Er loggen ren

SUPERAntiSpyware Scan Log
Generated 06/08/2006 at 03:42 PM

Core Rules Database Version : 2970
Trace Rules Database Version: 1069

Memory threats detected  : 0
Registry threats detected : 15
File threats detected    : 26

Unclassified.Unknown Origin
    HKLM\Software\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
    HKCR\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
    HKCR\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\InprocServer32
    HKCR\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\InprocServer32#ThreadingModel
    C:\WINDOWS\system32\vtsqn.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
    HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}

Adware.Tracking Cookie
    C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@adtech[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@revsci[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@e2.emediate[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@microsofteup.112.2o7[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@www.popupsandbanners[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@track.adform[1].txt

Trojan.SmartLoad
    HKLM\Software\Microsoft\drsmartload2
    HKLM\Software\Microsoft\drsmartload2#Installed
    C:\drsmartload45a.exe
    C:\drsmartload46a.exe
    C:\drsmartload849a.exe
    C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\CLEFWLYN\drsmartload849a[1].exe

Browser Hijacker.Internet Explorer Settings Hijack
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main#Default_Search_URL [ http://searchbar.findthewebsiteyouneed.com ]
    HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main#Default_Search_URL [ http://searchbar.findthewebsiteyouneed.com ]

Adware.ClickSpring/Yazzle
    HKLM\Software\Snowball Wars
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Snowball Wars
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Snowball Wars#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Snowball Wars#UninstallString

Trojan.MC Downloader Variant
    C:\mc-110-12-0000228.exe

Trojan.CmdService
    C:\MTE3NDI6ODoxNg.exe
    C:\WINDOWS\MTE3NDI6ODoxNg.exe

Trojan.Defender1
    C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\CT2741EJ\defender25[1].exe

Trojan.WinSysBan
    C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\O1ARS12R\keyboard25[1].exe

Trojan.GimmySmilies
    C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Temporary Internet Files\Content.IE5\O1ARS12R\newname25[1].exe

Trojan.DollarRevenue
    C:\WINDOWS\system32\dotdr.exe

Trojan.Unknown Origin
    C:\WINDOWS\teller2.chk

------------------------
Her er loggen fra en ny hijack


--------------


Logfile of HijackThis v1.99.1
Scan saved at 15:48:22, on 08-06-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Skrivebord\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O4 - HKLM\..\Run: [defender] C:\\defender25.exe
O4 - HKLM\..\Run: [WinDLL (wchshield.exe)] rundll32.exe C:\WINDOWS\System32\wchshield.exe,start
O4 - HKLM\..\Run: [kav] "C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [Run Service Vxdrun] vxddirectx32.exe
O4 - HKLM\..\RunServices: [Run Service Vxdrun] vxddirectx32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Run Service Vxdrun] vxddirectx32.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunServices: [Run Service Vxdrun] vxddirectx32.exe
O4 - Global Startup: WordPoint2000.lnk = C:\Programmer\Galtech\WordPoint2000\Wdpoint.exe
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: vtsqn - vtsqn.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Programmer\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe