HJT logfile

(Jeg ser på den - er 'velkendt'...)

-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip
og gem det et passende sted...
(Skal bruges senerer...)

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: MSVPS System - {F4CF814F-970F-405D-A42C-0CE06EB97373} - C:\WINDOWS\mxduo.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LanzarP2006] "C:\DOCUME~1\SMS\LOKALE~1\Temp\{7B311147-57F4-4621-B987-5B59E4710943}\{EEBA9416-3207-47E0-9022-116440599DBC}\..\..\P2006tmp\Install.exe" /SETUP:"/l0x0009"
O4 - HKCU\..\Run: [updateMgr] c:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O21 - SSODL: wmphost - {B60B2A0F-D34D-4BA9-87EC-FDE274C13BCF} - C:\WINDOWS\wmphost.dll
O21 - SSODL: wmpdev - {261984C8-F09A-4732-AA68-34CE1FB230A7} - C:\WINDOWS\wmpdev.dll

---------------------

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Sæt en prik i "Input Script Manually" og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem ~~~~~~ skrift ind:

~~~~~~~~~~~~~~~~~~~~~~~~
Files to delete:
C:\WINDOWS\mxduo.dll
C:\WINDOWS\wmphost.dll
C:\WINDOWS\wmpdev.dll

Folders to delete:
C:\DOCUME~1\SMS\LOKALE~1\Temp\{7B311147-57F4-4621-B987-5B59E4710943}\
~~~~~~~~~~~~~~~~~~~~~~~~

-- Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar. Sammen med en frisk HiJackThis...

------------------------------------------------------------------------

Registreringsdatabase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Problemer]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.

------------------------------------------------------------------------

Hey igen

Her er 2 friske logs:

HJK:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:02:29, on 02-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\Programmer\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Programmer\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
c:\programmer\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Programmer\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Programmer\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
C:\Programmer\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Programmer\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmer\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Programmer\Panda Software\Panda Internet Security 2007\apvxdwin.exe
C:\Programmer\Acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Acer\Acer Arcade\PCMService.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Programmer\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
C:\Programmer\Windows Defender\MSASCui.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\system32\ctfmon.exe
c:\programmer\panda software\panda internet security 2007\WebProxy.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmer\Internet Explorer\iexplore.exe
D:\Setup\Hijackthis\HiJackThis.exe
C:\Programmer\Panda Software\Panda Internet Security 2007\avciman.exe
C:\Programmer\Panda Software\Panda Internet Security 2007\psimreal.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: MSVPS System - {F4CF814F-970F-405D-A42C-0CE06EB97373} - C:\WINDOWS\mxduo.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmer\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Programmer\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmer\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programmer\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Programmer\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://homepc.novonordisk.com/citrix/ICAWEB/en/ica32/wficat.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177519567343
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177519551125
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FÆLLES~1\Skype\SKYPE4~1.DLL
O21 - SSODL: wmphost - {1DBA4AE6-C63B-4940-9F91-90CD7B5F5D94} - C:\WINDOWS\wmphost.dll (file missing)
O21 - SSODL: wmpdev - {38D0BA09-92BF-44AF-A09D-DF40313771D7} - C:\WINDOWS\wmpdev.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmer\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmer\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcr_device -  - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programmer\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programmer\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Programmer\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\programmer\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Programmer\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Programmer\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 11376 bytes


Avenger:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\suiftxtk

*******************

Script file located at: \??\C:\nvasgwqt.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\mxduo.dll deleted successfully.
File C:\WINDOWS\wmphost.dll deleted successfully.
File C:\WINDOWS\wmpdev.dll deleted successfully.


Folder C:\DOCUME~1\SMS\LOKALE~1\Temp\{7B311147-57F4-4621-B987-5B59E4710943} not found!
Deletion of folder C:\DOCUME~1\SMS\LOKALE~1\Temp\{7B311147-57F4-4621-B987-5B59E4710943} failed!

Could not process line:
C:\DOCUME~1\SMS\LOKALE~1\Temp\{7B311147-57F4-4621-B987-5B59E4710943}
Status: 0xc0000034


Completed script processing.

*******************

Finished!  Terminate.

BINGO...

Efterfølgende oprydning - 'fix' disse med HiJackThis:

O2 - BHO: MSVPS System - {F4CF814F-970F-405D-A42C-0CE06EB97373} - C:\WINDOWS\mxduo.dll (file missing)
O21 - SSODL: wmphost - {1DBA4AE6-C63B-4940-9F91-90CD7B5F5D94} - C:\WINDOWS\wmphost.dll (file missing)
O21 - SSODL: wmpdev - {38D0BA09-92BF-44AF-A09D-DF40313771D7} - C:\WINDOWS\wmpdev.dll (file missing)

Genstart og fortæl hvordan PC'en så arbejder nu ?

Hey igen

Jeg kan desværre ikke sige at det er blevet 100% bedre. Der er stadig noget der driller. Jeg er fast bruger af skolekom (mailprogram) og når jeg prøver at uploade filer til en mail går den hele tiden i stå. Så der er åbenbart noget der stadig driller. Ifølge teleudbyderen er der ikke noget galt med forbindelsen hos dem. Så der er et eller andet der går galt mellem bærbaren og modemet.

Det er kun internettet den er gal med. Startsiden (google.com) åbner den lynhurtigt, men herefter går det galt med andre hjemmesider...

Så tager vi andre/flere/bedre værktøjer igang ->
http://www.eksperten.dk/artikler/1123

Følg guiden...
(Brug dog den HiJackThis version du allerede HAR igang...)

Her kommer 4 friske logs:

HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:03:08, on 02-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\Programmer\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Programmer\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe
c:\programmer\panda software\panda internet security 2007\firewall\PNMSRV.EXE
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Programmer\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmer\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Programmer\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
C:\Programmer\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
C:\Programmer\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmer\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmer\Acer\eRecovery\Monitor.exe
C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\Programmer\Panda Software\Panda Internet Security 2007\apvxdwin.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Acer\Acer Arcade\PCMService.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Programmer\Windows Defender\MSASCui.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Programmer\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
c:\programmer\panda software\panda internet security 2007\WebProxy.exe
C:\Programmer\Internet Explorer\iexplore.exe
D:\Setup\Hijackthis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmer\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Programmer\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Programmer\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmer\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programmer\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [AAWTray] C:\Programmer\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://homepc.novonordisk.com/citrix/ICAWEB/en/ica32/wficat.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1177519567343
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1177519551125
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FÆLLES~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmer\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmer\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxcr_device -  - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programmer\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programmer\Fælles filer\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programmer\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Programmer\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\programmer\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Programmer\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmer\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmer\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Programmer\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Programmer\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 10771 bytes


Combofix:

ComboFix 07-08-30.3 - "SMS" 2007-09-02 21:05:37.1 - FAT32x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.121 [GMT 2:00]
* Created a new restore point


(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Programmer\VideoAccessCodec
C:\Programmer\VideoAccessCodec\install.ico
C:\Programmer\VideoAccessCodec\Thumbs.db
C:\WINDOWS\dat.txt
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wpcap.dll


(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))


-------\NPF


(((((((((((((((((((((((((  Files Created from 2007-08-02 to 2007-09-02  )))))))))))))))))))))))))))))))


2007-09-02 21:05    51,200    --a------    C:\WINDOWS\nircmd.exe
2007-09-02 19:43    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-09-02 19:43    <DIR>    d--------    C:\DOCUME~1\SMS\APPLIC~1\SUPERAntiSpyware.com
2007-09-02 19:43    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-02 18:52    <DIR>    d--------    C:\Programmer\CCleaner
2007-09-02 16:26    <DIR>    d--------    C:\WINDOWS\pss
2007-09-02 16:20    0    --a------    C:\WINDOWS\system32\drivers\wnmsav.dat
2007-09-02 16:16    <DIR>    d--------    C:\Programmer\Lavasoft
2007-09-02 16:16    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-02 15:45    104,838    --a------    C:\PAVVTS.DAT
2007-09-02 15:45    10,160    --a------    C:\PAVPROT.BIN
2007-09-02 15:24    9,488    --a------    C:\WINDOWS\system32\sporder.dll
2007-09-02 15:24    57,344    --a------    C:\WINDOWS\system32\pavipc.dll
2007-09-02 15:24    45,056    --a------    C:\WINDOWS\system32\avldr.dll
2007-09-02 15:24    245,760    --a------    C:\WINDOWS\system32\PavSHook.dll
2007-09-02 15:24    16,640    --a------    C:\WINDOWS\system32\drivers\cpoint.sys
2007-09-02 15:24    139,264    --a------    C:\WINDOWS\system32\TpUtil.dll
2007-09-02 15:24    101,888    --a------    C:\WINDOWS\system32\SYSTOOLS.DLL
2007-09-02 15:24    <DIR>    d--------    C:\WINDOWS\system32\PAV
2007-09-02 15:23    <DIR>    d--------    C:\Programmer\Panda Software
2007-09-02 15:22    26,752    --a------    C:\WINDOWS\system32\drivers\ShldDrv.sys
2007-09-02 15:22    165,120    --a------    C:\WINDOWS\system32\drivers\PavProc.sys
2007-09-02 15:09    <DIR>    d--------    C:\Programmer\F‘lles filer\Panda Software
2007-09-02 13:51    <DIR>    d--------    C:\WINDOWS\system32\ActiveScan
2007-09-02 13:48    <DIR>    d--------    C:\WINDOWS\system32\Panda Software
2007-09-01 13:29    <DIR>    d--------    C:\Programmer\TPTEST5
2007-08-31 22:34    <DIR>    d--------    C:\Programmer\F‘lles filer\Skype
2007-08-31 22:34    <DIR>    d--------    C:\DOCUME~1\SMS\APPLIC~1\Skype
2007-08-31 22:33    <DIR>    d--------    C:\Programmer\Skype
2007-08-31 22:33    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-08-30 18:10    <DIR>    d--------    C:\DOCUME~1\SMS\APPLIC~1\FaxCtr
2007-08-29 20:59    152,576    -ra------    C:\WINDOWS\system32\drivers\LV532AV.SYS
2007-08-29 16:09    409,600    --a------    C:\WINDOWS\system32\lxcrinpa.dll
2007-08-29 16:09    40,960    --a------    C:\WINDOWS\system32\lxcrvs.dll
2007-08-29 16:09    393,216    --a------    C:\WINDOWS\system32\lxcriesc.dll
2007-08-29 16:09    303,104    --a------    C:\WINDOWS\system32\lxcrcoin.dll
2007-08-29 16:09    <DIR>    d--------    C:\Programmer\lx_cats
2007-08-29 16:08    87,040    --a------    C:\WINDOWS\system32\wiafbdrv.dll
2007-08-29 16:08    87,040    --a------    C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2007-08-29 16:08    692,224    --a------    C:\WINDOWS\system32\lxcrdrs.dll
2007-08-29 16:08    65,536    --a------    C:\WINDOWS\system32\lxcrcaps.dll
2007-08-29 16:08    61,440    --a------    C:\WINDOWS\system32\lxcrcnv4.dll
2007-08-29 16:08    15,104    --a------    C:\WINDOWS\system32\drivers\usbscan.sys
2007-08-29 16:08    15,104    --a------    C:\WINDOWS\system32\dllcache\usbscan.sys
2007-08-29 16:07    98,345    --a------    C:\WINDOWS\system32\IMHOST32.DLL
2007-08-29 16:07    40,960    --a------    C:\WINDOWS\system32\LXPRMON.DLL
2007-08-29 16:07    339,968    --a------    C:\WINDOWS\system32\IMGMAN32.DLL
2007-08-29 16:07    32,768    --a------    C:\WINDOWS\system32\LXPMONUI.DLL
2007-08-29 16:07    12,288    --a------    C:\WINDOWS\system32\LXPMONRC.DLL
2007-08-29 16:07    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\FaxCtr
2007-08-29 16:06    <DIR>    d--------    C:\Programmer\Lexmark Fax Solutions
2007-08-29 16:05    <DIR>    d--------    C:\Programmer\Lexmark Toolbar
2007-08-29 16:05    <DIR>    d--------    C:\Programmer\Lexmark 2400 Series
2007-08-28 22:52    69,632    --a------    C:\WINDOWS\system32\lfgif13n.dll
2007-08-28 22:52    57,344    --a------    C:\WINDOWS\system32\lfbmp13n.dll
2007-08-28 22:52    462,848    --a------    C:\WINDOWS\system32\ltkrn13n.dll
2007-08-28 22:52    450,560    --a------    C:\WINDOWS\system32\ltimg13n.dll
2007-08-28 22:52    401,408    --a------    C:\WINDOWS\system32\lfcmp13n.dll
2007-08-28 22:52    299,008    --a------    C:\WINDOWS\system32\ltdis13n.dll
2007-08-28 22:52    206,336    --a------    C:\WINDOWS\system32\ltefx13n.dll
2007-08-28 22:52    163,840    --a------    C:\WINDOWS\system32\ltfil13n.dll
2007-08-28 14:18    86,016    -ra------    C:\WINDOWS\system32\lvcoinst.dll
2007-08-28 14:18    57,344    -ra------    C:\WINDOWS\system32\LVComC.dll
2007-08-28 14:18    54,272    --a------    C:\WINDOWS\system32\vfwwdm32.dll
2007-08-28 14:18    54,272    --a------    C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-08-28 14:18    360,448    -ra------    C:\WINDOWS\system32\LVUI2RC.dll
2007-08-28 14:18    172,032    -ra------    C:\WINDOWS\system32\lvcodec2.dll
2007-08-28 14:18    135,214    -ra------    C:\WINDOWS\system32\LVComS.exe
2007-08-28 14:18    122,880    -ra------    C:\WINDOWS\system32\LVUI2.dll
2007-08-28 14:18    12,112    -ra------    C:\WINDOWS\system32\drivers\LVUSBSta.sys
2007-08-23 16:28    <DIR>    d--------    C:\Programmer\F‘lles filer\Risxtd
2007-08-23 16:28    <DIR>    d--------    C:\DOCUME~1\SMS\APPLIC~1\ISI ResearchSoft
2007-08-23 16:27    <DIR>    d--------    C:\Programmer\Reference Manager 11
2007-08-23 16:27    <DIR>    d--------    C:\Programmer\F‘lles filer\Wise Installation Wizard
2007-08-20 12:04    <DIR>    d--hs----    C:\FOUND.003
2007-08-19 17:36    <DIR>    d--------    C:\Programmer\F‘lles filer\Labtec
2007-08-19 17:35    <DIR>    d--------    C:\Programmer\F‘lles filer\LogiShrd
2007-08-19 17:34    <DIR>    d--------    C:\Programmer\Labtec
2007-08-18 23:13    <DIR>    d--------    C:\Programmer\eMule
2007-08-10 00:11    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-09 22:34    <DIR>    d--------    C:\Programmer\Maxis
2007-08-09 22:34    <DIR>    d--------    C:\DOCUME~1\SMS\WINDOWS
2007-08-07 13:58    8,320    --a------    C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56    9,344    --a------    C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-03 22:16    11,114    --a------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\MainApp.dll
2007-08-03 22:13    81,920    --a------    C:\DOCUME~1\SMS\APPLIC~1\ezpinst.exe
2007-08-03 22:13    47,360    --a------    C:\WINDOWS\system32\drivers\pcouffin.sys
2007-08-03 22:13    47,360    --a------    C:\DOCUME~1\SMS\APPLIC~1\pcouffin.sys
2007-08-03 22:13    14    --a------    C:\WINDOWS\system32\systeminfo3.dll
2007-08-03 22:13    <DIR>    d--------    C:\DOCUME~1\SMS\APPLIC~1\Vso
2007-08-03 22:12    <DIR>    d--------    C:\Programmer\CloneDVD
2007-08-03 22:12    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVDXStudio
2007-08-02 11:17    <DIR>    d--------    C:\CloneDVDTemp
2007-08-02 11:14    <DIR>    d--------    C:\DOCUME~1\SMS\APPLIC~1\Elaborate Bytes
2007-08-02 11:13    <DIR>    d--------    C:\Programmer\Elaborate Bytes


((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-02 21:17    1132    --a------    C:\WINDOWS\system32\drivers\APPFLTR.CFG
2007-09-02 21:12    175180    --a------    C:\WINDOWS\system32\drivers\APPFCONT.DAT
2007-09-02 15:42    141312    --a------    C:\WINDOWS\system32\drivers\netflt.sys
2007-07-30 19:19    92504    --a------    C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19    92504    --a------    C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19    53080    --a------    C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19    53080    --a------    C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19    43352    --a------    C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19    271224    --a------    C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19    207736    --a------    C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\system32\wups.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\system32\dllcache\wups.dll
2007-07-19 08:58    3583488    --a------    C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-13 01:31    765952    --a------    C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-11 14:37    6272    --a------    C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-07-10 21:16    ---------    d--------    C:\Programmer\Monopoly 3
2007-07-10 19:10    ---------    d--------    C:\DOCUME~1\SMS\APPLIC~1\GetRightToGo
2007-07-10 18:06    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
2007-06-27 16:05    823808    --a------    C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 16:05    671232    --a------    C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 16:05    6058496    ---------    C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 16:05    52224    ---------    C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 16:05    477696    --a------    C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 16:05    459264    ---------    C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 16:05    44544    --a------    C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 16:05    27648    --a------    C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 16:05    267776    ---------    C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 16:05    232960    --a------    C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 16:05    193024    --a------    C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 16:05    1152000    --a------    C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 16:05    105984    --a------    C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 16:05    102400    --a------    C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 16:04    384512    --a------    C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 16:04    383488    ---------    C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 16:04    230400    --a------    C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 16:04    153088    --a------    C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 16:04    132608    --a------    C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 16:04    124928    --a------    C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 10:27    63488    --a------    C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 10:27    13824    ---------    C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 10:25    625152    --a------    C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 09:00    161792    --a------    C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 08:10    1104896    --a------    C:\WINDOWS\system32\msxml3.dll
2007-06-26 08:10    1104896    --a------    C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 15:32    282112    --a------    C:\WINDOWS\system32\gdi32.dll
2007-06-19 15:32    282112    --a------    C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 15:22    1034240    --a------    C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 15:22    1034240    --a------    C:\WINDOWS\explorer.exe
2007-06-11 23:51    10834944    --a------    C:\WINDOWS\system32\dllcache\wmp.dll
2007-06-11 20:01    922    --a------    C:\WINDOWS\Recorder.reg
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
    ---------        C:\Programmer\Fælles filer\Skype
    ---------        C:\Programmer\Fælles filer\Risxtd
    ---------        C:\Programmer\Fælles filer\Panda Software
    ---------        C:\Programmer\Fælles filer\LogiShrd
    ---------        C:\Programmer\Fælles filer\Labtec


(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-08 11:02]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-08 10:59]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-08 11:03]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
"AzMixerSel"="C:\Programmer\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 19:51]
"SynTPLpr"="C:\Programmer\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 14:44]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 14:43]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-27 05:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-27 05:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-27 05:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-27 05:00]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-09 15:17 C:\WINDOWS\RTHDCPL.EXE]
"PCMService"="C:\Programmer\Acer\Acer Arcade\PCMService.exe" [2005-08-11 11:48]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-08-11 19:21]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-15 10:03]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2005-08-19 01:28]
"eRecoveryService"="C:\Programmer\Acer\eRecovery\Monitor.exe" [2005-08-18 19:38]
"Windows Defender"="C:\Programmer\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-09-19 15:02]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 13:54]
"APVXDWIN"="C:\Programmer\Panda Software\Panda Internet Security 2007\APVXDWIN.exe" [2007-09-02 15:42]
"SCANINICIO"="C:\Programmer\Panda Software\Panda Internet Security 2007\Inicio.exe" [2006-02-01 18:13]
"AAWTray"="C:\Programmer\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]
"Sony Ericsson PC Suite"="C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]
"lxcrmon.exe"="C:\Programmer\Lexmark 2400 Series\lxcrmon.exe" [2006-03-06 19:48]
"FaxCenterServer"="C:\Programmer\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 10:11]
"EzPrint"="C:\Programmer\Lexmark 2400 Series\ezprint.exe" [2006-02-07 07:10]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 05:00]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-04-23 15:46]
"updateMgr"="c:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\FÆLLES~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2005-09-27 12:13 45056 C:\WINDOWS\system32\avldr.dll

R0 netflt;Panda Net Driver [NDIS Layer];C:\WINDOWS\system32\Drivers\NETFLT.SYS
R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys
R0 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys
R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys
R1 APPFLT;App Filter Plugin;\??\C:\WINDOWS\system32\Drivers\APPFLT.SYS
R1 DSAFLT;DSA Filter Plugin;\??\C:\WINDOWS\system32\Drivers\DSAFLT.SYS
R1 FNETMON;NetMon Filter Plugin;\??\C:\WINDOWS\system32\Drivers\fnetmon.SYS
R1 IDSFLT;Ids Filter Plugin;\??\C:\WINDOWS\system32\Drivers\IDSFLT.SYS
R1 NETFLTDI;Panda Net Driver [TDI Layer];\??\C:\WINDOWS\system32\Drivers\NETFLTDI.SYS
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\drivers\ShldDrv.sys
R1 SMSFLT;SMS Filter Plugin;\??\C:\WINDOWS\system32\Drivers\SMSFLT.SYS
R1 WNMFLT;Wifi Monitor Filter Plugin;\??\C:\WINDOWS\system32\Drivers\WNMFLT.SYS
R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\Drivers\cpoint.sys
R2 EpmPsd;Acer EPM Power Scheme Driver;\??\C:\WINDOWS\system32\drivers\epm-psd.sys
R2 EpmShd;Acer EPM System Hardware Driver;\??\C:\WINDOWS\system32\drivers\epm-shd.sys
R2 int15.sys;int15.sys;\??\C:\Programmer\Acer\eRecovery\int15.sys
R2 osaio;osaio;\??\C:\WINDOWS\system32\drivers\osaio.sys
R2 osanbm;osanbm;\??\C:\WINDOWS\system32\drivers\osanbm.sys
R2 PAVDRV;pavdrv;C:\WINDOWS\system32\DRIVERS\pavdrv51.sys
R2 PavProc;Panda Process Protection Driver;\??\C:\WINDOWS\system32\DRIVERS\PavProc.sys
R3 ComFiltr;Panda Anti-Dialer;\??\C:\WINDOWS\system32\DRIVERS\COMFiltr.sys
R3 DKbFltr;Dritek Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8D8BB7AA-34B8-4058-85C7-5F750A62BE2D}]
C:\WINDOWS\system32\msiexec.exe  /fup {8D8BB7AA-34B8-4058-85C7-5F750A62BE2D} /q

Contents of the 'Scheduled Tasks' folder
2007-09-02 19:14:38 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Programmer\Windows Defender\MpCmdRun.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-02 21:14:21
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aawservice]
"ImagePath"="\"C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaagp]
"ImagePath"="system32\DRIVERS\viaagp.sys"

Completion time: 2007-09-02 21:20:10 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-02 21:20

    --- E O F ---

Rootchk:

********************************* ROOTCHK-(22-08-07)-LOG, by ejvindh
02-09-2007 21:03:41,35

Driver npf (visible) is present. Run COMBOFIX by sUBs.

********************************* ROOTCHK-LOG-end


catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-02 21:03:41
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...
disk error: C:\WINDOWS\system32\config\system

scanning hidden registry entries ...
disk error: C:\WINDOWS\system32\config\software
disk error: C:\Documents and Settings\SMS\ntuser.dat

scanning hidden files ...

hidden processes: 0
hidden files: 0


Superantispyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/02/2007 at 08:50 PM

Application Version : 3.7.1018

Core Rules Database Version : 3298
Trace Rules Database Version: 1306

Scan type      : Complete Scan
Total Scan Time : 00:58:39

Memory items scanned      : 195
Memory threats detected  : 0
Registry items scanned    : 5990
Registry threats detected : 19
File items scanned        : 30962
File threats detected    : 4

Adware.Tracking Cookie
    C:\Documents and Settings\SMS\Cookies\sms@ad.bolddk[2].txt
    C:\Documents and Settings\SMS\Cookies\sms@track.adform[1].txt

Trojan.VideoCach/Gen
    HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}
    HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0
    HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\0
    HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\0\win32
    HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\FLAGS
    HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\HELPDIR
    HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}
    HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\ProxyStubClsid
    HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\ProxyStubClsid32
    HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\TypeLib
    HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\TypeLib#Version
    HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
    HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid
    HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid32
    HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib
    HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib#Version

Trojan.Net-MSV/VPS
    HKCR\MSVPS.MSVPSApp
    HKCR\MSVPS.MSVPSApp\CLSID
    HKCR\MSVPS.MSVPSApp\CurVer

Trojan.Net-MU/Gen
    C:\WINDOWS\MAIN_UNINSTALLER.EXE

Trojan.Downloader/Media-Codec
    C:\PROGRAMMER\VIDEOACCESSCODEC\VIDEOACCESSCODEC.OCX

BANGO - der blev 'ædt' nogle Uønskede elementer!!

Hvordan kører PC'en så nu ?

Desværre stadig ikke optimalt. Jeg tror jeg bare formaterer den og ser om det hjælper. Læg et svar så du kan få point for al den hjælp du har givet. Tak for hjælpen...

MVH
Themask888

Ping...
(Det var et [svar]...)