Logfile of HijackThis v1.99.1
Scan saved at 16:23, on 2007-09-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Avast4\aswUpdSv.exe
C:\Programmer\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\RaUI.exe
C:\Programmer\InstallShield Software Corporation\802.11b Wireless Lan Utility\RtlWake.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Avast4\ashMaiSv.exe
C:\Documents and Settings\Daniel Axelsen\Skrivebord\hijackthis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D4C4C6A9-6312-484F-A170-967B9FB26E97} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmer\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\WINDOWS\RaUI.exe
O4 - Global Startup: RtlWake.lnk = ?
O8 - Extra context menu item: &Windows Live Search -
res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Åbn på ny baggrundsfane -
res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/229?40682a359d894898833d5c707920eee2
O8 - Extra context menu item: Åbn på ny forgrundsfane -
res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/230?40682a359d894898833d5c707920eee2
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .pdf: C:\Programmer\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cabO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
______________________________________________________
ComboFix 07-09-21.2 - "Daniel Axelsen" 2007-09-23 16:28:14.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1030.18.267 [GMT 2:00]
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\CONNIE~1\new.txt
C:\DOCUME~1\DANIEL~1\new.txt
C:\DOCUME~1\LOCALS~1.NTA\MENUEN~1\PROGRA~1\Brave-Sentry
C:\WINDOWS\images012.zip
C:\WINDOWS\images015.zip
C:\WINDOWS\images038.zip
C:\WINDOWS\images049.zip
C:\WINDOWS\images052.zip
C:\WINDOWS\images072.zip
C:\WINDOWS\images083.zip
C:\WINDOWS\images092.zip
C:\WINDOWS\photo0.zip
C:\WINDOWS\photo12.zip
C:\WINDOWS\photo4.zip
C:\WINDOWS\photo41.zip
C:\WINDOWS\photo47.zip
C:\WINDOWS\photo65.zip
C:\WINDOWS\photo83.zip
C:\WINDOWS\photos021.zip
C:\WINDOWS\photos027.zip
C:\WINDOWS\photos037.zip
C:\WINDOWS\photos040.zip
C:\WINDOWS\photos041.zip
C:\WINDOWS\photos052.zip
C:\WINDOWS\photos056.zip
C:\WINDOWS\photos069.zip
C:\WINDOWS\photos070.zip
C:\WINDOWS\photos078.zip
C:\WINDOWS\photos086.zip
C:\WINDOWS\photos098.zip
C:\WINDOWS\picture23.zip
C:\WINDOWS\picture29.zip
C:\WINDOWS\picture4.zip
C:\WINDOWS\picture67.zip
C:\WINDOWS\picture70.zip
C:\WINDOWS\picture72.zip
C:\WINDOWS\pictures027.zip
C:\WINDOWS\pictures036.zip
C:\WINDOWS\pictures037.zip
C:\WINDOWS\pictures048.zip
C:\WINDOWS\pictures060.zip
C:\WINDOWS\pictures091.zip
C:\WINDOWS\system32\spooldr.ini
.
((((((((((((((((((((((((( Files Created from 2007-08-23 to 2007-09-23 )))))))))))))))))))))))))))))))
.
2007-09-22 18:26 <DIR> d-------- C:\Programmer\Alwil Software
2007-09-22 18:22 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2007-09-22 18:22 <DIR> d-------- C:\Programmer\F‘lles filer\Wise Installation Wizard
2007-09-22 18:22 <DIR> d-------- C:\DOCUME~1\DANIEL~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-22 18:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SUPERAntiSpyware.com
2007-09-22 18:19 <DIR> d-------- C:\Programmer\CCleaner
2007-09-16 18:17 <DIR> dr------- C:\DOCUME~1\test\Menuen Start
2007-09-16 18:17 <DIR> dr------- C:\DOCUME~1\test\Foretrukne
2007-09-16 18:17 <DIR> dr------- C:\DOCUME~1\test\Dokumenter
2007-09-16 18:17 <DIR> d--h----- C:\DOCUME~1\test\Skabeloner
2007-09-16 18:17 <DIR> d--h----- C:\DOCUME~1\test\Printere
2007-09-16 18:17 <DIR> d--h----- C:\DOCUME~1\test\Lokale indstillinger
2007-09-16 18:17 <DIR> d--h----- C:\DOCUME~1\test\Andre computere
2007-09-16 18:17 <DIR> d-------- C:\DOCUME~1\test\Skrivebord
2007-08-31 14:52 <DIR> d-------- C:\DOCUME~1\CONNIE~1\APPLIC~1\Apple Computer
2007-08-30 21:29 <DIR> d-------- C:\DOCUME~1\CONNIE~1\Contacts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-22 18:21 --------- d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy
2007-08-06 21:09 --------- d-------- C:\Programmer\Avast4
2007-08-06 21:02 --------- d-------- C:\Programmer\McAfee.com
2007-08-06 21:00 --------- d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\McAfee.com
2007-08-06 18:51 --------- d-------- C:\DOCUME~1\CONNIE~1\APPLIC~1\LimeWire
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-29 22:24 --------- d-------- C:\Programmer\Abexo
2007-07-29 22:24 --------- d-------- C:\DOCUME~1\CONNIE~1\APPLIC~1\Abexo
2007-07-29 22:21 --------- d-------- C:\Programmer\SpywareBlaster
2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-07-25 11:48 --------- d-------- C:\Programmer\Ahead
2007-07-25 09:15 --------- d-------- C:\Programmer\Lexmark 1200 Series
2007-07-25 00:50 45056 --a------ C:\WINDOWS\system32\IeExtenderPlugin.dll
2007-07-24 14:31 --------- d-------- C:\DOCUME~1\CONNIE~1\APPLIC~1\Lavasoft
2007-06-26 08:10 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-14 21:55 143 --a------ C:\Programmer\page.html
2006-12-03 03:05 2522 --a------ C:\Programmer\func.js
2006-11-25 09:57 482 --a------ C:\Programmer\Del.js
--------- C:\Programmer\Fælles filer\Wise Installation Wizard
--------- C:\Programmer\Fælles filer
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4C4C6A9-6312-484F-A170-967B9FB26E97}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\Avast4\ashDisp.exe" [2007-07-28 00:03]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 02:53]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-04-23 15:46]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Programmer\MSN Messenger\msnmsgr.exe" /background
C:\DOCUME~1\ALLUSE~1.WIN\MENUEN~1\PROGRA~1\Start\
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20]
Adobe Reader Synchronizer.lnk - C:\Programmer\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50]
Ralink Wireless Utility.lnk - C:\WINDOWS\RaUI.exe [2006-10-23 16:21:59]
RtlWake.lnk - C:\Programmer\InstallShield Software Corporation\802.11b Wireless Lan Utility\RtlWake.exe [2003-05-16 15:04:02]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
S3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys
S3 rtl8180;802.11b Wireless LAN CardBus (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS
.
Contents of the 'Scheduled Tasks' folder
"2007-09-23 14:30:00 C:\WINDOWS\Tasks\McAfee.com Update Check (NA-N11T33NBMXYN-Connie og Kamran).job"
- C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
"2007-09-13 16:52:00 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-09-23 16:30:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\bak sana Paris Hilton ne hale gelmis hapiste :(16.zip 121038 bytes hidden from API
C:\WINDOWS\bak sana Paris Hilton ne hale gelmis hapiste :(8.zip 121036 bytes hidden from API
C:\WINDOWS\bak sana Paris Hilton ne hale gelmis hapiste :(84.zip 121038 bytes hidden from API
C:\WINDOWS\bak sana Paris Hilton ne hale gelmis hapiste :(93.zip 121038 bytes hidden from API
scan completed successfully
hidden files: 4
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Aavmker4]
.
Completion time: 2007-09-23 16:31:47
C:\ComboFix-quarantined-files.txt ... 2007-09-23 16:31
C:\ComboFix2.txt ... 2007-08-06 19:11
C:\ComboFix3.txt ... 2007-08-03 21:16
.
--- E O F ---
_________________________________________________
********************************* ROOTCHK-(21-09-07)-LOG, by ejvindh
2007-09-23 16:26:49.42
The rootkits that are detected by this tool were not found.
********************************* ROOTCHK-LOG-end
catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-09-23 16:26:50
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
C:\WINDOWS\bak sana Paris Hilton ne hale gelmis hapiste :(16.zip 121038 bytes hidden from API
C:\WINDOWS\bak sana Paris Hilton ne hale gelmis hapiste :(8.zip 121036 bytes hidden from API
C:\WINDOWS\bak sana Paris Hilton ne hale gelmis hapiste :(84.zip 121038 bytes hidden from API
C:\WINDOWS\bak sana Paris Hilton ne hale gelmis hapiste :(93.zip 121038 bytes hidden from API
hidden processes: 0
hidden services: 0
hidden files: 4
_________________________________
SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 09/23/2007 at 04:50 PM
Application Version : 3.7.1018
Core Rules Database Version : 3222
Trace Rules Database Version: 1233
Scan type : Quick Scan
Total Scan Time : 00:12:43
Memory items scanned : 347
Memory threats detected : 0
Registry items scanned : 677
Registry threats detected : 1
File items scanned : 11486
File threats detected : 0
Adware.DeluxeCommunications
HKU\S-1-5-19\Software\DeluxeCommunications
______________________________
Ny bruger
Nybegynder
Opret
Preview
