Tre nye logs efter
http://www.eksperten.dk/artikler/1123 -manualen:
SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 07/01/2008 at 10:21 PM
Application Version : 4.0.1154
Core Rules Database Version : 3494
Trace Rules Database Version: 1485
Scan type : Complete Scan
Total Scan Time : 01:09:20
Memory items scanned : 168
Memory threats detected : 0
Registry items scanned : 5314
Registry threats detected : 0
File items scanned : 26356
File threats detected : 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:29:18, on 01-07-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmer\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Programmer\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\SPAMfighter\sfus.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\system32\Sysocmgr.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Alwil Software\Avast4\setup\avast.setup
C:\Documents and Settings\Rasmus.RASMUS-ABTWQL7H\Skrivebord\Eksperten\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.dk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Programmer\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Programmer\PlotSoft\PDFill\DownloadPDF.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) -
https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.20.cabO16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} -
http://www.musicnotes.com/download/mnviewer.cabO16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} -
http://www.pcpitstop.com/internet/pcpConnCheck.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitdefender.com/resources/scan8/oscan8.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204609489371O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204609471295O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cabO16 - DPF: {C87A3AD5-DE8E-4a2e-BF7B-D6BCD419DED1} -
http://www.envivio.tv/downloads/EnvivioTV/EnvivioTVAutomaticInstaller.exeO16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) -
https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cabO20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: ShellFolder for CD Burning - {E61B5E20-DE35-11CF-9C87-1579005127ED} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Programmer\SPAMfighter\sfus.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7006 bytes
ComboFix 08-06-20.4 - Rasmus 2008-07-01 22:31:00.2 - NTFSx86
Running from: C:\Documents and Settings\Rasmus.RASMUS-ABTWQL7H\Skrivebord\Eksperten\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))
.
2008-07-01 19:57 . 2008-07-01 20:29 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-07-01 11:11 . 2008-07-01 11:11 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2008-07-01 11:11 . 2008-07-01 11:11 <DIR> d-------- C:\Documents and Settings\Rasmus.RASMUS-ABTWQL7H\Application Data\SUPERAntiSpyware.com
2008-07-01 11:11 . 2008-07-01 11:11 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-07-01 11:04 . 2008-07-01 11:04 <DIR> d-------- C:\Programmer\CCleaner
2008-06-30 19:52 . 2008-07-01 18:32 <DIR> d-------- C:\Documents and Settings\Rasmus.RASMUS-ABTWQL7H\.housecall6.6
2008-06-20 14:32 . 2008-06-20 14:32 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\UDL
2008-06-20 14:28 . 2008-06-20 14:28 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON
2008-06-20 14:28 . 2006-12-08 04:04 76,800 --a------ C:\WINDOWS\system32\E_FLBCAE.DLL
2008-06-20 14:28 . 2006-04-19 04:00 62,976 --a------ C:\WINDOWS\system32\E_FD4BCAE.DLL
2008-06-20 14:28 . 2004-09-10 22:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-06-20 14:28 . 2004-08-04 07:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-20 14:28 . 2004-08-04 07:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-06-20 14:28 . 2004-08-04 06:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-20 14:28 . 2004-08-04 06:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-20 14:22 . 2008-06-20 14:32 <DIR> d-------- C:\Programmer\epson
2008-06-20 14:22 . 2006-12-28 00:00 208,896 --a------ C:\WINDOWS\system32\esint7e.dll
2008-06-20 14:22 . 2006-12-28 00:00 66,560 --a------ C:\WINDOWS\system32\eswia7e.dll
2008-06-20 14:22 . 2006-03-10 00:00 3,584 --a------ C:\WINDOWS\system32\eswiaml.dll
2008-06-20 14:22 . 2008-06-20 14:22 26 --a------ C:\WINDOWS\CDE DX4400DEFGIPS.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-01 20:27 --------- d-----w C:\Programmer\SPAMfighter
2008-07-01 18:36 --------- d-----w C:\Programmer\Spybot - Search & Destroy
2008-07-01 18:36 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-07-01 09:10 --------- d-----w C:\Programmer\Fælles filer\Wise Installation Wizard
2008-06-20 12:36 --------- d--h--w C:\Programmer\InstallShield Installation Information
2008-06-14 18:00 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-28 20:09 --------- d-----w C:\Documents and Settings\Rasmus.RASMUS-ABTWQL7H\Application Data\Azureus
2008-05-18 10:48 18,312 -c--a-w C:\Documents and Settings\Rasmus.RASMUS-ABTWQL7H\Application Data\GDIPFONTCACHEV1.DAT
2008-05-14 05:44 --------- d-----w C:\Documents and Settings\Rasmus.RASMUS-ABTWQL7H\Application Data\AdobeUM
2008-05-13 10:35 8,506,823 -c--a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-05 09:55 --------- d-----w C:\Programmer\FirstClass
2008-05-05 09:54 --------- d-----w C:\Documents and Settings\Rasmus.RASMUS-ABTWQL7H\Application Data\InstallShield
2008-05-05 09:28 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\e-Safekey
2008-05-05 09:00 --------- d-----w C:\Programmer\Windows Media Connect 2
2008-04-23 07:20 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2006-05-10 21:49 155,370 -c--a-w C:\Programmer\D-Tools.rar
2005-05-17 10:44 64,512 -c-ha-w C:\Documents and Settings\Rasmus.RASMUS-ABTWQL7H\Application Data\rbap450.dll
2002-01-11 21:34 40,960 -c--a-w C:\Programmer\amd3.idct.Xmpeg
2002-01-10 22:55 249,856 -c--a-w C:\Programmer\AVIPlugin.cm.xmpeg
2001-12-21 06:48 135,168 -c--a-w C:\Programmer\lame_enc.dll
2001-11-25 06:42 81,920 -c--a-w C:\Programmer\null.mism.Xmpeg
2001-11-14 21:32 53,248 -c--a-w C:\Programmer\idctmodule.idct.Xmpeg
2001-11-14 21:24 94,208 -c--a-w C:\Programmer\amd2.idct.Xmpeg
2001-03-16 13:21 53,248 -c--a-w C:\Programmer\Miha.idct.Xmpeg
2001-03-12 04:20 69,632 -c--a-w C:\Programmer\sse2.idct.Xmpeg
2004-09-29 20:49 56 --sh--r C:\WINDOWS\system32\727FB1C1CF.sys
2004-09-29 20:49 1,682 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( snapshot@2008-07-01_15.56.56,32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-01 17:57:39 45,056 ----a-w C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-07-01 17:57:39 10,240 ----a-w C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-07-01 17:57:39 27,136 ----a-w C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-07-01 17:57:41 181,760 ----a-w C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2008-01-09 13:01:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-07-01 17:57:42 142,848 ----a-w C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-07-01 17:57:39 86,016 ----a-w C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
- 2008-07-01 13:42:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-01 20:25:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-01-09 13:01:48 118,784 ----a-w C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\WINDOWS\Downloaded Program Files\ipsupd.dll
+ 2008-07-01 20:26:12 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_65c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Programmer\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 02:53 15360]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-10-29 17:50 4620288]
"nwiz"="nwiz.exe" [2004-10-29 17:50 921600 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-10-29 17:50 86016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"SoundMan"="SOUNDMAN.EXE" [2006-11-09 16:39 598016 C:\WINDOWS\SOUNDMAN.EXE]
"ZoneAlarm Client"="C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02 919280]
"AudioDeck"="C:\Programmer\VIA\VIAudioi\SBADeck\ADeck.exe" [2006-11-02 16:57 528384]
"SPAMfighter Agent"="C:\Programmer\SPAMfighter\SFAgent.exe" [2007-10-25 16:29 308880]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-27 02:53 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 0 (0x0)
"Btn_Search"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= IR41_32.DLL
"vidc.xvid"= xvid.dll
"msacm.divxa32"= DivXa32.acm
"vidc.3IV2"= 3ivxVfWCodec.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menuen Start^Programmer^Start^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menuen Start\Programmer\Start\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menuen Start^Programmer^Start^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menuen Start\Programmer\Start\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menuen Start^Programmer^Start^Adobe Reader Hurtigstart.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader Hurtigstart.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menuen Start^Programmer^Start^NaturalColorLoad.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menuen Start\Programmer\Start\NaturalColorLoad.lnk
backup=C:\WINDOWS\pss\NaturalColorLoad.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menuen Start^Programmer^Start^Post-it® Software Notes.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menuen Start\Programmer\Start\Post-it® Software Notes.lnk
backup=C:\WINDOWS\pss\Post-it® Software Notes.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menuen Start^Programmer^Start^RealDownload.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menuen Start\Programmer\Start\RealDownload.lnk
backup=C:\WINDOWS\pss\RealDownload.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Rasmus.RASMUS-ABTWQL7H^Menuen Start^Programmer^Start^SpeedFan.lnk]
path=C:\Documents and Settings\Rasmus.RASMUS-ABTWQL7H\Menuen Start\Programmer\Start\SpeedFan.lnk
backup=C:\WINDOWS\pss\SpeedFan.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
C:\Programmer\D-Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
C:\PROGRA~1\DAP\DAP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
E:\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:55 5674352 C:\Programmer\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a--c--- 2001-06-12 16:36 151552 C:\WINDOWS\System32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programmer\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Programmer\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Programmer\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
C:\Programmer\TrojanHunter 3.9\THGuard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmer\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
Contents of the 'Scheduled Tasks' folder
"2008-06-13 17:04:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-01 22:34:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AudioDeck = C:\Programmer\VIA\VIAudioi\SBADeck\ADeck.exe 1?????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-01 22:39:32
ComboFix-quarantined-files.txt 2008-07-01 20:39:09
ComboFix2.txt 2008-07-01 13:57:45
Pre-Run: 6,963,703,808 byte ledig
Post-Run: 6,980,108,288 byte ledig
180 --- E O F --- 2008-07-01 07:09:09
Hvad er status nu?
Mvh Anders
