Søg
Avatar billede Six Nybegynder
27. september 2007 - 21:39 Der er 8 kommentarer og
1 løsning

Hijack this log

Hej eksperter.

Jeg er ved at fixe en kammerats computer og har brug for jeres hjælp til at gennemlæse logfiler.

Hijack this log:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:27:28, on 27-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\BisonCam\BisonMnt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Quick Launch Button\QLButton.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsCtrls.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
c:\program files\panda software\panda internet security 2007\firewall\PSHOST.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\psimsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\WebProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavBckPT.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\mwav\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [BisonMnt] C:\WINDOWS\BisonCam\BisonMnt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [QLButton] C:\Program Files\Quick Launch Button\QLButton.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Åbn på ny baggrundsfane - res://C:\Program Files\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/229?ace9c67644744dbf8d803315c9f618b2
O8 - Extra context menu item: Åbn på ny forgrundsfane - res://C:\Program Files\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/230?ace9c67644744dbf8d803315c9f618b2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.zepto.dk
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1147856435349
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: haruspicy - {60dea04c-9817-4309-bfa2-f8a1766c3cd1} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Unknown owner - c:\program files\panda software\panda internet security 2007\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\psimsvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

--
End of file - 10131 bytes


-------------------------------------------------------------
Combofix logfil:

ComboFix 07-09-21.2 - "Rasmus Tolstrup" 2007-09-27 21:29:41.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.429 [GMT 2:00]
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\ProductCode
C:\setup.exe

.
(((((((((((((((((((((((((  Files Created from 2007-08-27 to 2007-09-27  )))))))))))))))))))))))))))))))
.

2007-09-27 21:29    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-09-27 20:32    <DIR>    d--------    C:\DOCUME~1\ADMINI~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-27 20:21    <DIR>    d--------    C:\Program Files\SUPERAntiSpyware
2007-09-27 20:21    <DIR>    d--------    C:\DOCUME~1\RASMUS~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-27 20:21    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-27 19:12    83,642    --a------    C:\cc_20070927_1912.reg
2007-09-27 19:05    <DIR>    d--------    C:\Program Files\CCleaner
2007-09-27 18:42    <DIR>    d--------    C:\Program Files\Logitech
2007-09-27 18:19    <DIR>    d--------    C:\Kaspersky
2007-09-27 18:15    <DIR>    d--------    C:\mwav
2007-09-27 09:17    261    --a------    C:\WINDOWS\system32\PavCPL.dat
2007-09-27 09:11    13,880    --a------    C:\WINDOWS\system32\drivers\COMFiltr.sys
2007-09-27 09:07    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\sentinel
2007-09-27 09:05    142,128    --a------    C:\WINDOWS\system32\drivers\netimflt.sys
2007-09-27 09:05    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Backup
2007-09-27 08:58    38,968    --a------    C:\WINDOWS\system32\drivers\ShlDrv51.sys
2007-09-26 15:50    <DIR>    d-a------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-26 15:49    <DIR>    d--------    C:\Program Files\Online Video Add-on
2007-09-19 21:28    35,840    -ra------    C:\WINDOWS\system32\CTU2K.dll
2007-09-19 21:28    24,197    -ra------    C:\WINDOWS\system32\drivers\CTU2K.sys
2007-09-19 21:28    160,768    -ra------    C:\WINDOWS\system32\CTU2KUN.exe
2007-09-19 17:22    <DIR>    d--------    C:\DOCUME~1\RASMUS~1\APPLIC~1\Azureus
2007-09-19 17:22    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-09-19 17:18    <DIR>    d--------    C:\Program Files\Azureus
2007-09-19 15:25    <DIR>    d--------    C:\Program Files\Lavasoft
2007-09-19 15:25    <DIR>    d--------    C:\Program Files\Common Files\Wise Installation Wizard
2007-09-19 15:25    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-18 13:50    24,448    --a------    C:\WINDOWS\system32\drivers\ewdcsc.sys
2007-09-18 13:50    100,992    --a------    C:\WINDOWS\system32\drivers\ewusbmdm.sys
2007-09-16 14:20    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-09-16 14:11    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\YAHOO
2007-09-16 14:09    <DIR>    d--------    C:\Program Files\Yahoo!
2007-09-16 11:32    <DIR>    d--------    C:\Program Files\MSXML 4.0
2007-09-16 11:07    <DIR>    d--------    C:\DOCUME~1\RASMUS~1\APPLIC~1\Printer Info Cache
2007-09-16 11:07    <DIR>    d--------    C:\DOCUME~1\RASMUS~1\APPLIC~1\Image Zone Express
2007-09-13 16:14    <DIR>    d--------    C:\DOCUME~1\RASMUS~1\APPLIC~1\HP
2007-09-13 16:10    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-09-13 16:09    <DIR>    d--------    C:\Program Files\Common Files\HP
2007-09-13 16:07    <DIR>    d--------    C:\Program Files\Hewlett-Packard
2007-09-13 16:07    <DIR>    d--------    C:\Program Files\Common Files\Hewlett-Packard
2007-09-13 16:06    77,824    -ra------    C:\WINDOWS\system32\HPZIDS01.dll
2007-09-13 16:06    49,664    -ra------    C:\WINDOWS\system32\drivers\HPZid412.sys
2007-09-13 16:06    48,128    --a------    C:\WINDOWS\system32\hpzll054.dll
2007-09-13 16:06    16,496    -ra------    C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-09-13 16:05    94,208    --a------    C:\WINDOWS\system32\HPZipt12.dll
2007-09-13 16:05    69,632    --a------    C:\WINDOWS\system32\HPZipm12.exe
2007-09-13 16:05    65,536    --a------    C:\WINDOWS\system32\HPZinw12.exe
2007-09-13 16:05    57,344    --a------    C:\WINDOWS\system32\HPZisn12.dll
2007-09-13 16:05    282,680    --a------    C:\WINDOWS\system32\HPZidr12.dll
2007-09-13 16:05    204,800    --a------    C:\WINDOWS\system32\HPZipr12.dll
2007-09-13 16:05    15,104    --a--c---    C:\WINDOWS\system32\dllcache\usbscan.sys
2007-09-13 16:05    15,104    --a------    C:\WINDOWS\system32\drivers\usbscan.sys
2007-09-13 16:04    <DIR>    d--------    C:\Program Files\HP
2007-09-13 16:02    128,163    --a------    C:\WINDOWS\hpoins11.dat
2007-09-04 21:04    <DIR>    d--------    C:\DOCUME~1\RASMUS~1\APPLIC~1\Leadertech
2007-08-31 20:00    <DIR>    d--------    C:\temp\photosmart8
2007-08-31 18:38    25,856    --a--c---    C:\WINDOWS\system32\dllcache\usbprint.sys
2007-08-31 18:38    25,856    --a------    C:\WINDOWS\system32\drivers\usbprint.sys
2007-08-31 16:47    <DIR>    d--------    C:\Garmin

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-27 21:26    268840    --a------    C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck
2007-09-27 21:26    268840    --a------    C:\WINDOWS\system32\drivers\APPFCONT.DAT
2007-09-27 21:26    1204    --a------    C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck
2007-09-27 21:26    1204    --a------    C:\WINDOWS\system32\drivers\APPFLTR.CFG
2007-09-27 18:54    ---------    d--------    C:\Program Files\Google
2007-09-27 18:51    ---------    d--------    C:\Program Files\LimeWire
2007-09-27 18:42    ---------    d--h-----    C:\Program Files\InstallShield Installation Information
2007-09-27 09:16    0    --a------    C:\WINDOWS\system32\drivers\wnmsav.dat
2007-09-26 17:43    ---------    d--------    C:\Program Files\Quick Launch Button
2007-09-26 17:33    ---------    d--------    C:\Program Files\Windows Live Toolbar
2007-09-26 09:32    12800    --a-s----    C:\WINDOWS\system32\jrpkmgh.dll
2007-08-31 09:44    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-08-07 13:58    8320    --a------    C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56    9344    --a------    C:\WINDOWS\system32\drivers\NSDriver.sys
2007-07-30 19:19    92504    --a------    C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19    53080    --a------    C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19    43352    --a------    C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19    271224    --a------    C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19    207736    --a------    C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\system32\wups.dll
2007-07-22 13:33    98304    --a------    C:\WINDOWS\system32\CmdLineExt.dll
2007-07-12 08:42    292144    --a------    C:\WINDOWS\system32\PavSHook.dll
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 22:56]
"BisonMnt"="C:\WINDOWS\BisonCam\BisonMnt.exe" [2005-04-13 21:25]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-16 17:34]
"nwiz"="nwiz.exe" [2006-02-16 17:34 C:\WINDOWS\system32\nwiz.exe]
"QLButton"="C:\Program Files\Quick Launch Button\QLButton.exe" [2005-01-06 22:53]
"SMSERIAL"="sm56hlpr.exe" [2005-05-26 12:12 C:\WINDOWS\sm56hlpr.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-02-27 11:28 C:\WINDOWS\RTHDCPL.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 13:51]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-25 09:25]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 05:24]
"{1290A33C-85F5-4164-A1BE-7DD299D4986A}"="C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe" [2004-06-09 03:33]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-01-17 13:03]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 14:00 C:\WINDOWS\system32\bthprops.cpl]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46]
"APVXDWIN"="C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.exe" [2007-07-23 18:30]
"SCANINICIO"="C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe" [2007-07-11 15:17]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 13:03]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-21 11:54]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00]
"PowerBar"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-04-23 15:46]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

R1 APPFLT;App Filter Plugin;\??\C:\WINDOWS\system32\Drivers\APPFLT.SYS
R1 DSAFLT;DSA Filter Plugin;\??\C:\WINDOWS\system32\Drivers\DSAFLT.SYS
R1 FNETMON;NetMon Filter Plugin;\??\C:\WINDOWS\system32\Drivers\fnetmon.SYS
R1 IDSFLT;Ids Filter Plugin;\??\C:\WINDOWS\system32\Drivers\IDSFLT.SYS
R1 NETFLTDI;Panda Net Driver [TDI Layer];\??\C:\WINDOWS\system32\Drivers\NETFLTDI.SYS
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\Drivers\ShlDrv51.sys
R1 SMSFLT;SMS Filter Plugin;\??\C:\WINDOWS\system32\Drivers\SMSFLT.SYS
R1 WNMFLT;Wifi Monitor Filter Plugin;\??\C:\WINDOWS\system32\Drivers\WNMFLT.SYS
R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\drivers\cpoint.sys
R2 PAVDRV;pavdrv;C:\WINDOWS\system32\DRIVERS\pavdrv51.sys
R2 PavProc;Panda Process Protection Driver;\??\C:\WINDOWS\system32\DRIVERS\PavProc.sys
R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys
R3 PavSRK.sys;PavSRK.sys;\??\C:\WINDOWS\system32\PavSRK.sys
R3 PavTPK.sys;PavTPK.sys;\??\C:\WINDOWS\system32\PavTPK.sys
S3 CTU2K;CTU2K.SYS CTU2K device driver;C:\WINDOWS\system32\Drivers\CTU2K.sys
S3 CXFALCON;AVerMedia AVerTV Video Capture (Falcon);C:\WINDOWS\system32\drivers\AF2VCap.sys
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial;C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03e35c26-f36b-11db-824f-000df02fd281}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17286978-650a-11dc-82bb-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1728697b-650a-11dc-82bb-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1728697c-650a-11dc-82bb-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2891c8c0-bdb3-11db-820c-000df02fd281}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2cd4f82e-bfea-11db-820e-000df02fd281}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36797c84-6520-11dc-82bc-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36797c85-6520-11dc-82bc-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{428f1b88-65dd-11dc-82c2-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{428f1b8a-65dd-11dc-82c2-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e14fce4-668f-11dc-82c6-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ec670bd-e838-11db-823e-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc73ba76-0790-11dc-8262-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d22460de-6680-11dc-82c4-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d22460df-6680-11dc-82c4-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2f57066-6530-11dc-82be-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2f57067-6530-11dc-82be-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2f57068-6530-11dc-82be-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2f57069-6530-11dc-82be-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7dcaf60-6524-11dc-82bd-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7dcaf61-6524-11dc-82bd-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7dcaf62-6524-11dc-82bd-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7dcaf64-6524-11dc-82bd-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-09-27 07:17:30 C:\WINDOWS\Tasks\Grundlæggende oprydning.job"
"2007-09-27 07:17:31 C:\WINDOWS\Tasks\Grundlæggende oprydning1.job"
"2007-09-27 17:08:02 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-27 21:30:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  PowerBar = ???????????????????????????????????????????????????????????????|p??|????m??|?bF~??????????????@?H?@?????????c"?sx??s??????@?????N'?s?D7?L|?s????????????u??s????????c"?s???s??????@?H?@?N'?sd4???$@?H?@?H?@?????????p4???E7????s???s?D7??D7??E7?0i?s?????????D7????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aawservice]
"ImagePath"="\"C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe\""
.
Completion time: 2007-09-27 21:31:25
C:\ComboFix-quarantined-files.txt ... 2007-09-27 21:31
.
    --- E O F ---

---------------------------------------------------------

rootchk log:
********************************* ROOTCHK-(21-09-07)-LOG, by ejvindh
27-09-2007 21:27:51,92

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-27 21:27:52
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000df02fd281]
"001963391b6b"=hex:bd,2a,6d,35,75,bd,9a,89,88,83,76,29,f6,6c,94,e9
"001813148ee8"=hex:e9,bf,4f,e3,75,ed,a2,ef,05,e1,08,08,5b,89,23,c5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000df02fd281]
"001963391b6b"=hex:bd,2a,6d,35,75,bd,9a,89,88,83,76,29,f6,6c,94,e9
"001813148ee8"=hex:e9,bf,4f,e3,75,ed,a2,ef,05,e1,08,08,5b,89,23,c5

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0


Alle toolbars i explorer og firefox må meget gerne fjernes også.

Takker på forhånd for hjælpen.
Avatar billede ejvindh Ekspert
27. september 2007 - 21:53 #1
Jeg ser på det :-)
Avatar billede ejvindh Ekspert
27. september 2007 - 22:09 #2
-- Er du sikker på at de logs er lavet på den samme bruger? Jeg synes godt nok der er stor forskel på indholdet af Combofix og Hijackthis... Men prøv nu dette:

-- Hent S!Ri's SmitfraudFix.zip og gem det på dit Skrivebord.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Alternativt herfra:
http://72.232.135.12/siri/SmitfraudFix.exe

NB: Filen "process.exe" som ligger i dette værktøj bliver af visse antivirus-programmer identificeret som "RiskTool". Det har dog ikke noget på sig!

-- Kopiér indholdet mellem de bølgede linier ind i et notepad-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt. Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

~~~~~~~~~~~~~~~~~~~~~~~~~~
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"=-
"PowerBar"=-
~~~~~~~~~~~~~~~~~~~~~~~~~~
Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen. Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind til gennemsyn

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O22 - SharedTaskScheduler: haruspicy - {60dea04c-9817-4309-bfa2-f8a1766c3cd1} - (no file)

-- Genstart i fejlsikret, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1

-- Kør SmitfraudFix. Tast 2 - svar ja til at rense (y=yes). Lad programmet gennemføre en rensning. Det vil også checke om systemfilen wininet.dll er inficeret. Hvis den er det, vil du blive bedt om tilladelse til at erstatte den med en anden. Her skal du vælge "Yes", ved at taste "y".

Programmet bliver muligvis nødt til at genstarte undervejs. Herefter vil der dukke en liste med resultaterne af rensningen op . Kopiér denne liste ind i tråden.

-- Genstart og læg en frisk Hijackthislog herind, sammen med loggen fra SmitfraudFix (C:\rapport.txt).
Avatar billede Six Nybegynder
27. september 2007 - 22:15 #3
Hej ejvindh - ja jeg er sikker på at det er på samme bruger de logs er lavet, jeg kørte programmerne lige i rap. :)

Jeg følger din guide og vender tilbage :)
Avatar billede Six Nybegynder
27. september 2007 - 22:53 #4
Ny combofix log:

ComboFix 07-09-21.2 - "Rasmus Tolstrup" 2007-09-27 22:50:43.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.427 [GMT 2:00]
Command switches used ::  C:\mwav\CFScript.txt
* Created a new restore point
.

(((((((((((((((((((((((((  Files Created from 2007-08-27 to 2007-09-27  )))))))))))))))))))))))))))))))
.

2007-09-27 21:29    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-09-27 20:32    <DIR>    d--------    C:\DOCUME~1\ADMINI~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-27 20:21    <DIR>    d--------    C:\Program Files\SUPERAntiSpyware
2007-09-27 20:21    <DIR>    d--------    C:\DOCUME~1\RASMUS~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-27 20:21    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-27 19:12    83,642    --a------    C:\cc_20070927_1912.reg
2007-09-27 19:05    <DIR>    d--------    C:\Program Files\CCleaner
2007-09-27 18:42    <DIR>    d--------    C:\Program Files\Logitech
2007-09-27 18:19    <DIR>    d--------    C:\Kaspersky
2007-09-27 18:15    <DIR>    d--------    C:\mwav
2007-09-27 09:17    261    --a------    C:\WINDOWS\system32\PavCPL.dat
2007-09-27 09:11    13,880    --a------    C:\WINDOWS\system32\drivers\COMFiltr.sys
2007-09-27 09:07    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\sentinel
2007-09-27 09:05    142,128    --a------    C:\WINDOWS\system32\drivers\netimflt.sys
2007-09-27 09:05    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Backup
2007-09-27 08:58    38,968    --a------    C:\WINDOWS\system32\drivers\ShlDrv51.sys
2007-09-26 15:50    <DIR>    d-a------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-26 15:49    <DIR>    d--------    C:\Program Files\Online Video Add-on
2007-09-19 21:28    35,840    -ra------    C:\WINDOWS\system32\CTU2K.dll
2007-09-19 21:28    24,197    -ra------    C:\WINDOWS\system32\drivers\CTU2K.sys
2007-09-19 21:28    160,768    -ra------    C:\WINDOWS\system32\CTU2KUN.exe
2007-09-19 17:22    <DIR>    d--------    C:\DOCUME~1\RASMUS~1\APPLIC~1\Azureus
2007-09-19 17:22    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-09-19 17:18    <DIR>    d--------    C:\Program Files\Azureus
2007-09-19 15:25    <DIR>    d--------    C:\Program Files\Lavasoft
2007-09-19 15:25    <DIR>    d--------    C:\Program Files\Common Files\Wise Installation Wizard
2007-09-19 15:25    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-18 13:50    24,448    --a------    C:\WINDOWS\system32\drivers\ewdcsc.sys
2007-09-18 13:50    100,992    --a------    C:\WINDOWS\system32\drivers\ewusbmdm.sys
2007-09-16 14:20    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-09-16 14:11    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\YAHOO
2007-09-16 14:09    <DIR>    d--------    C:\Program Files\Yahoo!
2007-09-16 11:32    <DIR>    d--------    C:\Program Files\MSXML 4.0
2007-09-16 11:07    <DIR>    d--------    C:\DOCUME~1\RASMUS~1\APPLIC~1\Printer Info Cache
2007-09-16 11:07    <DIR>    d--------    C:\DOCUME~1\RASMUS~1\APPLIC~1\Image Zone Express
2007-09-13 16:14    <DIR>    d--------    C:\DOCUME~1\RASMUS~1\APPLIC~1\HP
2007-09-13 16:10    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-09-13 16:09    <DIR>    d--------    C:\Program Files\Common Files\HP
2007-09-13 16:07    <DIR>    d--------    C:\Program Files\Hewlett-Packard
2007-09-13 16:07    <DIR>    d--------    C:\Program Files\Common Files\Hewlett-Packard
2007-09-13 16:06    77,824    -ra------    C:\WINDOWS\system32\HPZIDS01.dll
2007-09-13 16:06    49,664    -ra------    C:\WINDOWS\system32\drivers\HPZid412.sys
2007-09-13 16:06    48,128    --a------    C:\WINDOWS\system32\hpzll054.dll
2007-09-13 16:06    16,496    -ra------    C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-09-13 16:05    94,208    --a------    C:\WINDOWS\system32\HPZipt12.dll
2007-09-13 16:05    69,632    --a------    C:\WINDOWS\system32\HPZipm12.exe
2007-09-13 16:05    65,536    --a------    C:\WINDOWS\system32\HPZinw12.exe
2007-09-13 16:05    57,344    --a------    C:\WINDOWS\system32\HPZisn12.dll
2007-09-13 16:05    282,680    --a------    C:\WINDOWS\system32\HPZidr12.dll
2007-09-13 16:05    204,800    --a------    C:\WINDOWS\system32\HPZipr12.dll
2007-09-13 16:05    15,104    --a--c---    C:\WINDOWS\system32\dllcache\usbscan.sys
2007-09-13 16:05    15,104    --a------    C:\WINDOWS\system32\drivers\usbscan.sys
2007-09-13 16:04    <DIR>    d--------    C:\Program Files\HP
2007-09-13 16:02    128,163    --a------    C:\WINDOWS\hpoins11.dat
2007-09-04 21:04    <DIR>    d--------    C:\DOCUME~1\RASMUS~1\APPLIC~1\Leadertech
2007-08-31 20:00    <DIR>    d--------    C:\temp\photosmart8
2007-08-31 18:38    25,856    --a--c---    C:\WINDOWS\system32\dllcache\usbprint.sys
2007-08-31 18:38    25,856    --a------    C:\WINDOWS\system32\drivers\usbprint.sys
2007-08-31 16:47    <DIR>    d--------    C:\Garmin

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-27 22:50    268248    --a------    C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck
2007-09-27 22:50    268248    --a------    C:\WINDOWS\system32\drivers\APPFCONT.DAT
2007-09-27 22:50    1224    --a------    C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck
2007-09-27 22:50    1224    --a------    C:\WINDOWS\system32\drivers\APPFLTR.CFG
2007-09-27 22:43    24    --a------    C:\WINDOWS\system32\drivers\wnmsav.dat
2007-09-27 18:54    ---------    d--------    C:\Program Files\Google
2007-09-27 18:51    ---------    d--------    C:\Program Files\LimeWire
2007-09-27 18:42    ---------    d--h-----    C:\Program Files\InstallShield Installation Information
2007-09-26 17:43    ---------    d--------    C:\Program Files\Quick Launch Button
2007-09-26 17:33    ---------    d--------    C:\Program Files\Windows Live Toolbar
2007-09-26 09:32    12800    --a-s----    C:\WINDOWS\system32\jrpkmgh.dll
2007-08-31 09:44    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-08-07 13:58    8320    --a------    C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56    9344    --a------    C:\WINDOWS\system32\drivers\NSDriver.sys
2007-07-30 19:19    92504    --a------    C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19    53080    --a------    C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19    43352    --a------    C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19    271224    --a------    C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19    207736    --a------    C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\system32\wups.dll
2007-07-22 13:33    98304    --a------    C:\WINDOWS\system32\CmdLineExt.dll
2007-07-12 08:42    292144    --a------    C:\WINDOWS\system32\PavSHook.dll
.

(((((((((((((((((((((((((((((  snapshot_2007-09-27_213110,46  )))))))))))))))))))))))))))))))))))))))))
.
----a-w            63,522 2007-09-27 20:23:05  C:\WINDOWS\system32\perfc009.dat
----a-w          404,302 2007-09-27 20:23:05  C:\WINDOWS\system32\perfh009.dat
.
----a-w            63,522 2007-09-27 19:27:15  C:\WINDOWS\system32\perfc009.dat
----a-w          404,302 2007-09-27 19:27:15  C:\WINDOWS\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 22:56]
"BisonMnt"="C:\WINDOWS\BisonCam\BisonMnt.exe" [2005-04-13 21:25]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-16 17:34]
"nwiz"="nwiz.exe" [2006-02-16 17:34 C:\WINDOWS\system32\nwiz.exe]
"QLButton"="C:\Program Files\Quick Launch Button\QLButton.exe" [2005-01-06 22:53]
"SMSERIAL"="sm56hlpr.exe" [2005-05-26 12:12 C:\WINDOWS\sm56hlpr.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-02-27 11:28 C:\WINDOWS\RTHDCPL.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 13:51]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-25 09:25]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 05:24]
"{1290A33C-85F5-4164-A1BE-7DD299D4986A}"="C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe" [2004-06-09 03:33]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-01-17 13:03]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 14:00 C:\WINDOWS\system32\bthprops.cpl]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46]
"APVXDWIN"="C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.exe" [2007-07-23 18:30]
"SCANINICIO"="C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe" [2007-07-11 15:17]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 13:03]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-21 11:54]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-04-23 15:46]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

R1 APPFLT;App Filter Plugin;\??\C:\WINDOWS\system32\Drivers\APPFLT.SYS
R1 DSAFLT;DSA Filter Plugin;\??\C:\WINDOWS\system32\Drivers\DSAFLT.SYS
R1 FNETMON;NetMon Filter Plugin;\??\C:\WINDOWS\system32\Drivers\fnetmon.SYS
R1 IDSFLT;Ids Filter Plugin;\??\C:\WINDOWS\system32\Drivers\IDSFLT.SYS
R1 NETFLTDI;Panda Net Driver [TDI Layer];\??\C:\WINDOWS\system32\Drivers\NETFLTDI.SYS
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\Drivers\ShlDrv51.sys
R1 SMSFLT;SMS Filter Plugin;\??\C:\WINDOWS\system32\Drivers\SMSFLT.SYS
R1 WNMFLT;Wifi Monitor Filter Plugin;\??\C:\WINDOWS\system32\Drivers\WNMFLT.SYS
R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\drivers\cpoint.sys
R2 PAVDRV;pavdrv;C:\WINDOWS\system32\DRIVERS\pavdrv51.sys
R2 PavProc;Panda Process Protection Driver;\??\C:\WINDOWS\system32\DRIVERS\PavProc.sys
R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys
R3 PavSRK.sys;PavSRK.sys;\??\C:\WINDOWS\system32\PavSRK.sys
R3 PavTPK.sys;PavTPK.sys;\??\C:\WINDOWS\system32\PavTPK.sys
S3 CTU2K;CTU2K.SYS CTU2K device driver;C:\WINDOWS\system32\Drivers\CTU2K.sys
S3 CXFALCON;AVerMedia AVerTV Video Capture (Falcon);C:\WINDOWS\system32\drivers\AF2VCap.sys
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial;C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03e35c26-f36b-11db-824f-000df02fd281}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17286978-650a-11dc-82bb-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1728697b-650a-11dc-82bb-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1728697c-650a-11dc-82bb-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2891c8c0-bdb3-11db-820c-000df02fd281}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2cd4f82e-bfea-11db-820e-000df02fd281}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36797c84-6520-11dc-82bc-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36797c85-6520-11dc-82bc-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{428f1b88-65dd-11dc-82c2-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{428f1b8a-65dd-11dc-82c2-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e14fce4-668f-11dc-82c6-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ec670bd-e838-11db-823e-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc73ba76-0790-11dc-8262-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d22460de-6680-11dc-82c4-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d22460df-6680-11dc-82c4-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2f57066-6530-11dc-82be-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2f57067-6530-11dc-82be-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2f57068-6530-11dc-82be-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2f57069-6530-11dc-82be-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7dcaf60-6524-11dc-82bd-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7dcaf61-6524-11dc-82bd-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7dcaf62-6524-11dc-82bd-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7dcaf64-6524-11dc-82bd-001302dfbfb5}]
AutoRun\command- E:\AutoRun.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-09-27 07:17:30 C:\WINDOWS\Tasks\Grundlæggende oprydning.job"
"2007-09-27 07:17:31 C:\WINDOWS\Tasks\Grundlæggende oprydning1.job"
"2007-09-27 17:08:02 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-27 22:51:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aawservice]
"ImagePath"="\"C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe\""
.
Completion time: 2007-09-27 22:52:18
C:\ComboFix-quarantined-files.txt ... 2007-09-27 22:52
C:\ComboFix2.txt ... 2007-09-27 21:31
.
    --- E O F ---
Avatar billede Six Nybegynder
27. september 2007 - 23:09 #5
Hijack this log ny:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23:08:49, on 27-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\BisonCam\BisonMnt.exe
C:\Program Files\Quick Launch Button\QLButton.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsCtrls.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
c:\program files\panda software\panda internet security 2007\firewall\PSHOST.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\psimsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\mwav\HiJackThis_v2.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\avciman.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\psimreal.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavBckPT.exe
C:\WINDOWS\system32\wscntfy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [BisonMnt] C:\WINDOWS\BisonCam\BisonMnt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [QLButton] C:\Program Files\Quick Launch Button\QLButton.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Åbn på ny baggrundsfane - res://C:\Program Files\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/229?ace9c67644744dbf8d803315c9f618b2
O8 - Extra context menu item: Åbn på ny forgrundsfane - res://C:\Program Files\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/230?ace9c67644744dbf8d803315c9f618b2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.zepto.dk
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1147856435349
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Unknown owner - c:\program files\panda software\panda internet security 2007\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\psimsvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe

--
End of file - 9263 bytes


Rapport.txt:

SmitFraudFix v2.231

Scan done at 23:04:06,32, 27-09-2007
Run from C:\Documents and Settings\Rasmus Tolstrup\Desktop\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1      localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\jrpkmgh.dll Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{520020AF-E050-47AF-8020-6FE522FDD90B}: DhcpNameServer=89.150.129.4 89.150.129.10
HKLM\SYSTEM\CS1\Services\Tcpip\..\{520020AF-E050-47AF-8020-6FE522FDD90B}: DhcpNameServer=89.150.129.4 89.150.129.10
HKLM\SYSTEM\CS3\Services\Tcpip\..\{520020AF-E050-47AF-8020-6FE522FDD90B}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=89.150.129.4 89.150.129.10
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=89.150.129.4 89.150.129.10
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
Avatar billede Six Nybegynder
27. september 2007 - 23:10 #6
Så skulle de vidst være der :)
Avatar billede ejvindh Ekspert
27. september 2007 - 23:18 #7
Så har jeg ikke mere at komme efter. Kører computeren bedre nu?

For at gøre arbejdet helt færdig:
Det kan være en god ide og rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.spywarefri.dk/virusscannere.htm#alle) - genstart din computer - aktiver systemgendannelse.
Og så kan det også være en god ide at skjule dine systemfiler og -mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil. Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

Det kan også være en god ide at få renset ud i dine midlertidige filer. Det kan gøres på en hurtig og nem måde med denne fil
www.spywareinfo.dk/download/cleantempxp2k.bat
---------------------------

For at forhindre gentagelser, vil jeg anbefale dig at lægge nogle små programmer ind, som forhindrer spyware i at komme ind i første omgang. Du finder links og gode råd her:
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

Jeg vil også foreslå, at du læser disse artikler om hvordan du kan undgå at blive inficeret i fremtiden:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
http://www.ejvindh.net/viewtopic.php?t=37
Avatar billede Six Nybegynder
27. september 2007 - 23:26 #8
Takker mange gange for hjælpen ejvindh :)

Jeg gør det sidste arbejde færdigt, og så skulle hans computer være "good to go" :)
Avatar billede ejvindh Ekspert
27. september 2007 - 23:47 #9
Du er velkommen :-)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 13:36 godt råd søges Alternativ styresystem på Mac pc Af luffe1955 i Andre styresystemer
I går 11:32 Hjælp til kontrol af sygefravær Af Maja i Excel
27/0113:59 2 skærme til en stationær computer Af BIRGER i Skærme
26/0119:26 Opstart af ny computer Af Bent i Windows
25/0120:06 Hjemmeside der virker både på mobil og computer Af Strawberry i PHP
White papers
Flere white papers »