måske snask på computer
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:37:53, on 11-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmer\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmer\Fælles filer\Aladdin Shared\eToken\etCoreMgr.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\PowerISO\PWRISOVM.EXE
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Fælles filer\Nero\Lib\NMBgMonitor.exe
C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
C:\Programmer\Fælles filer\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Citrix\ICA Client\pnagent.exe
C:\Programmer\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Documents and Settings\Bygvej 6\Skrivebord\spy\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmer\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Programmer\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Programmer\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [eTCoreManager] "C:\Programmer\Fælles filer\Aladdin Shared\eToken\etCoreMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programmer\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Programmer\Citrix\ICA Client\pnagent.exe
O4 - Global Startup: Windows-pc-søgning.lnk = C:\Programmer\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193216916531
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193221811250
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: wvuuvsq - wvuuvsq.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Programmer\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
--
End of file - 8874 bytes
ComboFix 07-12-09.1 - Bygvej 6 2007-12-11 21:25:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.999 [GMT 1:00]
Running from: C:\Documents and Settings\Bygvej 6\Skrivebord\spy\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Bygvej 6\Application Data\inst.exe
C:\WINDOWS\system32\lmqcvfdy.dll
C:\WINDOWS\system32\lvflssrn.dll
C:\WINDOWS\system32\mlnmp.ini
C:\WINDOWS\system32\mlnmp.ini2
C:\WINDOWS\system32\pmnlm.dll
C:\WINDOWS\system32\ydfvcqml.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-11-11 to 2007-12-11 )))))))))))))))))))))))))))))))
.
2007-12-11 18:50 . 2007-12-11 18:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-12-10 21:40 . 2007-12-10 21:40 <DIR> d-------- C:\Programmer\Yahoo!
2007-12-10 21:39 . 2007-12-10 21:40 <DIR> d-------- C:\Programmer\CCleaner
2007-12-10 21:32 . 2007-12-10 21:32 <DIR> d-------- C:\Documents and Settings\Bygvej 6\Application Data\Grisoft
2007-12-10 21:32 . 2007-12-10 21:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-10 21:32 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-09 02:13 . 2007-12-11 20:58 913,202 ---hs---- C:\WINDOWS\system32\cvufllne.ini
2007-12-08 15:07 . 2007-12-08 15:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2007-12-08 15:01 . 2007-12-08 15:01 294 ---hs---- C:\WINDOWS\system32\relakeqh.ini
2007-12-08 11:13 . 2007-12-09 01:50 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-07 19:38 . 2007-12-07 19:38 <DIR> d-------- C:\Programmer\MSXML 4.0
2007-12-06 18:05 . 2007-12-06 18:05 <DIR> d-------- C:\Documents and Settings\Bygvej 6\Application Data\Nero
2007-12-06 17:54 . 2007-12-06 17:54 <DIR> d-------- C:\Programmer\Nero
2007-12-06 17:54 . <DIR> C:\Programmer\Fælles filer\Nero
2007-12-06 17:54 . 2007-12-06 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-12-06 17:31 . 2007-12-06 17:31 <DIR> d-------- C:\Programmer\PowerISO
2007-12-04 13:07 . 2007-12-04 13:07 <DIR> d-------- C:\Programmer\DVD Shrink
2007-12-04 13:07 . 2007-12-04 13:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-11-29 11:42 . 2007-11-29 11:42 <DIR> d-------- C:\Programmer\uTorrent
2007-11-29 11:42 . 2007-11-29 11:43 <DIR> d-------- C:\Documents and Settings\Bygvej 6\Application Data\uTorrent
2007-11-29 09:38 . <DIR> C:\Programmer\Fælles filer\NSV
2007-11-29 09:23 . 2007-11-29 09:44 <DIR> d-------- C:\Programmer\Winamp
2007-11-29 09:23 . 2003-10-28 11:02 20,016 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-11-29 09:23 . 2007-12-08 18:27 155 --a------ C:\WINDOWS\winamp.ini
2007-11-26 10:15 . 2007-11-26 10:15 <DIR> d-------- C:\Programmer\NETGEAR
2007-11-26 10:15 . 2006-12-10 01:32 342,144 --a------ C:\WINDOWS\system32\drivers\sfsz.sys
2007-11-26 10:15 . 2007-02-14 11:20 159,907 --a------ C:\WINDOWS\system32\ZSANCoInst.dll
2007-11-26 10:15 . 2007-02-14 11:21 15,488 --a------ C:\WINDOWS\system32\drivers\ZetBus.sys
2007-11-26 10:15 . 2007-02-14 11:21 13,056 --a------ C:\WINDOWS\system32\drivers\ZetSFD.sys
2007-11-26 10:15 . 2007-02-14 11:21 5,120 --a------ C:\WINDOWS\system32\drivers\ZetMPD.sys
2007-11-26 10:01 . 2007-11-26 10:01 <DIR> d-------- C:\Programmer\Jasc Software Inc
2007-11-26 10:01 . 2007-11-26 10:01 <DIR> d-------- C:\Documents and Settings\Bygvej 6\Application Data\Jasc Software Inc
2007-11-26 09:49 . 2007-11-26 09:49 <DIR> d-------- C:\Programmer\Canon
2007-11-26 09:49 . 2003-01-28 15:14 131,072 --a------ C:\WINDOWS\system32\CNDUE119.dll
2007-11-26 09:49 . 2003-01-28 15:17 68,608 --a------ C:\WINDOWS\system32\CNDCE119.dll
2007-11-26 09:49 . 2003-01-20 14:38 65,536 --a------ C:\WINDOWS\system32\PSCLE119.dll
2007-11-26 09:49 . 2002-06-29 04:53 53,248 --a------ C:\WINDOWS\system32\CNDNDlg.exe
2007-11-26 09:49 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-11-26 09:49 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-11-24 09:29 . 2007-11-24 09:29 <DIR> d-------- C:\Programmer\Microsoft CAPICOM 2.1.0.2
2007-11-23 03:15 . 2007-12-11 21:33 <DIR> d-------- C:\Documents and Settings\Bygvej 6\Skrivebord
2007-11-22 12:13 . 2007-11-22 12:13 <DIR> d-------- C:\Programmer\MWARE
2007-11-22 11:46 . 2006-10-26 19:58 30,512 --a------ C:\WINDOWS\system32\mdimon.dll
2007-11-22 11:44 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-11-22 11:37 . 2007-11-22 11:37 <DIR> d-------- C:\Programmer\Microsoft Works
2007-11-22 11:28 . 2007-11-22 11:28 <DIR> d-------- C:\Programmer\Microsoft.NET
2007-11-22 11:24 . 2007-11-22 11:25 <DIR> d-------- C:\Programmer\Microsoft Visual Studio 8
2007-11-22 11:18 . 2007-11-22 11:53 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-11-22 11:13 . 2007-11-24 09:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-22 11:12 . 2007-11-22 11:12 <DIR> dr-h----- C:\MSOCache
2007-11-22 10:55 . 2007-11-22 10:55 <DIR> d-------- C:\Documents and Settings\Bygvej 6\cbt
2007-11-22 10:54 . 2007-11-22 10:54 <DIR> d-------- C:\Documents and Settings\Bygvej 6\Application Data\Kingston
2007-11-15 20:33 . 2007-11-15 20:33 <DIR> d-------- C:\Documents and Settings\Bygvej 6\Application Data\vlc
2007-11-15 19:17 . 2007-11-15 19:17 <DIR> d-------- C:\Programmer\VideoLAN
2007-11-14 21:21 . 2007-11-14 21:22 <DIR> d-------- C:\Documents and Settings\Bygvej 6\Application Data\gtk-2.0
2007-11-14 21:07 . <DIR> C:\Programmer\Fælles filer\Adobe
2007-11-14 20:39 . 2007-11-14 20:39 <DIR> d-------- C:\ServerSafe
2007-11-14 20:37 . 2007-11-14 20:37 <DIR> d-------- C:\Programmer\ServerSafe
2007-11-14 20:37 . 2007-11-14 20:37 216,551 --a------ C:\WINDOWS\ServerSafe Uninstaller.exe
2007-11-12 12:52 . 2007-11-12 12:52 <DIR> d-------- C:\Programmer\Gabest
2007-11-11 14:22 . 2007-11-11 14:22 <DIR> d-------- C:\Programmer\CoreFTP
2007-11-11 14:22 . 2007-11-12 15:42 <DIR> d-------- C:\Documents and Settings\Bygvej 6\Application Data\CoreFTP
2007-11-11 09:52 . 2007-11-11 09:52 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-11-11 09:24 . 2007-11-11 09:24 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-11-11 09:24 . 2007-11-11 09:24 <DIR> d-------- C:\Programmer\D-Tools
2007-11-11 09:24 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-11-11 09:24 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-11-11 09:13 . 2007-11-11 09:13 <DIR> d-------- C:\Programmer\VSO
2007-11-11 09:13 . 2007-12-08 15:34 <DIR> d-------- C:\Documents and Settings\Bygvej 6\Application Data\Vso
2007-11-11 09:13 . 2006-09-29 11:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2007-11-11 09:13 . 2006-09-29 11:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2007-11-11 09:13 . 2006-09-29 11:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2007-11-11 09:13 . 2007-11-11 09:13 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-11-11 09:13 . 2007-11-11 09:13 47,360 --a------ C:\Documents and Settings\Bygvej 6\Application Data\pcouffin.sys
2007-11-11 01:27 . 2007-11-11 01:27 <DIR> d-------- C:\Programmer\Citrix
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-10 20:34 --------- d-----w C:\Documents and Settings\Bygvej 6\Application Data\.purple
2007-12-09 08:56 --------- d-----w C:\Documents and Settings\Bygvej 6\Application Data\Azureus
2007-12-07 20:01 --------- d-----w C:\Programmer\Azureus
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-26 09:15 --------- d--h--w C:\Programmer\InstallShield Installation Information
2007-11-22 10:34 --------- d-----w C:\Programmer\MSBuild
2007-11-05 20:29 --------- d-----w C:\Programmer\Xvid
2007-11-05 20:28 --------- d-----w C:\Programmer\AC3Filter
2007-11-05 19:42 --------- d-----w C:\Programmer\Pidgin
2007-11-05 19:42 --------- d-----w C:\Programmer\Fælles filer\GTK
2007-11-02 19:42 --------- d-----w C:\Programmer\Areca
2007-10-31 19:20 --------- d-----w C:\Programmer\R-Studio
2007-10-31 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2007-10-31 19:09 --------- d-----w C:\Programmer\Java
2007-10-31 19:08 --------- d-----w C:\Programmer\Fælles filer\Java
2007-10-24 10:36 --------- d-----w C:\Programmer\Fælles filer\SpeechEngines
2007-10-24 10:36 --------- d-----w C:\Programmer\Fælles filer\ODBC
2007-10-24 10:24 --------- d-----w C:\Documents and Settings\Bygvej 6\Application Data\BEC
2007-10-24 10:22 --------- d-----w C:\Programmer\Fælles filer\Aladdin Shared
2007-10-24 10:11 --------- d-----w C:\Programmer\Windows Desktop Search
2007-10-24 10:11 --------- d-----w C:\Documents and Settings\Bygvej 6\Application Data\Windows Desktop Search
2007-10-24 10:10 --------- d-----w C:\Programmer\Synaptics
2007-10-24 10:08 --------- d-----w C:\Programmer\MSXML 6.0
2007-10-24 09:44 --------- d-----w C:\Programmer\Reference Assemblies
2007-10-24 09:43 --------- d-----w C:\Programmer\Windows Media Connect 2
2007-10-24 09:25 --------- d-----w C:\Programmer\Alwil Software
2007-10-24 09:04 --------- d-----w C:\Programmer\Fælles filer\InstallShield
2007-10-24 09:04 --------- d-----w C:\Programmer\Broadcom
2007-10-24 09:03 --------- d-----w C:\Programmer\ATI Technologies
2007-10-24 09:03 --------- d-----w C:\Programmer\Analog Devices
2007-10-24 08:47 --------- d-----w C:\Programmer\microsoft frontpage
2007-10-24 08:45 --------- d-----w C:\Programmer\Onlinetjenester
2007-10-24 08:44 --------- d-----w C:\Programmer\Fælles filer\Tjenester
2007-10-24 08:44 --------- d-----w C:\Programmer\Fælles filer\MSSoap
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub)]
@={99FD978C-D287-4F50-827F-B2C658EDA8E7}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Groove Explorer Icon Overlay 2 (GFS Stub)]
@={AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)]
@={920E6DB1-9907-4370-B3A0-BAFC03D81399}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Groove Explorer Icon Overlay 3 (GFS Folder)]
@={16F3DD56-1AF5-4347-846D-7C10C4192619}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark)]
@={2916C86E-86A6-43FE-8112-43ABE6BF8DCC}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Offlinefiler]
[HKEY_CLASSES_ROOT\CLSID\{99FD978C-D287-4F50-827F-B2C658EDA8E7}]
2006-10-27 00:48 2210608 --a------ C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
[HKEY_CLASSES_ROOT\CLSID\{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}]
2006-10-27 00:48 2210608 --a------ C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
[HKEY_CLASSES_ROOT\CLSID\{920E6DB1-9907-4370-B3A0-BAFC03D81399}]
2006-10-27 00:48 2210608 --a------ C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
[HKEY_CLASSES_ROOT\CLSID\{16F3DD56-1AF5-4347-846D-7C10C4192619}]
2006-10-27 00:48 2210608 --a------ C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
[HKEY_CLASSES_ROOT\CLSID\{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}]
2006-10-27 00:48 2210608 --a------ C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-26 16:53]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmer\Fælles filer\Nero\Lib\NMBgMonitor.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-03-08 20:05]
"SoundMAXPnP"="C:\Programmer\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 08:11]
"SoundMAX"="C:\Programmer\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 11:41]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 08:12 C:\WINDOWS\AGRSMMSG.exe]
"SynTPStart"="C:\Programmer\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 01:29]
"eTCoreManager"="C:\Programmer\Fælles filer\Aladdin Shared\eToken\etCoreMgr.exe" []
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"DAEMON Tools-1033"="C:\Programmer\D-Tools\daemon.exe" [2004-08-22 17:05]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"GrooveMonitor"="C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"WinampAgent"="C:\Programmer\Winamp\winampa.exe" [2003-12-13 01:50]
"PWRISOVM.EXE"="C:\Programmer\PowerISO\PWRISOVM.EXE" [2007-08-07 01:05]
"NeroFilterCheck"="C:\Programmer\Fælles filer\Nero\Lib\NeroCheck.exe" []
"NBKeyScan"="C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 09:25]
"!AVG Anti-Spyware"="C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-26 16:53]
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Program Neighborhood Agent.lnk - C:\Programmer\Citrix\ICA Client\pnagent.exe [2006-11-08 18:33:12]
Windows-pc-s›gning.lnk - C:\Programmer\Windows Desktop Search\WindowsSearch.exe [2007-02-05 14:40:46]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programmer\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuuvsq]
wvuuvsq.dll
R0 ZetSFD;ZetSFD;C:\WINDOWS\system32\DRIVERS\ZetSFD.sys
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
R2 SFSZ;DataPlow SFS for Zetera Storage Devices;C:\WINDOWS\system32\drivers\sfsz.sys
R2 Z-SANService;Z-SAN Service;C:\Programmer\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
R3 AKSIFDH;Aladdin IFD Handler;C:\WINDOWS\system32\DRIVERS\aksifdh.sys
R3 eTSCFLT;eToken SmartCard Upper Class Filter Driver;C:\WINDOWS\system32\DRIVERS\eTSCFLT.sys
R3 ZetBus;Zetera Virtual Bus;C:\WINDOWS\system32\DRIVERS\ZetBus.sys
R3 ZetMPD;ZetMPD;C:\WINDOWS\system32\DRIVERS\ZetMPD.sys
S3 AKSUP;AKSUP;C:\WINDOWS\system32\drivers\aksup.sys
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\BYGVEJ~1\LOKALE~1\Temp\dkudbsxs.dll
.
**************************************************************************
catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-11 21:33:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-11 21:35:38 - machine was rebooted
.
--- E O F ---
********************************* ROOTCHK-(5-12-07)-LOG, by ejvindh
11-12-2007 21:36:52,17
The rootkits that are detected by this tool were not found.
********************************* ROOTCHK-LOG-end
catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-11 21:36:53
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
"khjeh"=hex:20,02,00,00,51,b5,3b,a1,b2,54,ca,df,01,22,23,6d,70,d1,4d,6b,c6,..
"hj34z0"=hex:78,53,34,98,ae,7f,35,19,74,9c,5a,1f,4d,b4,2d,04,b3,76,9c,5b,f2,..
"hj34z1"=hex:e7,53,34,98,d6,7f,35,19,75,9c,5b,1f,4c,b4,2d,04,b3,76,9c,5b,b2,..
"hj34z2"=hex:e7,53,34,98,d6,7f,35,19,75,9c,5b,1f,4c,b4,2d,04,b3,76,9c,5b,b2,..
"hj34z3"=hex:e7,53,34,98,d6,7f,35,19,75,9c,5b,1f,4c,b4,2d,04,b3,76,9c,5b,b2,..
"hj34z4"=hex:e7,53,34,98,d6,7f,35,19,75,9c,5b,1f,4c,b4,2d,04,b3,76,9c,5b,b2,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib]
"Last Counter"=dword:000011f2
"Last Help"=dword:000011f3
scanning hidden files ...
hidden processes: 0
hidden services: 0
hidden files: 0
