4 logs

Hej... Jeg havde fået en Virus gennem messenger og fik at vide at jeg skulle ligge mine 4 logs herind.
Håber der er nogen som kan hjælpe.

1: HijackThis
-----------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 22:58:21, on 15-02-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\NavNT\defwatch.exe
C:\Programmer\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\EXPLORER.EXE
C:\Programmer\NavNT\vptray.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spool.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\spool.exe
C:\WINDOWS\system32\spool.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Lasse Kristensen\Skrivebord\Anti\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
F2 - REG:system.ini: Shell=EXPLORER.EXE \266477.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [vptray] C:\Programmer\NavNT\vptray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Microsoft Update] C:\WINDOWS\system32\spool.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Microsoft Update] C:\WINDOWS\system32\spool.exe
O4 - Startup: Last.fm Helper.lnk = C:\Programmer\Last.fm\LastFMHelper.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Centrebet Poker - {8A12431A-A23D-4a88-BEED-4EFC434B70D7} - C:\Programmer\Centrebet Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Centrebet Poker - {8A12431A-A23D-4a88-BEED-4EFC434B70D7} - C:\Programmer\Centrebet Poker\casino.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1819853F-A3CA-4BC4-AD65-EC29D7448494} (CBPLauncher Class) - https://sports.centrebet.com/poker/centrebetpokerlauncher.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Programmer\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Programmer\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Programmer\NavNT\rtvscan.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Programmer\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
-----------------------------------------------------------------


2:Root
-----------------------------------------------------------------
********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh
15-02-2008 22:58:58,70

NOTICE!! Rootchk is not being updated anymore, and is thus gradually getting outdated.
Last update was made 28-12-07

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 22:58:59
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0
-----------------------------------------------------------------


3:Combofix
-----------------------------------------------------------------
ComboFix 08-02-15.1 - Lasse Kristensen 2008-02-15 23:05:56.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.637 [GMT 1:00]
Running from: C:\Documents and Settings\Lasse Kristensen\Skrivebord\Anti\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\128124.exe
C:\183263.exe
C:\224458.exe
C:\266477.exe
C:\Documents and Settings\All Users\Application Data\salesmonitor
C:\Documents and Settings\Lasse Kristensen\Application Data\inst.exe
C:\Documents and Settings\Lasse Kristensen\ResErrors.log
C:\UGA6P

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_FMTR


(((((((((((((((((((((((((  Files Created from 2008-01-15 to 2008-02-15  )))))))))))))))))))))))))))))))
.

2008-02-15 23:01 . 2004-08-26 17:53    391,168    --a------    C:\kmd.exe
2008-02-14 23:01 . 2008-02-14 23:01    552    --a------    C:\WINDOWS\system32\d3d8caps.dat
2008-02-14 21:53 . 2008-02-14 21:53    <DIR>    d--------    C:\Programmer\CCleaner
2008-02-14 21:29 . 2008-02-13 19:13    138,240    --a------    C:\WINDOWS\system32\spool.exe
2008-02-13 18:20 . 2008-02-13 19:13    138,240    --a------    C:\WINDOWS\system32\spool.MSNFix
2008-02-13 18:20 . 2008-02-15 23:06    32    --a------    C:\WINDOWS\system32\1.bat
2008-02-13 17:04 . 2008-02-15 22:52    32    --a------    C:\WINDOWS\system32\2.bat
2008-02-13 17:04 . 2008-02-15 18:22    32    --a------    C:\WINDOWS\system32\0.bat

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 17:25    ---------    d-----w    C:\Programmer\SUPERAntiSpyware
2008-02-14 21:05    ---------    d-----w    C:\Programmer\Google
2008-02-14 20:56    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-14 20:49    ---------    d-----w    C:\Programmer\ScandicBookmakers
2008-02-09 16:27    ---------    d-----w    C:\Programmer\Windows Live Safety Center
2008-02-07 16:50    ---------    d-----w    C:\Documents and Settings\Lasse Kristensen\Application Data\Sports Interactive
2008-01-26 23:55    ---------    d-----w    C:\Documents and Settings\Lasse Kristensen\Application Data\GetRight
2008-01-18 10:54    ---------    d-----w    C:\Programmer\iTunes
2008-01-18 10:53    ---------    d-----w    C:\Programmer\iPod
2007-12-29 22:41    ---------    d-----w    C:\Programmer\AviSynth 2.5
2007-12-29 22:26    ---------    d-----w    C:\Documents and Settings\Lasse Kristensen\Application Data\Vso
2007-12-29 22:22    47,360    ----a-w    C:\WINDOWS\system32\drivers\pcouffin.sys
2007-12-29 22:22    47,360    ----a-w    C:\Documents and Settings\Lasse Kristensen\Application Data\pcouffin.sys
2007-12-29 22:22    ---------    d-----w    C:\Programmer\vso
2007-12-18 09:51    179,584    ----a-w    C:\WINDOWS\system32\drivers\mrxdav.sys
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-26 17:53 15360]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="C:\Programmer\NavNT\vptray.exe" [2002-03-29 15:14 73728]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Cmaudio"="cmicnfg.cpl" []
"VTTimer"="VTTimer.exe" [2005-03-07 20:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-03-11 10:33 147456 C:\WINDOWS\system32\VTTrayp.exe]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 02:23 75520]
"TkBellExe"="C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" [ ]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-26 17:53 15360]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office\OSA9.EXE [1999-02-18 04:05:56 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Lasse Kristensen^Menuen Start^Programmer^Start^DirectDVD Update Manager.lnk]
path=C:\Documents and Settings\Lasse Kristensen\Menuen Start\Programmer\Start\DirectDVD Update Manager.lnk
backup=C:\WINDOWS\pss\DirectDVD Update Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Lasse Kristensen^Menuen Start^Programmer^Start^Last.fm Helper.lnk]
path=C:\Documents and Settings\Lasse Kristensen\Menuen Start\Programmer\Start\Last.fm Helper.lnk
backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Console]


S3 SER120;Nokia CA-42 Serial port driver;C:\WINDOWS\system32\DRIVERS\SER120.sys [2005-03-22 03:03]
S3 ss_bus;Samsung Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-01-24 14:38]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-01-24 14:38]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-01-24 14:38]
S3 usb2vcom;Nokia CA-42 USB;C:\WINDOWS\system32\DRIVERS\usb2vcom.sys [2005-05-25 04:24]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-05 20:13:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 23:11:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\NavLogon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\NavNT\defwatch.exe
C:\Programmer\NavNT\rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-02-15 23:13:23 - machine was rebooted [Lasse Kristensen]
ComboFix-quarantined-files.txt  2008-02-15 22:13:21
.
2008-02-13 14:37:32    --- E O F --- 
-----------------------------------------------------------------


4: SuperAntiSpyware
-----------------------------------------------------------------
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/15/2008 at 02:12 AM

Application Version : 3.9.1008

Core Rules Database Version : 3334
Trace Rules Database Version: 1335

Scan type      : Complete Scan
Total Scan Time : 04:01:44

Memory items scanned      : 173
Memory threats detected  : 0
Registry items scanned    : 5245
Registry threats detected : 0
File items scanned        : 72004
File threats detected    : 2

Adware.Tracking Cookie
    C:\Documents and Settings\Lasse Kristensen\Cookies\lasse kristensen@ads.adbrite[1].txt
    C:\Documents and Settings\Lasse Kristensen\Cookies\lasse kristensen@adbrite[1].txt

-----------------------------------------------------------------


Håber virkeligt i kan hjælpe mig

Hilsen Lasse