HJT+Combofix+Rootchk og SuperAntiSpyware-logs. Håber det giver mening for kloge mennesker?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:16:23, on 03-02-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Programmer\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Programmer\Digidesign\Drivers\MMERefresh.exe
C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
C:\Programmer\Mediafour\MacDrive 7\MacDriveServiceD.exe
C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmer\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programmer\Dell\QuickSet\quickset.exe
C:\Programmer\Apoint\Apoint.exe
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\Programmer\Ahead\InCD\InCD.exe
C:\Programmer\Dell\Media Experience\DMXLauncher.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\CyberLink\PCM4Everio\EverioService.exe
C:\Programmer\Logitech\Gaming Software\LWEMon.exe
C:\Programmer\Apoint\Apntex.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
C:\Programmer\Mediafour\MacDrive 7\MacDriveD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Programmer\Digital Line Detect\DLG.exe
C:\Programmer\Nikon\PictureProject\NkbMonitor.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programmer\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Programmer\Symantec\LiveUpdate\AUPDATE.EXE
C:\Programmer\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Programmer\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Programmer\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Programmer\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Programmer\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Downloads\0 efter 080201\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.dk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FÆLLES~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Norton-værktøjslinjen - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmer\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Programmer\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EverioService] "C:\Programmer\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Programmer\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmer\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Programmer\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [{FD1C41EC-B9AC-4F08-9BDB-CC8ECC8FC1B3}] "C:\Programmer\Mediafour\MacDrive 7\MacDriveD.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmer\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O9 - Extra button: FirstClass® - {02011FE3-C22B-451d-9A25-BF4DBB38B8E7} - C:\WINDOWS\Downloaded Program Files\fcplugin.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på den mobile enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -
http://www.musicnotes.com/download/mnviewer.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cabO16 - DPF: {3a4f9191-65a8-11d5-85c1-0001023952c1} (TE) -
http://130.228.229.80/homeskyline/TEInstall/TE.cabO16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) -
http://picasaweb.google.com/s/v/26.30/uploader2.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabO16 - DPF: {7AEBACC1-D7E4-4360-B520-6DA4C565B42C} (UploaderCtrl Class) -
http://foto.tdconline.dk/upload-classes/Uploader.cabO16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) -
https://titan.tv2.dk/sre/ICSScanner.cabO16 - DPF: {9C196458-4145-46AF-8A77-1506878DFECA} (FirstClass® Control) -
ftp://ftp.sektornet.dk/sektornet/skolekom/fcplugin.cabO16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} (SlimClient Class) -
https://titan.tv2.dk/SNX/CSHELL/extender.cabO16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) -
https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cabO18 - Protocol: fcp - {B3133379-8789-4D3C-9593-C205D7297501} - C:\WINDOWS\Downloaded Program Files\fcplugin.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Programmer\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Programmer\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Programmer\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmer\Fælles filer\EPSON\EBAPI\SAgent2.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: MacDriveServiceD - Mediafour Corporation - C:\Programmer\Mediafour\MacDrive 7\MacDriveServiceD.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Programmer\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FÆLLES~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Programmer\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: (no name) -
http://soundlution.dk/index-filer/image403.jpg--
End of file - 13424 bytes
ComboFix 08-02.03.1 - Peter Aclass 2008-02-03 11:47:02.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1030.18.1539 [GMT 1:00]
Running from: C:\Downloads\
0 efter 080201\Problemløsere\ComboFix\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
----- BITS: Possible infected sites -----
hxxp://www.download.windowsupdate.com.
((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 )))))))))))))))))))))))))))))))
.
2008-02-03 00:47 . 2008-02-03 11:35 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2008-02-03 00:47 . 2008-02-03 00:47 <DIR> d-------- C:\Documents and Settings\Peter Aclass\Application Data\SUPERAntiSpyware.com
2008-02-03 00:47 . 2008-02-03 00:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-03 00:37 . 2008-02-03 00:37 <DIR> d-------- C:\Programmer\CCleaner
2008-02-02 14:22 . 2008-02-02 14:22 <DIR> d-------- C:\Programmer\Lavasoft
2008-02-02 14:22 . 2008-02-02 14:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-02 13:24 . 2008-02-02 13:24 <DIR> d-------- C:\Documents and Settings\Peter Aclass\Application Data\TrojanHunter
2008-02-02 12:19 . 2008-02-02 12:19 <DIR> d-------- C:\Programmer\TrojanHunter 5.0
2008-01-26 13:42 . 2008-01-26 13:42 <DIR> d-------- C:\Programmer\Mediafour
2008-01-26 13:42 . 2008-01-26 13:42 <DIR> d-------- C:\Programmer\Fælles filer\Mediafour
2008-01-26 13:42 . 2008-01-26 13:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Mediafour
2008-01-26 13:34 . 2008-01-26 13:34 <DIR> d-------- C:\Programmer\Fælles filer\Avid
2008-01-26 13:31 . 2007-10-31 02:12 2,545,766 --a------ C:\WINDOWS\system32\dgfwdio.dll
2008-01-26 13:31 . 2007-10-30 23:03 270,336 --a------ C:\WINDOWS\system32\DigiPlatformSupport.dll
2008-01-26 13:31 . 2006-03-29 15:11 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll
2008-01-26 13:31 . 2007-10-31 02:15 24,080 --a------ C:\WINDOWS\system32\drivers\dgfwboot.sys
2008-01-26 13:31 . 2007-10-31 02:16 16,400 --a------ C:\WINDOWS\system32\drivers\diginet.sys
2008-01-26 13:28 . 2008-01-26 13:28 <DIR> d-------- C:\Documents and Settings\Peter Aclass\Application Data\InstallShield
2008-01-22 19:20 . 2008-01-22 19:20 <DIR> d-------- C:\Programmer\Windows Sidebar
2008-01-22 19:18 . 2008-01-23 08:12 <DIR> d-------- C:\Programmer\Norton Internet Security
2008-01-22 19:16 . 2008-01-23 08:03 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-22 19:16 . 2008-01-23 08:03 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-22 19:16 . 2008-01-23 08:03 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-22 19:16 . 2008-01-23 08:03 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-14 19:49 . 2008-01-14 19:49 <DIR> d-------- C:\BRKP080113
2008-01-11 23:25 . 2008-01-11 23:25 <DIR> d-------- C:\Programmer\iTunes
2008-01-11 23:25 . 2008-01-11 23:25 <DIR> d-------- C:\Programmer\iPod
2008-01-11 23:25 . 2008-02-03 10:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-11 23:25 . 2008-01-11 23:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-11 23:23 . 2008-01-11 23:24 <DIR> d-------- C:\Programmer\QuickTime
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 10:48 --------- d-----w C:\Programmer\Fælles filer\Symantec Shared
2008-02-03 09:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-02 23:47 --------- d-----w C:\Programmer\Fælles filer\Wise Installation Wizard
2008-02-02 17:28 --------- d-----w C:\Documents and Settings\Peter Aclass\Application Data\Digidesign
2008-02-02 10:50 --------- d-----w C:\Documents and Settings\Peter Aclass\Application Data\Lavasoft
2008-01-26 12:40 54,256 ----a-w C:\WINDOWS\system32\drivers\iLokDrvr.sys
2008-01-26 12:34 --------- d--h--w C:\Programmer\InstallShield Installation Information
2008-01-26 12:31 --------- d-----w C:\Programmer\Digidesign
2008-01-26 07:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-23 07:03 --------- d-----w C:\Programmer\Symantec
2008-01-22 18:25 --------- d-----w C:\Documents and Settings\Peter Aclass\Application Data\Symantec
2008-01-15 08:54 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-01-15 04:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-12 17:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-11-07 09:28 723,456 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:28 723,456 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-06-29 19:12 20 ---ha-w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2005-05-11 21:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2007-02-24 17:01 61 --sh--w C:\WINDOWS\cnerolf.dat
2006-07-09 09:51 80 --sh--r C:\WINDOWS\system32\24B743E8C0.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 20:51 316784 --a------ C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 09:08 116088 --a------ C:\PROGRA~1\FÆLLES~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 20:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{FD8348AB-D74A-4C76-B2FE-926FF6D7CC40}]
@=MacDrive Volume Icons
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 12:00 15360]
"H/PC Connection Agent"="C:\Programmer\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 18:17 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"ATIPTA"="C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"IntelWireless"="C:\Programmer\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59 385024]
"Dell QuickSet"="C:\Programmer\Dell\QuickSet\quickset.exe" [2005-03-04 11:26 606208]
"Apoint"="C:\Programmer\Apoint\Apoint.exe" [2004-09-13 16:33 155648]
"ISUSScheduler"="C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50 81920]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"InCD"="C:\Programmer\Ahead\InCD\InCD.exe" [2006-03-23 17:06 1398272]
"DMXLauncher"="C:\Programmer\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 01:01 86016]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]
"EverioService"="C:\Programmer\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 20:10 151552]
"Start WingMan Profiler"="C:\Programmer\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 15:03 93208]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"ccApp"="C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe" [2007-08-24 22:07 51048]
"osCheck"="C:\Programmer\Norton Internet Security\osCheck.exe" [2007-08-24 21:53 714608]
"DigidesignMMERefresh"="C:\Programmer\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 00:35 77824]
"{FD1C41EC-B9AC-4F08-9BDB-CC8ECC8FC1B3}"="C:\Programmer\Mediafour\MacDrive 7\MacDriveD.exe" [2007-04-18 13:27 159744]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 12:00 15360]
"Picasa Media Detector"="C:\Programmer\Picasa2\PicasaMediaDetector.exe" [2007-09-28 02:17 443968]
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Digital Line Detect.lnk - C:\Programmer\Digital Line Detect\DLG.exe [2005-10-28 01:53:53 24576]
NkbMonitor.exe.lnk - C:\Programmer\Nikon\PictureProject\NkbMonitor.exe [2007-01-23 20:27:47 118784]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Programmer\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Programmer\Intel\Wireless\Bin\LgNotify.dll
R0 DigiFilter;DigiFilter;C:\WINDOWS\system32\drivers\DigiFilt.sys [2006-12-08 22:50]
R0 MDFSYSNT;MacDrive file system driver;C:\WINDOWS\system32\drivers\MDFSYSNT.sys [2007-04-18 16:33]
R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys [2007-02-28 11:15]
R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys [2005-10-19 16:39]
R2 cpextender;Check Point SSL Network Extender;C:\Programmer\CheckPoint\SSL Network Extender\slimsvc.exe [2006-09-12 18:14]
R2 DigiNet;Digidesign Ethernet Support;C:\WINDOWS\system32\DRIVERS\diginet.sys [2007-10-31 02:16]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe" [2007-08-24 22:07]
R2 MacDriveServiceD;MacDriveServiceD;"C:\Programmer\Mediafour\MacDrive 7\MacDriveServiceD.exe" [2007-04-18 11:58]
R3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
R3 VNA;Check Point Virtual Network Adapter;C:\WINDOWS\system32\DRIVERS\vna.sys [2006-09-12 18:14]
S1 aiptektp;HyperPen;C:\WINDOWS\system32\DRIVERS\aiptektp.sys []
S2 Automatisk LiveUpdate-planlægning;Automatisk LiveUpdate-planlægning;"C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-08-31 11:49]
S3 2fa048a3-7d17-41cb-bd1a-2cdde7a1ddad;2fa048a3-7d17-41cb-bd1a-2cdde7a1ddad;D:\Player\cds300.dll []
S3 dalwdmservice;dal service;C:\WINDOWS\system32\drivers\dalwdm.sys [2007-10-31 02:15]
S3 iLokDrvr;iLok;C:\WINDOWS\system32\DRIVERS\iLokDrvr.sys [2008-01-26 13:40]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;C:\WINDOWS\system32\drivers\mbx2midk.sys [2006-11-13 14:37]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
S3 USB22LDR;M-Audio USB MidiSport 2x2 Loader;C:\WINDOWS\system32\drivers\usb22ldr.sys [2005-11-15 22:32]
S3 USBMN2X2;M-Audio USB MidiSport 2x2;C:\WINDOWS\system32\drivers\usbmn2x2.sys [2005-11-15 22:32]
S4 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 23:07]
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-22 18:29:01 C:\WINDOWS\Tasks\Norton Internet Security - Kør Fuld systemskanning - Peter Aclass.job"
- C:\Programmer\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2008-02-03 10:29:03 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Programmer\Symantec\LiveUpdate\NDetect.exe
"2008-02-02 12:04:34 C:\WINDOWS\Tasks\User_Feed_Synchronization-{FC920BF5-6290-44B5-A814-2AFCA0A93C70}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-03 11:48:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-03 11:49:22
ComboFix-quarantined-files.txt 2008-02-03 10:49:02
.
2008-01-09 18:34:54 --- E O F ---
********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh
03-02-2008 11:32:32.35
NOTICE!! Rootchk is not being updated anymore, and is thus gradually getting outdated.
Last update was made 28-12-07
The rootkits that are detected by this tool were not found.
********************************* ROOTCHK-LOG-end
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-03 11:32:32
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
IPC error: 2 Den angivne fil blev ikke fundet.
scanning hidden services & system hive ...
IPC error: 2 Den angivne fil blev ikke fundet.
scanning hidden registry entries ...
scanning hidden files ...
IPC error: 2 Den angivne fil blev ikke fundet.
hidden processes: 0
hidden services: 0
hidden files: 0
SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 02/03/2008 at 02:09 AM
Application Version : 3.7.1018
Core Rules Database Version : 3394
Trace Rules Database Version: 1386
Scan type : Complete Scan
Total Scan Time : 01:00:40
Memory items scanned : 196
Memory threats detected : 0
Registry items scanned : 8127
Registry threats detected : 0
File items scanned : 38402
File threats detected : 0
Ny bruger
Nybegynder
Opret
Preview
