Kontrolpanel - ingen adgang

Kør trin 1 og 2 her http://www.malwarecheck.dk/forum/viewtopic.php?t=11
Genstart og hijackthis log(vejledning http://www.malwarecheck.dk/forum/viewtopic.php?t=9) samt log´ne fra SuperAntiSpyware scanneren og Avg/Ewido

Jeg fandt en artikel 1123, som jeg kørte. Og kontrolpanel fungerer fint nu. Rootchk har jeg ikke udført. Det tog langt tid uden at der skete noget. Combofix fil har jeg slettet. jeg læger ind kun: Superantispyware, hijackthis

(PC'en er langsomt, men kan det være på grund af at jeg har spy sweeper og superantispyware kørende samtidig)


UPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/05/2007 at 07:09 PM

Application Version : 3.9.1008

Core Rules Database Version : 3319
Trace Rules Database Version: 1320

Scan type      : Complete Scan
Total Scan Time : 00:55:38

Memory items scanned      : 177
Memory threats detected  : 0
Registry items scanned    : 6734
Registry threats detected : 0
File items scanned        : 49118
File threats detected    : 0


ogfile of HijackThis v1.99.1
Scan saved at 19:23:06, on 05-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
C:\Programmer\Fælles filer\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe
C:\Programmer\InterVideo\Common\Bin\WinRemote.exe
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\pchbutton.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Programmer\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Ejer\Dokumenter\rensning\alternativ.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q304&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q304&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=ZillaPopupKiller:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Programmer\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmer\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] C:\Programmer\InterVideo\Common\Bin\WinRemote.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmer\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SpySweeper] C:\Programmer\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [BackupNotify] "c:\Programmer\HP\Digital Imaging\bin\backupnotify.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175958200218
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe

<arlet>: Kører du videre her ?

ja, den var smuttet..

zowq->-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

BEMÆRK at Combofix af nogle virusscannere bliver detekteret som inficeret. Dette har dog intet på sig.

Hej!

Undskyld - jeg har ikke indsat filen før. Jeh har ikke haft tid. Håber at nogen vil kigge på den.


ComboFix 07-10-07.2 - Ejer 2007-10-12 19:28:59.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.124 [GMT 2:00]
Running from: C:\Documents and Settings\Ejer\Dokumenter\rensning\ComboFix.exe
.

(((((((((((((((((((((((((  Files Created from 2007-09-12 to 2007-10-12  )))))))))))))))))))))))))))))))
.

2007-10-12 19:32    <DIR>    d----c---    C:\WINDOWS\LastGood
2007-10-08 18:58    <DIR>    d----c---    C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-10-07 17:22    <DIR>    d----c---    C:\Programmer\CCleaner
2007-10-07 17:12    22,112    -ra--c---    C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-10-03 19:26    <DIR>    d----c---    C:\Programmer\Norton Internet Security
2007-10-03 19:24    60,800    --a--c---    C:\WINDOWS\system32\S32EVNT1.DLL
2007-10-03 19:24    123,952    --a--c---    C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-03 19:23    <DIR>    d----c---    C:\Programmer\Symantec
2007-09-30 18:02    51,200    --a--c---    C:\WINDOWS\NirCmd.exe
2007-09-30 15:24    <DIR>    d----c---    C:\Programmer\SUPERAntiSpyware
2007-09-30 15:24    <DIR>    d----c---    C:\Documents and Settings\Ejer\Application Data\SUPERAntiSpyware.com
2007-09-30 15:24    <DIR>    d----c---    C:\Documents and Settings\Ejer\Application Data\SUPERAntiSpyware.com
2007-09-30 15:24    <DIR>    d----c---    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-09-30 15:16    <DIR>    d----c---    C:\Documents and Settings\Administrator\Application Data\Webroot
2007-09-30 15:14    <DIR>    dr---c---    C:\Documents and Settings\Administrator\Menuen Start
2007-09-30 15:14    <DIR>    dr---c---    C:\Documents and Settings\Administrator\Foretrukne
2007-09-30 15:14    <DIR>    dr---c---    C:\Documents and Settings\Administrator\Dokumenter
2007-09-30 15:14    <DIR>    d--h-c---    C:\Documents and Settings\Administrator\Skabeloner
2007-09-30 15:14    <DIR>    d--h-c---    C:\Documents and Settings\Administrator\Printere
2007-09-30 15:14    <DIR>    d--h-c---    C:\Documents and Settings\Administrator\Lokale indstillinger
2007-09-30 15:14    <DIR>    d--h-c---    C:\Documents and Settings\Administrator\Andre computere
2007-09-30 15:14    <DIR>    d----c---    C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-09-30 15:14    <DIR>    d----c---    C:\Documents and Settings\Administrator\WINDOWS
2007-09-30 15:14    <DIR>    d----c---    C:\Documents and Settings\Administrator\Skrivebord
2007-09-30 15:14    <DIR>    d----c---    C:\Documents and Settings\Administrator\Application Data\Symantec
2007-09-30 15:14    <DIR>    d----c---    C:\Documents and Settings\Administrator\Application Data\SampleView
2007-09-30 15:14    <DIR>    d----c---    C:\Documents and Settings\Administrator\Application Data\Intervideo
2007-09-18 14:43    43,696    --a--c---    C:\WINDOWS\system32\drivers\srtspx.sys
2007-09-18 14:43    317,616    --a--c---    C:\WINDOWS\system32\drivers\srtspl.sys
2007-09-18 14:43    278,576    --a--c---    C:\WINDOWS\system32\drivers\srtsp.sys
2007-09-17 20:05    18,980    --a--c---    C:\Documents and Settings\Ejer\Application Data\mcrupdate.exe
2007-09-17 20:05    18,980    --a--c---    C:\Documents and Settings\Ejer\Application Data\mcrupdate.exe

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-08 18:58    ---------    d----c---    C:\Documents and Settings\Ejer\Application Data\OfficeUpdate12
2007-10-08 18:58    ---------    d----c---    C:\Documents and Settings\Ejer\Application Data\OfficeUpdate12
2007-10-08 18:52    ---------    d----c---    C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-07 17:12    805    --a--c---    C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-07 17:12    10740    --a--c---    C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-03 19:00    ---------    d----c---    C:\Programmer\Norton AntiVirus
2007-09-18 14:44    1430    --a--c---    C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 14:44    1421    --a--c---    C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 14:44    1415    --a--c---    C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-18 14:44    10662    --a--c---    C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 14:44    10662    --a--c---    C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 14:44    10658    --a--c---    C:\WINDOWS\system32\drivers\srtsp.cat
2007-07-30 19:19    92504    --a--c---    C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19    549720    --a--c---    C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19    53080    --a--c---    C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19    43352    --a--c---    C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19    325976    --a--c---    C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19    271224    --a--c---    C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19    207736    --a--c---    C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19    203096    --a--c---    C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19    1712984    --a--c---    C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18    33624    --a--c---    C:\WINDOWS\system32\wups.dll
2007-07-19 22:54    1521464    --a--c---    C:\WINDOWS\WRSetup.dll
2006-09-08 18:06    15302448    --a--c---    C:\Programmer\IE7RC1-WindowsXP-x86-enu.exe
2006-07-29 19:19    1348664    --a--c---    C:\Programmer\ymb_setup_mini_us.exe
2005-07-01 20:08    2083568    --a--c---    C:\Programmer\WindowsXP-KB894391-x86-DAN.exe
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
    ---------        C:\Programmer\Fælles filer\Symantec Shared
    ---------        C:\Programmer\Fælles filer
.

-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe" [2004-01-01 18:11]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04]
"HPHUPD05"="c:\Programmer\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 04:23]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 04:14]
"Home Theater SchSvr"="C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe" []
"WINREMOTE"="C:\Programmer\InterVideo\Common\Bin\WinRemote.exe" [2004-05-06 03:34]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43]
"VTTimer"="VTTimer.exe" []
"UpdateManager"="c:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" []
"DAEMON Tools-1033"="C:\Programmer\D-Tools\daemon.exe" [2004-08-22 17:05]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]
"NWEReboot"="" []
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-06-28 09:14]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-27 02:53 C:\WINDOWS\system32\rundll32.exe]
"ccApp"="C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe" []
"osCheck"="C:\Programmer\Norton Internet Security\osCheck.exe" [2007-01-14 01:11]
"Symantec PIF AlertEng"="C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" []
"SpySweeper"="C:\Programmer\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 22:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\Programmer\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 02:34]
"Acme.PCHButton"="C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\pchbutton.exe" [2004-01-01 19:56]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 02:53]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-09-30 17:28]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SRUUninstall"="C:\WINDOWS\system32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Digimax Viewer 2.1.lnk - C:\Programmer\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [2005-05-14 14:16:20]
HP Digital Imaging Monitor.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
HP Image Zone Hurtig start.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS
R0 viaagp1;VIA AGP Filter;C:\WINDOWS\system32\DRIVERS\viaagp1.sys
R2 Automatisk LiveUpdate-planlægning;Automatisk LiveUpdate-planlægning;"C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
S3 Fadpu16E;Fadpu16E;\??\C:\DOCUME~1\Ejer\LOKALE~1\Temp\Fadpu16E.sys

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-07-04 12:43:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2007-05-19 13:35:06 C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job"
- C:\Programmer\ErrorKiller\ErrorKiller.exe
"2007-10-01 19:26:10 C:\WINDOWS\Tasks\Norton Internet Security - Kør fuld systemskanning - Ejer.job"
"2007-04-14 20:19:34 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Programmer\RegistrySmart\RegistrySmart.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-12 19:39:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaagp1]
"ImagePath"="System32\DRIVERS\viaagp1.sys"
.
Completion time: 2007-10-12 19:42:38
C:\ComboFix-quarantined-files.txt ... 2007-10-12 19:42
C:\ComboFix2.txt ... 2007-09-30 18:34
.
    --- E O F ---

Kopiér indholdet mellem de stiplede linier ind i et notepad-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt.
Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

-------------------------
File::
C:\Documents and Settings\Ejer\Application Data\mcrupdate.exe
C:\Documents and Settings\Ejer\Application Data\mcrupdate.exe
-------------------------

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen. - http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Kopier indholdet af Combofix.txt her ind sammen med en ny hijackthis log

Jeg forstår ikke helt hvorfor skal jeg gøre det igen. Og hvorfår lige det du skriver!!!
Altså ...
Jeg gør det igen, så håber jeg I vil kunne give mig nogle konkrete svar.

Her er det lye logfiler:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:09:05, on 14-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
C:\Programmer\Fælles filer\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe
C:\Programmer\InterVideo\Common\Bin\WinRemote.exe
C:\Programmer\D-Tools\daemon.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\pchbutton.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmer\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\explorer.exe
C:\Programmer\HJTrenamed.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q304&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DA_DK&c=Q304&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=ZillaPopupKiller:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Programmer\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Programmer\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] C:\Programmer\InterVideo\Common\Bin\WinRemote.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmer\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmer\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SpySweeper] C:\Programmer\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [BackupNotify] "c:\Programmer\HP\Digital Imaging\bin\backupnotify.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\pchbutton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\system32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\system32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Hurtig start.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175958200218
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatisk LiveUpdate-planlægning - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programmer\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10863 bytes

ComboFix 07-10-07.2 - Ejer 2007-10-14 15:02:32.3 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.146 [GMT 2:00]
Running from: C:\Documents and Settings\Ejer\Dokumenter\rensning\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ejer\Dokumenter\rensning\CFScript.txt
* Created a new restore point

FILE::
C:\Documents and Settings\Ejer\Application Data\mcrupdate.exe
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Ejer\Application Data\mcrupdate.exe

.
(((((((((((((((((((((((((  Files Created from 2007-09-14 to 2007-10-14  )))))))))))))))))))))))))))))))
.

2007-10-12 19:36    582,656    -----c---    C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-08 18:58    <DIR>    d----c---    C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-10-07 17:22    <DIR>    d----c---    C:\Programmer\CCleaner
2007-10-07 17:12    22,112    -ra--c---    C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-10-03 19:26    <DIR>    d----c---    C:\Programmer\Norton Internet Security
2007-10-03 19:24    60,800    --a--c---    C:\WINDOWS\system32\S32EVNT1.DLL
2007-10-03 19:24    123,952    --a--c---    C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-03 19:23    <DIR>    d----c---    C:\Programmer\Symantec
2007-09-30 18:02    51,200    --a--c---    C:\WINDOWS\NirCmd.exe
2007-09-30 15:24    <DIR>    d----c---    C:\Programmer\SUPERAntiSpyware
2007-09-30 15:24    <DIR>    d----c---    C:\Documents and Settings\Ejer\Application Data\SUPERAntiSpyware.com
2007-09-30 15:24    <DIR>    d----c---    C:\Documents and Settings\Ejer\Application Data\SUPERAntiSpyware.com
2007-09-30 15:24    <DIR>    d----c---    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-09-30 15:16    <DIR>    d----c---    C:\Documents and Settings\Administrator\Application Data\Webroot
2007-09-30 15:14    <DIR>    dr---c---    C:\Documents and Settings\Administrator\Menuen Start
2007-09-30 15:14    <DIR>    dr---c---    C:\Documents and Settings\Administrator\Foretrukne
2007-09-30 15:14    <DIR>    dr---c---    C:\Documents and Settings\Administrator\Dokumenter
2007-09-30 15:14    <DIR>    d--h-c---    C:\Documents and Settings\Administrator\Skabeloner
2007-09-30 15:14    <DIR>    d--h-c---    C:\Documents and Settings\Administrator\Printere
2007-09-30 15:14    <DIR>    d--h-c---    C:\Documents and Settings\Administrator\Lokale indstillinger
2007-09-30 15:14    <DIR>    d--h-c---    C:\Documents and Settings\Administrator\Andre computere
2007-09-30 15:14    <DIR>    d----c---    C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-09-30 15:14    <DIR>    d----c---    C:\Documents and Settings\Administrator\WINDOWS
2007-09-30 15:14    <DIR>    d----c---    C:\Documents and Settings\Administrator\Skrivebord
2007-09-30 15:14    <DIR>    d----c---    C:\Documents and Settings\Administrator\Application Data\Symantec
2007-09-30 15:14    <DIR>    d----c---    C:\Documents and Settings\Administrator\Application Data\SampleView
2007-09-30 15:14    <DIR>    d----c---    C:\Documents and Settings\Administrator\Application Data\Intervideo
2007-09-18 14:43    43,696    --a--c---    C:\WINDOWS\system32\drivers\srtspx.sys
2007-09-18 14:43    317,616    --a--c---    C:\WINDOWS\system32\drivers\srtspl.sys
2007-09-18 14:43    278,576    --a--c---    C:\WINDOWS\system32\drivers\srtsp.sys

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-14 14:47    ---------    d----c---    C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-08 18:58    ---------    d----c---    C:\Documents and Settings\Ejer\Application Data\OfficeUpdate12
2007-10-08 18:58    ---------    d----c---    C:\Documents and Settings\Ejer\Application Data\OfficeUpdate12
2007-10-07 17:12    805    --a--c---    C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-07 17:12    10740    --a--c---    C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-03 19:00    ---------    d----c---    C:\Programmer\Norton AntiVirus
2007-09-18 14:44    1430    --a--c---    C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 14:44    1421    --a--c---    C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 14:44    1415    --a--c---    C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-18 14:44    10662    --a--c---    C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 14:44    10662    --a--c---    C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 14:44    10658    --a--c---    C:\WINDOWS\system32\drivers\srtsp.cat
2007-08-21 08:17    683520    --a--c---    C:\WINDOWS\system32\inetcomm.dll
2007-07-30 19:19    92504    --a--c---    C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19    549720    --a--c---    C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19    53080    --a--c---    C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19    43352    --a--c---    C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19    325976    --a--c---    C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19    271224    --a--c---    C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19    207736    --a--c---    C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19    203096    --a--c---    C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19    1712984    --a--c---    C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18    33624    --a--c---    C:\WINDOWS\system32\wups.dll
2007-07-19 22:54    1521464    --a--c---    C:\WINDOWS\WRSetup.dll
2006-09-08 18:06    15302448    --a--c---    C:\Programmer\IE7RC1-WindowsXP-x86-enu.exe
2006-07-29 19:19    1348664    --a--c---    C:\Programmer\ymb_setup_mini_us.exe
2005-07-01 20:08    2083568    --a--c---    C:\Programmer\WindowsXP-KB894391-x86-DAN.exe
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
    ---------        C:\Programmer\Fælles filer\Symantec Shared
    ---------        C:\Programmer\Fælles filer
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmer\Java\j2re1.4.2_03\bin\jusched.exe" [2004-01-01 18:11]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04]
"HPHUPD05"="c:\Programmer\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 04:23]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 04:14]
"Home Theater SchSvr"="C:\Programmer\Fælles filer\InterVideo\SchSvr\SchSvr.exe" []
"WINREMOTE"="C:\Programmer\InterVideo\Common\Bin\WinRemote.exe" [2004-05-06 03:34]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43]
"VTTimer"="VTTimer.exe" []
"UpdateManager"="c:\Programmer\Fælles filer\Sonic\Update Manager\sgtray.exe" []
"DAEMON Tools-1033"="C:\Programmer\D-Tools\daemon.exe" [2004-08-22 17:05]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]
"NWEReboot"="" []
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-06-28 09:14]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-27 02:53 C:\WINDOWS\system32\rundll32.exe]
"ccApp"="C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe" []
"osCheck"="C:\Programmer\Norton Internet Security\osCheck.exe" [2007-01-14 01:11]
"Symantec PIF AlertEng"="C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" []
"SpySweeper"="C:\Programmer\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 22:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\Programmer\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 02:34]
"Acme.PCHButton"="C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBS4\plugin\bin\pchbutton.exe" [2004-01-01 19:56]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 02:53]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-09-30 17:28]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SRUUninstall"="C:\WINDOWS\system32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Digimax Viewer 2.1.lnk - C:\Programmer\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [2005-05-14 14:16:20]
HP Digital Imaging Monitor.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
HP Image Zone Hurtig start.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS
R0 viaagp1;VIA AGP Filter;C:\WINDOWS\system32\DRIVERS\viaagp1.sys
R2 Automatisk LiveUpdate-planlægning;Automatisk LiveUpdate-planlægning;"C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
S3 Fadpu16E;Fadpu16E;\??\C:\DOCUME~1\Ejer\LOKALE~1\Temp\Fadpu16E.sys

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-07-04 12:43:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2007-05-19 13:35:06 C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job"
- C:\Programmer\ErrorKiller\ErrorKiller.exe
"2007-10-01 19:26:10 C:\WINDOWS\Tasks\Norton Internet Security - Kør fuld systemskanning - Ejer.job"
"2007-04-14 20:19:34 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Programmer\RegistrySmart\RegistrySmart.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-14 15:05:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\poof]


[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaagp1]
"ImagePath"="System32\DRIVERS\viaagp1.sys"
.
Completion time: 2007-10-14 15:07:06
C:\ComboFix-quarantined-files.txt ... 2007-10-14 15:07
C:\ComboFix2.txt ... 2007-10-12 19:42
C:\ComboFix3.txt ... 2007-09-30 18:34
.
    --- E O F ---

(Det er bare en procedure for at få slettet nævnte fil: mcrupdate.exe - hvilket jo er lykkedes) - <arlet> kører videre...

Så ser det bedre ud..

Hjalp kuren??

Kør lige trin 5 og 6 herfra: http://www.malwarecheck.dk/forum/viewtopic.php?t=11

Her kan du læse om vores skudsikre sikkerhedspakke: http://www.malwarecheck.dk/forum/viewtopic.php?t=156 . Hvis du har nogle spørgsmål, så spørger du bare..

Ja - Tak. PC'kører hurtiger og starter hurtiger. Jeg håber det vil fungerer bedre fra nu af.

Der er en ting mere. Når jeg går i Windows sikkerhedscenter, kan jeg ikke se alle funktioner. Og der står: Sikkerhedscenter er ikke tilgængelig i øjebliket, fordi tjenesten" Sikkerhedscenter" ikke er startet eller er blevet stoppet. Luk dette vindue, genstart computer(eller start tjenesten sikkerhedscenter) og åbn derefter sikkerhedscenter igen.

Jeg har prøvet forskellige ting. Der intet virker!

Har I nogen forslag til hvordan jeg kan få den at virke igen.