Søg
Avatar billede Slettet bruger
10. november 2007 - 15:11 Der er 6 kommentarer og
2 løsninger

problemer med virus

Jeg har problemer virus på en computer, og ville høre om nogen kunne hjælpe?
Den kommer frem med virus i mappen C:\USERDATA - Men den siger adgang nægtet når man prøver at åbne mappen.
Jeg vedlægger en log fra Hijack This:

Logfile of HijackThis v1.99.1
Scan saved at 15:07:21, on 10-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Java\jre1.5.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Programmer\HP\HP Software Update\HPwuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\CTRegRun.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmer\Creative\Produktregistrering\Danish\InetReg.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\patrick.DIT-B8449E21E84\Skrivebord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: TBSB06180 - {4A2E1038-0885-4C92-8E28-A04CF8B94911} - C:\PROGRA~1\WINSTR~1\tbu6C\WIN_ST~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Programmer\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [xvid start] %windir%\xvid.bat
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Tilslutningshjælp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Tilslutningshjælp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: wmplayer - {64D3985B-0733-4195-AAAE-9222864DE170} - C:\WINDOWS\wmplayer.dll (file missing)
O21 - SSODL: wmsound - {70E9AE0B-0A91-4D87-A956-5EC5835D9B1B} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Avatar billede arlet Juniormester
10. november 2007 - 15:54 #1
1)Lad ccleaner lave en oprydning : www.arlet.dk/ccleaner.htm

2)Kør trin 1 her http://www.malwarecheck.dk/forum/viewtopic.php?t=11 og læg loggen ind

3)Følg denne vejledning:  http://www.malwarecheck.dk/forum/viewtopic.php?t=9

4)Hent Combofix fra et af disse links, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

BEMÆRK at Combofix af nogle virusscannere bliver detekteret som inficeret. Dette har dog intet på sig.

Vi skal se logs fra punkt 2 - 3 - 4
Avatar billede arlet Juniormester
10. november 2007 - 15:55 #2
3) Da du har en gammel version af hijackthis, skal du lige køre den vejledning, så vi får nyeste version
Avatar billede Slettet bruger
20. november 2007 - 13:28 #3
Så er det endelig lykkedes at få kørt programmerne.
Her er Log-filerne:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/20/2007 at 01:06 PM

Application Version : 3.9.1008

Core Rules Database Version : 3347
Trace Rules Database Version: 1348

Scan type      : Complete Scan
Total Scan Time : 00:32:04

Memory items scanned      : 462
Memory threats detected  : 0
Registry items scanned    : 4876
Registry threats detected : 0
File items scanned        : 41138
File threats detected    : 22

Adware.Tracking Cookie
    C:\Documents and Settings\HP_Ejer\Cookies\hp_ejer@adtech[2].txt
    C:\Documents and Settings\HP_Ejer\Cookies\hp_ejer@track.adform[2].txt
    C:\Documents and Settings\HP_Ejer\Cookies\hp_ejer@adtech[1].txt
    C:\Documents and Settings\HP_Ejer\Cookies\hp_ejer@track.adform[1].txt
    C:\Documents and Settings\patrick.DIT-B8449E21E84\Cookies\patrick@adtech[1].txt
    C:\Documents and Settings\patrick.DIT-B8449E21E84\Cookies\patrick@bs.serving-sys[1].txt
    C:\Documents and Settings\patrick.DIT-B8449E21E84\Cookies\patrick@doubleclick[1].txt
    C:\Documents and Settings\patrick.DIT-B8449E21E84\Cookies\patrick@serving-sys[2].txt
    C:\Documents and Settings\patrick.DIT-B8449E21E84\Cookies\patrick@track.adform[2].txt

Desktop Hijacker.AboutYourPrivacy
    C:\Documents and Settings\HP_Ejer\Foretrukne\Error Cleaner.url
    C:\Documents and Settings\HP_Ejer\Foretrukne\Privacy Protector.url
    C:\Documents and Settings\HP_Ejer\Foretrukne\Spyware&Malware Protection.url

Trojan.Downloader-Snafu
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP44\A0025015.EXE

Trojan.Freeprod
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP44\A0025016.EXE

Trojan.WinAntiSpyware/WinAntiVirus 2006
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP44\A0025017.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP44\A0025018.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1BE136E6-1AD8-4129-9795-03F31A6B88D5}\RP44\A0025019.EXE

Trace.Known Threat Sources
    C:\USERDATA\Lokale indstillinger\Temporary Internet Files\Content.IE5\A5O150V8\exe[1].php
    C:\USERDATA\Lokale indstillinger\Temporary Internet Files\Content.IE5\CD234T67\exe[1].php
    C:\USERDATA\Lokale indstillinger\Temporary Internet Files\Content.IE5\3X88SV6Z\exe[1].php
    C:\USERDATA\Lokale indstillinger\Temporary Internet Files\Content.IE5\A5O150V8\exe[2].php
    C:\USERDATA\Lokale indstillinger\Temporary Internet Files\Content.IE5\YJMVYDK5\bot[1].dll

----------------------------------------------------------------------------------

********************************* ROOTCHK-(21-09-07)-LOG, by ejvindh
20-11-2007 13:12:48,01

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-20 13:12:48
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0

-------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:12:00, on 20-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\jre1.5.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Programmer\HP\HP Software Update\HPwuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmer\Windows Live Toolbar\msn_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\HJTrenamed.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: TBSB06180 - {4A2E1038-0885-4C92-8E28-A04CF8B94911} - C:\PROGRA~1\WINSTR~1\tbu6C\WIN_ST~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Programmer\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [xvid start] %windir%\xvid.bat
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmer\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Tilslutningshjælp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Tilslutningshjælp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: wmplayer - {64D3985B-0733-4195-AAAE-9222864DE170} - (no file)
O21 - SSODL: wmsound - {70E9AE0B-0A91-4D87-A956-5EC5835D9B1B} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6973 bytes

------------------------------------------------------------------------------------

ComboFix 07-11-08.1 - HP_Ejer 2006-11-20 13:19:44.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.584 [GMT 1:00]
Running from: C:\Documents and Settings\HP_Ejer\Skrivebord\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\install.dat
C:\Documents and Settings\NetworkService\Application Data\.rdr.ini
C:\Documents and Settings\NetworkService\Application Data\Install.dat
C:\Documents and Settings\patrick\Application Data\Dxccwrd.dll
C:\Documents and Settings\patrick\Application Data\WinAntiVirus Pro 2006
C:\Documents and Settings\patrick\Application Data\WinAntiVirus Pro 2006\PGE.dat
C:\Documents and Settings\patrick\www.google.com\favicon.ico
C:\Documents and Settings\patrick\www.google.com\index.html
C:\Documents and Settings\patrick\www.google.com\thank.html
C:\Programmer\deskbar
C:\Programmer\deskbar\about.html
C:\Programmer\deskbar\deskbar.crc
C:\Programmer\deskbar\deskbar.inf
C:\Programmer\deskbar\icons.bmp
C:\Programmer\deskbar\inst.bat
C:\Programmer\deskbar\mbback.bmp
C:\Programmer\deskbar\mbbigopen.bmp
C:\Programmer\deskbar\mbclose.bmp
C:\Programmer\deskbar\mbfwd.bmp
C:\Programmer\deskbar\mblogo.bmp
C:\Programmer\deskbar\mbsep.bmp
C:\Programmer\deskbar\options.html
C:\Programmer\deskbar\softomate.gif
C:\Programmer\deskbar\version.txt
C:\Programmer\Fælles filer\{386BA~1
C:\Programmer\Fælles filer\{386BA~1\Uninst.exe
C:\Programmer\FunWebProducts
C:\Programmer\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Programmer\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Programmer\internet explorer\msimg32.dll
C:\Programmer\MyWebSearch
C:\Programmer\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Programmer\MyWebSearch\bar\1.bin\F3BROVLY.DLL
C:\Programmer\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Programmer\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Programmer\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Programmer\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Programmer\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Programmer\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Programmer\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Programmer\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Programmer\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Programmer\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Programmer\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Programmer\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Programmer\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
C:\Programmer\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Programmer\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Programmer\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Programmer\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Programmer\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Programmer\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Programmer\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Programmer\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Programmer\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Programmer\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Programmer\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Programmer\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Programmer\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Programmer\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Programmer\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Programmer\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Programmer\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Programmer\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Programmer\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Programmer\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Programmer\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\avatar.htm
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\close.gif
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\common-x.css
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\common.css
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\htmlctrl.js
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\include.js
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\index.htm
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\loading.gif
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\login.htm
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\logo.gif
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\max.gif
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\min.gif
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\noflash.htm
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\spacer.gif
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\spacer.swf
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\unmax.gif
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\wardrobe.htm
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\window.ico
C:\Programmer\MyWebSearch\bar\Cache\0015FA57
C:\Programmer\MyWebSearch\bar\Cache\001608EE
C:\Programmer\MyWebSearch\bar\Cache\00160EF9.bin
C:\Programmer\MyWebSearch\bar\Cache\0016115A.bin
C:\Programmer\MyWebSearch\bar\Cache\001613FA.bin
C:\Programmer\MyWebSearch\bar\Cache\001616A9.bin
C:\Programmer\MyWebSearch\bar\Cache\00161978.bin
C:\Programmer\MyWebSearch\bar\Cache\002E88B8.bin
C:\Programmer\MyWebSearch\bar\Cache\002E8A8D.bin
C:\Programmer\MyWebSearch\bar\Cache\002E8BE4.bin
C:\Programmer\MyWebSearch\bar\Cache\002E8D0D.bin
C:\Programmer\MyWebSearch\bar\Cache\files.ini
C:\Programmer\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Programmer\MyWebSearch\bar\Game\CHESS.F3S
C:\Programmer\MyWebSearch\bar\Game\REVERSI.F3S
C:\Programmer\MyWebSearch\bar\History\search2
C:\Programmer\MyWebSearch\bar\Message\COMMON.F3S
C:\Programmer\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Programmer\MyWebSearch\bar\Notifier\DOG.F3S
C:\Programmer\MyWebSearch\bar\Notifier\FISH.F3S
C:\Programmer\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Programmer\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Programmer\MyWebSearch\bar\Notifier\MAID.F3S
C:\Programmer\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Programmer\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Programmer\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Programmer\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Programmer\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Programmer\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Programmer\MyWebSearch\bar\Settings\s_pid.dat
C:\Programmer\Win Stream plugin
C:\Programmer\Win Stream plugin\basis.xml
C:\Programmer\Win Stream plugin\download.html
C:\Programmer\Win Stream plugin\icons.bmp_16.bmp
C:\Programmer\Win Stream plugin\tbu6C\basis.xml
C:\Programmer\Win Stream plugin\tbu6C\Cache\815dbd2ede4878fd25d37fe37f5d968c
C:\Programmer\Win Stream plugin\tbu6C\download.html
C:\Programmer\Win Stream plugin\tbu6C\icons.bmp_16.bmp
C:\Programmer\Win Stream plugin\tbu6C\popup.html
C:\Programmer\Win Stream plugin\tbu6C\version.txt
C:\Programmer\Win Stream plugin\tbu6C\win_stream_plugin.crc
C:\Programmer\Win Stream plugin\tbu6C\win_stream_plugin.dll
C:\Programmer\Win Stream plugin\tbu6C\win_stream_plugin.inf
C:\Programmer\Win Stream plugin\version.txt
C:\Programmer\Win Stream plugin\win_stream_plugin.crc
C:\Programmer\Win Stream plugin\win_stream_plugin.dll
C:\Think-Adz.lnk
C:\WINDOWS\dat.txt
C:\WINDOWS\emdat.tm
C:\WINDOWS\emdat.tmp
C:\WINDOWS\hook.txt
C:\WINDOWS\ie-hook.txt
C:\WINDOWS\inet20004
C:\WINDOWS\inet20004\5\antispam$20feature_2006.1.00_danish_livetri.zip
C:\WINDOWS\inet20004\5\automatic$20liveupdate_3.0.0.171_danish_livetri.zip
C:\WINDOWS\inet20004\5\avcenter\fix_homepage\index.html
C:\WINDOWS\inet20004\5\avenge$20microdefs25$20nav2005_microdefsb.curdefs_symalllanguages_livetri.zip
C:\WINDOWS\inet20004\5\avenge$20microdefs25$20nav2005_microdefsb.sep_symalllanguages_livetri.zip
C:\WINDOWS\inet20004\5\common$20client$20ccproxy$20core_103.5.6_danish_livetri.zip
C:\WINDOWS\inet20004\5\common$20client$20ccproxy_103.5.6_danish_livetri.zip
C:\WINDOWS\inet20004\5\common$20client$20core_103.5.8_danish_livetri.zip
C:\WINDOWS\inet20004\5\drm$5fcom$5fmodules$5f02_5.0_english_livetri.zip
C:\WINDOWS\inet20004\5\drm$5fcom$5fmodules_5.0_english_livetri.zip
C:\WINDOWS\inet20004\5\drm$5fintegratorcategoryhook$5f02_5.0_danish_livetri.zip
C:\WINDOWS\inet20004\5\ids$20defs$202005$20microdefs25_microdefsb.curdefs_symalllanguages_livetri.zip
C:\WINDOWS\inet20004\5\ids$20defs$202005$20microdefs25_microdefsb.error_symalllanguages_livetri.zip
C:\WINDOWS\inet20004\5\minitri.flg
C:\WINDOWS\inet20004\5\mysite.txt
C:\WINDOWS\inet20004\5\navnt$202005_11.5.6_danish_livetri.zip
C:\WINDOWS\inet20004\5\norton$20internet$20security$20other_2.0_english_livetri.zip
C:\WINDOWS\inet20004\5\norton$20internet$20security$20url_1.0_english_livetri.zip
C:\WINDOWS\inet20004\5\norton$20internet$20security_8.3.0_danish_livetri.zip
C:\WINDOWS\inet20004\5\norton$20security$20center$20core_1.0_danish_livetri.zip
C:\WINDOWS\inet20004\5\norton$20wmi$20core_1.2_danish_livetri.zip
C:\WINDOWS\inet20004\5\norton$20wmi$20shared_1.0_danish_livetri.zip
C:\WINDOWS\inet20004\5\spam$20def_2.0_english_livetri.zip
C:\WINDOWS\inet20004\5\symantec$20trusted$20application$20list_1.1_english_livetri.zip
C:\WINDOWS\inet20004\mm.pid
C:\WINDOWS\inet20004\www.google.com\favicon.ico
C:\WINDOWS\inet20004\www.google.com\Google_files\hp0.gif
C:\WINDOWS\inet20004\www.google.com\Google_files\hp1.gif
C:\WINDOWS\inet20004\www.google.com\Google_files\hp2.gif
C:\WINDOWS\inet20004\www.google.com\Google_files\hp3.gif
C:\WINDOWS\inet20004\www.google.com\index.html
C:\WINDOWS\inet20004\www.google.com\thank.html
C:\WINDOWS\s32.txt
C:\WINDOWS\ws386.ini
D:\Autorun.inf

.
(((((((((((((((((((((((((  Files Created from 2007-10-08 to 2007-11-08  )))))))))))))))))))))))))))))))
.

2007-11-20 13:14    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-11-20 13:11    401,720    --a------    C:\Programmer\HJTrenamed.exe
2007-11-20 12:25    <DIR>    d--------    C:\Programmer\CCleaner
2007-11-10 15:21    <DIR>    d--------    C:\Programmer\MSXML 6.0
2007-11-10 11:00    664    --a------    C:\WINDOWS\system32\d3d9caps.dat
2007-11-10 10:53    <DIR>    d--------    C:\Documents and Settings\HP_Ejer\Application Data\SUPERAntiSpyware.com
2007-11-10 10:45    <DIR>    d--------    C:\Documents and Settings\HP_Ejer\Application Data\AVG7
2007-11-10 10:31    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-11-10 10:31    <DIR>    d--------    C:\Documents and Settings\patrick.DIT-B8449E21E84\Application Data\SUPERAntiSpyware.com
2007-11-10 10:31    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-10 10:27    <DIR>    d--------    C:\Documents and Settings\patrick.DIT-B8449E21E84\Application Data\AVG7
2007-11-10 09:58    <DIR>    d--------    C:\Documents and Settings\patrick.DIT-B8449E21E84\Application Data\Lavasoft
2007-11-10 09:39    21,504    --a------    C:\WINDOWS\system32\hidserv.dll
2007-11-10 09:39    21,504    --a------    C:\WINDOWS\system32\dllcache\hidserv.dll
2007-11-10 09:37    31,616    --a------    C:\WINDOWS\system32\drivers\usbccgp.sys
2007-11-10 09:37    31,616    --a------    C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-11-10 09:37    14,848    --a------    C:\WINDOWS\system32\drivers\kbdhid.sys
2007-11-10 09:37    14,848    --a------    C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-11-10 09:37    12,160    --a------    C:\WINDOWS\system32\drivers\mouhid.sys
2007-11-10 09:37    12,160    --a------    C:\WINDOWS\system32\dllcache\mouhid.sys
2007-11-10 09:37    9,600    --a------    C:\WINDOWS\system32\drivers\hidusb.sys
2007-11-10 09:37    9,600    --a------    C:\WINDOWS\system32\dllcache\hidusb.sys

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-20 12:12    6,974    ----a-w    C:\Programmer\hijackthis.log
2007-11-10 12:02    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\avg7
2007-11-10 09:30    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2007-11-10 09:22    ---------    d-----w    C:\Programmer\Google
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A2E1038-0885-4C92-8E28-A04CF8B94911}]
            C:\PROGRA~1\WINSTR~1\tbu6C\WIN_ST~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-27 01:14]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-28 01:59]
"nwiz"="nwiz.exe" [2007-08-28 01:59 C:\WINDOWS\system32\nwiz.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 21:47 C:\WINDOWS\ALCXMNTR.EXE]
"HPHUPD08"="c:\Programmer\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 07:35]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 06:12]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44]
"xvid start"="%windir%\xvid.bat" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-10 10:27]
"ZoneAlarm Client"="C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"CTSyncU.exe"="C:\Programmer\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 09:06]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 13:00]

C:\Documents and Settings\Administrator\Menuen Start\Programmer\Start\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-01-02 15:00:56]

C:\Documents and Settings\patrick\Menuen Start\Programmer\Start\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-01-02 15:00:56]

C:\Documents and Settings\patrick.DIT-B8449E21E84\Menuen Start\Programmer\Start\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-01-02 15:00:56]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 11:44:06]
HP Digital Imaging Monitor.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 06:23:26]
Logitech Desktop Messenger.lnk - C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-19 10:47:13]
WG111v2 Smart Wizard Wireless Setting.lnk - C:\Programmer\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2007-01-06 17:03:29]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-07-26 11:28:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-07-09 13:56:37 C:\WINDOWS\Tasks\Internettjenester.job"
- C:\Programmer\Hewlett-Packard\SDP\HPSdpApp.exe
"2007-11-10 08:41:19 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Programmer\RegistrySmart\RegistrySmart.exe
"2007-11-20 11:25:47 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-08 13:23:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-08 13:24:34 - machine was rebooted
.
    --- E O F ---
Avatar billede arlet Juniormester
20. november 2007 - 16:54 #4
Hvor er det rart, når programmerne renser så godt ud..

Lige et par småting:

1)Dit Java er forældet, derfor skal du afinstaller dit Java via Kontrolpanel => Tilføj/Fjern Programmer. Af sikkerhedsmæssige årsager, skal den gamle version af programmet slettes, inden man henter nyeste version.

Hent derefter den nye version Java her:
http://www.java.com/en/

2)Kør Hijackthis, scan, sæt flueben ved linien/linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R3 - Default URLSearchHook is missing

O2 - BHO: TBSB06180 - {4A2E1038-0885-4C92-8E28-A04CF8B94911} - C:\PROGRA~1\WINSTR~1\tbu6C\WIN_ST~1.DLL

Genstart og ny hijackthis log
Avatar billede Slettet bruger
21. november 2007 - 00:43 #5
Ovennævnte er hermed udført. Det skal nævnes at følgende linie ikke eksisterede:

R3 - Default URLSearchHook is missing

De 2 andre er fjernet.

---------------------------------

Her følger nu Hijackthis log-fil:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:40:02, on 21-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Programmer\HP\HP Software Update\HPwuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\HJTrenamed.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Programmer\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [xvid start] %windir%\xvid.bat
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmer\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmer\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Tilslutningshjælp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Tilslutningshjælp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6458 bytes
Avatar billede arlet Juniormester
21. november 2007 - 10:52 #6
Så ser det bedre ud..

Hjalp kuren??

Kør lige trin 5 og 6 herfra: http://www.malwarecheck.dk/forum/viewtopic.php?t=11
Avatar billede Slettet bruger
21. november 2007 - 12:08 #7
Ja, det ser ud til at vira er væk. Jeg har ikke haft advarsler om dem siden efter forrige trin. Og PC'en kører fint igen. Du skal have tusind tak for hjælpen. :)

Jeg har også lige kørt trin 5 og 6, som du nævner. Så nu får vi se. Jeg tror det hele er fikset.
Avatar billede arlet Juniormester
21. november 2007 - 12:22 #8
Velbekommen..

For at lukke igen skal du lige marker mit navn i boksen til venstre og trykke accepter..

Ha en god dag..
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 13:59 2 skærme til en stationær computer Af BIRGER i Skærme
26/0119:26 Opstart af ny computer Af Bent i Windows
25/0120:06 Hjemmeside der virker både på mobil og computer Af Strawberry i PHP
25/0117:08 Problemer med borger.dk Af valby i Windows
25/0114:19 Fejl Af buls i Windows
White papers
Flere white papers »