil@ads.dailyrush[1].txt
C:\Documents and Settings\emil\Cookies\emil@cassava[1].txt
C:\Documents and Settings\emil\Cookies\emil@specificclick[2].txt
C:\Documents and Settings\emil\Cookies\emil@server.cpmstar[1].txt
C:\Documents and Settings\emil\Cookies\emil@atdmt[1].txt
C:\Documents and Settings\emil\Cookies\emil@azjmp[1].txt
C:\Documents and Settings\emil\Cookies\emil@clicksor[1].txt
C:\Documents and Settings\emil\Cookies\emil@adserver.adservinginternational[1].txt
C:\Documents and Settings\emil\Cookies\emil@mediatraffic[1].txt
C:\Documents and Settings\emil\Cookies\emil@tribalfusion[2].txt
C:\Documents and Settings\emil\Cookies\emil@adfair[2].txt
C:\Documents and Settings\emil\Cookies\emil@track.adform[1].txt
C:\Documents and Settings\emil\Cookies\emil@CADXMR5X.txt
C:\Documents and Settings\emil\Cookies\emil@smileycentral[1].txt
C:\Documents and Settings\emil\Cookies\emil@eas.apm.emediate[1].txt
C:\Documents and Settings\emil\Cookies\emil@ads.zam[2].txt
C:\Documents and Settings\emil\Cookies\emil@ad.bolddk[2].txt
C:\Documents and Settings\emil\Cookies\emil@ad.zanox[3].txt
C:\Documents and Settings\emil\Cookies\emil@ad1.emediate[2].txt
C:\Documents and Settings\emil\Cookies\emil@ads.vlaze[1].txt
C:\Documents and Settings\emil\Cookies\emil@bold.adservinginternational[1].txt
C:\Documents and Settings\emil\Cookies\emil@ad.zanox[1].txt
C:\Documents and Settings\emil\Cookies\emil@windowsmedia[1].txt
C:\Documents and Settings\emil\Cookies\emil@qxl.adservinginternational[2].txt
C:\Documents and Settings\emil\Cookies\emil@banners.battleon[2].txt
C:\Documents and Settings\emil\Cookies\emil@ads2.jubii[1].txt
C:\Documents and Settings\emil\Cookies\emil@mediamac.comon[2].txt
C:\Documents and Settings\emil\Cookies\emil@videoegg.adbureau[2].txt
C:\Documents and Settings\emil\Cookies\emil@click-new-download[2].txt
C:\Documents and Settings\emil\Cookies\emil@indextools[2].txt
C:\Documents and Settings\emil\Cookies\emil@pacificpoker[2].txt
C:\Documents and Settings\emil\Cookies\emil@adserver.incgamers[2].txt
C:\Documents and Settings\emil\Cookies\emil@mediaprovider.adservinginternational[2].txt
C:\Documents and Settings\emil\Cookies\emil@adnetserver[1].txt
C:\Documents and Settings\emil\Cookies\emil@adserver.banneradministration[1].txt
C:\Documents and Settings\emil\Cookies\emil@www.googleadservices[1].txt
C:\Documents and Settings\emil\Cookies\emil@partypoker[1].txt
C:\Documents and Settings\emil\Cookies\emil@www.googleadservices[2].txt
C:\Documents and Settings\emil\Cookies\emil@msnportal.112.2o7[1].txt
C:\Documents and Settings\emil\Cookies\emil@www.zanox-affiliate[2].txt
C:\Documents and Settings\emil\Cookies\emil@cgm.adbureau[1].txt
C:\Documents and Settings\emil\Cookies\emil@adopt.specificclick[1].txt
C:\Documents and Settings\emil\Cookies\emil@2o7[1].txt
C:\Documents and Settings\emil\Cookies\emil@adtech[1].txt
C:\Documents and Settings\emil\Cookies\emil@banner.goldenpalacepoker[2].txt
C:\Documents and Settings\emil\Cookies\emil@banners2.battleon[1].txt
C:\Documents and Settings\emil\Cookies\emil@bp.specificclick[1].txt
C:\Documents and Settings\emil\Cookies\emil@doubleclick[1].txt
C:\Documents and Settings\emil\Cookies\emil@eas4.emediate[1].txt
C:\Documents and Settings\emil\Cookies\emil@insightexpressai[1].txt
C:\Documents and Settings\emil\Cookies\emil@prospect.adbureau[1].txt
C:\Documents and Settings\emil\Cookies\emil@qxl.banneradministration[1].txt
C:\Documents and Settings\emil\Cookies\emil@revsci[1].txt
C:\Documents and Settings\emil\Cookies\emil@tracking.vindicosuite[1].txt
C:\Documents and Settings\emil\Cookies\emil@xiti[1].txt
Rogue.TrustedAntiVirus
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#SBI [ C:\Documents and Settings\emil\Lokale indstillinger\Temporary Internet Files\Content.IE5\YBCLIA9U\install_sbd_en[1].exe ]
Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\FCOVM
HKLM\SOFTWARE\Microsoft\RemoveRP
Adware.Accoona
C:\PROGRAMMER\FILESUBMIT\HEIDIKLUMSS2004.EXE\ATOOLBAR400005.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9A32ABEB-6140-4245-8108-A454F22AD94D}\RP370\A0300557.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9A32ABEB-6140-4245-8108-A454F22AD94D}\RP370\A0300563.EXE
Jeg håber I finder en løsning til mig.