Er denne log ok?

for god ordens skyld, kan jeg lige tilføje, at jeg i går har fjernet en entry som så sådan ud:
O21 - SSODL: printers - {6B16656F-1B3A-4821-9DB5-6C6389F256C2} - libcintle2.dll (file missing)

og derefter bedt hijackthis om at slette den tilsvarende fil i c:\winnt\system32 ved reboot. AVG antivirus fandt 49 trusler her til morgen - langt de fleste noget med photo_albumXX.zip og lignende... Håber på hjælp. :)

Hvad bruger du [PeerGuardian] til ???

Peerguardian blokerer blandt andet for en række ad-sites og spyware ip-er...

Nu er det desværre ikke alle Uønskede elementer som viser sig via en HiJackThis Log *SUK* så -> http://www.eksperten.dk/artikler/1123 proceduren anbefales ...

Hovsa - det som AVG finder pejer det på ->
C:\System Volume Information\_restore (et eller andet)
???

ja - AVG's resident shield har også lige fundet noget (igen) - de er smidt i vault'en. AVG siger følgende om dem:
Trojan horse Downloader.Generic5.KOU    C:\System Volume Information\_restore{5ADDCBCD-B913-4EC0-AE6F-9A92B9C9CF29}\RP195\A0027432.exe    01-08-2007 10:44:34    A0027432.exe    8.58 KB
        Trojan horse Downloader.Generic5.KOU    C:\System Volume Information\_restore{5ADDCBCD-B913-4EC0-AE6F-9A92B9C9CF29}\RP195\A0027433.exe    01-08-2007 10:44:40    A0027433.exe    8.58 KB
        Trojan horse BackDoor.Ircbot.KI    C:\System Volume Information\_restore{5ADDCBCD-B913-4EC0-AE6F-9A92B9C9CF29}\RP195\A0027434.exe    01-08-2007 10:44:43    A0027434.exe    115 KB

Maskinen nægtede at starte i fejlsikret tilstand, men jeg kører en scan med Superantispyware og de andre nu. Tager godt nok udenlands om ikke så længe, så jeg vender tilbage med resultater efter weekenden.

Mht C:\System Volume Information\_restore - det stammer fra Systemgendannelsesfilerne ->

Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.

Så er det 'problem' væk !

ok - så er der logs galore:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:07:10, on 01-08-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\-= protools =-\digidesign\protools\Digidesign\Drivers\MMERefresh.exe
C:\WINNT\system32\oodag.exe
C:\WINNT\system32\CTHELPER.EXE
C:\Programmer\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programmer\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
E:\-= protools =-\iTunes\iTunesHelper.exe
C:\Programmer\Winamp\winampa.exe
C:\WINNT\system32\ctfmon.exe
C:\Programmer\Gene6 FTP Server\G6FTPTray.exe
C:\Programmer\Active Desktop Calendar\ADC.exe
C:\Programmer\Last.fm\LastFMHelper.exe
C:\Programmer\VIA\RAID\raid_tool.exe
C:\WINNT\system32\taskmgr.exe
C:\Programmer\mIRC\mirc.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\Last.fm\LastFM.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Programmer\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
F:\Firefox downloads\HiJackThis_v2.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [MBM 5] "C:\Programmer\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [SpybotSnD] "C:\Programmer\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\-= protools =-\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] E:\-= protools =-\digidesign\protools\Digidesign\Drivers\MMERefresh.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [G6FTP Server Tray Monitor] "C:\Programmer\Gene6 FTP Server\G6FTPTray.exe"
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Programmer\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Programmer\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [internat.exe] internat.exe (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Programmer\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [internat.exe] internat.exe (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Programmer\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [internat.exe] internat.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Programmer\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Programmer\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: mIRC.lnk = C:\Programmer\mIRC\mirc.exe
O4 - Startup: Winamp.lnk = C:\Programmer\Winamp\winamp.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Programmer\Last.fm\LastFMHelper.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmer\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157106652634
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157107574199
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - E:\-= protools =-\digidesign\protools\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - E:\-= protools =-\digidesign\protools\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: Gene6 FTP Server (G6FTPServer) - Gene6 - C:\Programmer\Gene6 FTP Server\G6FTPSERVER.EXE
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINNT\system32\oodag.exe

--
End of file - 8022 bytes
----------------------------------------------------------
og fra Rootcheck:

********************************* ROOTCHK-(21-07-07)-LOG, by ejvindh
01-08-2007 11:07:46,51

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-01 11:07:46
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
"khjeh"=hex:20,02,00,00,25,1e,ea,12,fd,30,e1,4f,1c,09,98,94,8f,e7,8f,2b,b6,..
"hj34z0"=hex:7b,7c,99,86,28,a0,a7,32,96,f8,6e,44,c7,76,87,af,a5,ad,3d,65,f1,..
"hj34z1"=hex:ea,74,88,80,f9,88,b2,d8,80,64,87,cc,d7,69,d4,c6,06,f4,4e,d4,e5,..
"hj34z2"=hex:ea,74,88,80,f9,88,b2,d8,80,64,87,cc,d7,69,d4,c6,06,f4,4e,d4,e5,..
"hj34z3"=hex:ea,74,88,80,f9,88,b2,d8,80,64,87,cc,d7,69,d4,c6,06,f4,4e,d4,e5,..
"hj34z4"=hex:ea,74,88,80,f9,88,b2,d8,80,64,87,cc,d7,69,d4,c6,06,f4,4e,d4,e5,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41]
"khjeh"=hex:20,02,00,00,ec,10,54,ea,32,8d,1e,b9,bd,da,84,8c,dc,0e,e1,74,4f,..

scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\xd8\x2022\x20ac|\xff\xff\xff\xff\22\x2022\x20ac|\xf9\x2022\xd3w\2]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\Software\Adobe\FeatureSubscriptions\DVAAdobeDocMeta\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\Registered"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG08.00.00.01WORKSTATION"="29C7EA47D5A7BF742D6431E9B638535F29ADBB2F6C66C749562D63343432F80775D68D7489EBA360C3C97508DC9DA73B6A5FF0B851C0E3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D1407BA7FD869164D6794A9C6AECB7A5D1407DCAD7A4EFCA5B9889A4F7EB026F063D61768C64DDBF029A9B21C2CDCA7F4E6A408AB3ACF796436749770411FBB88A929C96932273AD458203254D417D551AFF5B6574573870BA48F72BB41A0369325AE78BBCF80DC17E11B5E56AC247AFDE75619400B88D9208DE4265A23E4A783A0220F40970B5133F6A7AEDC21D43F9F47C4D29A901F58124A84251AA2DFD0AEBBC36B7E99BDD6869E588E48B540033AD4C37D3EEE129BAF0A8255698ACAAACD6BD95E9EF6CEE3D32FC1DB1A81C156BC70DAA32751FAF2AECFF50DDF3D2160FD762CAFEFE6BE1FC1D77D6B7A3074FDF3C91346F5F8396126727B9BB3AF23D141F80718E4324CE55A97AB813201BD7594697CD76DB8EE1D939BB142C4EAD311FCE2BAC611397CC88C436BDBB24641E836A6A94275F90510574BBCB3908D7DE77AF71EDBB06C1A8B2A83E2A70E696BB9D3B030E11BB825D8B455C31B3FC62B51E750086F20533128EAD63C8979E3E8FD4B882B838C853F4B55DCF19498DDAC7B5456D40BE18713C9E68B24975245AB7EE2053B6E200506EDC56079B1882B96CA37CAE52B9BB655D21F48CEDC16B16ABA404FFE5ACB6D71F875AD8B77211CC0D66A419FC3972550D473056ED868DE20616F6421712B0E3CDCB8E5DFDD963148EA2922EBB9C3A6229AAC8FBEFC8F1A095A5F1749D400C4E4BBC801B35342800D06172935E732272B9FF2877D3376C0293E640DA898AC07306BC14AC5B6A03432DDB8646D1C1725119556616C532C4746D9B4BF7045B9DB23F725DF59DF5208A0D6F6390A974E313D60C8E6CEAEE4B4E8B0EB7D56D553618A9ED43537969D4D840F9E5F039155735B1821B47187F4A361F589E618BA484674531A8FA918EA6ACDD46362D232CE25DD0A973BA094D8C4C095F1F3F0D78DD035B9A30B8194C5D730ACD822FD997E947A364D40AD02305A5DAAEAEB25063A5762AF7E161131DF24A4CCF8D18659CFA428D0435AEE6DBBBBD008A1EDFB100BC5D842A1F331088F6EE621217AF4F6CFCB27C2E1F7BCE9E4547934A36ABFB7609E373363BA3DA5CC6C77499276586C3192F52970D9F68034247BE566A93EAE3CF3DF7A82D4958AB2699A19F3763EA74A995A539E157D2A5ABC3A0DBF43C99E48707B419D039BAC0540D718CCFCBE8B93915EC6FE9136D52847E04A6BA5BAA34FCDF2E7B95539F2A6E4FB028AE36EECACC0CE3C080D8B6897FDDD740813EA4CC1DD777F3FB4D93EA0D996C47F55ED9655823C9F1596EA37"

scanning hidden files ...
C:\WINNT\system32:compmgmt.exe 593920 bytes executable

hidden processes: 0
hidden files: 1
-----------------------------------------------------------

Combofix:

ComboFix 07-07-30.2 - "The Darkness" 2007-08-01 11:16:43.1 [GMT 2:00] - NTFS
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.Sand
* Created a new restore point

ADS removed - system32: deleted 595897 bytes in 2 streams.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINNT\system32\components


(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


(((((((((((((((((((((((((  Files Created from 2007-07-01 to 2007-08-01  )))))))))))))))))))))))))))))))


2007-08-01 11:10    51,200    --a------    C:\WINNT\nircmd.exe
2007-07-29 14:11    3,638,655    --a------    C:\WINNT\system32\DirectIO.dll
2007-07-29 12:39    <DIR>    d--------    C:\Programmer\Norton PartitionMagic 8.0
2007-07-25 01:43    593,920    --a------    C:\WINNT\system32\fertig.exe
2007-07-24 19:33    <DIR>    d--------    C:\DOCUME~1\THEDAR~1\APPLIC~1\SiteAdvisor
2007-07-24 19:33    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-07-24 19:33    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-07-23 12:13    24    --a------    C:\WINNT\system32\DVCStateBkp-{00000000-00000000-0000000D-00001102-00000002-80271102}.dat
2007-07-23 12:13    24    --a------    C:\WINNT\system32\DVCState-{00000000-00000000-0000000D-00001102-00000002-80271102}.dat
2007-07-21 13:01    998,004    --a------    C:\WINNT\system32\drivers\ha10kx2k.sys
2007-07-21 13:01    94,208    --a------    C:\WINNT\DEVREG.DLL
2007-07-21 13:01    837,548    --a------    C:\WINNT\system32\drivers\ctaud2k.sys
2007-07-21 13:01    77,824    --a------    C:\WINNT\system32\EAXAC3.DLL
2007-07-21 13:01    65,536    --a------    C:\WINNT\system32\a3d.dll
2007-07-21 13:01    643,072    --a------    C:\WINNT\system32\CTSBLFX.DLL
2007-07-21 13:01    61,440    --a------    C:\WINNT\system32\CTAGENT.DLL
2007-07-21 13:01    61,440    --a------    C:\WINNT\MIDIDEF.EXE
2007-07-21 13:01    53,248    --a------    C:\WINNT\system32\AC3API.DLL
2007-07-21 13:01    49,152    --a------    C:\WINNT\system32\KILLAPPS.EXE
2007-07-21 13:01    49,152    --a------    C:\WINNT\CTDCRES.DLL
2007-07-21 13:01    44,055    --a------    C:\WINNT\system32\ctdaught.dat
2007-07-21 13:01    36,864    --a------    C:\WINNT\system32\REGPLIB.EXE
2007-07-21 13:01    36,864    --a------    C:\WINNT\system32\CTEMUPIA.DLL
2007-07-21 13:01    319,488    --a------    C:\WINNT\system32\CTDEVCON.DLL
2007-07-21 13:01    28,672    --a------    C:\WINNT\system32\CTSPKHLP.DLL
2007-07-21 13:01    270,336    --a------    C:\WINNT\system32\SFMS32.DLL
2007-07-21 13:01    213,860    --a------    C:\WINNT\system32\drivers\ctsfm2k.sys
2007-07-21 13:01    195,432    --a------    C:\WINNT\system32\drivers\ctoss2k.sys
2007-07-21 13:01    184,320    --a------    C:\WINNT\PSCONV.EXE
2007-07-21 13:01    179,669    --a------    C:\WINNT\system32\ctstatic.dat
2007-07-21 13:01    176,128    --a------    C:\WINNT\READREG.EXE
2007-07-21 13:01    164,044    --a------    C:\WINNT\system32\ctdlang.dat
2007-07-21 13:01    156,604    --a------    C:\WINNT\system32\drivers\emupia2k.sys
2007-07-21 13:01    155,648    --a------    C:\WINNT\system32\CTOSUSER.DLL
2007-07-21 13:01    135,168    --a------    C:\WINNT\system32\OPENAL32.DLL
2007-07-21 13:01    127,948    --a------    C:\WINNT\system32\drivers\ctac32k.sys
2007-07-21 13:01    113,373    --a------    C:\WINNT\system32\ctbasicw.dat
2007-07-21 13:01    113,273    --a------    C:\WINNT\system32\CTBAS2W.DAT
2007-07-21 13:01    110,592    --a------    C:\WINNT\system32\PIAPROXY.DLL
2007-07-21 13:01    110,592    --a------    C:\WINNT\system32\COMMONFX.DLL
2007-07-21 13:01    11,068    --a------    C:\WINNT\system32\drivers\ctprxy2k.sys
2007-07-21 13:01    106,496    --a------    C:\WINNT\system32\CTDPROXY.DLL
2007-07-21 13:01    106,496    --a------    C:\WINNT\system32\CTASIO.DLL
2007-07-13 16:52    <DIR>    d--------    C:\Programmer\iPod
2007-07-03 04:58    <DIR>    d--------    C:\DOCUME~1\THEDAR~1\APPLIC~1\Apple Computer
2007-07-03 04:31    <DIR>    d--------    C:\Programmer\F‘lles filer\Apple
2007-07-03 04:31    <DIR>    d--------    C:\Programmer\Apple Software Update
2007-07-03 04:31    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple


((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-01 11:22    ---------    d--------    C:\Programmer\mIRC
2007-08-01 10:28    ---------    d--------    C:\Programmer\SUPERAntiSpyware
2007-08-01 10:14    ---------    d--------    C:\Programmer\PeerGuardian2
2007-08-01 09:43    ---------    d--------    C:\Programmer\Soulseek
2007-07-31 23:15    ---------    d--------    C:\Programmer\Mozilla Thunderbird
2007-07-30 15:14    ---------    d--------    C:\DOCUME~1\THEDAR~1\APPLIC~1\uTorrent
2007-07-29 16:11    ---------    d--------    C:\DOCUME~1\THEDAR~1\APPLIC~1\Digidesign
2007-07-29 15:19    64    --a------    C:\WINNT\system32\msvcsv60.dll
2007-07-29 15:19    64    --a------    C:\WINNT\msocreg32.dat
2007-07-29 14:12    ---------    d--h-----    C:\Programmer\InstallShield Installation Information
2007-07-24 10:58    ---------    d--------    C:\Programmer\Winamp
2007-07-13 16:51    ---------    d--------    C:\Programmer\QuickTime Alternative
2007-07-12 08:34    ---------    d--------    C:\Programmer\FlashGet
2007-07-11 19:33    70446    --a------    C:\WINNT\system32\perfc006.dat
2007-07-11 19:33    412758    --a------    C:\WINNT\system32\perfh006.dat
2007-07-11 19:30    ---------    d--------    C:\Programmer\ICQLite
2007-07-11 19:27    ---------    d--------    C:\Programmer\MySpace
2007-07-11 05:26    ---------    d--------    C:\Programmer\Last.fm
2007-06-30 16:05    ---------    d--------    C:\Programmer\TDC
2007-06-30 16:05    ---------    d--------    C:\DOCUME~1\THEDAR~1\APPLIC~1\Cryptomathic
2007-06-29 05:41    ---------    d--------    C:\DOCUME~1\THEDAR~1\APPLIC~1\Skype
2007-06-29 05:32    ---------    d--------    C:\Programmer\Skype
2007-06-20 17:59    9788    --ah-----    C:\WINNT\system32\mlfcache.dat
2007-06-15 15:06    ---------    d--------    C:\DOCUME~1\THEDAR~1\APPLIC~1\Waves Audio
2007-06-13 20:12    2857984    --a------    C:\WINNT\system32\PSP 84.dll
2007-06-13 20:08    659456    --a------    C:\WINNT\iun6002.exe
2007-06-13 20:08    1764864    --a------    C:\WINNT\system32\Lexicon PSP42.dll
2007-06-13 19:48    ---------    d--------    C:\Programmer\PSPaudioware
2007-06-13 18:30    ---------    d--------    C:\Programmer\Massey
2007-06-13 11:25    ---------    d--------    C:\Programmer\Digidesign
2007-06-11 15:09    ---------    d--------    C:\DOCUME~1\THEDAR~1\APPLIC~1\Propellerhead Software
2007-06-11 14:49    ---------    d--------    C:\DOCUME~1\THEDAR~1\APPLIC~1\PACE Anti-Piracy
2007-06-11 13:57    ---------    d--------    C:\Programmer\TimewARP 2600 Lite
2007-06-11 11:27    ---------    d--------    C:\Programmer\VstPlugins
2007-06-08 13:02    ---------    d--h-----    C:\Programmer\WindowsUpdate
2007-06-08 11:14    ---------    d--------    C:\DOCUME~1\THEDAR~1\APPLIC~1\Line 6
2007-06-08 10:58    ---------    d--------    C:\Programmer\Line6
2006-08-26 01:48    271    ---hs----    C:\Programmer\desktop.ini
2006-08-26 01:48    22029    --ah-----    C:\Programmer\folder.htt
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
    ---------        C:\Programmer\Fælles filer\System
    ---------        C:\Programmer\Fælles filer\Skype
    ---------        C:\Programmer\Fælles filer\Microsoft Shared
    ---------        C:\Programmer\Fælles filer\iZotope
    ---------        C:\Programmer\Fælles filer\Apple
    ---------        C:\Programmer\Fælles filer


(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [2004-08-26 17:53 C:\WINNT\system32\mobsync.exe]
"!AVG Anti-Spyware"="C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-28 21:27]
"Jet Detection"="C:\Programmer\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00]
"ATICCC"="C:\Programmer\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 C:\WINNT\system32\CTHELPER.EXE]
"MBM 5"="C:\Programmer\Motherboard Monitor 5\MBM5.EXE" [2004-06-12 09:40]
"SpybotSnD"="C:\Programmer\Spybot - Search & Destroy\SpybotSD.exe" [2005-05-31 01:04]
"ASUS Probe"="C:\Program Files\ASUS\Asus Probe\AsusProb.exe" [2002-12-06 16:07]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-22 07:36]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="C:\Programmer\QuickTime Alternative\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="E:\-= protools =-\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"WinampAgent"="C:\Programmer\Winamp\winampa.exe" [2007-05-15 00:22]
"DigidesignMMERefresh"="E:\-= protools =-\digidesign\protools\Digidesign\Drivers\MMERefresh.exe" [2006-11-14 00:05]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINNT\system32\ctfmon.exe" [2004-08-26 17:53]
"G6FTP Server Tray Monitor"="C:\Programmer\Gene6 FTP Server\G6FTPTray.exe" [2005-09-07 22:55]
"Active Desktop Calendar"="C:\Programmer\Active Desktop Calendar\ADC.exe" [2007-03-29 12:57]
"ccleaner"="C:\Programmer\CCleaner\ccleaner.exe" [2007-05-10 13:01]
"msnmsgr"="C:\Programmer\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Programmer\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"=internat.exe

C:\Documents and Settings\The Darkness\Menuen Start\Programmer\Start\
mIRC.lnk - C:\Programmer\mIRC\mirc.exe [2006-07-28 22:11:12]
Winamp.lnk - C:\Programmer\Winamp\winamp.exe [2007-05-15 00:23:58]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Last.fm Helper.lnk - C:\Programmer\Last.fm\LastFMHelper.exe [2007-06-30 13:35:17]
VIA RAID TOOL.lnk - C:\Programmer\VIA\RAID\raid_tool.exe [2006-10-10 14:35:13]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=01000000
"NoLowDiskSpaceChecks"=1 (0x1)
"NoInstrumentation"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL 2007-07-16 19:23 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Programmer\MSN Messenger\msnmsgr.exe" /background

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SUPERAntiSpyware"=C:\Programmer\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TerraTec Remote Control"="C:\Programmer\Fælles filer\TerraTec\Remote\TTTVRC.exe"

R0 DigiFilter;DigiFilter;C:\WINNT\system32\drivers\DigiFilt.sys
R0 gagp30kx;Microsoft AGPv3.0-standardfilter til K8-processorplatforme;C:\WINNT\system32\DRIVERS\gagp30kx.sys
R0 TPkd;TPkd;C:\WINNT\system32\drivers\TPkd.sys
R0 viasraid;viasraid;C:\WINNT\system32\DRIVERS\viasraid.sys
R1 aslm75;aslm75;\??\C:\WINNT\system32\drivers\aslm75.sys
R1 mbmiodrvr;mbmiodrvr;\??\C:\WINNT\system32\mbmiodrvr.sys
R1 SASDIFSV;SASDIFSV;\??\C:\Programmer\SUPERAntiSpyware\SASDIFSV.SYS
R1 SASKUTIL;SASKUTIL;\??\C:\Programmer\SUPERAntiSpyware\SASKUTIL.sys
R1 SCDEmu;SCDEmu;C:\WINNT\system32\drivers\SCDEmu.sys
R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;\??\C:\Programmer\ASTRA32\ASTRA32.sys
R2 DigiNet;Digidesign Ethernet Support;C:\WINNT\system32\DRIVERS\diginet.sys
R3 Cap7134;Cinergy 400 TV Capture;C:\WINNT\system32\DRIVERS\Cap7134.sys
R3 dalwdmservice;dal service;C:\WINNT\system32\drivers\dalwdm.sys
R3 L6DP;L6DP;C:\WINNT\system32\Drivers\l6dp.sys
R3 L6TPortA;Service - Line 6 TonePort UX1;C:\WINNT\system32\Drivers\L6TPortA.sys
R3 MBX2DFU;MBX2DFU;C:\WINNT\system32\DRIVERS\MBX2DFU.sys
R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;C:\WINNT\system32\drivers\mbx2midk.sys
R3 NtApm;NT Apm/’ldre gr‘nsefladedriver;C:\WINNT\system32\DRIVERS\NtApm.sys
R3 TTTv400;Cinergy 400 TV Tuner (MK2);C:\WINNT\system32\DRIVERS\PhTvTune.sys
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\C:\WINNT\System32\DRIVERS\ASPI32.sys
S3 ctljystk;Spilport til Creative SB Live!;C:\WINNT\system32\DRIVERS\ctljystk.sys
S3 G6FTPServer;Gene6 FTP Server;"C:\Programmer\Gene6 FTP Server\G6FTPSERVER.EXE"
S3 MPE;BDA MPE-filter;C:\WINNT\system32\DRIVERS\MPE.sys
S3 ms_mpu401;Microsoft MPU-401 MIDI UART-driver;C:\WINNT\system32\drivers\msmpu401.sys
S3 SASENUM;SASENUM;\??\C:\Programmer\SUPERAntiSpyware\SASENUM.SYS


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45d61ff0-b136-11db-b2b0-806d6172696f}]
AutoRun\command- D:\setup.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{47E31721-486C-D13C-08B2-93F138B4DF4C}]
C:\WINNT\system32:compmgmt.exe

Contents of the 'Scheduled Tasks' folder
2007-07-31 20:49:12 C:\WINNT\Tasks\AppleSoftwareUpdate.job - C:\Programmer\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-01 11:20:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\xd8\x2022\x20ac|\xff\xff\xff\xff\22\x2022\x20ac|\xf9\x2022\xd3w\2]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\Software\Adobe\FeatureSubscriptions\DVAAdobeDocMeta\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\Registered"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG08.00.00.01WORKSTATION"="29C7EA47D5A7BF742D6431E9B638535F29ADBB2F6C66C749562D63343432F80775D68D7489EBA360C3C97508DC9DA73B6A5FF0B851C0E3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D1407BA7FD869164D6794A9C6AECB7A5D1407DCAD7A4EFCA5B9889A4F7EB026F063D61768C64DDBF029A9B21C2CDCA7F4E6A408AB3ACF796436749770411FBB88A929C96932273AD458203254D417D551AFF5B6574573870BA48F72BB41A0369325AE78BBCF80DC17E11B5E56AC247AFDE75619400B88D9208DE4265A23E4A783A0220F40970B5133F6A7AEDC21D43F9F47C4D29A901F58124A84251AA2DFD0AEBBC36B7E99BDD6869E588E48B540033AD4C37D3EEE129BAF0A8255698ACAAACD6BD95E9EF6CEE3D32FC1DB1A81C156BC70DAA32751FAF2AECFF50DDF3D2160FD762CAFEFE6BE1FC1D77D6B7A3074FDF3C91346F5F8396126727B9BB3AF23D141F80718E4324CE55A97AB813201BD7594697CD76DB8EE1D939BB142C4EAD311FCE2BAC611397CC88C436BDBB24641E836A6A94275F90510574BBCB3908D7DE77AF71EDBB06C1A8B2A83E2A70E696BB9D3B030E11BB825D8B455C31B3FC62B51E750086F20533128EAD63C8979E3E8FD4B882B838C853F4B55DCF19498DDAC7B5456D40BE18713C9E68B24975245AB7EE2053B6E200506EDC56079B1882B96CA37CAE52B9BB655D21F48CEDC16B16ABA404FFE5ACB6D71F875AD8B77211CC0D66A419FC3972550D473056ED868DE20616F6421712B0E3CDCB8E5DFDD963148EA2922EBB9C3A6229AAC8FBEFC8F1A095A5F1749D400C4E4BBC801B35342800D06172935E732272B9FF2877D3376C0293E640DA898AC07306BC14AC5B6A03432DDB8646D1C1725119556616C532C4746D9B4BF7045B9DB23F725DF59DF5208A0D6F6390A974E313D60C8E6CEAEE4B4E8B0EB7D56D553618A9ED43537969D4D840F9E5F039155735B1821B47187F4A361F589E618BA484674531A8FA918EA6ACDD46362D232CE25DD0A973BA094D8C4C095F1F3F0D78DD035B9A30B8194C5D730ACD822FD997E947A364D40AD02305A5DAAEAEB25063A5762AF7E161131DF24A4CCF8D18659CFA428D0435AEE6DBBBBD008A1EDFB100BC5D842A1F331088F6EE621217AF4F6CFCB27C2E1F7BCE9E4547934A36ABFB7609E373363BA3DA5CC6C77499276586C3192F52970D9F68034247BE566A93EAE3CF3DF7A82D4958AB2699A19F3763EA74A995A539E157D2A5ABC3A0DBF43C99E48707B419D039BAC0540D718CCFCBE8B93915EC6FE9136D52847E04A6BA5BAA34FCDF2E7B95539F2A6E4FB028AE36EECACC0CE3C080D8B6897FDDD740813EA4CC1DD777F3FB4D93EA0D996C47F55ED9655823C9F1596EA37"

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\viaagp]
"ImagePath"="System32\DRIVERS\viaagp.sys"

Completion time: 2007-08-01 11:23:34 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-01 11:23

    --- E O F ---
-------------------------------------------------
Combofix quarantined files:

[code]
2007-08-01 11:17      352    --a------    C:\Qoobox\Quarantine\Registry_backups\services_nm.reg.cf


Mappetr‘ for diskenheden System
Diskenhedens serienummer er BC73-E17E
C:\QOOBOX
\---Quarantine
    \---Registry_backups
            services_nm.reg.cf
           
[/code]
----------------------------------
og superantispyware (gange tre, for en sikkerheds skyld):

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/31/2007 at 02:45 PM

Application Version : 3.9.1008

Core Rules Database Version : 3276
Trace Rules Database Version: 1287

Scan type      : Complete Scan
Total Scan Time : 00:39:19

Memory items scanned      : 770
Memory threats detected  : 0
Registry items scanned    : 5843
Registry threats detected : 0
File items scanned        : 37144
File threats detected    : 1

Trace.Known Threat Sources
    C:\Documents and Settings\The Darkness\Lokale indstillinger\Temporary Internet Files\Content.IE5\EGYDZLSS\retadpu[1].exe
--------------------------------------------------------
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/31/2007 at 04:46 PM

Application Version : 3.9.1008

Core Rules Database Version : 3276
Trace Rules Database Version: 1287

Scan type      : Complete Scan
Total Scan Time : 00:46:10

Memory items scanned      : 719
Memory threats detected  : 0
Registry items scanned    : 5843
Registry threats detected : 0
File items scanned        : 30236
File threats detected    : 0
-----------------------------------------
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/01/2007 at 11:01 AM

Application Version : 3.9.1008

Core Rules Database Version : 3276
Trace Rules Database Version: 1287

Scan type      : Complete Scan
Total Scan Time : 00:32:59

Memory items scanned      : 739
Memory threats detected  : 0
Registry items scanned    : 5843
Registry threats detected : 0
File items scanned        : 36786
File threats detected    : 0

*pyha*

PYHA tilbage *S*

Det ser rigtigt ud - hvordan kører PC'en så nu ?

det ser ud som om den kører normalt... Der har ikke været noget siden, ihvertfald. Jeg takker for hjælpen, og satser på at den er clean ;)

Note to self: pay attention når folk sender random ting via msn ;P

Go' weekend!

Ping...

(Det var et [svar]...)