CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede miklar Nybegynder
02. november 2007 - 12:02 Der er 13 kommentarer og
1 løsning

Hijack This + logs

Hej,

Er der ikke lige én, der kan kigge på de her logs og se, om der ligger noget snavs?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:57, on 02-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\stsystra.exe
C:\Programmer\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Spyware Doctor\SDTrayApp.exe
C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\Spyware Doctor\svcntaux.exe
C:\Programmer\Spyware Doctor\swdsvc.exe
c:\Programmer\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\Google\Google Updater\GoogleUpdater.exe
C:\Programmer\Windows Desktop Search\WindowsSearch.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Microsoft Office\Office12\WINWORD.EXE
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\Programmer\Spyware Doctor\swdoctor.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programmer\Opera\Opera.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mikkellarsen.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: Shell=
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Authentic-ID Toolbar - {B0DF5714-5A99-4A21-9C98-4F93FB5C398C} - C:\Programmer\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll
O3 - Toolbar: VSPopUp - {C89657E6-D083-4EA3-81D2-D7AD3D0ED490} - C:\WINDOWS\system32\vsPop.dll
O3 - Toolbar: Authentic-ID Toolbar - {B0DF5714-5A99-4A21-9C98-4F93FB5C398C} - C:\Programmer\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DMXLauncher] "C:\Programmer\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Authentic-ID Toolbar] rundll32.exe "C:\Programmer\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll",LoadTrayIcon
O4 - HKLM\..\Run: [SDTray] "C:\Programmer\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Programmer\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Programmer\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Startup: emptemp2.lnk = C:\Programmer\Empty Temp Folders 2.8.3\emptemp2.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmer\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Windows-pc-søgning.lnk = C:\Programmer\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.es/scan_es/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175021881167
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188754522250
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FEA61C2C-28A2-43F5-B94F-8758471BDBE8}: NameServer = 80.58.0.33,80.58.32.97
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FÆLLES~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmer\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmer\Spyware Doctor\swdsvc.exe

--
End of file - 13647 bytes

***

SmitFraudFix v2.246

Scan done at 11:46:52.70, 02-11-2007
Run from C:\Documents and Settings\Mikkel\Skrivebord\Antispyware\Smitfraud\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\stsystra.exe
C:\Programmer\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Spyware Doctor\SDTrayApp.exe
C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\Spyware Doctor\svcntaux.exe
C:\Programmer\Spyware Doctor\swdsvc.exe
c:\Programmer\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\Google\Google Updater\GoogleUpdater.exe
C:\Programmer\Windows Desktop Search\WindowsSearch.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Microsoft Office\Office12\WINWORD.EXE
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\cmd.exe
C:\Programmer\Spyware Doctor\swdoctor.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Programmer\Fælles filer\Microsoft Shared\office12\offlb.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

127.0.0.1    legal-at-spybot.info
127.0.0.1    www.legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mikkel


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mikkel\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Mikkel\FORETR~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Programmer


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~2\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 440x 10/100 Integrated Controller - Miniport til Packet Scheduler
DNS Server Search Order: 80.58.0.33
DNS Server Search Order: 80.58.32.97

HKLM\SYSTEM\CCS\Services\Tcpip\..\{FEA61C2C-28A2-43F5-B94F-8758471BDBE8}: NameServer=80.58.0.33,80.58.32.97
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FEA61C2C-28A2-43F5-B94F-8758471BDBE8}: NameServer=80.58.0.33,80.58.32.97
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FEA61C2C-28A2-43F5-B94F-8758471BDBE8}: NameServer=80.58.0.33,80.58.32.97


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


ComboFix 07-10-23.2 - Mikkel 2007-11-02 11:25:27.8 - NTFSx86
Scriptet "Is" tog for lang tid at køre.
Kørslen blev afsluttet.
Running from: C:\Documents and Settings\Mikkel\Skrivebord\Antispyware\Combofix\ComboFix.exe
.

(((((((((((((((((((((((((  Files Created from 2007-10-02 to 2007-11-02  )))))))))))))))))))))))))))))))
.

2007-11-02 11:25    289,144    --a------    C:\WINDOWS\system32\VCCLSID.exe
2007-11-02 11:25    288,417    --a------    C:\WINDOWS\system32\SrchSTS.exe
2007-11-02 11:25    53,248    --a------    C:\WINDOWS\system32\Process.exe
2007-11-02 11:25    51,200    --a------    C:\WINDOWS\system32\dumphive.exe
2007-11-02 11:25    28,672    --a------    C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-11-02 11:25    25,600    --a------    C:\WINDOWS\system32\WS2Fix.exe
2007-11-02 11:24    <DIR>    d--------    C:\Documents and Settings\Mikkel\Application Data\WholeSecurity
2007-11-02 11:22    <DIR>    d--------    C:\WINDOWS\LastGood
2007-11-02 00:22    <DIR>    d--------    C:\Programmer\Spyware Doctor
2007-11-02 00:22    <DIR>    d--------    C:\Documents and Settings\Mikkel\Application Data\PC Tools
2007-11-02 00:22    79,688    --a------    C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-02 00:22    62,280    --a------    C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-02 00:22    41,288    --a------    C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-02 00:22    29,000    --a------    C:\WINDOWS\system32\drivers\kcom.sys
2007-11-02 00:21    <DIR>    d--------    C:\WINDOWS\system32\runtime
2007-11-02 00:21    <DIR>    d--------    C:\Programmer\Norton Security Scan
2007-11-01 19:26    <DIR>    d--------    C:\WINDOWS\BDOSCAN8
2007-11-01 18:41    0    --a------    C:\WINDOWS\system32\vspopup.dll
2007-11-01 13:35    <DIR>    d--------    C:\Programmer\Enigma Software Group
2007-11-01 13:33    626,688    --a------    C:\WINDOWS\system32\msvcr80.dll
2007-11-01 13:26    <DIR>    d--------    C:\WINDOWS\McAfee.com
2007-10-26 15:04    <DIR>    d--------    C:\Documents and Settings\Mikkel\Application Data\Authentic-ID
2007-10-26 14:55    <DIR>    d--------    C:\Programmer\Authentic-ID
2007-10-26 14:55    560,128    --a------    C:\WINDOWS\system32\htmlayout.dll
2007-10-26 14:55    388,126    --a------    C:\WINDOWS\system32\sqlite3.dll
2007-10-26 14:55    258,352    --a------    C:\WINDOWS\system32\unicows.dll
2007-10-26 14:46    <DIR>    d--------    C:\Programmer\VSPopUp
2007-10-26 14:46    299,008    --a------    C:\WINDOWS\system32\vsPop.dll
2007-10-26 14:46    40,960    --a------    C:\WINDOWS\system32\SSubTmr6.dll
2007-10-26 11:34    <DIR>    d--------    C:\Programmer\CCleaner
2007-10-26 09:19    <DIR>    d--------    C:\Documents and Settings\Mikkel\WINDOWS
2007-10-26 08:39    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-10-25 23:16    <DIR>    d--------    C:\WINDOWS\system32\Kaspersky Lab
2007-10-25 22:59    <DIR>    d--------    C:\Programmer\Trend Micro
2007-10-25 22:59    401,720    --a------    C:\Programmer\HiJackThis.exe
2007-10-25 22:59    318,369    --a------    C:\Programmer\HiJackThis.zip
2007-10-25 22:58    812,344    --a------    C:\Programmer\HJTInstall.exe
2007-10-25 22:56    7,467,056    --a------    C:\Programmer\spybotsd15.exe
2007-10-25 22:53    27,932    --a------    C:\Programmer\spybot lang.dansk.zip
2007-10-25 22:38    <DIR>    d--------    C:\Programmer\SpywareBlaster
2007-10-25 22:36    2,566,736    --a------    C:\Programmer\spywareblastersetup351.exe
2007-10-25 16:51    1,036,738    --a------    C:\Programmer\SmitfraudFix.exe
2007-10-25 16:44    3,254    --a------    C:\WINDOWS\system32\tmp.reg
2007-10-25 15:50    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-10-25 15:50    <DIR>    d--------    C:\Documents and Settings\Mikkel\Application Data\SUPERAntiSpyware.com
2007-10-25 15:48    <DIR>    d--------    C:\Programmer\Fælles filer\Wise Installation Wizard
2007-10-25 15:48    <DIR>    d--------    C:\Documents and Settings\Mikkel\SmitfraudFix
2007-10-25 15:47    5,914,648    --a------    C:\Programmer\SUPERAntiSpyware.exe
2007-10-25 15:46    <DIR>    d--------    C:\Programmer\SmitfraudFix
2007-10-25 12:05    <DIR>    d--------    C:\Documents and Settings\Mikkel\Application Data\Grisoft
2007-10-25 12:02    10,872    --a------    C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-25 12:00    12,413,440    --a------    C:\Programmer\avgas-setup-7.5.1.43.exe
2007-10-25 08:02    <DIR>    d--------    C:\WINDOWS\system32\ActiveScan
2007-10-10 13:44    582,656    ---------    C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-03 13:14    <DIR>    d--------    C:\Programmer\iPod
2007-10-02 10:43    <DIR>    d--------    C:\WINDOWS\pss

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-02 10:21    ---------    d-----w    C:\Documents and Settings\Mikkel\Application Data\Skype
2007-11-02 10:16    ---------    d-----w    C:\Programmer\Fælles filer\Symantec Shared
2007-11-02 10:15    ---------    d-----w    C:\Programmer\Symantec
2007-11-02 10:15    ---------    d-----w    C:\Programmer\Norton 360
2007-11-01 23:21    ---------    d-----w    C:\Programmer\Google
2007-10-25 11:01    ---------    d-----w    C:\Programmer\Windows Desktop Search
2007-10-25 10:59    ---------    d-----w    C:\Programmer\Opera
2007-10-25 10:41    ---------    d-----w    C:\Programmer\iTunes
2007-09-28 12:42    2,790,976    ----a-w    C:\WINDOWS\system32\GPhotos.scr
2007-09-16 09:46    ---------    d-----w    C:\Programmer\Fælles filer\Skype
2007-09-11 22:06    ---------    d-----w    C:\Programmer\Apple Software Update
2007-09-03 15:01    164    ----a-w    C:\install.dat
2007-09-03 14:59    ---------    d-----w    C:\Programmer\CA
2007-09-03 14:58    ---------    d-----w    C:\Programmer\PCPitstop
2007-08-21 06:17    683,520    ----a-w    C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:17    683,520    ----a-w    C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 10:00    824,832    ----a-w    C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:00    671,232    ----a-w    C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:00    63,488    ------w    C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:00    6,058,496    ----a-w    C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:00    52,224    ----a-w    C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:00    477,696    ----a-w    C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:00    459,264    ----a-w    C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:00    44,544    ----a-w    C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:00    384,512    ----a-w    C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:00    383,488    ----a-w    C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:00    3,584,512    ----a-w    C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:00    27,648    ----a-w    C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:00    267,776    ----a-w    C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:00    232,960    ----a-w    C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:00    230,400    ----a-w    C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:00    214,528    ----a-w    C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:00    193,024    ----a-w    C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:00    153,088    ----a-w    C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:00    132,608    ----a-w    C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:00    124,928    ----a-w    C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:00    105,984    ----a-w    C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:00    102,400    ----a-w    C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:00    1,152,000    ----a-w    C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:19    63,488    ----a-w    C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:19    625,152    ----a-w    C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:19    13,824    ----a-w    C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34    161,792    ----a-w    C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-01 10:05    25,754,696    -c--a-w    C:\WINDOWS\Media\wmp11-windowsxp-x86-DA-DK.exe
2007-06-15 12:08:08    168    -csh--r    C:\WINDOWS\system32\BA9AA1007F.sys
2007-06-15 12:09:59    5,018    -csha-w    C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((  snapshot_2007-11-02_ 0.09.35,70  )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-01 23:21:15    29,184    ----a-r    C:\WINDOWS\Installer\{3A4FFB84-D070-4DA5-AB7B-D41D87FD8D19}\Icon3A4FFB84.exe
- 2007-10-16 23:00:00    284,016    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\ecmsvr32.dll
+ 2007-10-17 00:00:00    284,016    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\ecmsvr32.dll
- 2007-10-16 23:00:00    124,272    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\naveng32.dll
+ 2007-10-17 00:00:00    124,272    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\naveng32.dll
- 2007-10-16 23:00:00    914,800    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\navex32a.dll
+ 2007-10-17 00:00:00    914,800    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\navex32a.dll
- 2007-10-16 23:00:00    97,776    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\scrauth.dat
+ 2007-10-17 00:00:00    97,776    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\scrauth.dat
- 2007-10-16 23:00:00    399,048    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\tcdefs.dat
+ 2007-10-17 00:00:00    399,048    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\tcdefs.dat
- 2007-10-16 23:00:00    1,884,336    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\tcscan7.dat
+ 2007-10-17 00:00:00    1,884,336    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\tcscan7.dat
- 2007-10-16 23:00:00    404,496    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\tcscan8.dat
+ 2007-10-17 00:00:00    404,496    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\tcscan8.dat
- 2007-10-16 23:00:00    943,865    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\tcscan9.dat
+ 2007-10-17 00:00:00    943,865    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\tcscan9.dat
- 2007-10-16 23:00:00    67,815    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\tscan1.dat
+ 2007-10-17 00:00:00    67,815    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\tscan1.dat
- 2007-10-16 23:00:00    3,240    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\tscan1hd.dat
+ 2007-10-17 00:00:00    3,240    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\tscan1hd.dat
- 2007-10-16 23:00:00    995,007    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\virscan1.dat
+ 2007-10-17 00:00:00    995,007    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\virscan1.dat
- 2007-10-16 23:00:00    570,900    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\virscan2.dat
+ 2007-10-17 00:00:00    570,900    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\virscan2.dat
- 2007-10-16 23:00:00    150,392    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\virscan3.dat
+ 2007-10-17 00:00:00    150,392    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\virscan3.dat
- 2007-10-16 23:00:00    320,253    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\virscan4.dat
+ 2007-10-17 00:00:00    320,253    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\virscan4.dat
- 2007-10-16 23:00:00    4,746,945    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\virscan5.dat
+ 2007-10-17 00:00:00    4,746,945    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\virscan5.dat
- 2007-10-16 23:00:00    391,835    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\virscan6.dat
+ 2007-10-17 00:00:00    391,835    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\virscan6.dat
- 2007-10-16 23:00:00    12,813,258    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\virscan7.dat
+ 2007-10-17 00:00:00    12,813,258    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\virscan7.dat
- 2007-10-16 23:00:00    1,834,116    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\virscan8.dat
+ 2007-10-17 00:00:00    1,834,116    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\virscan8.dat
- 2007-10-16 23:00:00    5,140,808    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\virscan9.dat
+ 2007-10-17 00:00:00    5,140,808    ----a-w    C:\WINDOWS\LastGood\Downloaded Program Files\virscan9.dat
- 2007-05-29 11:55:35    22,112    ----a-r    C:\WINDOWS\system32\drivers\COH_Mon.sys
+ 2007-05-29 12:55:35    22,112    ----a-r    C:\WINDOWS\system32\drivers\COH_Mon.sys
- 2006-09-19 10:44:04    15,664    ----a-w    C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
+ 2006-09-19 11:44:04    15,664    ----a-w    C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
- 2006-10-03 15:47:52    109,360    ----a-w    C:\WINDOWS\system32\GEARAspi.dll
+ 2006-10-03 16:47:52    109,360    ----a-w    C:\WINDOWS\system32\GEARAspi.dll
- 2007-11-01 23:01:45    220,477    ----a-w    C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2007-11-02 10:21:13    220,477    ----a-w    C:\WINDOWS\system32\inetsrv\MetaBase.bin
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0DF5714-5A99-4A21-9C98-4F93FB5C398C}]
2007-04-25 12:43    458752    --a------    C:\Programmer\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B0DF5714-5A99-4A21-9C98-4F93FB5C398C}"= C:\Programmer\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll [2007-04-25 12:43 458752]

[HKEY_CLASSES_ROOT\CLSID\{B0DF5714-5A99-4A21-9C98-4F93FB5C398C}]
[HKEY_CLASSES_ROOT\ToolbarATL.ToolbarIE.1]
[HKEY_CLASSES_ROOT\TypeLib\{80EEF183-5101-409D-9F26-A4F95370E1D1}]
[HKEY_CLASSES_ROOT\ToolbarATL.ToolbarIE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 10:38 C:\WINDOWS\stsystra.exe]
"ATICCC"="C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41]
"DMXLauncher"="C:\Programmer\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20]
"ISUSPM Startup"="C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50]
"ISUSScheduler"="C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 14:49]
"TkBellExe"="C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" [2007-03-27 19:48]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"QuickTime Task"="C:\Programmer\QuickTime\QTTask.exe" [2007-06-29 05:24]
"Google Desktop Search"="C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-14 10:31]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"!AVG Anti-Spyware"="C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"Authentic-ID Toolbar"="C:\Programmer\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll" [2007-04-25 12:43]
"SDTray"="C:\Programmer\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27]
"Symantec PIF AlertEng"="C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 13:00]
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" [2007-08-31 16:40]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 17:24]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 13:06]
"SpybotSD TeaTimer"="C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 15:46]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-01 14:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"IETI"=C:\Programmer\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART

C:\Documents and Settings\Mikkel\Menuen Start\Programmer\Start\
emptemp2.lnk - C:\Programmer\Empty Temp Folders 2.8.3\emptemp2.exe [2001-08-16 20:06:08]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programmer\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
"C:\Programmer\McAfee\SpamKiller\MSKDetct.exe" /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Programmer\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitStopEraser]
C:\Programmer\PCPitstop\Erase\PCPitStopErase.exe /remindme

R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ
R2 Programador de LiveUpdate automático;Programador de LiveUpdate automático;"C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
R2 SMTPSVC;Simple Mail Transport Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe
R2 SQLWriter;SQL Server VSS Writer;"c:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe"
S4 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-31 12:14:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-11-01 23:21:21 C:\WINDOWS\Tasks\Norton Security Scan.job"
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-02 11:34:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-02 11:36:50
C:\ComboFix2.txt ... 2007-11-02 00:10
.
    --- E O F ---


********************************* ROOTCHK-(21-09-07)-LOG, by ejvindh
02-11-2007 11:23:31,57

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-02 11:23:33
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0

****

Ccleaner:
RENSNING FÆRDIG - (16.471 sek)
------------------------------------------------------------------------------------------
2,51MB fjernet.
------------------------------------------------------------------------------------------

Detaljer om de slettede filer
------------------------------------------------------------------------------------------
IE midlertidige Internet filer (81 filer) 1,29MB
C:\Documents and Settings\Mikkel\Cookies\mikkel@symantec[1].txt 110 bytes
C:\Documents and Settings\Mikkel\Cookies\mikkel@feeds.feedburner[1].txt 107 bytes
Markeret til sletning: C:\Documents and Settings\Mikkel\Cookies\index.dat
C:\Documents and Settings\Mikkel\Lokale indstillinger\Temp\ICD1.tmp\avsniff.dll 0,22MB
C:\Documents and Settings\Mikkel\Lokale indstillinger\Temp\ICD1.tmp\avsniffdlgs.dll 0,19MB
C:\Documents and Settings\Mikkel\Lokale indstillinger\Temp\ICD1.tmp\AXXPEE.dll 0,51MB
C:\Documents and Settings\Mikkel\Lokale indstillinger\Temp\ICD1.tmp\ecmldr32.dll 41,13KB
C:\Documents and Settings\Mikkel\Lokale indstillinger\Temp\ICD1.tmp\navapi.vxd 6,69KB
C:\Documents and Settings\Mikkel\Lokale indstillinger\Temp\ICD1.tmp\navapi32.dll 0,19MB
C:\WINDOWS\system32\wbem\Logs\FrameWork.log 11,06KB
C:\WINDOWS\system32\wbem\Logs\wbemess.log 35,20KB
C:\WINDOWS\system32\wbem\Logs\wbemprox.log 203 bytes
C:\WINDOWS\system32\wbem\Logs\wmiprov.log 67 bytes
C:\WINDOWS\0.log 0 bytes
C:\WINDOWS\Debug\UserMode\userenv.log 5,00KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\dcache4.url 20 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\global.dat 1,18KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\opera.dir 46 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\download.dat 12 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\vlink4.dat 4,42KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\sessions\autosave.win 1,27KB
C:\Documents and Settings\Mikkel\Application Data\Macromedia\Flash Player\#SharedObjects\KHMMVQZ7\skype.com\#ui\preferences.sol 233 bytes
C:\Documents and Settings\Mikkel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 348 bytes

***

Ingen af de antispy-programmer, jeg kører (Superantispyware, Spydoctor, AVG...) finder noget.

Jeg har af- og geninstalleret Norton 360, men mit problem fortsætter - Norton-overvågningen slås efter et stykke tid fra automatisk og kan ikke slås til igen. Derefter får jeg beskeder fra Spybot om, at der er forsøg på at ændre start- og søgeside i IE.

På forhånd tak.
Mikkel
Avatar billede Computer Hjælp (Gratis) Mester
02. november 2007 - 12:53 #1
Under alle omstændigheder ->

F2 - REG:system.ini: Shell=


skal 'fixes' i HiJackThis ...
Avatar billede miklar Nybegynder
02. november 2007 - 13:56 #2
Ok. Nu ser den sådan her ud så:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:56:30, on 02-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\stsystra.exe
C:\Programmer\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Spyware Doctor\SDTrayApp.exe
C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\Spyware Doctor\svcntaux.exe
C:\Programmer\Spyware Doctor\swdsvc.exe
c:\Programmer\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\Google\Google Updater\GoogleUpdater.exe
C:\Programmer\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmer\Spyware Doctor\swdoctor.exe
C:\Programmer\Norton 360\ScanStub.exe
C:\Programmer\Fælles filer\Symantec Shared\VAScanner\comHost.exe
C:\Programmer\Opera\Opera.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mikkellarsen.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Authentic-ID Toolbar - {B0DF5714-5A99-4A21-9C98-4F93FB5C398C} - C:\Programmer\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll
O3 - Toolbar: VSPopUp - {C89657E6-D083-4EA3-81D2-D7AD3D0ED490} - C:\WINDOWS\system32\vsPop.dll
O3 - Toolbar: Authentic-ID Toolbar - {B0DF5714-5A99-4A21-9C98-4F93FB5C398C} - C:\Programmer\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll
O3 - Toolbar: Mostrar la Barra de herramientas de Norton - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DMXLauncher] "C:\Programmer\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Authentic-ID Toolbar] rundll32.exe "C:\Programmer\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll",LoadTrayIcon
O4 - HKLM\..\Run: [SDTray] "C:\Programmer\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Programmer\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Programmer\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Startup: emptemp2.lnk = C:\Programmer\Empty Temp Folders 2.8.3\emptemp2.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmer\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Windows-pc-søgning.lnk = C:\Programmer\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.es/scan_es/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175021881167
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188754522250
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FEA61C2C-28A2-43F5-B94F-8758471BDBE8}: NameServer = 80.58.0.33,80.58.32.97
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FÆLLES~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmer\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmer\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 14633 bytes
Avatar billede Computer Hjælp (Gratis) Mester
02. november 2007 - 21:29 #3
Hvad er 'status' så nu ?

Inden vi evt. taget andet skyts igang *S*
Avatar billede miklar Nybegynder
03. november 2007 - 12:11 #4
Hej igen,

Spydoctor bliver nu ved med at finde og fjerne en vis Trojan-PWS.Tanspy, der åbenbart installerer sig selv på inficerede computere. Men umiddelbart synes Norton 360 at holde stand nu. Jeg har haft lidt problemer med at hente opdateringer - den siger, at der ikke er nogen forbindelse, selv om jeg er på surfer rundt på nettet - men jeg tror, de er gået igennem nu. Computeren er dog stadig lidt langsom. Vil du se logs igen?

Mikkel
Avatar billede Computer Hjælp (Gratis) Mester
03. november 2007 - 12:34 #5
SÅ tager vi andet skyts igang ->
http://www.eksperten.dk/artikler/1123
Avatar billede Computer Hjælp (Gratis) Mester
03. november 2007 - 12:35 #6
Nå ja DET har du jo være igennem...
Avatar billede Computer Hjælp (Gratis) Mester
03. november 2007 - 12:41 #7
1. Hent denne scanner:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe eller her
http://spywareinfo.dk/download/drweb-cureit.exe

Der ligger en vejledning til brug af DrWeb her:

http://fromsej.dk/Vejledninger/html/drweb.html

2. Dobbeltklik på drweb-cureit.exe, den vil køre en express-scan, det siger du ja til.
Når den skriver Done nederst til venstre, skal du klikke på Options->Change settings.
Skift til fanebladet Scan, fjern fluebenet ved Heuristic analysis.
Skift til fanebladet Actions, her skal alle punkter under Malware sættes til Rename.
Klik så på det eller de drev du vil have scannet, der kommer en rød prik for at vise det/de er valgt.

Klik så på den grønne pil ovre til højre på siden, så starter scanningen.
Første gang Dr.Web finder noget, klik "Yes to All", så fjerner den hvad den finder.
Når scanningen er færdig, gå op i file – Tryk på - Save Report list.
Så ligger der en en fil der her hedder "drweb.csv" på skrivebordet. Luk Programmet.

3. Højreklik på Drweb.csv -> Vælg Åbn med -> Vælg Notesblok -> Kopier indholdet af notesblok ind i forum.
Avatar billede miklar Nybegynder
03. november 2007 - 15:44 #8
OK, here you go...

RegUBP2b-Mikkel.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
Process.exe;C:\Documents and Settings\Mikkel\Skrivebord\Antivirus\Antispyware\Smitfraud\SmitfraudFix;Tool.Prockill;Renamed.;
restart.exe;C:\Documents and Settings\Mikkel\Skrivebord\Antivirus\Antispyware\Smitfraud\SmitfraudFix;Tool.ShutDown.11;Renamed.;
Process.exe;C:\Documents and Settings\Mikkel\SmitfraudFix;Tool.Prockill;Renamed.;
restart.exe;C:\Documents and Settings\Mikkel\SmitfraudFix;Tool.ShutDown.11;Renamed.;
Process.exe;C:\Programmer\SmitfraudFix;Tool.Prockill;Renamed.;
restart.exe;C:\Programmer\SmitfraudFix;Tool.ShutDown.11;Renamed.;
Process.exe;C:\WINDOWS\system32;Tool.Prockill;Renamed.;
Avatar billede Computer Hjælp (Gratis) Mester
03. november 2007 - 17:00 #9
Status nu ?
Avatar billede miklar Nybegynder
03. november 2007 - 18:36 #10
Det virker umiddelbart til, at lortet virker igen. :) Jeg har kørt forskellige antispy-programmer og ingen af dem har fundet noget. Norton brokker sig ikke længere, og computeren kører ikke specielt langsomt. Den eneste ting, jeg lige har undret mig over er nogle pop ups fra Spybot, der siger, at søgesiden er forsøgt ændret, og at "Punkt: Shell" er forsøgt ændret fra explorer.exe til Explorer.exe - betyder det noget?

Du får lige et par nye hijack- og combofix-logger:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:32:35, on 03-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\stsystra.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Spyware Doctor\SDTrayApp.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Programmer\Google\Google Updater\GoogleUpdater.exe
C:\Programmer\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\Spyware Doctor\svcntaux.exe
C:\Programmer\Spyware Doctor\swdsvc.exe
c:\Programmer\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmer\Skype\Plugin Manager\skypePM.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Programmer\Microsoft Office\Office12\WINWORD.EXE
C:\Programmer\iTunes\iTunes.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programmer\RealPlayer\RealPlay.exe
C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE
C:\Programmer\Fælles filer\Symantec Shared\VAScanner\comHost.exe
C:\WINDOWS\system32\mmc.exe
C:\Programmer\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Opera\Opera.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.mikkellarsen.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Authentic-ID Toolbar - {B0DF5714-5A99-4A21-9C98-4F93FB5C398C} - C:\Programmer\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll
O3 - Toolbar: VSPopUp - {C89657E6-D083-4EA3-81D2-D7AD3D0ED490} - C:\WINDOWS\system32\vsPop.dll
O3 - Toolbar: Authentic-ID Toolbar - {B0DF5714-5A99-4A21-9C98-4F93FB5C398C} - C:\Programmer\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll
O3 - Toolbar: Mostrar la Barra de herramientas de Norton - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DMXLauncher] "C:\Programmer\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Authentic-ID Toolbar] rundll32.exe "C:\Programmer\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll",LoadTrayIcon
O4 - HKLM\..\Run: [SDTray] "C:\Programmer\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-21-3025793019-2293309402-2164458412-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Programmer\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Programmer\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Startup: emptemp2.lnk = C:\Programmer\Empty Temp Folders 2.8.3\emptemp2.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmer\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Windows-pc-søgning.lnk = C:\Programmer\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.es/scan_es/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175021881167
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188754522250
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FEA61C2C-28A2-43F5-B94F-8758471BDBE8}: NameServer = 80.58.0.33,80.58.32.97
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FÆLLES~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmer\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmer\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 14660 bytes



ComboFix 07-10-23.2 - Mikkel 2007-11-03 18:23:17.11 - NTFSx86
Scriptet "Is" tog for lang tid at køre.
Kørslen blev afsluttet.
Running from: C:\Documents and Settings\Mikkel\Skrivebord\Antivirus\Antispyware\Combofix\ComboFix.exe
.

(((((((((((((((((((((((((  Files Created from 2007-10-03 to 2007-11-03  )))))))))))))))))))))))))))))))
.

2007-11-03 14:21    <DIR>    d--------    C:\Documents and Settings\Mikkel\DoctorWeb
2007-11-03 14:20    <DIR>    d--------    C:\Dr. Web
2007-11-02 13:11    123,952    --a------    C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-11-02 13:11    60,800    --a------    C:\WINDOWS\system32\S32EVNT1.DLL
2007-11-02 11:25    289,144    --a------    C:\WINDOWS\system32\VCCLSID.exe
2007-11-02 11:25    288,417    --a------    C:\WINDOWS\system32\SrchSTS.exe
2007-11-02 11:25    51,200    --a------    C:\WINDOWS\system32\dumphive.exe
2007-11-02 11:25    28,672    --a------    C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-11-02 11:25    25,600    --a------    C:\WINDOWS\system32\WS2Fix.exe
2007-11-02 00:22    <DIR>    d--------    C:\Programmer\Spyware Doctor
2007-11-02 00:22    <DIR>    d--------    C:\Documents and Settings\Mikkel\Application Data\PC Tools
2007-11-02 00:22    79,688    --a------    C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-02 00:22    62,280    --a------    C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-02 00:22    41,288    --a------    C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-02 00:22    29,000    --a------    C:\WINDOWS\system32\drivers\kcom.sys
2007-11-02 00:21    <DIR>    d--------    C:\WINDOWS\system32\runtime
2007-11-02 00:21    <DIR>    d--------    C:\Programmer\Norton Security Scan
2007-11-01 19:26    <DIR>    d--------    C:\WINDOWS\BDOSCAN8
2007-11-01 18:41    0    --a------    C:\WINDOWS\system32\vspopup.dll
2007-11-01 13:35    <DIR>    d--------    C:\Programmer\Enigma Software Group
2007-11-01 13:33    626,688    --a------    C:\WINDOWS\system32\msvcr80.dll
2007-11-01 13:26    <DIR>    d--------    C:\WINDOWS\McAfee.com
2007-10-26 15:04    <DIR>    d--------    C:\Documents and Settings\Mikkel\Application Data\Authentic-ID
2007-10-26 14:55    <DIR>    d--------    C:\Programmer\Authentic-ID
2007-10-26 14:55    560,128    --a------    C:\WINDOWS\system32\htmlayout.dll
2007-10-26 14:55    388,126    --a------    C:\WINDOWS\system32\sqlite3.dll
2007-10-26 14:55    258,352    --a------    C:\WINDOWS\system32\unicows.dll
2007-10-26 14:46    <DIR>    d--------    C:\Programmer\VSPopUp
2007-10-26 14:46    299,008    --a------    C:\WINDOWS\system32\vsPop.dll
2007-10-26 14:46    40,960    --a------    C:\WINDOWS\system32\SSubTmr6.dll
2007-10-26 11:34    <DIR>    d--------    C:\Programmer\CCleaner
2007-10-26 09:19    <DIR>    d--------    C:\Documents and Settings\Mikkel\WINDOWS
2007-10-26 08:39    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-10-25 23:16    <DIR>    d--------    C:\WINDOWS\system32\Kaspersky Lab
2007-10-25 22:59    <DIR>    d--------    C:\Programmer\Trend Micro
2007-10-25 22:59    401,720    --a------    C:\Programmer\HiJackThis.exe
2007-10-25 22:59    318,369    --a------    C:\Programmer\HiJackThis.zip
2007-10-25 22:58    812,344    --a------    C:\Programmer\HJTInstall.exe
2007-10-25 22:56    7,467,056    --a------    C:\Programmer\spybotsd15.exe
2007-10-25 22:53    27,932    --a------    C:\Programmer\spybot lang.dansk.zip
2007-10-25 22:38    <DIR>    d--------    C:\Programmer\SpywareBlaster
2007-10-25 22:36    2,566,736    --a------    C:\Programmer\spywareblastersetup351.exe
2007-10-25 16:51    1,036,738    --a------    C:\Programmer\SmitfraudFix.exe
2007-10-25 16:44    3,222    --a------    C:\WINDOWS\system32\tmp.reg
2007-10-25 15:50    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-10-25 15:50    <DIR>    d--------    C:\Documents and Settings\Mikkel\Application Data\SUPERAntiSpyware.com
2007-10-25 15:48    <DIR>    d--------    C:\Programmer\Fælles filer\Wise Installation Wizard
2007-10-25 15:48    <DIR>    d--------    C:\Documents and Settings\Mikkel\SmitfraudFix
2007-10-25 15:47    5,914,648    --a------    C:\Programmer\SUPERAntiSpyware.exe
2007-10-25 15:46    <DIR>    d--------    C:\Programmer\SmitfraudFix
2007-10-25 12:05    <DIR>    d--------    C:\Documents and Settings\Mikkel\Application Data\Grisoft
2007-10-25 12:02    10,872    --a------    C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-25 12:00    12,413,440    --a------    C:\Programmer\avgas-setup-7.5.1.43.exe
2007-10-25 08:02    <DIR>    d--------    C:\WINDOWS\system32\ActiveScan
2007-10-10 13:44    582,656    ---------    C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-03 13:14    <DIR>    d--------    C:\Programmer\iPod

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-03 16:56    ---------    d-----w    C:\Documents and Settings\Mikkel\Application Data\Skype
2007-11-03 15:21    ---------    d-----w    C:\Programmer\Fælles filer\Symantec Shared
2007-11-02 16:37    ---------    d-----w    C:\Programmer\Norton 360
2007-11-02 14:28    805    ----a-w    C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-11-02 14:28    10,740    ----a-w    C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-02 14:28    ---------    d-----w    C:\Programmer\Symantec
2007-11-01 23:21    ---------    d-----w    C:\Programmer\Google
2007-10-25 11:01    ---------    d-----w    C:\Programmer\Windows Desktop Search
2007-10-25 10:59    ---------    d-----w    C:\Programmer\Opera
2007-10-25 10:41    ---------    d-----w    C:\Programmer\iTunes
2007-09-28 12:42    2,790,976    ----a-w    C:\WINDOWS\system32\GPhotos.scr
2007-09-18 13:44    10,662    ----a-w    C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 13:44    10,662    ----a-w    C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 13:44    10,658    ----a-w    C:\WINDOWS\system32\drivers\srtsp.cat
2007-09-18 13:44    1,430    ----a-w    C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 13:44    1,421    ----a-w    C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 13:44    1,415    ----a-w    C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-18 13:43    43,696    ----a-w    C:\WINDOWS\system32\drivers\srtspx.sys
2007-09-18 13:43    317,616    ----a-w    C:\WINDOWS\system32\drivers\srtspl.sys
2007-09-18 13:43    278,576    ----a-w    C:\WINDOWS\system32\drivers\srtsp.sys
2007-09-16 09:46    ---------    d-----w    C:\Programmer\Fælles filer\Skype
2007-09-11 22:06    ---------    d-----w    C:\Programmer\Apple Software Update
2007-09-03 15:01    164    ----a-w    C:\install.dat
2007-09-03 14:59    ---------    d-----w    C:\Programmer\CA
2007-09-03 14:58    ---------    d-----w    C:\Programmer\PCPitstop
2007-08-21 06:17    683,520    ----a-w    C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:17    683,520    ----a-w    C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 10:00    824,832    ----a-w    C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:00    671,232    ----a-w    C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:00    63,488    ------w    C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:00    6,058,496    ----a-w    C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:00    52,224    ----a-w    C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:00    477,696    ----a-w    C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:00    459,264    ----a-w    C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:00    44,544    ----a-w    C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:00    384,512    ----a-w    C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:00    383,488    ----a-w    C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:00    3,584,512    ----a-w    C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:00    27,648    ----a-w    C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:00    267,776    ----a-w    C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:00    232,960    ----a-w    C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:00    230,400    ----a-w    C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:00    214,528    ----a-w    C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:00    193,024    ----a-w    C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:00    153,088    ----a-w    C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:00    132,608    ----a-w    C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:00    124,928    ----a-w    C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:00    105,984    ----a-w    C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:00    102,400    ----a-w    C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:00    1,152,000    ----a-w    C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:19    63,488    ----a-w    C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:19    625,152    ----a-w    C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:19    13,824    ----a-w    C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34    161,792    ----a-w    C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-01 10:05    25,754,696    -c--a-w    C:\WINDOWS\Media\wmp11-windowsxp-x86-DA-DK.exe
2007-06-15 12:08:08    168    -csh--r    C:\WINDOWS\system32\BA9AA1007F.sys
2007-06-15 12:09:59    5,018    -csha-w    C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((  snapshot_2007-11-02_11.35.11,92  )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-01-09 22:32:13    12,984    ----a-w    C:\WINDOWS\system32\drivers\symdns.sys
+ 2007-01-09 22:32:13    145,976    ----a-w    C:\WINDOWS\system32\drivers\symfw.sys
+ 2007-01-09 22:32:13    40,120    ----a-w    C:\WINDOWS\system32\drivers\symids.sys
+ 2007-01-09 22:32:13    35,256    ----a-w    C:\WINDOWS\system32\drivers\symndis.sys
+ 2007-01-09 22:32:13    38,200    ----a-w    C:\WINDOWS\system32\drivers\symndisv.sys
+ 2007-01-09 22:32:13    27,576    ----a-w    C:\WINDOWS\system32\drivers\symredrv.sys
+ 2007-01-09 22:32:13    191,544    ----a-w    C:\WINDOWS\system32\drivers\symtdi.sys
- 2007-11-02 10:21:13    220,477    ----a-w    C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2007-11-03 14:57:15    220,484    ----a-w    C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2007-01-10 02:47:37    624,784    ----a-w    C:\WINDOWS\system32\SymNeti.dll
+ 2007-07-12 01:49:26    186,256    ----a-w    C:\WINDOWS\system32\SymNPPWA.dll
+ 2007-01-10 02:47:37    242,320    ----a-w    C:\WINDOWS\system32\SymRedir.dll
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0DF5714-5A99-4A21-9C98-4F93FB5C398C}]
2007-04-25 12:43    458752    --a------    C:\Programmer\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B0DF5714-5A99-4A21-9C98-4F93FB5C398C}"= C:\Programmer\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll [2007-04-25 12:43 458752]

[HKEY_CLASSES_ROOT\CLSID\{B0DF5714-5A99-4A21-9C98-4F93FB5C398C}]
[HKEY_CLASSES_ROOT\ToolbarATL.ToolbarIE.1]
[HKEY_CLASSES_ROOT\TypeLib\{80EEF183-5101-409D-9F26-A4F95370E1D1}]
[HKEY_CLASSES_ROOT\ToolbarATL.ToolbarIE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 10:38 C:\WINDOWS\stsystra.exe]
"ATICCC"="C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41]
"DMXLauncher"="C:\Programmer\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20]
"ISUSPM Startup"="C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50]
"ISUSScheduler"="C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 14:49]
"TkBellExe"="C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" [2007-03-27 19:48]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"QuickTime Task"="C:\Programmer\QuickTime\QTTask.exe" [2007-06-29 05:24]
"Google Desktop Search"="C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-14 10:31]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"!AVG Anti-Spyware"="C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"Authentic-ID Toolbar"="C:\Programmer\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll" [2007-04-25 12:43]
"SDTray"="C:\Programmer\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27]
"ccApp"="C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
"Symantec PIF AlertEng"="C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 13:00]
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" [2007-08-31 16:40]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 17:24]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 13:06]
"SpybotSD TeaTimer"="C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 15:46]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-01 14:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"IETI"=C:\Programmer\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART

C:\Documents and Settings\Mikkel\Menuen Start\Programmer\Start\
emptemp2.lnk - C:\Programmer\Empty Temp Folders 2.8.3\emptemp2.exe [2001-08-16 20:06:08]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programmer\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
"C:\Programmer\McAfee\SpamKiller\MSKDetct.exe" /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Programmer\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitStopEraser]
C:\Programmer\PCPitstop\Erase\PCPitStopErase.exe /remindme

R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ
R2 SMTPSVC;Simple Mail Transport Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe
R2 SQLWriter;SQL Server VSS Writer;"c:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe"
S4 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-10-31 12:14:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-03 18:28:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-03 18:30:39
C:\ComboFix2.txt ... 2007-11-02 11:36
C:\ComboFix3.txt ... 2007-11-02 00:10
.
    --- E O F ---
Avatar billede miklar Nybegynder
03. november 2007 - 18:37 #11
- lige en tilføjelse: Det med pop upsene fra Spybot kom i forbindelse med, at jeg kørte ComboFix. Ja, bare hvis det nu betød noget...
Avatar billede Computer Hjælp (Gratis) Mester
03. november 2007 - 19:09 #12
... det er OK ... ComboFix 'piller' nemlig i den detalje...

Kør en omgang med CCleander - speciel punktet [Problemer]...

(Skal dog ikke se log derfra *S*)
Avatar billede Computer Hjælp (Gratis) Mester
03. november 2007 - 19:10 #13
Du er velkommen en anden gang...

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Safe Surfing...
Avatar billede miklar Nybegynder
03. november 2007 - 19:22 #14
Det lyder super. Mange tak for hjælpen. Forhåbentlig bliver der ikke nogen anden gang, men hvis der gør....


Nu hjalp du mig også på et tidligere spørgsmål, som du ikke fik point for. Hvis du vil, så sæt det som besvaret også, og så får du dem, jeg skylder dig derfra også.

Mikkel
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Total AV Af Malm i Virus 10 16/01/202516:48 17/01/202520:47
pop up black friday Af Malm i Virus 12 22/11/202420:49 03/12/202411:04
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 13:30 Samme adgangskode på stationær Win 10 og bærbar Win 11 Af ErikHg i Windows
I dag 13:19 Det ender i en blindgyde Af ErikHg i E-mail programmer
I går 19:31 Bios forlange password Af Slettet bruger i Tablet
I går 09:49 Hvad gør dine vægge personlige? Af Marcus Rull i Foto & video
19/0616:08 Datavalidering med tekst Af h_s i Excel
White papers
Flere white papers »


Premium
Teaser billede
DR trækker stort it-udbud tilbage med omgående virkning
Læs mere »
Det danske cloud-marked er totalt uigennemskueligt: Selv erfarne it-folk forstår ikke regningen
Danske it-folk tør ikke længere skifte job hele tiden - og det er der en særlig årsag til
Stort temanummer: Her er de store dagsordener for Danmarks allerbedste CIO'er
Se alle »
Computerworld
Teaser billede
Larry Ellison er blevet 165 milliarder kroner rigere på få timer: Er nu pludselig verdens næstrigeste mand
Læs mere »
Første AI-angreb uden klik: En fjendtlig e-mail i indbakken udløser Copilot til at stjæle følsomme virksomhedsdata
Millioner af franskmænd bruger dagligt disse tre sider – men nu er der blokeret for adgangen
Fremadstormende bank-app fra Storbritannien vil have én million kunder i Danmark
Se alle »
CIO
Teaser billede
Her er den løsning, som skal erstatte Microsoft Office for alle medarbejdere i Digitaliseringsministeriet
Læs mere »
Lad nu være med at bruge kræfter på at forsøge at droppe Microsoft: "Det er simpelthen energi brugt forkert"
Sådan tacklede Bauhaus-CIO Niels Nielsen stort ransomware-angreb: ”De krypterede vores VMWare-miljø med over 200 servere”
Danske it-folk tør ikke længere skifte job hele tiden - og det er der en særlig årsag til
Se alle »
Job & Karriere
Teaser billede
Fungerede ikke: Dropper AI som erstatning for kundeservice-medarbejdere - har nu brug for nye folk
Læs mere »
NNIT har fyret 100 medarbejdere - nedjusterer markant
It-chef og halv it-afdeling fyret i forsikringsselskab på grund af kommentar om potteplante
Har fælles fortid i Devoteam: Nu etablerer disse fire tunge it-profiler nyt dansk konsulenthus - ser et hul i markedet
Se alle »
White paper
Teaser billede
Sådan får du reel værdi ud af Microsoft Copilot
Læs mere »
NIS2: Sådan styrker du både cybersikkerhed og compliance
Sådan automatiserer du vagtplanlægningen med AI
Sikkerhed gjort enkelt: Beskyt din virksomhed direkte i browseren
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »