Virus - div. logs

Er hårdt ramt af winfixer.....
Hermed 4 logs:

ComboFix 07-12-16.3 - jsi 2007-12-16 13:10:39.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.451 [GMT 1:00]
Running from: E:\Sikkerhed\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\actbqqeg.dll
C:\WINDOWS\system32\aeawcwlt.exe
C:\WINDOWS\system32\ajgftarp.dll
C:\WINDOWS\system32\awtqr.dll
C:\WINDOWS\system32\fafxdjxq.dll
C:\WINDOWS\system32\gsmtkbkp.dll
C:\WINDOWS\system32\iyncgibe.dll
C:\WINDOWS\system32\lxravqmn.dll
C:\WINDOWS\system32\rqtwa.bak1
C:\WINDOWS\system32\rqtwa.bak2
C:\WINDOWS\system32\rqtwa.ini
C:\WINDOWS\system32\rqtwa.ini2
C:\WINDOWS\system32\rqtwa.tmp
C:\WINDOWS\system32\rwxapxkf.dll
C:\WINDOWS\system32\x64
C:\WINDOWS\system32\xehjyodv.dll

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


(((((((((((((((((((((((((  Files Created from 2007-11-16 to 2007-12-16  )))))))))))))))))))))))))))))))
.

2007-12-16 13:13 . 2007-12-16 13:13    284,285    --a------    C:\catchme.zip
2007-12-16 11:34 . 2007-12-16 11:34    294    ---hs----    C:\WINDOWS\system32\uulkheeq.ini
2007-12-16 11:22 . 2007-12-16 11:22    294    ---hs----    C:\WINDOWS\system32\ckrxljop.ini
2007-12-16 11:21 . 2007-12-16 11:29    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-12-16 11:21 . 2007-12-16 11:21    <DIR>    d--------    C:\Documents and Settings\jsi\Application Data\SUPERAntiSpyware.com
2007-12-16 11:21 . 2007-12-16 11:21    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-16 11:07 . 2007-12-16 11:07    <DIR>    d--------    C:\Programmer\CCleaner
2007-12-13 16:33 . 2007-12-16 10:22    <DIR>    d--------    C:\Programmer\backups
2007-12-13 16:28 . 2007-07-06 18:39    401,720    --a------    C:\Programmer\HJTrenamed.exe
2007-12-13 13:48 . 2007-12-13 13:48    0    --a------    C:\s15s.l
2007-12-13 13:06 . 2007-12-13 13:26    10,752    --a------    C:\WINDOWS\DCEBoot.exe
2007-12-13 09:32 . 2007-12-13 09:33    885,172    ---hs----    C:\WINDOWS\system32\iffpxyrg.ini
2007-12-12 19:23 . 2007-12-14 18:30    <DIR>    d--------    C:\dragon
2007-12-12 09:30 . 2007-12-13 09:31    1,094,087    ---hs----    C:\WINDOWS\system32\sncsqquw.ini
2007-12-12 06:37 . 2007-12-12 06:37    1,512    --a------    C:\WINDOWS\system32\MRT.INI
2007-12-11 10:50 . 2007-12-13 13:48    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-11 09:31 . 2007-12-12 08:36    897,015    ---hs----    C:\WINDOWS\system32\vygqnjis.ini
2007-12-11 06:15 . 2007-12-11 06:15    <DIR>    d--------    C:\vikaren
2007-12-10 12:35 . 2007-12-11 09:29    842,586    ---hs----    C:\WINDOWS\system32\nmoyqvim.ini
2007-12-09 09:29 . 2007-12-10 09:29    841,559    ---hs----    C:\WINDOWS\system32\jnobgteu.ini
2007-12-08 19:10 . 2007-12-08 19:10    143    --a------    C:\WINDOWS\system32\mcrh.tmp
2007-12-08 12:27 . 2007-12-08 12:40    <DIR>    d--------    C:\temp\VIDEO_TS
2007-12-08 12:27 . 2007-12-08 12:27    <DIR>    d--------    C:\temp\AUDIO_TS
2007-12-08 09:16 . 2007-12-08 09:16    <DIR>    d--------    C:\Programmer\PowerISO
2007-12-06 08:34 .     <DIR>        C:\Programmer\Fælles filer\PCSuite
2007-12-06 08:34 .     <DIR>        C:\Programmer\Fælles filer\Nokia
2007-12-06 08:33 . 2007-12-06 08:33    <DIR>    d--------    C:\Programmer\PC Connectivity Solution
2007-12-03 13:29 . 2007-12-11 10:47    8,194    --a------    C:\WINDOWS\cfgrs.ini
2007-12-03 13:29 . 2007-12-11 10:47    7,369    --a------    C:\WINDOWS\cfgrs_ex.ini
2007-11-29 14:26 . 2007-11-29 14:47    <DIR>    d--------    C:\Documents and Settings\jsi\Application Data\dvdcss
2007-11-28 16:10 . 2007-11-28 16:10    8,192    --a------    C:\WINDOWS\REGLOCS.OLD
2007-11-23 08:24 . 2007-12-14 08:22    21    --a------    C:\tmuninst.ini
2007-11-23 08:19 . 2007-08-01 16:47    102,664    --a------    C:\WINDOWS\system32\drivers\tmcomm.sys
2007-11-16 11:10 . 2007-11-16 11:10    <DIR>    d--------    C:\Programmer\CuteSoft

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-16 12:08    8,679    ----a-w    C:\Programmer\hijackthis.log
2007-12-16 10:16    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2007-12-16 08:13    ---------    d-----w    C:\Documents and Settings\jsi\Application Data\uTorrent
2007-12-12 18:22    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-06 07:34    ---------    d-----w    C:\Programmer\Nokia
2007-12-06 07:30    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Installations
2007-11-13 10:25    20,480    ----a-w    C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 23:42    ---------    d-----w    C:\Programmer\Network Stumbler
2007-11-03 23:07    ---------    d-----w    C:\Programmer\ASUS
2007-10-29 13:00    ---------    d-----w    C:\Documents and Settings\jsi\Application Data\Symantec
2007-10-29 12:59    ---------    d-----w    C:\Documents and Settings\jsi\Application Data\Winamp
2007-10-25 22:57    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2007-10-25 22:57    ---------    d-----w    C:\Programmer\Symantec
2007-10-25 14:22    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\PC Suite
2007-10-24 13:06    ---------    d-----w    C:\Programmer\Winamp
2007-10-23 22:17    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-23 22:13    ---------    d-----w    C:\Programmer\Norton Ghost
2007-10-23 22:13    ---------    d-----w    C:\Programmer\Fælles filer\Symantec Shared
2007-10-23 22:10    ---------    d-----w    C:\Programmer\Fælles filer\InstallShield
2007-10-23 21:57    ---------    d-----w    C:\Programmer\Windows Media Connect 2
2007-10-23 07:33    ---------    d-----w    C:\Programmer\CheckPoint
2007-10-21 14:13    ---------    d-----w    C:\Programmer\Robster Productions
2007-10-20 14:35    ---------    d-----w    C:\Documents and Settings\jsi\Application Data\Azureus
2007-10-17 21:45    ---------    d-----w    C:\Programmer\Java
2007-10-16 23:25    ---------    d-----w    C:\Programmer\Windows Live Safety Center
2007-09-12 15:03    774,144    -c--a-w    C:\Programmer\RngInterstitial.dll
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-04-23 15:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-04-17 16:24]
"SynTPEnh"="C:\Programmer\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 13:26]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-04 14:59 C:\WINDOWS\RTHDCPL.EXE]
"SMSERIAL"="C:\WINDOWS\sm56hlpr.exe" [2006-03-21 21:54]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-06 11:11]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-06 11:13]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-06 11:10]
"RemoteControl"="C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe" [2005-01-12 02:01]
"OfficeScanNT Monitor"="C:\OfficeScan NT\pccntmon.exe" [2007-05-08 00:43]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Power_Gear"="C:\Programmer\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 16:13]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2006-03-02 13:00]
"PWRISOVM.EXE"="C:\Programmer\PowerISO\PWRISOVM.EXE" [2007-08-07 01:05]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00]
"Nokia.PCSync"="C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Bluetooth Manager.lnk - C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-02-02 21:19:10]
Program Neighborhood Agent.lnk - C:\Programmer\Citrix\ICA Client\pnagent.exe [2006-05-02 17:22:30]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programmer\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 12:11 233472]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll 2006-04-09 19:59 24674 C:\WINDOWS\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2025429265-308236825-1417001333-6693\Scripts\Logon\0\0]
"Script"=Norresundby.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2025429265-308236825-1417001333-6693\Scripts\Logon\1\0]
"Script"=salgsgruppen.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^ASUS ChkMail.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\ASUS ChkMail.lnk
backup=C:\WINDOWS\pss\ASUS ChkMail.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Windows-pc-søgning.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Windows-pc-søgning.lnk
backup=C:\WINDOWS\pss\Windows-pc-søgning.lnkCommon Startup
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
            C:\Program Files\MSN Messenger\msnmsgr.exe /background
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50    155648    --a------    C:\WINDOWS\system32\NeroCheck.exe
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 12.0]
2007-03-28 19:41    2037352    --a------    C:\Programmer\Norton Ghost\Agent\VProTray.exe
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
            C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
            C:\Programmer\QuickTime\qttask.exe -atboottime

R1 FW1;SecuRemote Miniport;C:\WINDOWS\system32\DRIVERS\fw.sys
R2 CP_OMDRV;Check Point Office Mode Module;C:\WINDOWS\system32\drivers\omdrv.sys
R2 v2imount;Symantec V2i Mount Driver;C:\WINDOWS\system32\DRIVERS\v2imount.sys
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;C:\WINDOWS\system32\DRIVERS\vnasc.sys
R2 VPN-1;VPN-1 Module;C:\WINDOWS\system32\drivers\vpn.sys
R3 SynMini;USB2.0 1.3M Web Cam;C:\WINDOWS\system32\Drivers\SynMini.sys
R3 SynScan;USB2.0 1.3M Web Cam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys
S2 SAUSBHW;%SAUSBHW.SvcDesc%;C:\WINDOWS\system32\Drivers\sausb.sys
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\NSNDIS5.SYS
S3 WimFltr;WimFltr;C:\WINDOWS\system32\DRIVERS\wimfltr.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-12-16 12:15:18 C:\WINDOWS\Tasks\User_Feed_Synchronization-{5F8F40BF-6C3E-4F6D-A364-8897A55DDB64}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-16 13:19:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-16 13:20:42 - machine was rebooted
.
2007-12-12 05:37:39    --- E O F --- 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:22, on 2007-12-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Programmer\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Norton Ghost\Agent\VProSvc.exe
C:\OfficeScan NT\ntrtscan.exe
C:\WINDOWS\system32\svchost.exe
C:\OfficeScan NT\tmlisten.exe
C:\OfficeScan NT\TmPfw.exe
C:\WINDOWS\TEMP\XG2553.EXE
C:\OfficeScan NT\CNTAoSMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe
C:\OfficeScan NT\pccntmon.exe
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\ASUS\Power4 Gear\BatteryLife.exe
C:\Programmer\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Programmer\Citrix\ICA Client\pnagent.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\HJTrenamed.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.rosenmeier.dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.rosenmeier.dk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.1.1.3:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.*;rosenmeier.dk;*philips.com;*addhosting.dk;*fsc-mediaserver.com;*212.66.5.7;*toshiba.co.uk;*asus.com.tw;<local>
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\ASUSTek\ASUSDVD\PDVDServ.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Programmer\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programmer\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Programmer\Citrix\ICA Client\pnagent.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://intranet.rosenmeier.dk
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://webnode1.xstream.dk/radiostationer/rawflow/204/Rawflow.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186570357991
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rosenmeier.dk
O17 - HKLM\Software\..\Telephony: DomainName = rosenmeier.dk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rosenmeier.dk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rosenmeier.dk
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = rosenmeier.dk
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmer\Fælles filer\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmer\Norton Ghost\Agent\VProSvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Programmer\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Programmer\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\OfficeScan NT\tmlisten.exe
O23 - Service: OfficeScanNT Personal Firewall (TmPfw) - Trend Micro Inc. - C:\OfficeScan NT\TmPfw.exe

--
End of file - 8291 bytes

********************************* ROOTCHK-(5-12-07)-LOG, by ejvindh
2007-12-16 13:23:21.89

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-16 13:23:23
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/16/2007 at 11:58 AM

Application Version : 3.7.1018

Core Rules Database Version : 3362
Trace Rules Database Version: 1361

Scan type      : Complete Scan
Total Scan Time : 00:27:43

Memory items scanned      : 215
Memory threats detected  : 1
Registry items scanned    : 6139
Registry threats detected : 12
File items scanned        : 28396
File threats detected    : 43

Trojan.WinFixer
    C:\WINDOWS\SYSTEM32\AWTQR.DLL
    C:\WINDOWS\SYSTEM32\AWTQR.DLL
    HKLM\Software\Classes\CLSID\{F03B4511-3942-476F-BD12-866290C5B708}
    HKCR\CLSID\{F03B4511-3942-476F-BD12-866290C5B708}
    HKCR\CLSID\{F03B4511-3942-476F-BD12-866290C5B708}\InprocServer32
    HKCR\CLSID\{F03B4511-3942-476F-BD12-866290C5B708}\InprocServer32#ThreadingModel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F03B4511-3942-476F-BD12-866290C5B708}

Adware.Vundo-Variant/Small-A
    HKLM\Software\Classes\CLSID\{40c55f8a-8082-4c3c-9d0d-b3a6a09a771d}
    HKCR\CLSID\{40C55F8A-8082-4C3C-9D0D-B3A6A09A771D}
    HKCR\CLSID\{40C55F8A-8082-4C3C-9D0D-B3A6A09A771D}\InprocServer32
    HKCR\CLSID\{40C55F8A-8082-4C3C-9D0D-B3A6A09A771D}\InprocServer32#ThreadingModel
    C:\WINDOWS\SYSTEM32\LNCBWHGN.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40c55f8a-8082-4c3c-9d0d-b3a6a09a771d}
    C:\WINDOWS\SYSTEM32\QEEHKLUU.DLL

Adware.Tracking Cookie
    C:\Documents and Settings\jsi\Cookies\jsi@mediaplex[1].txt
    C:\Documents and Settings\jsi\Cookies\jsi@track.adform[3].txt
    C:\Documents and Settings\jsi\Cookies\jsi@adtech[2].txt
    C:\Documents and Settings\jsi\Cookies\jsi@a.websponsors[2].txt
    C:\Documents and Settings\jsi\Cookies\jsi@ad.zanox[2].txt
    C:\Documents and Settings\jsi\Cookies\jsi@ad2.ip[1].txt
    C:\Documents and Settings\jsi\Cookies\jsi@adfair[1].txt
    C:\Documents and Settings\jsi\Cookies\jsi@adtech[1].txt
    C:\Documents and Settings\jsi\Cookies\jsi@advertising[1].txt
    C:\Documents and Settings\jsi\Cookies\jsi@angleinteractive.directtrack[2].txt
    C:\Documents and Settings\jsi\Cookies\jsi@atdmt[1].txt
    C:\Documents and Settings\jsi\Cookies\jsi@cz4.clickzs[1].txt
    C:\Documents and Settings\jsi\Cookies\jsi@cz8.clickzs[1].txt
    C:\Documents and Settings\jsi\Cookies\jsi@date.ventivmedia[2].txt
    C:\Documents and Settings\jsi\Cookies\jsi@directtrack[2].txt
    C:\Documents and Settings\jsi\Cookies\jsi@divavillage.advertserve[1].txt
    C:\Documents and Settings\jsi\Cookies\jsi@eas.apm.emediate[2].txt
    C:\Documents and Settings\jsi\Cookies\jsi@indextools[2].txt
    C:\Documents and Settings\jsi\Cookies\jsi@partygaming.122.2o7[1].txt
    C:\Documents and Settings\jsi\Cookies\jsi@partypoker[1].txt
    C:\Documents and Settings\jsi\Cookies\jsi@specificclick[2].txt
    C:\Documents and Settings\jsi\Cookies\jsi@statse.webtrendslive[2].txt
    C:\Documents and Settings\jsi\Cookies\jsi@track.adform[2].txt
    C:\Documents and Settings\jsi\Cookies\jsi@tradedoubler[1].txt
    C:\Documents and Settings\jsi\Cookies\jsi@tribalfusion[1].txt

Adware.ClickSpring/Outer Info Network
    HKLM\Software\Outerinfo
    HKLM\Software\Outerinfo#InstallDirectory
    C:\Programmer\Outerinfo\outerinfo.ico
    C:\Programmer\Outerinfo

Adware.Vundo-Variant
    C:\PROGRAMMER\BACKUPS\BACKUP-20071213-163358-763.DLL
    C:\PROGRAMMER\BACKUPS\BACKUP-20071216-102246-991.DLL

Trojan.Downloader-Gen/DDC
    C:\WINDOWS\SYSTEM32\ICMXRVVD.EXE
    C:\WINDOWS\SYSTEM32\IIALGMAP.EXE
    C:\WINDOWS\SYSTEM32\KMXNSQLW.EXE
    C:\WINDOWS\SYSTEM32\OWIUYYWN.EXE
    C:\WINDOWS\SYSTEM32\WXJTUEBQ.EXE
    C:\WINDOWS\Prefetch\ICMXRVVD.EXE-35FD3A60.pf
    C:\WINDOWS\Prefetch\KMXNSQLW.EXE-33475429.pf
    C:\WINDOWS\Prefetch\OWIUYYWN.EXE-056850E1.pf
    C:\WINDOWS\Prefetch\WXJTUEBQ.EXE-048D9D08.pf

Adware.Vundo Variant
    C:\WINDOWS\SYSTEM32\IIFEDEE.DLL
    C:\WINDOWS\SYSTEM32\VTUSQQP.DLL