Så endelig kommer de logs.
ComboFix 07-09-10.6 - “HP_Administrator” 2007-09-13 16:17:09.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1292 [GMT 2:00]
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-08-13 to 2007-09-13 )))))))))))))))))))))))))))))))
.
2007-09-13 15:55 <DIR> d————C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-09-13 13:45 10,872—a———C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-11 17:24 <DIR> d————C:\DOCUME~1\HP_ADM~1\APPLIC~1\ICQ Toolbar
2007-09-11 17:03 <DIR> d————C:\Program Files\ICQToolbar
2007-09-11 17:03 <DIR> d————C:\Program Files\ICQ6
2007-09-11 17:03 <DIR> d————C:\DOCUME~1\HP_ADM~1\APPLIC~1\ICQ
2007-09-11 17:02 <DIR> d————C:\DOCUME~1\HP_ADM~1\APPLIC~1\InstallShield
2007-09-11 15:27 <DIR> d————C:\DOCUME~1\HP_ADM~1\APPLIC~1\GlarySoft
2007-09-11 15:24 <DIR> d————C:\Program Files\Glary Utilities
2007-09-10 13:07 <DIR> d————C:\Program Files\WashAndGo
2007-09-09 09:55 <DIR> d————C:\DOCUME~1\HP_ADM~1\APPLIC~1\WinRAR
2007-09-04 13:13 1,072—a———C:\WINDOWS\system32\tmp.reg
2007-09-03 14:11 51,200—a———C:\WINDOWS\nircmd.exe
2007-08-29 14:13 130,856,430—a———C:\DOCUME~1\HP_ADM~1\backup22.reg
2007-08-24 17:14 <DIR> d————C:\Program Files\Plato DVD Copy
2007-08-18 17:57 356,352—a———C:\WINDOWS\system32\NVUNINST.EXE
2007-08-18 17:56 <DIR> d————C:\NVIDIA
2007-08-15 15:17 <DIR> d————C:\Program Files\Common Files\ACD Systems
2007-08-15 15:16 10,368—a———C:\WINDOWS\system32\drivers\pfc.sys
2007-08-15 14:06 <DIR> d————C:\Program Files\MSXML 6.0
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-13 16:09————- d————C:\DOCUME~1\HP_ADM~1\APPLIC~1\MailWasherPro
2007-09-13 09:20————- d————C:\Program Files\Spyware Doctor
2007-09-11 17:03————- d—h——- C:\Program Files\InstallShield Installation Information
2007-09-11 14:31————- d————C:\Program Files\SUPERAntiSpyware
2007-09-10 13:12————- d————C:\Program Files\RogueRemover
2007-09-10 12:42————- d————C:\Program Files\TrojanHunter 4.7
2007-09-07 20:32————- d————C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-07 17:27————- d————C:\Program Files\NoAdware3
2007-09-06 20:13————- d————C:\DOCUME~1\HP_ADM~1\APPLIC~1\Launchy
2007-09-03 21:53————- d————C:\Program Files\XoftSpySE
2007-09-03 14:43————- d————C:\Program Files\Google
2007-09-03 11:54————- d————C:\Program Files\Yahoo!
2007-09-02 15:18————- d————C:\DOCUME~1\HP_ADM~1\APPLIC~1\Vso
2007-08-29 13:05————- d————C:\Program Files\AusLogics BoostSpeed
2007-08-26 17:08————- d————C:\Program Files\AusLogics Disk Defrag
2007-08-26 12:29————- d————C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-08-26 11:35————- d————C:\Program Files\RegScrubXP
2007-08-25 22:24————- d————C:\Program Files\MailWasher Pro
2007-08-24 17:14————- d————C:\Program Files\Common Files\Download Manager
2007-08-16 17:10————- d————C:\Program Files\Common Files\Wise Installation Wizard
2007-08-16 17:10————- d————C:\DOCUME~1\HP_ADM~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-15 14:55————- d————C:\Program Files\Lavasoft
2007-08-15 14:07————- d————C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-08-12 14:51————- d————C:\DOCUME~1\HP_ADM~1\APPLIC~1\TrojanHunter
2007-08-11 12:09 9344—a———C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-11 12:09 8320—a———C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-06 16:41————- d————C:\DOCUME~1\HP_ADM~1\APPLIC~1\XnView
2007-08-05 20:05————- d————C:\DOCUME~1\HP_ADM~1\APPLIC~1\dvdcss
2007-08-03 18:27————- d————C:\Program Files\Advanced WindowsCare V2
2007-08-02 15:18————- d————C:\Program Files\Microsoft Visual Studio 8
2007-08-01 15:19————- d————C:\Program Files\PowerISO
2007-07-31 13:42————- d————C:\Program Files\Quake 4 Demo
2007-07-30 20:24————- d————C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-07-30 19:19 92504—a———C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504—a———C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720—a———C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720—a———C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080—a———C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080—a———C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352—a—c—- C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976—a———C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976—a———C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224—a———C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736—a———C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096—a———C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096—a———C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984—a———C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984—a———C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624—a—c—- C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624—a———C:\WINDOWS\system32\dllcache\wups.dll
2007-07-30 18:27————- d————C:\Program Files\FineReader Professional
2007-07-21 22:12————- d————C:\Program Files\Picasa2
2007-07-21 21:24————- d————C:\Program Files\SpywareBlaster
2007-07-19 08:59 3583488—a———C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-17 16:34————- d————C:\Program Files\NetMeter
2007-07-14 14:03————- d————C:\Program Files\DirectVobSub
2007-07-13 01:31 765952—a———C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-09 15:26 117732216—a———C:\DOCUME~1\HP_ADM~1\backup2.reg
2007-06-29 01:54 356352—a—c—- C:\WINDOWS\system32\nvunrm.exe
2007-06-29 01:54 356352—a—c—- C:\WINDOWS\system32\nvudisp.exe
2007-06-29 00:43 8466432—a———C:\WINDOWS\system32\nvcpl.dll
2007-06-29 00:43 81920—a———C:\WINDOWS\system32\nvwddi.dll
2007-06-29 00:43 81920—a———C:\WINDOWS\system32\nvmctray.dll
2007-06-29 00:43 753664—a———C:\WINDOWS\system32\nvcplui.exe
2007-06-29 00:43 6807328—a———C:\WINDOWS\system32\dllcache\nv4_mini.sys
2007-06-29 00:43 6729728—a———C:\WINDOWS\system32\nvoglnt.dll
2007-06-29 00:43 6234112—a———C:\WINDOWS\system32\nvdisps.dll
2007-06-29 00:43 5690624—a———C:\WINDOWS\system32\nv4_disp.dll
2007-06-29 00:43 5690624—a———C:\WINDOWS\system32\dllcache\nv4_disp.dll
2007-06-29 00:43 5455872—a———C:\WINDOWS\system32\nvdispsr.dll
2007-06-29 00:43 466944—a———C:\WINDOWS\system32\nvshell.dll
2007-06-29 00:43 458752—a———C:\WINDOWS\system32\nvmccssr.dll
2007-06-29 00:43 45056—a———C:\WINDOWS\system32\nvmccsrs.dll
2007-06-29 00:43 442368—a———C:\WINDOWS\system32\nvappbar.exe
2007-06-29 00:43 425984—a———C:\WINDOWS\system32\keystone.exe
2007-06-29 00:43 37376—a———C:\WINDOWS\system32\nvcodins.dll
2007-06-29 00:43 37376—a———C:\WINDOWS\system32\nvcod.dll
2007-06-29 00:43 360448—a———C:\WINDOWS\system32\nvapi.dll
2007-06-29 00:43 3600384—a———C:\WINDOWS\system32\nvvitvsr.dll
2007-06-29 00:43 3518464—a———C:\WINDOWS\system32\nvvitvs.dll
2007-06-29 00:43 3321856—a———C:\WINDOWS\system32\nvgames.dll
2007-06-29 00:43 3072000—a———C:\WINDOWS\system32\nvgamesr.dll
2007-06-29 00:43 307200—a———C:\WINDOWS\system32\nvexpbar.dll
2007-06-29 00:43 286720—a———C:\WINDOWS\system32\nvnt4cpl.dll
2007-06-29 00:43 2854912—a———C:\WINDOWS\system32\nvmoblsr.dll
2007-06-29 00:43 2416640—a———C:\WINDOWS\system32\nvwssr.dll
2007-06-29 00:43 2330624—a———C:\WINDOWS\system32\nvwss.dll
2007-06-29 00:43 229376—a———C:\WINDOWS\system32\nvmccs.dll
2007-06-29 00:43 188416—a———C:\WINDOWS\system32\nvmccss.dll
2007-06-29 00:43 1703936—a———C:\WINDOWS\system32\nvwdmcpl.dll
2007-06-29 00:43 1626112—a———C:\WINDOWS\system32\nwiz.exe
2007-06-29 00:43 155716—a———C:\WINDOWS\system32\nvsvc32.exe
2007-06-29 00:43 1474560—a———C:\WINDOWS\system32\nview.dll
2007-06-29 00:43 147456—a———C:\WINDOWS\system32\nvcolor.exe
2007-06-29 00:43 1339392—a———C:\WINDOWS\system32\nvdspsch.exe
2007-06-29 00:43 1142784—a———C:\WINDOWS\system32\nvmobls.dll
2007-06-29 00:43 1073152—a———C:\WINDOWS\system32\nvcpluir.dll
2007-06-29 00:43 1019904—a———C:\WINDOWS\system32\nvwimg.dll
2007-06-29 00:43 1018772—a———C:\WINDOWS\system32\nvucode.bin
2007-06-27 16:34 823808—a———C:\WINDOWS\system32\dllcache\wininet.dll
2006-12-02 21:15:27 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Zone Labs Client”=“C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe” [2007-03-09 00:02]
“Norman ZANDA”=“C:\Norman\Npm\bin\ZLH.exe” [2007-08-09 14:39]
“SPAMfighter Agent”=“C:\Program Files\SPAMfighter\SFAgent.exe” [2007-06-25 15:03]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-06-29 00:43]
“SDTray”=“C:\Program Files\Spyware Doctor\SDTrayApp.exe” [2007-07-04 15:58]
“!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 11:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SUPERAntiSpyware”=“C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2007-06-26 20:17]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-09 23:00]
C:\DOCUME~1\HP_ADM~1\STARTM~1\Programs\Startup\
MailWasherPro.lnk - C:\Program Files\MailWasher Pro\MailWasher.exe [2004-03-24 15:47:32]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“InstallVisualStyle”=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
“InstallTheme”=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
“NoResolveSearch”=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2007-05-08 09:44 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-05-08 09:44 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoStart IR.lnk]
backup=C:\WINDOWS\pss\AutoStart IR.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
ARPWRMSG.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BoostSpeed]
“C:\Program Files\AusLogics BoostSpeed\boostspeed.exe” /Q
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
“C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
“c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftutil2]
rundll32.exe ftutil2.dll,SetWriteCacheMode
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
“C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe” /run
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
“C:\Program Files\iTunes\iTunesHelper.exe”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
“C:\Program Files\QuickTime\qttask.exe” -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
“C:\Windows\Creator\Remind_XP.exe”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup Cleaner]
C:\Program Files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]
C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
“C:\Program Files\Windows Defender\MSASCui.exe” -hide
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zzzHPSETUP]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
“x10nets”=3 (0x3)
“WMPNetworkSvc”=3 (0x3)
“Pml Driver HPZ12”=0 (0x0)
“ose”=3 (0x3)
“navapsvc”=2 (0x2)
“LightScribeService”=2 (0x2)
“iPod Service”=3 (0x3)
“idsvc”=3 (0x3)
“IDriverT”=3 (0x3)
“gusvc”=3 (0x3)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
“ctfmon.exe”=C:\WINDOWS\system32\ctfmon.exe
“SpybotSD TeaTimer”=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
“NvCplDaemon”=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
“ehTray”=C:\WINDOWS\ehome\ehtray.exe
R2 Ndiskio;Ndiskio;\??\C:\Norman\Nse\bin\NDISKIO.SYS
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys
R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
S3 AdWatchDrv;AW Realtime Driver;\??\C:\WINDOWS\system32\drivers\AWRTPD.sys
S3 nvcfsr;nvcfsr;\??\C:\Norman\Nvc\bin\nvcfsr.sys
S3 nvcoafl51;nvcoafl51;\??\C:\Norman\Nvc\bin\nvcoafl51.sys
S3 nvcoaft51;nvcoaft51;\??\C:\Norman\Nvc\bin\nvcoaft51.sys
S3 nvcoarc51;nvcoarc51;\??\C:\Norman\Nvc\bin\nvcoarc51.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa8e537a-e73a-11db-8932-0018f34c4b5a}]
.
Contents of the ‘Scheduled Tasks’ folder
“2007-09-13 14:08:13 C:\WINDOWS\Tasks\MP Scheduled Scan.job”
- C:\Program Files\Windows Defender\MpCmdRun.exe
“2007-09-08 11:16:01 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job”
- C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
“2007-04-21 11:16:01 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job”
- C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
“2006-11-07 11:53:28 C:\WINDOWS\Tasks\Warranty Reminder 11 month.job”
- c:\windows\system32\pcintro\reminder\Warranty_Reminder_11_month\Warranty_Reminder_11_month.bat
“2007-06-17 16:53:27 C:\WINDOWS\Tasks\XoftSpy.job”
- C:\Program Files\XoftSpy\XoftSpy.exe
“2007-07-09 13:20:44 C:\WINDOWS\Tasks\XoftSpySE 2.job”
- C:\Program Files\XoftSpySE\XoftSpy.exe
“2007-06-26 13:56:52 C:\WINDOWS\Tasks\XoftSpySE.job”
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-13 16:20:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\aawservice]
“ImagePath”=”\“C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe\”“
.
Completion time: 2007-09-13 16:21:43
C:\ComboFix-quarantined-files.txt ... 2007-09-13 16:21
C:\ComboFix2.txt ... 2007-09-03 17:21
C:\ComboFix3.txt ... 2007-09-03 14:28
.
—- E O F—-
********************************* ROOTCHK-(22-08-07)-LOG, by ejvindh
2007-09-13 16:23:27.40
The rootkits that are detected by this tool were not found.
********************************* ROOTCHK-LOG-end
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-13 16:23:29
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
“TracesProcessed”=dword:000002b5
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{864097C5-B10C-7319-B712-7FBA75BC2BE3}]
“bbmfpgjganmgohofibmemnijnkmmpddjeefg”=hex:6a,61,6e,6b,61,61,6a,70,63,66,6a,6b,68,6b,63,6c,63,6c,68,67,00,..
“abonbgfjlkhflnkgjgbbbopgdcfnngfnjl”=hex:6a,61,6e,6b,61,61,6a,70,63,66,6a,6b,68,6b,63,6c,63,6c,68,67,00,..
“iamfpgjganmgohofib”=hex:61,61,00,00
“haonbgfjlkhflnkg”=hex:61,61,00,00
“iaafjnjocbbnkikgik”=hex:61,61,00,00
“bbmfpgjganmgohofibmemnijnkmmeekggilf”=hex:6a,61,6e,6b,61,61,6a,70,63,66,6a,6b,68,6b,63,6c,63,6c,68,67,00,..
“abonbgfjlkhflnkgjgbbbopgdccnagkkjn”=hex:6a,61,6e,6b,61,61,6a,70,63,66,6a,6b,68,6b,63,6c,63,6c,68,67,00,..
“abafjkcepiamoieippfapdpenjfhdblcnf”=hex:69,61,67,65,6c,6a,66,65,6b,64,65,69,6e,65,67,70,63,68,00,e1
“malegmkanicjmkjjmigaebnhnm”=hex:68,61,6e,6b,6c,70,61,61,61,6c,62,6d,63,62,64,64,00,68
scanning hidden files ...
hidden processes: 0
hidden files: 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:25, on 2007-09-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MailWasher Pro\MailWasher.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\WINDOWS\System32\alg.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\HP_Administrator\Desktop\SpywareFri\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.poppet.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: &RoboForm; - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SPAMfighter Agent] “C:\Program Files\SPAMfighter\SFAgent.exe” update delay 60
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SDTray] “C:\Program Files\Spyware Doctor\SDTrayApp.exe”
O4 - HKLM\..\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User ‘Default user’)
O4 - Startup: -
O4 - Startup: MailWasherPro.lnk = C:\Program Files\MailWasher Pro\MailWasher.exe
O9 - Extra button: Udfyld - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra ‘Tools’ menuitem: Udfyld formularer &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Gem - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra ‘Tools’ menuitem: Gem &formularer; &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra ‘Tools’ menuitem: RF værktøjslinie &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Tilslutningshjælp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra ‘Tools’ menuitem: Tilslutningshjælp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra ‘Tools’ menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
—
End of file - 7349 bytes
Mvh,
Henrik
