Så er der et par friske log filer. Jeg kunne faktisk godt tænke mig at starte den helt forfra nu, men... ingen recovery og ingen cd:-(
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:04:17, on 05-06-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Programmer\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmer\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrator\Dokumenter\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.dk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmer\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmer\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksporter til Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmer\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} -
http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
http://messenger.zone.msn.com/binary/ZIntro.cab56649.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} -
http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cabO20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmer\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmer\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmer\HPQ\SHARED\HPQWMI.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 6272 bytes
ComboFix 08-06-03.4 - Administrator 2008-06-05 7:29:26.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1030.18.242 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Dokumenter\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))
.
2008-06-03 19:25 . 2008-06-03 19:25 <DIR> d-------- C:\Programmer\Auslogics
2008-06-03 19:25 . 2008-06-03 19:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Auslogics
2008-06-03 16:17 . 2008-06-03 16:17 <DIR> d-------- C:\Programmer\IObit
2008-06-03 06:14 . 2007-06-19 16:26 139,264 --a------ C:\WINDOWS\system32\igfxres.dll
2008-06-03 06:00 . 2006-11-14 16:21 110,592 --a------ C:\WINDOWS\system32\SynTPCo4.dll
2008-06-02 22:09 . 2008-06-02 22:09 <DIR> d-------- C:\Programmer\Avira
2008-06-02 17:18 . 2008-06-02 17:18 <DIR> d-------- C:\Programmer\CCleaner
2008-06-02 16:35 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-02 16:35 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-02 16:35 . 2008-02-16 19:46 85,504 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-02 16:35 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-02 16:35 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-02 16:35 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-02 16:35 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-02 16:35 . 2008-06-02 16:35 3,332 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-02 16:34 . 2008-06-02 16:34 <DIR> d-------- C:\cleaner
2008-05-25 08:40 . 2008-05-25 08:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-24 23:28 . 2008-03-01 14:58 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-24 23:28 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-24 23:28 . 2007-03-08 07:09 1,015,808 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-24 23:28 . 2008-03-01 14:58 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-24 23:28 . 2008-03-01 14:58 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-24 23:28 . 2008-03-01 14:58 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-24 23:28 . 2008-03-01 14:58 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-24 23:28 . 2008-03-01 14:58 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-24 23:28 . 2008-02-22 12:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-24 22:43 . 2008-05-24 23:46 <DIR> d-------- C:\WINDOWS\system32\da-dk
2008-05-24 22:43 . 2008-05-24 22:43 <DIR> d-------- C:\WINDOWS\system32\da
2008-05-24 22:43 . 2008-05-24 22:43 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-24 22:43 . 2008-05-24 22:43 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-24 22:14 . 2008-05-24 22:48 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-24 21:07 . 2004-08-03 22:29 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2008-05-24 21:07 . 2004-08-03 22:29 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2008-05-24 21:07 . 2004-08-03 22:29 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
2008-05-24 21:07 . 2004-08-03 22:29 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2008-05-24 21:07 . 2004-08-03 22:29 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys
2008-05-24 21:07 . 2004-08-03 22:29 11,295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys
2008-05-24 21:05 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-05-24 21:05 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2008-05-24 21:05 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2008-05-24 21:04 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
2008-05-24 13:31 . 2008-06-02 22:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-23 16:39 . 2008-05-23 16:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-05-23 15:12 . 2008-05-23 16:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-21 20:51 . 2008-05-23 16:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-05-21 20:50 . 2008-05-23 16:38 <DIR> d-------- C:\Programmer\Uniblue
2008-05-21 20:07 . 2008-05-21 20:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-21 20:06 . 2008-06-04 19:34 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2008-05-21 20:06 . 2008-05-21 20:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-05-21 20:05 . <DIR> C:\Programmer\Fælles filer\Wise Installation Wizard
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 18:20 --------- d--h--w C:\Programmer\InstallShield Installation Information
2008-06-04 18:18 --------- d-----w C:\Programmer\HPQ
2008-05-25 06:40 --------- d-----w C:\Programmer\Lavasoft
2008-05-25 06:40 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-05-22 04:13 --------- d-----w C:\Programmer\Windows Media Connect
2008-05-22 04:13 --------- d-----w C:\Programmer\Easy Internet signup
2008-05-22 04:13 --------- d-----w C:\Programmer\Altiris
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-20 16:03 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-04-14 16:06 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 16:06 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 16:06 284,672 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 16:06 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 16:06 150,528 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 16:06 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 16:06 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 15:46 80,256 ----a-w C:\WINDOWS\system32\drivers\parport.sys
2008-04-14 15:46 73,344 ----a-w C:\WINDOWS\system32\drivers\sr.sys
2008-04-14 15:46 68,096 ----a-w C:\WINDOWS\system32\drivers\pci.sys
2008-04-14 15:46 46,592 ----a-w C:\WINDOWS\system32\drivers\p3.sys
2008-04-14 15:46 120,320 ----a-w C:\WINDOWS\system32\drivers\pcmcia.sys
2008-04-14 15:43 800,000 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 15:43 153,600 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 15:42 24,832 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys
2008-04-14 15:41 5,504 ----a-w C:\WINDOWS\system32\drivers\intelide.sys
2008-04-14 15:41 40,576 ----a-w C:\WINDOWS\system32\drivers\crusoe.sys
2008-04-14 15:41 40,192 ----a-w C:\WINDOWS\system32\drivers\intelppm.sys
2008-04-14 15:41 37,504 ----a-w C:\WINDOWS\system32\drivers\isapnp.sys
2008-04-14 15:39 64,768 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 15:39 52,864 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 15:38 25,728 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 15:37 58,112 ----a-w C:\WINDOWS\system32\drivers\redbook.sys
2008-04-14 15:37 53,504 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 15:37 273,152 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 15:36 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys
2008-04-14 15:36 39,680 ----a-w C:\WINDOWS\system32\drivers\processr.sys
2008-04-14 15:35 41,600 ----a-w C:\WINDOWS\system32\drivers\amdk7.sys
2008-04-14 15:35 41,216 ----a-w C:\WINDOWS\system32\drivers\amdk6.sys
2008-04-14 15:34 30,336 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 15:34 23,296 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
2008-04-14 15:34 188,032 ----a-w C:\WINDOWS\system32\drivers\acpi.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 88,192 ----a-w C:\WINDOWS\system32\drivers\irda.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:47 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-13 18:46 61,696 ----a-w C:\WINDOWS\system32\drivers\ohci1394.sys
2008-04-13 18:46 59,136 ------w C:\WINDOWS\system32\drivers\rfcomm.sys
2008-04-13 18:46 53,376 ----a-w C:\WINDOWS\system32\drivers\1394bus.sys
2008-04-13 18:46 37,888 ------w C:\WINDOWS\system32\drivers\bthmodem.sys
2008-04-13 18:46 36,480 ------w C:\WINDOWS\system32\drivers\bthprint.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:05 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Programmer\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544]
"avgnt"="C:\Programmer\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2007-06-19 16:26 101144]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2007-06-19 16:26 125720]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2006-11-14 16:02 815104]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2007-06-19 16:26 84760]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-04-27 05:33 122941]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 18:05 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2008-05-21 20:48 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2004-09-07 16:28 213054 C:\Programmer\HPQ\Default Settings\cpqset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
C:\Programmer\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\Messenger\\msmsgs.exe"=
"C:\\Programmer\\Azureus\\Azureus.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Programmer\\NetMeeting\\conf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 13:50]
S3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 18:26]
S4 Automatisk LiveUpdate-planlægning;Automatisk LiveUpdate-planlægning;"C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []
.
Contents of the 'Scheduled Tasks' folder
"2008-05-22 04:01:19 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Programmer\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-05-21 19:23:35 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Programmer\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-05-23 14:45:46 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Programmer\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-05 07:40:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Programmer\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmer\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2008-06-05 7:45:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-05 05:45:00
ComboFix2.txt 2008-06-02 17:43:04
Pre-Run: 24,045,801,472 byte ledig
Post-Run: 24,080,642,048 byte ledig
243 --- E O F --- 2008-05-25 06:13:56
