CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede 0123 Novice
01. december 2007 - 18:15 Der er 13 kommentarer og
1 løsning

hjælp til spyware

Hej!
Er der en som har tid til at kigge på min log?
Logfile of HijackThis v1.99.1
Scan saved at 18:11:52, on 01-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Cactus Spam Filter 2.13\cactusspamfilter.exe
C:\Programmer\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Programmer\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\henrik lai jensen\Skrivebord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Programmer\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Programmer\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [com.codeode.cactusspamfilter] "C:\Programmer\Cactus Spam Filter 2.13\cactusspamfilter.exe" -minimized
O4 - HKCU\..\Run: [RoboForm] "C:\Programmer\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gem formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: RF værktøjslinie - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Tilpas RF menu - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Udfyld formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Udfyld - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Udfyld formularer - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Gem - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Gem formularer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF værktøjslinie - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://193.138.215.254/cgi-bin/SysCamInst.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://domecam.uridium.ch/kxhcm10.ocx
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174835246786
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://80.198.229.250/activex/AMC.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://193.138.213.169/cgi-bin/bl_camera.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.opentopia.com/support/activex/AxisCamControl.cab
O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/eng/darts_2_0_0_40.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netpension.danicapension.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://80.160.169.182/activex/AMC.cab
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Programmer\Trend Micro\TrendProtect\MSIE\wrs.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
Avatar billede fromsej Praktikant
01. december 2007 - 19:34 #1
Følg hele denne artikel:
http://www.eksperten.dk/artikler/1123
Avatar billede 0123 Novice
01. december 2007 - 20:12 #2
det er bare i orden men , har du tid til at tjekke min log til sidst?
Avatar billede johnstigers Seniormester
01. december 2007 - 20:41 #3
Hvis du læser artiklen finder du ud af om han tjekker log ;)
Avatar billede fromsej Praktikant
01. december 2007 - 21:23 #4
Jeg kan da gøre et forsøg. ;-)
Selvfølgelig tjekker jeg den, ellers ville jeg ikke bede om de logs.
Avatar billede 0123 Novice
01. december 2007 - 22:09 #5
Logfile of HijackThis v1.99.1
Scan saved at 21:49:23, on 01-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\henrik lai jensen\Skrivebord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Programmer\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Programmer\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [com.codeode.cactusspamfilter] "C:\Programmer\Cactus Spam Filter 2.13\cactusspamfilter.exe" -minimized
O4 - HKCU\..\Run: [RoboForm] "C:\Programmer\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gem formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: RF værktøjslinie - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Tilpas RF menu - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Udfyld formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Udfyld - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Udfyld formularer - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Gem - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Gem formularer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF værktøjslinie - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://193.138.215.254/cgi-bin/SysCamInst.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://domecam.uridium.ch/kxhcm10.ocx
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174835246786
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://80.198.229.250/activex/AMC.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://193.138.213.169/cgi-bin/bl_camera.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.opentopia.com/support/activex/AxisCamControl.cab
O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/eng/darts_2_0_0_40.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netpension.danicapension.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://80.160.169.182/activex/AMC.cab
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Programmer\Trend Micro\TrendProtect\MSIE\wrs.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe

ComboFix 07-11-19.4C - henrik lai jensen 2007-12-01 21:54:58.6 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.119 [GMT 1:00]
Running from: C:\Documents and Settings\henrik lai jensen\Skrivebord\programmer\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\imgdoc2.dll
C:\WINDOWS\dat.txt
C:\WINDOWS\rs.txt

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm


(((((((((((((((((((((((((  Files Created from 2007-11-01 to 2007-12-01  )))))))))))))))))))))))))))))))
.

2007-11-25 00:31    54,784    --a------    C:\WINDOWS\KeyHook.dll
2007-11-12 22:09    53,248    --a------    C:\WINDOWS\system32\FluxSave.scr
2007-11-12 21:42    194,048    --a------    C:\WINDOWS\system32\PlayGif.ocx

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-01 19:37    ---------    d-----w    C:\Programmer\SUPERAntiSpyware
2007-12-01 19:28    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-25 16:37    ---------    d-----w    C:\Programmer\Fælles filer\Adobe
2007-10-25 16:27    ---------    d-----w    C:\Programmer\Google
2007-10-25 16:21    ---------    d-----w    C:\Documents and Settings\henrik lai jensen\Application Data\AdobeUM
2007-10-24 16:41    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\e-Safekey
2007-10-04 16:12    ---------    d-----w    C:\Programmer\Neoretix
2007-09-06 18:38    4,483    -c--a-w    C:\Programmer\hijackthis.log
2007-07-06 16:39    401,720    ----a-w    C:\Programmer\HJTrenamed.exe
2007-06-09 19:26    1,164,054    -c--a-w    C:\Documents and Settings\SmitfraudFix\SmitfraudFix.cmd
2007-06-09 19:04    82,432    ----a-w    C:\Documents and Settings\SmitfraudFix\GenericRenosFix.exe
2007-03-28 16:38    77,824    ----a-w    C:\Documents and Settings\SmitfraudFix\HostsChk.exe
2006-12-01 04:20    79,360    ----a-w    C:\Documents and Settings\SmitfraudFix\swxcacls.exe
2006-09-19 20:13    20,480    ----a-w    C:\Documents and Settings\SmitfraudFix\SmiUpdate.exe
2006-09-14 22:34    167,936    ----a-w    C:\Documents and Settings\SmitfraudFix\unzip.exe
2006-08-29 17:43    135,168    ----a-w    C:\Documents and Settings\SmitfraudFix\swreg.exe
2006-04-27 15:49    288,417    ----a-w    C:\Documents and Settings\SmitfraudFix\SrchSTS.exe
2006-03-07 20:45    16,384    ----a-w    C:\Documents and Settings\SmitfraudFix\restart.exe
2006-01-09 08:36    40,960    ----a-w    C:\Documents and Settings\SmitfraudFix\swsc.exe
2005-01-13 19:41    24,576    ----a-w    C:\Documents and Settings\SmitfraudFix\Reboot.exe
2004-07-31 16:50    51,200    ----a-w    C:\Documents and Settings\SmitfraudFix\dumphive.exe
2003-06-05 19:13    53,248    ----a-w    C:\Documents and Settings\SmitfraudFix\Process.exe
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 13:00]
"com.codeode.cactusspamfilter"="C:\Programmer\Cactus Spam Filter 2.13\cactusspamfilter.exe" [2006-04-30 15:27]
"RoboForm"="C:\Programmer\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-11-23 20:23]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-04 15:54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-05-15 20:55]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 13:00]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 11:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL 2007-08-07 22:48 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Hurtigstart.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader Hurtigstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Huskesedel.txt]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Huskesedel.txt
backup=C:\WINDOWS\pss\Huskesedel.txtCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^henrik lai jensen^Menuen Start^Programmer^Start^huskesedel.txt]
path=C:\Documents and Settings\henrik lai jensen\Menuen Start\Programmer\Start\huskesedel.txt
backup=C:\WINDOWS\pss\huskesedel.txtStartup
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 10:09    63712    --a------    C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 18:51    39792    --a------    C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveCleaner 2006 Free]
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start]
            C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\system32\gzmrotate.dll DllVerify
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipmon]
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50    155648    --a------    C:\WINDOWS\system32\NeroCheck.exe
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\novsvida.exe]
            C:\Documents and Settings\All Users\Application Data\novsvida.exe
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Patch]
            C:\WINDOWS\Patch.exe /nomsg
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
            C:\Programmer\QuickTime\qttask.exe -atboottime
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundService]
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2007-08-07 22:48    1318912    --a------    C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-11-04 15:54    68856    --a------    C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
            C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 -reboot 1
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\X-Cleaner Deluxe]
            C:\PROGRA~1\X-CLEA~1\XCleaner_full.exe -turbo -autostart -NOREBOOT

R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 3dfxvs;3dfxvs;C:\WINDOWS\system32\DRIVERS\3dfxvsm.sys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2007-11-23 16:20:24 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Programmer\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-05-15 19:59:40 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-01 22:00:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-01 22:04:22 - machine was rebooted
.
    --- E O F ---
Avatar billede fromsej Praktikant
02. december 2007 - 08:46 #6
Hent Ccleaner her:
http://www.filehippo.com/download_ccleaner/
Installer Ccleaner, husk at fjerne fluebenet udfor installation af Yahoo toolbar.
Start programmet, fjern fluebenet i cookies.
Klik på kør Cleaner og lad den fjerne hvad den finder.
Klik så på Problemer ovre i venstre side (den blå terning), klik på Skan efter problemer, når den er færdig, klik på Udbedre valgte problemer, lav evt. en backup af registreringsdatabasen, klik så på udbedre alle valgte problemer.
Klik på OK, klik på Luk når den er færdig.
Genstart.
---------------------------------------
Start superantispyware, klik på Check for updates, når det er opdateret, luk programmet, du skal ikke scanne endnu.
---------------------------------------
Kopiér indholdet mellem de bølgede linier ind i et notepad-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt. Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

~~~~~~~~~~~~~~~~~~~~~~~~~~

Killall::

File::
C:\WINDOWS\KeyHook.dll
C:\WINDOWS\system32\FluxSave.scr
C:\WINDOWS\system32\gzmrotate.dll
"C:\Documents and Settings\All Users\Application Data\novsvida.exe"
C:\WINDOWS\Patch.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveCleaner 2006 Free]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\novsvida.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Patch]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start]
C:\WINDOWS\System32\Rundll32.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~
Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
---------------------------------------
Genstart i fejlsikret (tryk på <F8> under opstarten)
Start SuperAntiSpyware, klik på Scan your Computer, sæt flueben i de drev der skal scannes.
(Fixed disk betyder harddisk)
Flyt prikken til Perform complete scan og klik på Næste, så kører scanningen.

Når den er færdig kommer der et vindue med en opsummering, klik på OK, klik så på næste og så på Udfør.

Der kommer et vindue med Quarantine and removal Complete, klik på OK, klik på Udfør.
Luk programmet, genstart normalt.
---------------------------------------
Start SuperAntiSpyware igen, klik på Preferences, skift til fanebladet Statistics/Logs, i vinduet dobbeltklikker du på SUPERAntiSpyware Scan Log, den åbner i notesblok, kopier resultatet herind.
Vi skal også se en frisk hijackthislog, samt den nye combofixlog.
Avatar billede 0123 Novice
02. december 2007 - 11:30 #7
Hej fromsej!
Jeg vender tilbage i aften engang!
Avatar billede 0123 Novice
02. december 2007 - 23:06 #8
Logfile of HijackThis v1.99.1
Scan saved at 23:01:41, on 02-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Cactus Spam Filter 2.13\cactusspamfilter.exe
C:\Programmer\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\henrik lai jensen\Skrivebord\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://signon.stofanet.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Programmer\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Programmer\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Programmer\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [com.codeode.cactusspamfilter] "C:\Programmer\Cactus Spam Filter 2.13\cactusspamfilter.exe" -minimized
O4 - HKCU\..\Run: [RoboForm] "C:\Programmer\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Gem formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: RF værktøjslinie - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Tilpas RF menu - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Udfyld formularer - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Udfyld - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Udfyld formularer - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Gem - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Gem formularer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF værktøjslinie - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programmer\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://193.138.215.254/cgi-bin/SysCamInst.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://domecam.uridium.ch/kxhcm10.ocx
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174835246786
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://80.198.229.250/activex/AMC.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://193.138.213.169/cgi-bin/bl_camera.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.opentopia.com/support/activex/AxisCamControl.cab
O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/eng/darts_2_0_0_40.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netpension.danicapension.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://80.160.169.182/activex/AMC.cab
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Programmer\Trend Micro\TrendProtect\MSIE\wrs.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe

ComboFix 07-11-19.4C - henrik lai jensen 2007-12-02 21:29:16.7 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.77 [GMT 1:00]
Running from: C:\Documents and Settings\henrik lai jensen\Skrivebord\programmer\ComboFix.exe
Command switches used :: C:\Documents and Settings\henrik lai jensen\Skrivebord\programmer\CFScript.txt
* Created a new restore point

FILE
"C:\Documents and Settings\All Users\Application Data\novsvida.exe"
C:\WINDOWS\KeyHook.dll
C:\WINDOWS\Patch.exe
C:\WINDOWS\system32\FluxSave.scr
C:\WINDOWS\system32\gzmrotate.dll
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\KeyHook.dll
C:\WINDOWS\system32\FluxSave.scr

.
(((((((((((((((((((((((((  Files Created from 2007-11-02 to 2007-12-02  )))))))))))))))))))))))))))))))
.

2007-11-12 21:42    194,048    --a------    C:\WINDOWS\system32\PlayGif.ocx

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-02 20:24    ---------    d-----w    C:\Programmer\SUPERAntiSpyware
2007-12-01 19:28    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-25 16:37    ---------    d-----w    C:\Programmer\Fælles filer\Adobe
2007-10-25 16:27    ---------    d-----w    C:\Programmer\Google
2007-10-25 16:21    ---------    d-----w    C:\Documents and Settings\henrik lai jensen\Application Data\AdobeUM
2007-10-24 16:41    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\e-Safekey
2007-10-04 16:12    ---------    d-----w    C:\Programmer\Neoretix
2007-09-06 18:38    4,483    -c--a-w    C:\Programmer\hijackthis.log
2007-07-06 16:39    401,720    ----a-w    C:\Programmer\HJTrenamed.exe
2007-06-09 19:26    1,164,054    -c--a-w    C:\Documents and Settings\SmitfraudFix\SmitfraudFix.cmd
2007-06-09 19:04    82,432    ----a-w    C:\Documents and Settings\SmitfraudFix\GenericRenosFix.exe
2007-03-28 16:38    77,824    ----a-w    C:\Documents and Settings\SmitfraudFix\HostsChk.exe
2006-12-01 04:20    79,360    ----a-w    C:\Documents and Settings\SmitfraudFix\swxcacls.exe
2006-09-19 20:13    20,480    ----a-w    C:\Documents and Settings\SmitfraudFix\SmiUpdate.exe
2006-09-14 22:34    167,936    ----a-w    C:\Documents and Settings\SmitfraudFix\unzip.exe
2006-08-29 17:43    135,168    ----a-w    C:\Documents and Settings\SmitfraudFix\swreg.exe
2006-04-27 15:49    288,417    ----a-w    C:\Documents and Settings\SmitfraudFix\SrchSTS.exe
2006-03-07 20:45    16,384    ----a-w    C:\Documents and Settings\SmitfraudFix\restart.exe
2006-01-09 08:36    40,960    ----a-w    C:\Documents and Settings\SmitfraudFix\swsc.exe
2005-01-13 19:41    24,576    ----a-w    C:\Documents and Settings\SmitfraudFix\Reboot.exe
2004-07-31 16:50    51,200    ----a-w    C:\Documents and Settings\SmitfraudFix\dumphive.exe
2003-06-05 19:13    53,248    ----a-w    C:\Documents and Settings\SmitfraudFix\Process.exe
.

(((((((((((((((((((((((((((((  snapshot@2007-12-01_22.02.14.39  )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-02 20:34:33    16,384    ----atw    C:\WINDOWS\Temp\Perflib_Perfdata_6cc.dat
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 13:00]
"com.codeode.cactusspamfilter"="C:\Programmer\Cactus Spam Filter 2.13\cactusspamfilter.exe" [2006-04-30 15:27]
"RoboForm"="C:\Programmer\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-11-23 20:23]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-04 15:54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-05-15 20:55]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 13:00]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 11:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL 2007-08-07 22:48 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Hurtigstart.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader Hurtigstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Huskesedel.txt]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Huskesedel.txt
backup=C:\WINDOWS\pss\Huskesedel.txtCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^henrik lai jensen^Menuen Start^Programmer^Start^huskesedel.txt]
path=C:\Documents and Settings\henrik lai jensen\Menuen Start\Programmer\Start\huskesedel.txt
backup=C:\WINDOWS\pss\huskesedel.txtStartup
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 10:09    63712    --a------    C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 18:51    39792    --a------    C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start]
            C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\system32\gzmrotate.dll DllVerify
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipmon]
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50    155648    --a------    C:\WINDOWS\system32\NeroCheck.exe
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
            C:\Programmer\QuickTime\qttask.exe -atboottime
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundService]
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2007-08-07 22:48    1318912    --a------    C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-11-04 15:54    68856    --a------    C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
            C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 -reboot 1
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\X-Cleaner Deluxe]
            C:\PROGRA~1\X-CLEA~1\XCleaner_full.exe -turbo -autostart -NOREBOOT

R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 3dfxvs;3dfxvs;C:\WINDOWS\system32\DRIVERS\3dfxvsm.sys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2007-11-23 16:20:24 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Programmer\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-05-15 19:59:40 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-02 21:35:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-02 21:38:30 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-01 22:04
.
    --- E O F ---

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/02/2007 at 10:54 PM

Application Version : 3.9.1008

Core Rules Database Version : 3353
Trace Rules Database Version: 1352

Scan type      : Complete Scan
Total Scan Time : 01:08:49

Memory items scanned      : 160
Memory threats detected  : 0
Registry items scanned    : 4671
Registry threats detected : 0
File items scanned        : 19772
File threats detected    : 0
Avatar billede fromsej Praktikant
03. december 2007 - 11:19 #9
Det ser fornuftigt ud, der er lige en jeg gerne vil se nærmere på.

Kopiér indholdet mellem de stiplede linier, ind i et notepad-vindue, og gem indholdet på skrivebordet som hentreg.bat. Når du gemmer filen, skal du sikre dig, at der under "Filtyper" står "Alle filer":

------------
%windir%\regedit.exe /e %temp%\regexp.reg
"HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start"
start %windir%\notepad.exe %temp%\regexp.reg
------------
Dobbeltklik så på den fil, som du lige har lavet. Så åbnes et lille dos-vindue. Efter kort tid vil der poppe et notepad-vindue op, hvis indhold du skal lægge herind.
Avatar billede 0123 Novice
03. december 2007 - 16:36 #10
Indholdet fylder 55,5 mb og det kan jeg ikke kopier her ind!

Har i en anden løsning?
Avatar billede 0123 Novice
03. december 2007 - 17:38 #11
Er computeren køreklar for jeg bruger den til mit arbejde i hverdagen?
Avatar billede fromsej Praktikant
03. december 2007 - 18:37 #12
Ja, den skulle være tip-top.

Det eneste jeg gerne ville have væk er dette:
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start]
C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\system32\gzmrotate.dll DllVerify

Altså kun den nederste del:
C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\system32\gzmrotate.dll DllVerify
Se om du kan manuelt med Regedit, ellers lad det være, filen er væk, så den gør ingen skade.
Avatar billede 0123 Novice
03. december 2007 - 20:42 #13
Så fik jeg den fjernet i regedit.
Tusind tak for hjælpen.
Fortsat god aften.
Smid et svar.
Avatar billede fromsej Praktikant
03. december 2007 - 21:04 #14
Velbekomme. :-)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Windows kategorien

Titel Indlæg Oprettet Seneste aktivitet
Windows 2022 Server Af Keld Jakobsen (3) i Windows 2 I går 19:38 I dag 06:28
forsvunden mappe Af hagbartm i Windows 7 07/05/202509:52 07/05/202517:22
Acer gaming bærbar Af Heidip i Windows 1 05/05/202519:10 05/05/202519:24
Windows Installation Af Okki i Windows 16 01/05/202508:12 02/05/202514:21
Egenskaber/genvejstast virker ikke mere Af Blød trafikant i Windows 17 24/04/202523:30 26/04/202509:13
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 19:38 Windows 2022 Server Af Keld Jakobsen (3) i Windows
I går 17:03 Overførsels hastighed Af Apock i LAN/WAN
14/0521:52 tilslut med internetkabel Af prewer i LAN/WAN
14/0520:44 Ikke modal form benyttet som MsgBox custom designet Af per2edb i Access
14/0516:43 Teksten (ordene) til Yuval Raphael's (Israel) Vindersang ? Af Ikke-ekspert i Fri debat
White papers
Flere white papers »


Premium
Teaser billede
Tidligere Matas-CIO Thomas Grane skifter iværksættertilværelsen ud: Her er hans nye job
Læs mere »
Google ruller ny AI-søgning ud i Danmark – sådan ændres dine resultater
Vil frikøbe store mængder offentlige data: Danske virksomheder skal have fri adgang
Tjener tykt på million-investering: Så meget har Københavns Kommune scoret på Microsofts fremgang i år
Se alle »
Computerworld
Teaser billede
Fungerede ikke: Dropper AI som erstatning for kundeservice-medarbejdere - har nu brug for nye folk
Læs mere »
Netværkstest-duel: Hvad dækker bedst: Tre billige eller to dyrere mesh-enheder?
Microsoft melder ud: Disse enheder kan ikke opgraderes til Windows 11
Ny version af verdens mest udbredte mobil-styresystem på vej: Største visuelle ændring i årevis
Se alle »
CIO
Teaser billede
Har fælles fortid i Devoteam: Nu etablerer disse fire tunge it-profiler nyt dansk konsulenthus - ser et hul i markedet
Læs mere »
Aarhus Kommune vil droppe Outlook, Excel og Word: Arbejder på langsigtet plan
Du kan spare en formue ved at skifte til europæisk cloud: Sådan kan du komme i gang
Skruer bissen på over for gamle kunder: Skriv ny aftale med os eller fjern alle opdateringer
Se alle »
Job & Karriere
Teaser billede
Fungerede ikke: Dropper AI som erstatning for kundeservice-medarbejdere - har nu brug for nye folk
Læs mere »
Den danske it-branche er på vagt: Hvad nu hvis Trump lukker for Microsoft 365 og AWS fra på mandag?
Danske it-folk lokkes med store tiltrædelses-bonusser: Nu kan du score mere end 100.000 kroner ved at skrive under på ny jobkontrakt
NNIT har fyret 100 medarbejdere - nedjusterer markant
Se alle »
White paper
Teaser billede
Sådan får du reel værdi ud af Microsoft Copilot
Læs mere »
Revolutionér kundeoplevelsen med AI og automatisering
Udnyt Genesys Cloud CX optimalt og styrk kundeoplevelsen
NIS2: Sådan styrker du både cybersikkerhed og compliance
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »