Langsom computer
Hej alleKunne godt bruge lidt hjælp, har nedenstående indsat logs fra comboFix, Hijackthis og Superantispyware - håber der er en som vil bruge en smule af sin tid på at fortælle mig hvad jeg skal gøre for at få min computer til at køre mere optimalt.
På forhånd Tak for jeres gode gøremål.
ComboFix 08-07-11.1 - Mr. Karlsen 2008-07-12 15:59:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.1026 [GMT 2:00]
Running from: C:\Documents and Settings\Mr. Karlsen\Skrivebord\Oprydning på computer\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Mr. Karlsen\Application Data\inst.exe
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\oeminfo.ini
.
((((((((((((((((((((((((( Files Created from 2008-06-12 to 2008-07-12 )))))))))))))))))))))))))))))))
.
2008-07-12 12:59 . 2008-07-12 12:59 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2008-07-12 12:59 . 2008-07-12 12:59 <DIR> d-------- C:\Documents and Settings\Mr. Karlsen\Application Data\SUPERAntiSpyware.com
2008-07-12 12:59 . 2008-07-12 12:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-12 12:58 . <DIR> C:\Programmer\Fælles filer\Wise Installation Wizard
2008-07-12 12:56 . 2008-07-12 12:56 <DIR> d-------- C:\Programmer\CCleaner
2008-07-11 09:54 . 2008-07-11 09:54 <DIR> d-------- C:\Programmer\Codemasters
2008-07-11 09:38 . 2008-07-11 09:38 <DIR> d-------- C:\Documents and Settings\Mr. Karlsen\Application Data\atitray
2008-07-11 09:25 . 2007-09-28 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-07-11 09:24 . 2008-07-11 09:24 <DIR> d-------- C:\Programmer\Radeon Omega Drivers
2008-07-11 09:24 . 2008-07-11 09:24 <DIR> d-------- C:\Programmer\MultiRes
2008-07-11 09:10 . 2008-07-11 09:10 <DIR> d-------- C:\Documents and Settings\Mr. Karlsen\Application Data\RegClean
2008-07-11 08:34 . 2008-07-11 08:34 <DIR> d-------- C:\Documents and Settings\Mr. Karlsen\Application Data\Uniblue
2008-07-11 08:22 . 2008-05-30 14:11 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll
2008-07-11 08:21 . 2008-07-11 08:21 <DIR> d-------- C:\WINDOWS\Logs
2008-07-11 08:17 . 2008-07-11 08:17 <DIR> d-------- C:\Documents and Settings\Mr. Karlsen\Application Data\wsInspector
2008-07-11 08:14 . 2008-07-11 08:50 <DIR> d-------- C:\Programmer\Startup Inspector for Windows
2008-07-11 08:05 . 2008-07-11 08:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Codemasters
2008-07-11 08:04 . 2008-07-11 08:04 <DIR> d-------- C:\Programmer\OpenAL
2008-07-11 08:04 . 2008-07-11 08:04 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-07-11 08:04 . 2008-07-11 08:04 110,592 --a------ C:\WINDOWS\system32\OpenAL32.dll
2008-07-09 23:04 . 2008-07-09 23:04 <DIR> d-------- C:\WINDOWS\system32\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-11 08:43 --------- d-----w C:\Programmer\Steam
2008-07-11 07:11 --------- d-----w C:\Programmer\ATI Technologies
2008-07-09 23:42 --------- d-----w C:\Programmer\EA SPORTS
2008-06-21 16:19 --------- d-----w C:\Programmer\Winamp
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 18:00 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 16:42 --------- d-----w C:\Documents and Settings\Mr. Karlsen\Application Data\uTorrent
2008-05-17 14:17 --------- d-----w C:\Programmer\Fælles filer\Symantec Shared
2008-05-17 14:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-17 14:14 806 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-17 14:14 136,496 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-17 14:14 10,652 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-17 14:14 --------- d-----w C:\Programmer\Symantec
2008-05-14 19:05 --------- d-----w C:\Programmer\B2BPOKER
2008-01-21 15:19 47,360 -c--a-w C:\Documents and Settings\Mr. Karlsen\Application Data\pcouffin.sys
2008-01-17 21:45 16,760 -c--a-w C:\Documents and Settings\Mr. Karlsen\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 14:00 15360]
"WMPNSCFG"="C:\Programmer\Windows Media Player\WMPNSCFG.exe" [2006-11-15 11:30 204288]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EzButton"="C:\Programmer\EzButton\EzButton.EXE" [2005-03-01 20:15 417792]
"Apoint"="C:\Programmer\Apoint2K\Apoint.exe" [2005-03-01 20:17 151552]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-01 20:17 88361 C:\WINDOWS\AGRSMMSG.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"SoundMan"="SOUNDMAN.EXE" [2005-03-01 20:12 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AtiPTA"="atiptaxx.exe" [2006-02-22 03:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 14:00 15360]
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office10\OSA.EXE [2005-12-03 20:37:24 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmer\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Programmer\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"C:\\Programmer\\Java\\jre1.5.0_10\\bin\\javaw.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmer\\iTunes\\iTunes.exe"=
"C:\\Programmer\\Steam\\steamapps\\karlsen77\\condition zero\\hl.exe"=
"C:\\Programmer\\Steam\\steamapps\\karlsen77\\counter-strike\\hl.exe"=
"C:\\Programmer\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"C:\\Programmer\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"C:\\Programmer\\Internet Explorer\\iexplore.exe"=
"C:\\Programmer\\NETGEAR\\NETGEAR ProSafe VPN Client\\IreIKE.exe"=
"C:\Programmer\NETGEAR\NETGEAR ProSafe VPN Client\ViewLog.exe"= C:\Programmer\NETGEAR\NETGEAR ProSafe VPN Client\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog
"C:\Programmer\NETGEAR\NETGEAR ProSafe VPN Client\CmonApp.exe"= C:\Programmer\NETGEAR\NETGEAR ProSafe VPN Client\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp
"C:\Programmer\NETGEAR\NETGEAR ProSafe VPN Client\vpn.exe"= C:\Programmer\NETGEAR\NETGEAR ProSafe VPN Client\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 17:11]
R1 atitray;atitray;C:\Programmer\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [2007-11-05 09:55]
R2 Crypto;Crypto;C:\WINDOWS\system32\drivers\Crypto.sys [2004-07-30 23:20]
R2 IPSECDRV;SafeNet IPSec Plugin;C:\WINDOWS\system32\Drivers\IPSECDRV.sys [2004-08-11 22:01]
R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe [2007-08-18 19:21]
R3 Cap7134;LifeView WDM Video Capture;C:\WINDOWS\system32\DRIVERS\lvcap214.sys [2005-03-01 20:17]
R3 DniVap;SafeNet WAN Miniport (VA);C:\WINDOWS\system32\DRIVERS\vap.sys [2001-12-15 02:26]
R3 PhTVTune;Philips WDM TVTuner;C:\WINDOWS\system32\DRIVERS\Silicon.sys [2005-03-01 20:17]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-09-06 13:28]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64d557c2-441b-11dc-9302-0013ce997738}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2008-06-28 16:53:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2008-07-11 07:29:10 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Programmer\RegClean\RegClean.ex
- C:\Programmer\RegClean
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-ccApp - C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
Notify-LBTWlgn - c:\programmer\fælles filer\logishrd\bluetooth\LBTWlgn.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 16:05:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\lotus\notes\nslsvice.exe
C:\lotus\notes\nsl.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmer\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Programmer\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\NETGEAR\NETGEAR ProSafe VPN Client\IPSecMon.exe
C:\lotus\notes\ntmulti.exe
C:\Programmer\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmer\Windows Media Player\wmpnetwk.exe
C:\Programmer\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\cmd.exe
C:\Programmer\Apoint2K\ApntEx.exe
.
**************************************************************************
.
Completion time: 2008-07-12 16:11:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-12 14:10:12
Pre-Run: 20,417,081,344 byte ledig
Post-Run: 20,437,639,168 byte ledig
175 --- E O F --- 2008-07-09 13:19:09
________________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:56:12, on 12-07-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\lotus\notes\nslsvice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Programmer\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\NETGEAR\NETGEAR ProSafe VPN Client\IPSecMon.exe
C:\WINDOWS\runservice.exe
C:\lotus\notes\ntmulti.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\EzButton\EzButton.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programmer\Apoint2K\Apoint.exe
C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Apoint2K\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\NETGEAR\NETGEAR ProSafe VPN Client\SafeCfg.exe
C:\Programmer\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Mr. Karlsen\Skrivebord\Oprydning på computer\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [EzButton] C:\Programmer\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: NETGEAR ProSafe VPN Client.lnk = C:\Programmer\NETGEAR\NETGEAR ProSafe VPN Client\SafeCfg.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programmer\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.zepto.dk
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130365795703
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142321257187
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://betway.microgaming.com/betway/FlashAX.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SCR.local
O17 - HKLM\Software\..\Telephony: DomainName = SCR.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SCR.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = SCR.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = SCR.local
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Programmer\NETGEAR\NETGEAR ProSafe VPN Client\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Programmer\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmer\Fælles filer\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\lotus\notes\nslsvice.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\lotus\notes\ntmulti.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Programmer\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Programmer\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Programmer\Symantec\Symantec Endpoint Protection\Rtvscan.exe
--
End of file - 8826 bytes
______________________________________________________________________________________________
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/12/2008 at 03:48 PM
Application Version : 4.0.1154
Core Rules Database Version : 3503
Trace Rules Database Version: 1494
Scan type : Complete Scan
Total Scan Time : 02:35:43
Memory items scanned : 241
Memory threats detected : 0
Registry items scanned : 5216
Registry threats detected : 2
File items scanned : 19653
File threats detected : 5
Trojan.Media-Codec
HKCR\Media-Codec.Chl
HKCR\Media-Codec.Chl\CLSID
C:\Programmer\Media-Codec
Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@microsoftwga.112.2o7[1].txt
C:\Documents and Settings\administrator.SCRDOM\Cookies\administrator@microsoftwga.112.2o7[1].txt
C:\Documents and Settings\Default User\Cookies\administrator@microsoftwga.112.2o7[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\administrator@microsoftwga.112.2o7[1].txt
