Ok så er det gjort. Men O4 - HKLM\..\Run: [MSN] ntmngr.exe var der ikke
Her er friske logs:
Logfile of HijackThis v1.99.1
Scan saved at 16:57, on 2008-01-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Network Associates\Common Framework\FrameworkService.exe
C:\Programmer\Network Associates\VirusScan\Mcshield.exe
C:\Programmer\Network Associates\VirusScan\VsTskMgr.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE
C:\Programmer\Network Associates\Common Framework\UpdaterUI.exe
C:\Programmer\Fælles filer\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\stsystra.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe
C:\Programmer\Microsoft ActiveSync\Wcescomm.exe
C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmer\Customer\Wireless PCI_CardBus utility V1.01\Wireless PCI_CardBus utility V1.01.exe
C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmer\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmer\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Programmer\Fælles filer\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\clean\alternativ.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.dk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://companywebR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Programmer\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmer\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programmer\Fælles filer\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmer\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - Global Startup: Wireless PCI_CardBus utility V1.01.exe.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Easy-WebPrint Add To Print List -
res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.htmlO8 - Extra context menu item: Easy-WebPrint High Speed Print -
res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.htmlO8 - Extra context menu item: Easy-WebPrint Preview -
res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.htmlO8 - Extra context menu item: Easy-WebPrint Print -
res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.htmlO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) -
http://downol.dr.dk/download/netradio/Rawflow.cabO16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) -
http://mail/connectcomputer/nshelp.dllO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199212470982O17 - HKLM\System\CCS\Services\Tcpip\..\{C1E13A87-24DD-4965-8FEF-37363368D5EC}: NameServer = 192.168.1.50
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FLLESF~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Programmer\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programmer\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programmer\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
ComboFix 08-01-11.3 - Jacob 2008-01-13 16:48:51.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.1436 [GMT 1:00]
Running from: C:\clean\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))
.
2008-01-12 23:35 . 2008-01-12 23:35 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-01-12 22:51 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 21:59 . 2008-01-12 22:44 <DIR> d-------- C:\quarantine
2008-01-12 21:24 . 2008-01-12 21:24 <DIR> d-------- C:\Programmer\Microsoft Visual Studio 8
2008-01-12 21:22 . 2008-01-12 21:24 <DIR> d-------- C:\Programmer\Microsoft Expression
2008-01-12 21:22 . 2008-01-13 12:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-12 19:33 . 2008-01-01 19:19 <DIR> d-------- C:\Documents and Settings\Administrator.JKKONTOR\Skrivebord
2008-01-12 19:33 . 2008-01-01 19:22 <DIR> d--h----- C:\Documents and Settings\Administrator.JKKONTOR\Skabeloner
2008-01-12 19:33 . 2008-01-01 19:19 <DIR> d--h----- C:\Documents and Settings\Administrator.JKKONTOR\Printere
2008-01-12 19:33 . 2008-01-01 19:19 <DIR> dr------- C:\Documents and Settings\Administrator.JKKONTOR\Menuen Start
2008-01-12 19:33 . 2008-01-13 16:44 <DIR> d--h----- C:\Documents and Settings\Administrator.JKKONTOR\Lokale indstillinger
2008-01-12 19:33 . 2008-01-12 19:33 <DIR> dr------- C:\Documents and Settings\Administrator.JKKONTOR\Foretrukne
2008-01-12 19:33 . 2008-01-12 19:33 <DIR> dr------- C:\Documents and Settings\Administrator.JKKONTOR\Dokumenter
2008-01-12 19:33 . 2008-01-01 19:19 <DIR> d--h----- C:\Documents and Settings\Administrator.JKKONTOR\Andre computere
2008-01-12 19:28 . 2008-01-01 19:19 <DIR> d-------- C:\Documents and Settings\Administrator\Skrivebord
2008-01-12 19:28 . 2008-01-01 19:22 <DIR> d--h----- C:\Documents and Settings\Administrator\Skabeloner
2008-01-12 19:28 . 2008-01-01 19:19 <DIR> d--h----- C:\Documents and Settings\Administrator\Printere
2008-01-12 19:28 . 2008-01-01 19:19 <DIR> dr------- C:\Documents and Settings\Administrator\Menuen Start
2008-01-12 19:28 . 2008-01-01 19:19 <DIR> d--h----- C:\Documents and Settings\Administrator\Lokale indstillinger
2008-01-12 19:28 . 2008-01-01 19:19 <DIR> d-------- C:\Documents and Settings\Administrator\Foretrukne
2008-01-12 19:28 . 2008-01-01 19:19 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenter
2008-01-12 19:28 . 2008-01-01 19:19 <DIR> d--h----- C:\Documents and Settings\Administrator\Andre computere
2008-01-12 19:24 . 2008-01-12 12:06 1,707 --a------ C:\HijackThis.lnk
2008-01-12 19:18 . 2008-01-12 19:18 <DIR> d-------- C:\Programmer\CCleaner
2008-01-12 19:03 . 2008-01-13 16:48 <DIR> d-------- C:\clean
2008-01-12 12:06 . 2008-01-12 12:06 <DIR> d-------- C:\Programmer\Trend Micro
2008-01-12 11:35 . 2008-01-12 11:49 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-12 11:22 . 2008-01-12 22:56 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2008-01-12 11:22 . 2008-01-12 19:24 <DIR> d-------- C:\Documents and Settings\Jacob.KROHN\Application Data\SUPERAntiSpyware.com
2008-01-12 11:22 . 2008-01-12 11:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-11 21:41 . 2008-01-11 21:41 <DIR> d-------- C:\Programmer\Windows Media Connect 2
2008-01-11 21:41 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-01-11 21:41 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-01-11 21:41 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-01-11 21:40 . 2008-01-11 23:06 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-11 09:13 . 2008-01-11 09:13 <DIR> d-------- C:\Programmer\Fælles filer\PCSuite
2008-01-11 09:13 . 2008-01-11 09:13 <DIR> d-------- C:\Programmer\Fælles filer\Nokia
2008-01-08 21:30 . 2008-01-08 21:30 <DIR> d-------- C:\Programmer\iTunes
2008-01-08 21:30 . 2008-01-08 21:30 <DIR> d-------- C:\Programmer\iPod
2008-01-08 21:30 . 2008-01-08 21:30 <DIR> d-------- C:\Documents and Settings\Jacob.KROHN\Application Data\Apple Computer
2008-01-08 21:30 . 2008-01-13 16:43 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-08 21:30 . 2008-01-08 21:30 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-08 21:29 . 2008-01-08 21:29 <DIR> d-------- C:\Programmer\QuickTime
2008-01-08 21:29 . 2008-01-08 21:29 <DIR> d-------- C:\Programmer\Fælles filer\Apple
2008-01-08 21:29 . 2008-01-08 21:29 <DIR> d-------- C:\Programmer\Apple Software Update
2008-01-08 21:29 . 2008-01-08 21:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-08 21:29 . 2008-01-08 21:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-07 21:38 . 2008-01-07 21:38 <DIR> d-------- C:\Programmer\Lavasoft
2008-01-07 21:38 . 2008-01-12 19:23 <DIR> d-------- C:\Programmer\Fælles filer\Wise Installation Wizard
2008-01-07 21:38 . 2008-01-07 21:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-07 12:24 . 2008-01-01 19:19 <DIR> d-------- C:\Documents and Settings\__sbs_netsetup__\Skrivebord
2008-01-07 12:24 . 2008-01-01 19:22 <DIR> d--h----- C:\Documents and Settings\__sbs_netsetup__\Skabeloner
2008-01-07 12:24 . 2008-01-07 12:24 <DIR> dr-h----- C:\Documents and Settings\__sbs_netsetup__\SendTo
2008-01-07 12:24 . 2008-01-07 12:24 <DIR> dr-h----- C:\Documents and Settings\__sbs_netsetup__\Recent
2008-01-07 12:24 . 2008-01-01 19:19 <DIR> d--h----- C:\Documents and Settings\__sbs_netsetup__\Printere
2008-01-07 12:24 . 2008-01-01 19:19 <DIR> dr------- C:\Documents and Settings\__sbs_netsetup__\Menuen Start
2008-01-07 12:24 . 2008-01-13 16:44 <DIR> d--h----- C:\Documents and Settings\__sbs_netsetup__\Lokale indstillinger
2008-01-07 12:24 . 2008-01-07 12:24 <DIR> dr------- C:\Documents and Settings\__sbs_netsetup__\Foretrukne
2008-01-07 12:24 . 2008-01-07 12:24 <DIR> dr------- C:\Documents and Settings\__sbs_netsetup__\Dokumenter
2008-01-07 12:24 . 2008-01-01 19:24 <DIR> d--hs---- C:\Documents and Settings\__sbs_netsetup__\Cookies
2008-01-07 12:24 . 2008-01-07 12:24 <DIR> d---s---- C:\Documents and Settings\__sbs_netsetup__\Application Data\Microsoft
2008-01-07 12:24 . 2008-01-07 12:24 <DIR> d-------- C:\Documents and Settings\__sbs_netsetup__\Application Data\Identities
2008-01-07 12:24 . 2008-01-07 12:24 <DIR> dr-h----- C:\Documents and Settings\__sbs_netsetup__\Application Data
2008-01-07 12:24 . 2008-01-01 19:19 <DIR> d--h----- C:\Documents and Settings\__sbs_netsetup__\Andre computere
2008-01-07 12:24 . 2008-01-07 12:25 786,432 --ah----- C:\Documents and Settings\__sbs_netsetup__\NTUSER.DAT
2008-01-07 12:12 . 2008-01-07 12:12 <DIR> dr------- C:\Dokumenter
2008-01-07 11:17 . 2008-01-07 11:17 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-01-07 11:17 . 2008-01-07 11:17 <DIR> d-------- C:\Programmer\Microsoft.NET
2008-01-07 11:17 . 2008-01-12 21:24 <DIR> d-------- C:\Programmer\Microsoft Works
2008-01-07 11:13 . 2008-01-07 11:13 <DIR> dr-h----- C:\MSOCache
2008-01-04 14:03 . 2008-01-07 12:34 <DIR> d-------- C:\Programmer\Microsoft ActiveSync
2008-01-04 13:59 . 2008-01-04 13:59 <DIR> d-------- C:\Programmer\Fælles filer\Adobe
2008-01-04 13:44 . 2008-01-04 13:44 <DIR> d-------- C:\Programmer\SigmaTel
2008-01-04 13:44 . 2006-07-27 14:24 1,171,464 --a------ C:\WINDOWS\system32\drivers\sthda.sys
2008-01-04 13:44 . 2006-07-26 10:58 1,093,632 --a------ C:\WINDOWS\system32\stlang.dll
2008-01-04 13:44 . 2006-07-27 14:19 282,624 --a------ C:\WINDOWS\stsystra.exe
2008-01-04 13:44 . 2006-07-27 14:20 225,280 --a------ C:\WINDOWS\system32\stacapi.dll
2008-01-04 13:44 . 2006-07-27 14:21 117,248 --a------ C:\WINDOWS\system32\staco.dll
2008-01-04 13:01 . 2008-01-04 13:01 <DIR> d-------- C:\Programmer\PC Connectivity Solution
2008-01-04 13:01 . 2008-01-11 09:13 <DIR> d-------- C:\Programmer\Nokia
2008-01-04 13:01 . 2008-01-04 13:01 <DIR> d-------- C:\Programmer\DIFX
2008-01-04 13:01 . 2008-01-11 09:16 <DIR> d-------- C:\Documents and Settings\Jacob.KROHN\Application Data\PC Suite
2008-01-04 13:01 . 2008-01-11 09:15 <DIR> d-------- C:\Documents and Settings\Jacob.KROHN\Application Data\Nokia
2008-01-04 13:01 . 2008-01-11 23:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-01-04 13:01 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-01-04 13:00 . 2008-01-04 13:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-01-03 22:57 . 2008-01-06 17:49 <DIR> d-------- C:\Documents and Settings\Jacob.KROHN\Contacts
2008-01-03 09:23 . 2008-01-03 09:23 <DIR> d-------- C:\Programmer\MSXML 4.0
2008-01-02 15:43 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-02 15:43 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-02 15:43 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-02 13:12 . 2008-01-02 13:12 <DIR> d-------- C:\Programmer\Fælles filer\Ahead
2008-01-02 13:12 . 2008-01-02 13:12 <DIR> d-------- C:\Programmer\Ahead
2008-01-02 13:12 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-01-02 13:12 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-01-02 13:12 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-01-02 13:12 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-01-02 13:12 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-01-02 13:12 . 2004-03-02 17:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-01-02 13:12 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 12:44 --------- d--h--w C:\Programmer\InstallShield Installation Information
2008-01-01 19:57 --------- d-----w C:\Programmer\AMD
2008-01-01 19:31 --------- d-----w C:\Programmer\Fælles filer\InstallShield
2008-01-01 19:23 --------- d-----w C:\Programmer\Creative
2008-01-01 19:18 --------- d-----w C:\Programmer\Broadcom
2008-01-01 18:32 --------- d-----w C:\Programmer\Customer
2008-01-01 18:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-01 18:24 --------- d-----w C:\Programmer\microsoft frontpage
2008-01-01 18:23 --------- d-----w C:\Programmer\Fælles filer\Tjenester
2008-01-01 18:23 --------- d-----w C:\Programmer\Fælles filer\MSSoap
2008-01-01 18:22 --------- d-----w C:\Programmer\Onlinetjenester
2008-01-01 18:19 --------- d-----w C:\Programmer\Fælles filer\SpeechEngines
2008-01-01 18:19 --------- d-----w C:\Programmer\Fælles filer\ODBC
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:28 723,456 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-06 08:20 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll
2007-10-29 22:44 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
.
((((((((((((((((((((((((((((( snapshot_2008-01-13_16.44.21.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-13 15:37:31 48,956 ----a-w C:\WINDOWS\system32\perfc006.dat
+ 2008-01-13 15:44:28 48,956 ----a-w C:\WINDOWS\system32\perfc006.dat
- 2008-01-13 15:37:31 41,644 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-13 15:44:28 41,644 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-13 15:37:31 329,336 ----a-w C:\WINDOWS\system32\perfh006.dat
+ 2008-01-13 15:44:28 329,336 ----a-w C:\WINDOWS\system32\perfh006.dat
- 2008-01-13 15:37:31 315,986 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-13 15:44:28 315,986 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 01:53 15360]
"msnmsgr"="C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" [2007-10-18 11:34 5724184]
"H/PC Connection Agent"="C:\Programmer\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39 1289000]
"Nokia.PCSync"="C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-04-23 15:46 1318128]
"PC Suite Tray"="C:\Programmer\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSVolFE.exe"="C:\Programmer\Creative\Mixer\CTSVolFE.exe" [2005-02-23 15:57 57344]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-27 01:53 110592 C:\WINDOWS\system32\bthprops.cpl]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-23 14:12 7630848]
"nwiz"="nwiz.exe" [2006-08-23 14:12 1617920 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-23 14:12 86016]
"Easy-PrintToolBox"="C:\Programmer\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600]
"ShStatEXE"="C:\Programmer\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 08:00 94208]
"McAfeeUpdaterUI"="C:\Programmer\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50 139320]
"Network Associates Error Reporting Service"="C:\Programmer\Fælles filer\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48 147514]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-27 14:19 282624 C:\WINDOWS\stsystra.exe]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-27 01:53 15360]
"Nokia.PCSync"="C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Wireless PCI_CardBus utility V1.01.exe.lnk - C:\Programmer\Customer\Wireless PCI_CardBus utility V1.01\Wireless PCI_CardBus utility V1.01.exe [2008-01-01 19:32:18]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
*Newly Created Service* - ENTDRV51
.
Contents of the 'Scheduled Tasks' folder
"2008-01-08 20:29:26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-13 16:50:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-13 16:55:02
ComboFix-quarantined-files.txt 2008-01-13 15:55:01
ComboFix2.txt 2008-01-12 21:54:23
.
2008-01-12 22:35:47 --- E O F ---
