Søg
Avatar billede nemo_dk Nybegynder
05. august 2007 - 20:45 Der er 13 kommentarer og
2 løsninger

logs hjælp søges

Hej

jeg brugte combofix i går og reparation af sefeboot,  men det lykkedes kun delvis log her:

ComboFix 07-08-04.3 - "Nemo" 2007-08-05  1:59:01.1 [GMT 2:00] - NTFS
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.Sand


(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Programmer\network monitor
C:\Programmer\network monitor\netmon.exe
C:\WINDOWS\exefld
C:\WINDOWS\exefld\101432375.exe
C:\WINDOWS\exefld\101568265.exe
C:\WINDOWS\exefld\101750.exe
C:\WINDOWS\exefld\103390.exe
C:\WINDOWS\exefld\106468.exe
C:\WINDOWS\exefld\106796.exe
C:\WINDOWS\exefld\109937.exe
C:\WINDOWS\exefld\110171.exe
C:\WINDOWS\exefld\110843.exe
C:\WINDOWS\exefld\115852218.exe
C:\WINDOWS\exefld\115981812.exe
C:\WINDOWS\exefld\123921.exe
C:\WINDOWS\exefld\124750.exe
C:\WINDOWS\exefld\133250.exe
C:\WINDOWS\exefld\134703.exe
C:\WINDOWS\exefld\136500.exe
C:\WINDOWS\exefld\136812.exe
C:\WINDOWS\exefld\139890.exe
C:\WINDOWS\exefld\142093.exe
C:\WINDOWS\exefld\14538312.exe
C:\WINDOWS\exefld\14549375.exe
C:\WINDOWS\exefld\14553968.exe
C:\WINDOWS\exefld\14563437.exe
C:\WINDOWS\exefld\14579687.exe
C:\WINDOWS\exefld\14650421.exe
C:\WINDOWS\exefld\14652765.exe
C:\WINDOWS\exefld\167359.exe
C:\WINDOWS\exefld\182953.exe
C:\WINDOWS\exefld\184421.exe
C:\WINDOWS\exefld\227078.exe
C:\WINDOWS\exefld\228171.exe
C:\WINDOWS\exefld\28957062.exe
C:\WINDOWS\exefld\28973812.exe
C:\WINDOWS\exefld\28998046.exe
C:\WINDOWS\exefld\29083437.exe
C:\WINDOWS\exefld\29086484.exe
C:\WINDOWS\exefld\43375562.exe
C:\WINDOWS\exefld\43501390.exe
C:\WINDOWS\exefld\43568484.exe
C:\WINDOWS\exefld\43711375.exe
C:\WINDOWS\exefld\43729890.exe
C:\WINDOWS\exefld\43892359.exe
C:\WINDOWS\exefld\58158437.exe
C:\WINDOWS\exefld\58304078.exe
C:\WINDOWS\exefld\72592187.exe
C:\WINDOWS\exefld\72740984.exe
C:\WINDOWS\exefld\87010687.exe
C:\WINDOWS\exefld\87154437.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\timessquare1.dat
C:\WINDOWS\uninstall_nmon.vbs


(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_ROSA
-------\rosa


(((((((((((((((((((((((((  Files Created from 2007-07-05 to 2007-08-05  )))))))))))))))))))))))))))))))


2007-08-05 01:58    51,200    --a------    C:\WINDOWS\nircmd.exe
2007-08-04 12:41    223,128    --a------    C:\WINDOWS\system32\drivers\dtscsi.sys
2007-08-04 12:41    <DIR>    d--------    C:\Programmer\DAEMON Tools
2007-08-04 02:37    685,816    --a------    C:\WINDOWS\system32\drivers\sptd.sys
2007-07-22 22:39    <DIR>    d--------    C:\Programmer\Radio Decoder
2007-07-10 00:56    93,536    --a------    C:\WINDOWS\system32\drivers\upatc.sys
2007-07-10 00:56    <DIR>    d--------    C:\Upatc-42321
2007-07-09 01:57    0    --ah-----    C:\WINDOWS\msds.dat


((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-05 01:50    ---------    d--------    C:\DOCUME~1\Nemo\APPLIC~1\Skype
2007-08-04 17:06    ---------    d--------    C:\Programmer\VoipCheapCom
2007-08-04 16:58    ---------    d--------    C:\Programmer\Google
2007-08-04 11:12    ---------    d--h-----    C:\Programmer\InstallShield Installation Information
2007-08-04 11:09    ---------    d--------    C:\Programmer\Winamp
2007-07-29 02:52    ---------    d--------    C:\Programmer\NeoTracePro
2007-07-28 15:00    ---------    d--------    C:\Programmer\Symantec
2007-07-22 22:38    720896    --a------    C:\WINDOWS\iun6002.exe
2007-07-22 19:40    ---------    d--------    C:\Programmer\SummaSummarum
2007-07-13 19:24    ---------    d--------    C:\Programmer\SiSoftware
2007-07-11 10:03    68776    --a------    C:\WINDOWS\system32\perfc006.dat
2007-07-11 10:03    406662    --a------    C:\WINDOWS\system32\perfh006.dat
2007-07-10 00:36    ---------    d--------    C:\Programmer\VisualRoute
2007-07-10 00:07    ---------    d--------    C:\Programmer\Opera
2007-07-09 01:10    ---------    d--------    C:\Programmer\ubi.com
2007-07-09 00:48    ---------    d--------    C:\Programmer\Life Translator
2007-06-19 10:06    ---------    d--------    C:\DOCUME~1\Nemo\APPLIC~1\Gadu-Gadu
2007-06-19 10:03    ---------    d--------    C:\Programmer\Gadu-Gadu
2007-05-28 00:55    208384    --a------    C:\WINDOWS\ADS.exe
2007-05-16 17:14    86528    -----c---    C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 17:14    85504    -----c---    C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 17:14    683520    --a------    C:\WINDOWS\system32\inetcomm.dll
2007-05-16 17:14    683520    -----c---    C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 17:14    510976    -----c---    C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 17:14    1314816    -----c---    C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-08 11:00    3583488    --a--c---    C:\WINDOWS\system32\dllcache\mshtml.dll
2007-03-22 04:53    50248    --a------    C:\DOCUME~1\Nemo\APPLIC~1\GDIPFONTCACHEV1.DAT
    ---------        C:\Programmer\Fælles filer\System
    ---------        C:\Programmer\Fælles filer\Symantec Shared
    ---------        C:\Programmer\Fælles filer\DanskeBank
    ---------        C:\Programmer\Fælles filer


(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Programmer\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51]
"GhostStartTrayApp"="C:\Programmer\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-14 15:21]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Acrobat Assistant 7.0"="C:\Programmer\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 21:52]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2006-02-13 03:48]
"Lexmark X84-X85 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe" [2002-08-23 16:50]
"Lexmark X84-X85 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe" [2002-09-04 11:38]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-09-19 00:52]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"MessengerPlus3"="C:\Programmer\MessengerPlus! 3\MsgPlus.exe" [2006-04-21 12:08]
"ATICCC"="C:\Programmer\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12]
"DAEMON Tools"="C:\Programmer\DAEMON Tools\daemon.exe" [2005-11-09 00:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 02:53]
"Komunikator"="C:\Programmer\Tlen.pl\tlen.exe" [2006-10-11 11:48]
"VoipBuster"="C:\programmer\voipbuster.com\voipbuster\voipbuster.exe" []
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" [2007-03-12 16:21]
"PcSync"="C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21]
"MessengerPlus3"="C:\Programmer\MessengerPlus! 3\MsgPlus.exe" [2006-04-21 12:08]
"Uniblue SpyEraser"="C:\Programmer\Uniblue\SpyEraser\SpyEraser.exe" [2007-07-24 13:21]
"AnyDVD"="C:\Programmer\SlySoft\AnyDVD\AnyDVD.exe" [2007-03-21 16:04]
"NBJ"="C:\Programmer\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 21:35]
"german.exe"="C:\WINDOWS\system32\wintems.exe" []

C:\Documents and Settings\Nemo\Menuen Start\Programmer\Start\
Express Assist Check.lnk - C:\Programmer\Express Assist\EA2Check.exe [2002-04-07 15:41:42]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-01-12 05:13:30]
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]
TV Remote Control.lnk - C:\Programmer\Zolid Multimedia\TV713X Utilities\P3XRCtl.exe [2004-10-20 15:26:49]

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"


R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x);C:\WINDOWS\system32\drivers\sfsync02.sys
R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\drivers\si3112r.sys
R1 GhPciScan;GhostPciScanner;\??\C:\Programmer\Symantec\Norton Ghost 2003\ghpciscan.sys
R1 PQNTDrv;PQNTDrv;C:\WINDOWS\system32\drivers\PQNTDrv.sys
R2 aslm75;aslm75;\??\C:\WINDOWS\system32\drivers\aslm75.sys
R2 porttalk;porttalk;C:\WINDOWS\system32\drivers\porttalk.sys
R3 Cap7134;Philips Cap7134 Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
R3 ElbyDelay;ElbyDelay;C:\WINDOWS\system32\Drivers\ElbyDelay.sys
R3 irsir;Microsoft seriel infrar›d driver;C:\WINDOWS\system32\DRIVERS\irsir.sys
R3 ms_mpu401;Microsoft MPU-401 MIDI UART-driver;C:\WINDOWS\system32\drivers\msmpu401.sys
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator;C:\WINDOWS\system32\drivers\nvax.sys
R3 NVENET;NVIDIA nForce Networking Controller Driver;C:\WINDOWS\system32\DRIVERS\NVENET.sys
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio;C:\WINDOWS\system32\drivers\nvapu.sys
R3 PhTVTune;Zolid WDM TVTuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
S2 SBP2DRV;%SBP2DRV.SvcDesc%;C:\WINDOWS\system32\Drivers\SBP2DRV.sys
S3 FLASHREADER;%FLASHREADER.SvcDesc%;C:\WINDOWS\system32\Drivers\causb.sys
S3 hidgame;Aktivering til Microsoft Hid til joystickport;C:\WINDOWS\system32\DRIVERS\hidgame.sys
S3 MSDV;Microsoft DV Camera and VCR;C:\WINDOWS\system32\DRIVERS\msdv.sys
S3 msgame;Aktivering af Sidewinder Hid til Joystickport;C:\WINDOWS\system32\DRIVERS\msgame.sys
S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
S3 NEOWATCH;NEOWATCH;C:\WINDOWS\system32\Drivers\NWatch22.sys
S3 Nokia USB Generic;Nokia USB Generic;C:\WINDOWS\system32\drivers\nmwcdc.sys
S3 Nokia USB Modem;Nokia USB Modem;C:\WINDOWS\system32\drivers\nmwcdcm.sys
S3 Nokia USB Phone Parent;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\nmwcd.sys
S3 porttalk.sys;porttalk.sys;\??\C:\WINDOWS\system32\drivers\porttalk.sys
S3 scsiscan;SCSI-scannerdriver;C:\WINDOWS\system32\DRIVERS\scsiscan.sys
S3 TVICHW32;TVICHW32;\??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
S3 UPATC;USBAT CompactFlash Controller DriverSD;C:\WINDOWS\system32\DRIVERS\upatc.sys
S4 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
AutoRun\command- I:\SH3Autorun.exe


Contents of the 'Scheduled Tasks' folder
2007-08-05 00:06:00 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Programmer\Symantec\LiveUpdate\NDetect.exe
2007-08-05 00:06:24 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job - C:\Programmer\Uniblue\SpyEraser\SpyEraser.exe
2007-08-04 09:55:05 C:\WINDOWS\Tasks\Uniblue SpyEraser.job - C:\Programmer\Uniblue\SpyEraser\SpyEraser.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-05 02:05:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-05  2:07:18 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-05 02:06

    --- E O F --




-----------------------------------------------------------------

                4 LOGS FRA I DAG:

Logfile of HijackThis v1.99.1
Scan saved at 12:27:03, on 05-08-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Programmer\QuickTime\qttask.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmer\MessengerPlus! 3\MsgPlus.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Tlen.pl\tlen.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
C:\Programmer\Uniblue\SpyEraser\SpyEraser.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
C:\WINDOWS\REGEDIT.EXE
C:\PROGRA~1\FLLESF~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmer\Zolid Multimedia\TV713X Utilities\P3XRCtl.exe
C:\Programmer\Microsoft Office\Office10\msoffice.exe
C:\Programmer\Skype\Plugin Manager\skypePM.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Messenger\msmsgs.exe
C:\Documents and Settings\Nemo\Skrivebord\wira\alternativ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\cgmopenbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programmer\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmer\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programmer\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Komunikator] C:\Programmer\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Programmer\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [NBJ] "C:\Programmer\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Express Assist Check.lnk = C:\Programmer\Express Assist\EA2Check.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TV Remote Control.lnk = C:\Programmer\Zolid Multimedia\TV713X Utilities\P3XRCtl.exe
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmer\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmer\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://gdansk.procad.pl/download/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097092658593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138670383312
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7248D322-5A12-46E6-88F5-4D52551A888B} - http://www.bca-online-auctions.co.uk/vWebPlayer.cab
O16 - DPF: {89A312AE-8D21-42B1-848B-FD8E27F9A2A9} (PrimeInk for Web Applications Signing Component) - https://webreg.dk/web.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://217.28.152.24/wg_webeye.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://opdatering.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/html/activex/danskesikker/DB/DanskeSikker.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Programmer\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
O23 - Service: SentinelSuperProNet Server (SuperProServer) - Rainbow Technologies - C:\WINDOWS\system32\spnsrvnt.exe


********************************* ROOTCHK-(21-07-07)-LOG, by ejvindh
05-08-2007 12:22:12,95

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-05 12:22:13
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmer\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:15,4d,cd,2b,f7,1d,3c,d0,2f,17,ab,81,ba,74,f8,2c,ff,9d,34,71,15,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,8b,66,d7,26,70,58,83,84,17,46,68,3e,cd,3f,76,39,9d,..
"khjeh"=hex:4a,b4,ae,56,fb,3b,96,bf,ab,74,20,37,6b,62,6e,7a,3e,71,18,42,5e,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:fb,d3,5d,5d,a9,7b,a1,7f,20,7c,35,9c,9a,aa,28,c7,34,d7,6f,d7,66,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmer\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:15,4d,cd,2b,f7,1d,3c,d0,2f,17,ab,81,ba,74,f8,2c,ff,9d,34,71,15,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,8b,66,d7,26,70,58,83,84,17,46,68,3e,cd,3f,76,39,9d,..
"khjeh"=hex:4a,b4,ae,56,fb,3b,96,bf,ab,74,20,37,6b,62,6e,7a,3e,71,18,42,5e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:fb,d3,5d,5d,a9,7b,a1,7f,20,7c,35,9c,9a,aa,28,c7,34,d7,6f,d7,66,..

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden files: 0


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/05/2007 at 12:00 PM

Application Version : 3.7.1018

Core Rules Database Version : 3222
Trace Rules Database Version: 1233

Scan type      : Complete Scan
Total Scan Time : 00:39:21

Memory items scanned      : 170
Memory threats detected  : 0
Registry items scanned    : 7049
Registry threats detected : 1
File items scanned        : 57776
File threats detected    : 135

Adware.Tracking Cookie
    C:\Documents and Settings\Administrator\Cookies\administrator@winfixer[2].txt
    C:\Documents and Settings\Boguslaw\Cookies\boguslaw@imrworldwide[2].txt
    C:\Documents and Settings\Boguslaw\Cookies\boguslaw@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Boguslaw\Cookies\boguslaw@track.adform[1].txt
    C:\Documents and Settings\Boguslaw\Cookies\boguslaw@tracking.notabenestats[2].txt
    C:\Documents and Settings\Boguslaw\Cookies\boguslaw@tradedoubler[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@2o7[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@3.adbrite[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@4.adbrite[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ad-creatividades.infojobs[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ad.adocean[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ad.bm.net[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ad.iconadserver[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ad.ofir[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ad.rich1.adbn[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ad.stat.4u[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ad.stopklatka[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ad.strict.tbn[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ad.tbn[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ad.text.tbn[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ad.top1.adbn[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ad.yieldmanager[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ad.zanox[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ad1.emediate[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ad2.bbmedia[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ad2.eurobb[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ad2.eurobb[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ad2.pl.mediainter[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ad2.pl.mediainter[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@adbrite[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@adfair[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@adfarm1.adition[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@adopt.euroclick[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@adrevolver[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ads.adbrite[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ads.cartoonnetwork[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ads.cneb[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ads.contactmusic[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ads.fdb[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ads.joemonster[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ads.neowin[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ads.o2[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ads.revsci[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ads2.jubii[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@adserver.admeen[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@adserver.adremedy[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@adserver.banneradministration[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@adserver.easyad[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@adserver.o2[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@adserver.rozenbergads[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@adserver2.spele[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@adserving.cpxinteractive[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@adtech[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@adtech[3].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@adv.elektroda[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@advertising[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@aolstat.wakacyjnapraca[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@audit.median[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@bannere.fyens[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@bb.clickad[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@bs.serving-sys[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@clickbank[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@clicksor[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@counter.cnw[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@doubleclick[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@e-2dj6wblyogd5oao.stats.esomniture[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@e-2dj6wbmiamazgdq.stats.esomniture[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@e2.emediate[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@eas.apm.emediate[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@edsa.122.2o7[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ehg-globalgamingleague.hitbox[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ehg-legonewyorkinc.hitbox[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ehg-linksys.hitbox[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ehg-nokiafin.hitbox[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ehg-seek.hitbox[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ehg-solarwinds.hitbox[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@ehg-warnerbrothers.hitbox[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@findwhat[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@geo.precisionclick[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@goclick[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@gostats[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@hitbox[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@imrworldwide[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@indexstats[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@interclick[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@mediametrics.mpsa[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@mediaplex[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@mediaplex[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@msnaccountservices.112.2o7[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@oddcast[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@overture[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@pacificpoker[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@partygaming.122.2o7[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@partypoker[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@perf.overture[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@polmedia.com[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@precisionclick[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@pulz.banneradministration[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@qxl.banneradministration[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@realmedia[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@revsci[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@saxobfdk.122.2o7[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@server.cpmstar[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@serving-sys[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@spylog[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@stat.dealtime[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@stat.postdanmark[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@statcounter[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@stats24[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@tacoda[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@tdstats[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@toplist[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@track.adform[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@track.webtrekk[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@tracker.roitesting[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@tracking.notabenestats[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@tradedoubler[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@transmedia[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@upspiral[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@usenext[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@valueclick[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@vhost.oddcast[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@www.etracker[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@www.googleadservices[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@www.googleadservices[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@www.googleadservices[3].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@www.multimedia[2].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@www.smartadserver[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@www.upspiral[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@www5.addfreestats[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@www6.addfreestats[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@xiti[1].txt
    C:\Documents and Settings\Nemo\Cookies\nemo@zedo[1].txt

Adware.IST/ISTBar (Slotch Bar)
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest [ Never ]

Trojan.Unknown Origin
    C:\QOOBOX\QUARANTINE\C\WINDOWS\UNINSTALL_NMON.VBS.VIR




ComboFix 07-08-04.3 - "Nemo" 2007-08-05 12:32:00.2 [GMT 2:00] - NTFS
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.Sand


(((((((((((((((((((((((((  Files Created from 2007-07-05 to 2007-08-05  )))))))))))))))))))))))))))))))


2007-08-05 11:19    <DIR>    d--------    C:\DOCUME~1\ADMINI~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-05 11:05    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-08-05 11:05    <DIR>    d--------    C:\DOCUME~1\Nemo\APPLIC~1\SUPERAntiSpyware.com
2007-08-05 11:05    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-05 10:25    <DIR>    d--------    C:\Programmer\CCleaner
2007-08-05 04:32    34,578    --a------    C:\WINDOWS\system32\drivers\NPDRIVER.SYS
2007-08-05 04:32    32    --ahs----    C:\WINDOWS\system32\{A5B31E83-83FA-46DA-8FEE-6B6397190CF6}.dat
2007-08-05 04:32    32    --ahs----    C:\WINDOWS\{FF2B3D55-184A-4B7B-8601-D3B76532EED7}.dat
2007-08-05 04:31    83,672    --a------    C:\WINDOWS\system32\S32EVNT1.DLL
2007-08-05 04:31    73,224    --a------    C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-08-05 04:31    <DIR>    d--------    C:\Programmer\Symantec
2007-08-05 04:31    <DIR>    d--------    C:\Programmer\Norton AntiVirus
2007-08-05 04:31    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-05 03:15    32    --ahs----    C:\WINDOWS\system32\{DEF63096-B200-4F47-8332-0BBE4B5A1224}.dat
2007-08-05 03:15    32    --ahs----    C:\WINDOWS\{7F95627C-C6A0-417D-80A5-1932261C8E98}.dat
2007-08-05 03:15    14    --a------    C:\WINDOWS\system32\SR2.dat
2007-08-05 02:56    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-08-05 02:56    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
2007-08-05 01:58    51,200    --a------    C:\WINDOWS\nircmd.exe
2007-08-04 12:41    223,128    --a------    C:\WINDOWS\system32\drivers\dtscsi.sys
2007-08-04 12:41    <DIR>    d--------    C:\Programmer\DAEMON Tools
2007-08-04 02:37    685,816    --a------    C:\WINDOWS\system32\drivers\sptd.sys
2007-07-10 00:56    93,536    --a------    C:\WINDOWS\system32\drivers\upatc.sys
2007-07-10 00:56    <DIR>    d--------    C:\Upatc-42321
2007-07-09 01:57    0    --ah-----    C:\WINDOWS\msds.dat


((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-05 12:11    ---------    d--------    C:\DOCUME~1\Nemo\APPLIC~1\Skype
2007-08-05 10:53    ---------    d--------    C:\Programmer\Yahoo!
2007-08-05 10:28    ---------    d--------    C:\Programmer\ewido anti-malware
2007-08-04 17:06    ---------    d--------    C:\Programmer\VoipCheapCom
2007-08-04 16:58    ---------    d--------    C:\Programmer\Google
2007-08-04 11:12    ---------    d--h-----    C:\Programmer\InstallShield Installation Information
2007-08-04 11:09    ---------    d--------    C:\Programmer\Winamp
2007-07-29 02:52    ---------    d--------    C:\Programmer\NeoTracePro
2007-07-22 22:38    720896    --a------    C:\WINDOWS\iun6002.exe
2007-07-22 19:40    ---------    d--------    C:\Programmer\SummaSummarum
2007-07-13 19:24    ---------    d--------    C:\Programmer\SiSoftware
2007-07-11 10:03    68776    --a------    C:\WINDOWS\system32\perfc006.dat
2007-07-11 10:03    406662    --a------    C:\WINDOWS\system32\perfh006.dat
2007-07-10 00:36    ---------    d--------    C:\Programmer\VisualRoute
2007-07-10 00:07    ---------    d--------    C:\Programmer\Opera
2007-07-09 01:10    ---------    d--------    C:\Programmer\ubi.com
2007-07-09 00:48    ---------    d--------    C:\Programmer\Life Translator
2007-06-19 10:06    ---------    d--------    C:\DOCUME~1\Nemo\APPLIC~1\Gadu-Gadu
2007-06-19 10:03    ---------    d--------    C:\Programmer\Gadu-Gadu
2007-05-28 00:55    208384    --a------    C:\WINDOWS\ADS.exe
2007-05-16 17:14    86528    -----c---    C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 17:14    85504    -----c---    C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 17:14    683520    --a------    C:\WINDOWS\system32\inetcomm.dll
2007-05-16 17:14    683520    -----c---    C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 17:14    510976    -----c---    C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 17:14    1314816    -----c---    C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-08 11:00    3583488    --a--c---    C:\WINDOWS\system32\dllcache\mshtml.dll
2007-03-22 04:53    50248    --a------    C:\DOCUME~1\Nemo\APPLIC~1\GDIPFONTCACHEV1.DAT
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
    ---------        C:\Programmer\Fælles filer\System
    ---------        C:\Programmer\Fælles filer\Symantec Shared
    ---------        C:\Programmer\Fælles filer\DanskeBank
    ---------        C:\Programmer\Fælles filer


(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Programmer\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Acrobat Assistant 7.0"="C:\Programmer\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 21:52]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2006-02-13 03:48]
"Lexmark X84-X85 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe" [2002-08-23 16:50]
"Lexmark X84-X85 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe" [2002-09-04 11:38]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-09-19 00:52]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"MessengerPlus3"="C:\Programmer\MessengerPlus! 3\MsgPlus.exe" [2006-04-21 12:08]
"ATICCC"="C:\Programmer\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12]
"DAEMON Tools"="C:\Programmer\DAEMON Tools\daemon.exe" [2005-11-09 00:00]
"ccApp"="C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe" []
"ccRegVfy"="C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe" []
"Advanced Tools Check"="C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [2002-08-26 22:35]
"GhostStartTrayApp"="C:\Programmer\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-14 15:21]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 02:53]
"Komunikator"="C:\Programmer\Tlen.pl\tlen.exe" [2006-10-11 11:48]
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" [2007-03-12 16:21]
"PcSync"="C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21]
"MessengerPlus3"="C:\Programmer\MessengerPlus! 3\MsgPlus.exe" [2006-04-21 12:08]
"Uniblue SpyEraser"="C:\Programmer\Uniblue\SpyEraser\SpyEraser.exe" [2007-07-24 13:21]
"NBJ"="C:\Programmer\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 21:35]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-08-05 12:12]

C:\Documents and Settings\Nemo\Menuen Start\Programmer\Start\
Express Assist Check.lnk - C:\Programmer\Express Assist\EA2Check.exe [2002-04-07 15:41:42]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-01-12 05:13:30]
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]
TV Remote Control.lnk - C:\Programmer\Zolid Multimedia\TV713X Utilities\P3XRCtl.exe [2004-10-20 15:26:49]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll


R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x);C:\WINDOWS\system32\drivers\sfsync02.sys
R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\drivers\si3112r.sys
R1 GhPciScan;GhostPciScanner;\??\C:\Programmer\Symantec\Norton Ghost 2003\ghpciscan.sys
R1 PQNTDrv;PQNTDrv;C:\WINDOWS\system32\drivers\PQNTDrv.sys
R1 SASKUTIL;SASKUTIL;\??\C:\Programmer\SUPERAntiSpyware\SASKUTIL.sys
R2 aslm75;aslm75;\??\C:\WINDOWS\system32\drivers\aslm75.sys
R2 porttalk;porttalk;C:\WINDOWS\system32\drivers\porttalk.sys
R3 Cap7134;Philips Cap7134 Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
R3 ElbyDelay;ElbyDelay;C:\WINDOWS\system32\Drivers\ElbyDelay.sys
R3 irsir;Microsoft seriel infrar›d driver;C:\WINDOWS\system32\DRIVERS\irsir.sys
R3 ms_mpu401;Microsoft MPU-401 MIDI UART-driver;C:\WINDOWS\system32\drivers\msmpu401.sys
R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator;C:\WINDOWS\system32\drivers\nvax.sys
R3 NVENET;NVIDIA nForce Networking Controller Driver;C:\WINDOWS\system32\DRIVERS\NVENET.sys
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio;C:\WINDOWS\system32\drivers\nvapu.sys
R3 PhTVTune;Zolid WDM TVTuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
R3 SASENUM;SASENUM;\??\C:\Programmer\SUPERAntiSpyware\SASENUM.SYS
S1 SASDIFSV;SASDIFSV;\??\C:\Programmer\SUPERAntiSpyware\SASDIFSV.SYS
S2 SBP2DRV;%SBP2DRV.SvcDesc%;C:\WINDOWS\system32\Drivers\SBP2DRV.sys
S3 FLASHREADER;%FLASHREADER.SvcDesc%;C:\WINDOWS\system32\Drivers\causb.sys
S3 hidgame;Aktivering til Microsoft Hid til joystickport;C:\WINDOWS\system32\DRIVERS\hidgame.sys
S3 MSDV;Microsoft DV Camera and VCR;C:\WINDOWS\system32\DRIVERS\msdv.sys
S3 msgame;Aktivering af Sidewinder Hid til Joystickport;C:\WINDOWS\system32\DRIVERS\msgame.sys
S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
S3 NEOWATCH;NEOWATCH;C:\WINDOWS\system32\Drivers\NWatch22.sys
S3 Nokia USB Generic;Nokia USB Generic;C:\WINDOWS\system32\drivers\nmwcdc.sys
S3 Nokia USB Modem;Nokia USB Modem;C:\WINDOWS\system32\drivers\nmwcdcm.sys
S3 Nokia USB Phone Parent;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\nmwcd.sys
S3 porttalk.sys;porttalk.sys;\??\C:\WINDOWS\system32\drivers\porttalk.sys
S3 scsiscan;SCSI-scannerdriver;C:\WINDOWS\system32\DRIVERS\scsiscan.sys
S3 TVICHW32;TVICHW32;\??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
S3 UPATC;USBAT CompactFlash Controller DriverSD;C:\WINDOWS\system32\DRIVERS\upatc.sys


Contents of the 'Scheduled Tasks' folder
2007-08-05 10:10:04 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Programmer\Symantec\LiveUpdate\NDETECT.EXE
2007-08-05 10:10:48 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job - C:\Programmer\Uniblue\SpyEraser\SpyEraser.exe
2007-08-05 02:23:30 C:\WINDOWS\Tasks\Uniblue SpyEraser.job - C:\Programmer\Uniblue\SpyEraser\SpyEraser.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-05 12:34:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-05 12:35:38
C:\ComboFix-quarantined-files.txt ... 2007-08-05 12:35
C:\ComboFix2.txt ... 2007-08-05 02:07

    --- E O F ---


på forhånd tak :)

mvh
Avatar billede Computer Hjælp (Gratis) Mester
06. august 2007 - 09:42 #1
Afinstaller
* MessengerPlus3
via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmer\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmer\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://gdansk.procad.pl/download/mgaxctrl.cab

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

For at kunne se alle filer og mapper, så følg denne vejledning:
http://www.spywareinfo.dk/tip-og-tricks/mappeindstillinger.htm

Genstart i fejlsikret tilstand http://www.spywareinfo.dk/#/htm/fejlsikret_tilstand.htm

Søg og slet de markerede filer/mapper hvis de stadig findes. Ellers fortsætter du bare vejledningen. De kan være røget i fixet.

C:\Programmer\MessengerPlus! 3\ <- Hele mappen

Genstart, kør en ny scanning med hijackthis, og kopier en frisk log herind til tjek.

------------------------------------------------------------------------

Kør evt. en tur med CCleaner (som du har) - specielt pinktet [Problemer] ...
Avatar billede nemo_dk Nybegynder
06. august 2007 - 14:08 #2
Logfile of HijackThis v1.99.1
Scan saved at 13:58:16, on 06-08-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Programmer\Norton AntiVirus\navapsvc.exe
C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
C:\Programmer\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Tlen.pl\tlen.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmer\Uniblue\SpyEraser\SpyEraser.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
C:\PROGRA~1\FLLESF~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\REGEDIT.EXE
C:\Programmer\Microsoft Office\Office10\msoffice.exe
C:\Programmer\Zolid Multimedia\TV713X Utilities\P3XRCtl.exe
C:\Programmer\Skype\Plugin Manager\skypePM.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Documents and Settings\Nemo\Skrivebord\wira\alternativ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\cgmopenbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programmer\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmer\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Programmer\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Komunikator] C:\Programmer\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Programmer\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [NBJ] "C:\Programmer\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Express Assist Check.lnk = C:\Programmer\Express Assist\EA2Check.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TV Remote Control.lnk = C:\Programmer\Zolid Multimedia\TV713X Utilities\P3XRCtl.exe
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmer\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmer\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmer\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097092658593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138670383312
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {7248D322-5A12-46E6-88F5-4D52551A888B} - http://www.bca-online-auctions.co.uk/vWebPlayer.cab
O16 - DPF: {89A312AE-8D21-42B1-848B-FD8E27F9A2A9} (PrimeInk for Web Applications Signing Component) - https://webreg.dk/web.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exe
O16 - DPF: {A8739816-022C-11D6-A85D-00C04F9AEAFB} (Web Camera Server Control) - http://217.28.152.24/wg_webeye.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://opdatering.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://netbank.danskebank.dk/html/activex/danskesikker/DB/DanskeSikker.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Programmer\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmer\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Programmer\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FLLESF~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe
O23 - Service: SentinelSuperProNet Server (SuperProServer) - Rainbow Technologies - C:\WINDOWS\system32\spnsrvnt.exe




Det der nu er problemet er :
C:\WINDOWS\REGEDIT.EXE

den er i hijacklog og i windows joblisten(nogle gange som 2 processer) selv om jeg ikke kører den og hvis jeg ikke lukker den ctrl alt del kan systemet ikke lukkes.
Avatar billede Computer Hjælp (Gratis) Mester
06. august 2007 - 15:39 #3
... Tja - det burde den jo ikke *S*

Find og opload denne fil:

C:\WINDOWS\REGEDIT.EXE

Til scanneren Jotti, så vi kan få sat navn på EVT. infektion:
http://virusscan.jotti.org/

Vejledningen finder du her:
http://fromsej.dk/Vejledninger/billman/jotti.html

Vend tilbage, og fortæl hvad scanneren sagde.
Avatar billede nemo_dk Nybegynder
07. august 2007 - 21:06 #4
scanneren "Found nothing"

Jeg kan ikke finde ud af hvordan det starter men det er kun ved opstarnen og det er tit 2 processer :(
Avatar billede Computer Hjælp (Gratis) Mester
08. august 2007 - 09:15 #5
Lige en hurtig ... jeg har lige fået nogle tips *S*

Find (hvis de er der endnu?) og slet disse
C:\WINDOWS\iun6002.exe
C:\WINDOWS\system32\wintems.exe
Avatar billede nemo_dk Nybegynder
08. august 2007 - 13:00 #6
C:\WINDOWS\iun6002.exe - slettet nu

men det hjelper ikke :(
Avatar billede fromsej Praktikant
10. august 2007 - 22:24 #7
Hvad med wintems.exe er den slettet?

Hent denne scanner.
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Genstart i fejlsikret(tryk <F8> ved opstart).
Dobbeltklik på drweb-cureit.exe, den vil køre en expressscan, det siger du ja til.
Når den skriver Done nederst til venstre, skal du klikke på Options->Change settings.
Skift til fanebladet Scan, fjern fluebenet ved Heuristic analysis.
Skift til fanebladet Actions, her skal alle punkter under Malware sættes til Rename.
Klik så på det eller de drev du vil have scannet, der kommer en rød prik for at vise det/de er valgt.

Klik så på den grønne pil ovre til højre på siden, så starter scanningen.
Første gang Dr.Web finder noget, klik "Yes to All", så fjerner den hvad den finder.
Klik så på Start->Søg, find filen drweb32w.log kopier det nederste af teksten herind, startende med:
Scan statistics.
Når scanningen er færdig, gå op i file &#8211; Tryk på- Save Report list.
Så ligger der en en fil der her hedder "drweb.csv" på skrivebordet.
Luk Programmet.

Genstart normalt, dobbeltklik på drweb.csv og kopier teksten fra den herind.

Efter du har kørt Dr.Web og genstartet, så lav en frisk Combofix log også, du skal hente en ny Combofix først.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Avatar billede Computer Hjælp (Gratis) Mester
10. august 2007 - 22:40 #8
- Fromsej på banen !!! -
Avatar billede nemo_dk Nybegynder
11. august 2007 - 12:00 #9
wintems.exe er slettet



-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 166206
Infected objects found: 1
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 2
Hacktool programs found: 1
Objects cured: 0
Objects deleted: 1
Objects renamed: 3
Objects moved: 0
Objects ignored: 0
Scan speed: 309 Kb/s
Scan time: 01:37:43
-----------------------------------------------------------------------------

=============================================================================
Total session statistics
=============================================================================
Objects scanned: 166579
Infected objects found: 1
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 2
Hacktool programs found: 1
Objects cured: 0
Objects deleted: 1
Objects renamed: 3
Objects moved: 0
Objects ignored: 0
Scan speed: 330 Kb/s
Scan time: 01:38:11
=============================================================================

pv.exe    C:\Documents and Settings\All Users\Dokumenter\wira\pv\pv    Program.PrcView.3741    Renamed.
Process.exe    C:\Documents and Settings\Nemo\Skrivebord\wira\SDFix\SDFix\apps    Tool.Prockill    Renamed.
hidr.exe    C:\QooBox\Quarantine\C\DOCUME~1\Nemo\APPLIC~1\hidires.vir    Win32.HLLM.Beagle.45099    Deleted.
pv.exe    C:\wira\pv\pv    Program.PrcView.3741    Renamed.






ComboFix 07-08-04.3 - "Nemo" 2007-08-11 11:41:49.4 [GMT 2:00] - NTFS
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.Sand


(((((((((((((((((((((((((  Files Created from 2007-07-11 to 2007-08-11  )))))))))))))))))))))))))))))))


2007-08-09 01:49    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-08-09 01:49    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
2007-08-09 01:32    <DIR>    d--------    C:\WINDOWS\ERUNT
2007-08-05 11:19    <DIR>    d--------    C:\DOCUME~1\ADMINI~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-05 11:05    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-08-05 11:05    <DIR>    d--------    C:\DOCUME~1\Nemo\APPLIC~1\SUPERAntiSpyware.com
2007-08-05 11:05    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-05 10:25    <DIR>    d--------    C:\Programmer\CCleaner
2007-08-05 04:32    34,578    --a------    C:\WINDOWS\system32\drivers\NPDRIVER.SYS
2007-08-05 04:32    32    --ahs----    C:\WINDOWS\system32\{A5B31E83-83FA-46DA-8FEE-6B6397190CF6}.dat
2007-08-05 04:32    32    --ahs----    C:\WINDOWS\{FF2B3D55-184A-4B7B-8601-D3B76532EED7}.dat
2007-08-05 04:31    83,672    --a------    C:\WINDOWS\system32\S32EVNT1.DLL
2007-08-05 04:31    73,224    --a------    C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-08-05 04:31    <DIR>    d--------    C:\Programmer\Symantec
2007-08-05 04:31    <DIR>    d--------    C:\Programmer\Norton AntiVirus
2007-08-05 04:31    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-05 03:15    32    --ahs----    C:\WINDOWS\system32\{DEF63096-B200-4F47-8332-0BBE4B5A1224}.dat
2007-08-05 03:15    32    --ahs----    C:\WINDOWS\{7F95627C-C6A0-417D-80A5-1932261C8E98}.dat
2007-08-05 03:15    14    --a------    C:\WINDOWS\system32\SR2.dat
2007-08-05 01:58    51,200    --a------    C:\WINDOWS\nircmd.exe
2007-08-04 12:41    223,128    --a------    C:\WINDOWS\system32\drivers\dtscsi.sys
2007-08-04 12:41    <DIR>    d--------    C:\Programmer\DAEMON Tools
2007-08-04 02:37    685,816    --a------    C:\WINDOWS\system32\drivers\sptd.sys


((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-11 11:04    ---------    d--------    C:\DOCUME~1\Nemo\APPLIC~1\Skype
2007-08-11 10:52    ---------    d--------    C:\Programmer\Wolfenstein - Enemy Territory
2007-08-07 01:06    ---------    d--------    C:\Programmer\Express Assist
2007-08-05 10:53    ---------    d--------    C:\Programmer\Yahoo!
2007-08-05 10:28    ---------    d--------    C:\Programmer\ewido anti-malware
2007-08-04 17:06    ---------    d--------    C:\Programmer\VoipCheapCom
2007-08-04 16:58    ---------    d--------    C:\Programmer\Google
2007-08-04 11:12    ---------    d--h-----    C:\Programmer\InstallShield Installation Information
2007-08-04 11:09    ---------    d--------    C:\Programmer\Winamp
2007-07-29 02:52    ---------    d--------    C:\Programmer\NeoTracePro
2007-07-22 19:40    ---------    d--------    C:\Programmer\SummaSummarum
2007-07-13 19:24    ---------    d--------    C:\Programmer\SiSoftware
2007-07-11 10:03    68776    --a------    C:\WINDOWS\system32\perfc006.dat
2007-07-11 10:03    406662    --a------    C:\WINDOWS\system32\perfh006.dat
2007-07-10 00:36    ---------    d--------    C:\Programmer\VisualRoute
2007-07-10 00:07    ---------    d--------    C:\Programmer\Opera
2007-07-09 01:57    0    --ah-----    C:\WINDOWS\msds.dat
2007-07-09 01:10    ---------    d--------    C:\Programmer\ubi.com
2007-07-09 00:48    ---------    d--------    C:\Programmer\Life Translator
2007-06-19 10:06    ---------    d--------    C:\DOCUME~1\Nemo\APPLIC~1\Gadu-Gadu
2007-06-19 10:03    ---------    d--------    C:\Programmer\Gadu-Gadu
2007-05-28 00:55    208384    --a------    C:\WINDOWS\ADS.exe
2007-05-16 17:14    86528    -----c---    C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 17:14    85504    -----c---    C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 17:14    683520    --a------    C:\WINDOWS\system32\inetcomm.dll
2007-05-16 17:14    683520    -----c---    C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 17:14    510976    -----c---    C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 17:14    1314816    -----c---    C:\WINDOWS\system32\dllcache\msoe.dll
2007-03-22 04:53    50248    --a------    C:\DOCUME~1\Nemo\APPLIC~1\GDIPFONTCACHEV1.DAT
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
    ---------        C:\Programmer\Fælles filer\System
    ---------        C:\Programmer\Fælles filer\Symantec Shared
    ---------        C:\Programmer\Fælles filer\DanskeBank
    ---------        C:\Programmer\Fælles filer


(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Programmer\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 20:51]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Acrobat Assistant 7.0"="C:\Programmer\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 21:52]
"Lexmark X84-X85 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe" [2002-08-23 16:50]
"Lexmark X84-X85 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe" [2002-09-04 11:38]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-09-19 00:52]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36]
"ATICCC"="C:\Programmer\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12]
"DAEMON Tools"="C:\Programmer\DAEMON Tools\daemon.exe" [2005-11-09 00:00]
"ccApp"="C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe" []
"ccRegVfy"="C:\Programmer\Fælles filer\Symantec Shared\ccRegVfy.exe" []
"Advanced Tools Check"="C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [2002-08-26 22:35]
"GhostStartTrayApp"="C:\Programmer\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-14 15:21]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 02:53]
"Komunikator"="C:\Programmer\Tlen.pl\tlen.exe" [2006-10-11 11:48]
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" [2007-03-12 16:21]
"PcSync"="C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21]
"Uniblue SpyEraser"="C:\Programmer\Uniblue\SpyEraser\SpyEraser.exe" [2007-07-24 13:21]
"NBJ"="C:\Programmer\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 21:35]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-08-05 12:12]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]
TV Remote Control.lnk - C:\Programmer\Zolid Multimedia\TV713X Utilities\P3XRCtl.exe [2004-10-20 15:26:49]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll


R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x);C:\WINDOWS\system32\drivers\sfsync02.sys
R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\drivers\si3112r.sys
R1 GhPciScan;GhostPciScanner;\??\C:\Programmer\Symantec\Norton Ghost 2003\ghpciscan.sys
R1 PQNTDrv;PQNTDrv;C:\WINDOWS\system32\drivers\PQNTDrv.sys
R1 SASDIFSV;SASDIFSV;\??\C:\Programmer\SUPERAntiSpyware\SASDIFSV.SYS
R1 SASKUTIL;SASKUTIL;\??\C:\Programmer\SUPERAntiSpyware\SASKUTIL.sys
R2 aslm75;aslm75;\??\C:\WINDOWS\system32\drivers\aslm75.sys
R2 porttalk;porttalk;C:\WINDOWS\system32\drivers\porttalk.sys
R3 Cap7134;Philips Cap7134 Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
R3 ElbyDelay;ElbyDelay;C:\WINDOWS\system32\Drivers\ElbyDelay.sys
R3 irsir;Microsoft seriel infrar›d driver;C:\WINDOWS\system32\DRIVERS\irsir.sys
R3 ms_mpu401;Microsoft MPU-401 MIDI UART-driver;C:\WINDOWS\system32\drivers\msmpu401.sys
R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator;C:\WINDOWS\system32\drivers\nvax.sys
R3 NVENET;NVIDIA nForce Networking Controller Driver;C:\WINDOWS\system32\DRIVERS\NVENET.sys
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio;C:\WINDOWS\system32\drivers\nvapu.sys
R3 PhTVTune;Zolid WDM TVTuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
R3 SASENUM;SASENUM;\??\C:\Programmer\SUPERAntiSpyware\SASENUM.SYS
S2 SBP2DRV;%SBP2DRV.SvcDesc%;C:\WINDOWS\system32\Drivers\SBP2DRV.sys
S3 FLASHREADER;%FLASHREADER.SvcDesc%;C:\WINDOWS\system32\Drivers\causb.sys
S3 hidgame;Aktivering til Microsoft Hid til joystickport;C:\WINDOWS\system32\DRIVERS\hidgame.sys
S3 MSDV;Microsoft DV Camera and VCR;C:\WINDOWS\system32\DRIVERS\msdv.sys
S3 msgame;Aktivering af Sidewinder Hid til Joystickport;C:\WINDOWS\system32\DRIVERS\msgame.sys
S3 MSIRCOMM;Microsoft IR Communications Driver;C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
S3 NEOWATCH;NEOWATCH;C:\WINDOWS\system32\Drivers\NWatch22.sys
S3 Nokia USB Generic;Nokia USB Generic;C:\WINDOWS\system32\drivers\nmwcdc.sys
S3 Nokia USB Modem;Nokia USB Modem;C:\WINDOWS\system32\drivers\nmwcdcm.sys
S3 Nokia USB Phone Parent;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\nmwcd.sys
S3 porttalk.sys;porttalk.sys;\??\C:\WINDOWS\system32\drivers\porttalk.sys
S3 scsiscan;SCSI-scannerdriver;C:\WINDOWS\system32\DRIVERS\scsiscan.sys
S3 TVICHW32;TVICHW32;\??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS
S3 UPATC;USBAT CompactFlash Controller DriverSD;C:\WINDOWS\system32\DRIVERS\upatc.sys


Contents of the 'Scheduled Tasks' folder
2007-08-11 09:38:43 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Programmer\Symantec\LiveUpdate\NDETECT.EXE
2007-08-11 09:38:27 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job - C:\Programmer\Uniblue\SpyEraser\SpyEraser.exe
2007-08-05 02:23:30 C:\WINDOWS\Tasks\Uniblue SpyEraser.job - C:\Programmer\Uniblue\SpyEraser\SpyEraser.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-11 11:44:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-11 11:45:52
C:\ComboFix-quarantined-files.txt ... 2007-08-11 11:45
C:\ComboFix1.txt ... 2007-08-11 03:31
C:\ComboFix2.txt ... 2007-08-05 12:35

    --- E O F ---
Avatar billede Computer Hjælp (Gratis) Mester
12. august 2007 - 00:49 #10
(Hvordan kører PC'en så nu?)
Avatar billede nemo_dk Nybegynder
12. august 2007 - 16:01 #11
det er det samme problem, men nu ved jeg hvad det er.
Norton ativirus selv om den blev af/geninstaleret efter virusen og jeg brugte tools til at fjerne det hele ......

så nu prøver jeg igen jeg fjerner alt hvad har med norton at gøre
når jeg deaktiverer ccapp i msconfig regedit kører ikke

Har I nogle tips hvad der ellers skal fjernes (registry,eller nogle skjulte filer i windows mappe)??
Avatar billede Computer Hjælp (Gratis) Mester
12. august 2007 - 18:10 #12
------------

Mht fjernelse af Symantec/Norton:

Afinstaller
* Norton ...
via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

For dig med Vista/XP/2000
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

Herefter downloader du denne fil, dobbeltklikker den, og siger ja til at tilføje værdierne i reg-basen:
ftp://ftp.symantec.com/public/english_us_canada/linked_files/tsgen/SYMMSICLEANUP.reg

Og for at ryddet helt op skal du også hente og køre denne bat fil:
ftp://ftp.symantec.com/public/english_us_canada/linked_files/tsgen/MSIFIX.bat

Registreringsdatabase ->
http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Problemer]... kør evt. et par gange)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.

Genstart normalt...

Manuelt slet følgende mapper (hvis de stadig er der?)
C:\Programmer\Symantec\
C:\Programmer\Norton AntiVirus\
C:\Programmer\Fælles filer\Symantec Shared\
C:\Documents and Settings\All Users\Application Data\Symantec\
C:\Documents and Settings\[Bruger]\Application Data\Symantec\

Genstart normalt...

... ellers vil 'rester' drille resten af tiden...

----------------
Avatar billede nemo_dk Nybegynder
14. august 2007 - 11:39 #13
Opskriften virker -rester er nu væk :) Den er langsom om at lukke, men nobody is perfect, og det hører ikke under sikkerhed>virus tror jeg, eller håber ;)
Jeg siger TUSIND TAK for hjælpen.
Avatar billede Computer Hjælp (Gratis) Mester
14. august 2007 - 16:23 #14
Ping...

(Det var et [svar]...)

Afvent ditto fra <Fromsej> !
Avatar billede Computer Hjælp (Gratis) Mester
14. august 2007 - 17:45 #15
<Fromsej> skipper...

Du er velkommen en anden gang...

Åbn en mappe, klik på Funktioner >Mappeindstillinger >Vis.
Sæt flueben ved "Skjul beskyttede operativsystemfiler".
Sæt prik i "Vis ikke skjulte filer og mapper".

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 13:08 Bruge PHP til at hente hjemmeside med fsockopen Af Strawberry i PHP
28/0113:36 godt råd søges Alternativ styresystem på Mac pc Af luffe1955 i Andre styresystemer
28/0111:32 Hjælp til kontrol af sygefravær Af Maja i Excel
27/0113:59 2 skærme til en stationær computer Af BIRGER i Skærme
26/0119:26 Opstart af ny computer Af Bent i Windows
White papers
Flere white papers »