Søg
Avatar billede daki Juniormester
23. april 2008 - 11:43 Der er 12 kommentarer og
1 løsning

Rensning af computer - check af logfiler

Hej

Jeg er ved at få styr påminbrors computer, idet jeg følger denne vejledning http://www.eksperten.dk/artikler/1123
Men nør jeg vil installere SuperAntiSpyware får jeg at vide, at 'Evaluation Periode Expired'.

Hvordan kommer jeg videre?
Kan jeg bare køre hijackthis og Combofix inden SuperAntiSpyware eller skal de køres i nævnte rækkefølge?

/dan
Avatar billede nva Praktikant
23. april 2008 - 12:58 #1
Mon ikke du har fået fat i betalingsversionen? Her er den gratis http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
HiJackThis bør køres efter SAS, så der er ryddet så meget snavs væk som muligt.
Avatar billede daki Juniormester
23. april 2008 - 13:07 #2
Måske !!!
Men den er hentet i linket fra artiklen :-)

/dan
Avatar billede Slettet bruger
23. april 2008 - 13:19 #3
Har lige tjekket,linket i artiklen henviser til Pro versionen,  burde det ikke rettes ???
Avatar billede Slettet bruger
23. april 2008 - 13:21 #4
Glemte til SUPERANTISPYWAREFREE
Avatar billede nva Praktikant
23. april 2008 - 13:25 #5
Det burde det måske nok, da dem der har haft PRO versionen på deres PC, vil få samme problem som du fik. Du kan jo skrive det som en kommentar under artiklen, så forfatteren ser det.
Avatar billede Slettet bruger
23. april 2008 - 13:28 #6
Jeg har ikke problemet, har SUPERANTISPYWAREFREE
Avatar billede daki Juniormester
23. april 2008 - 16:42 #7
Har nu scannet og renset med SuperAntiSpyware.
Hvilket har resulteret i, at jeg kun kan starte i fejlsikret med eller uden netværk.

Efter kørsel af Combofix ville computeren godt starte normal, derfor:
Comboxfix er kørt i fejlskret, Hijackthis i normal.

/dan


Logs:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/23/2008 at 04:07 PM

Application Version : 4.0.1154

Core Rules Database Version : 3445
Trace Rules Database Version: 1437

Scan type      : Complete Scan
Total Scan Time : 02:08:17

Memory items scanned      : 189
Memory threats detected  : 1
Registry items scanned    : 6927
Registry threats detected : 42
File items scanned        : 22143
File threats detected    : 159

Adware.Vundo Variant/Resident
    C:\WINDOWS\SYSTEM32\WVUMDSTS.DLL
    C:\WINDOWS\SYSTEM32\WVUMDSTS.DLL

Trojan.Unclassified/Multi-Dropper (Packed)
    [uX0uTWuYYP] C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\DOTOTWRQ\HIRMXIZQ.EXE
    C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\DOTOTWRQ\HIRMXIZQ.EXE
    C:\WINDOWS\Prefetch\HIRMXIZQ.EXE-23B927EA.pf

Adware.Vundo Variant
    HKLM\Software\Classes\CLSID\{02715E47-5A8E-495B-8F63-0D30470B8E72}
    HKCR\CLSID\{02715E47-5A8E-495B-8F63-0D30470B8E72}
    HKCR\CLSID\{02715E47-5A8E-495B-8F63-0D30470B8E72}\InprocServer32
    HKCR\CLSID\{02715E47-5A8E-495B-8F63-0D30470B8E72}\InprocServer32#ThreadingModel
    C:\WINDOWS\SYSTEM32\NNNOMCRP.DLL
    HKLM\Software\Classes\CLSID\{2EBC25FD-CDC9-4354-B220-2B7BFCBB28D3}
    HKCR\CLSID\{2EBC25FD-CDC9-4354-B220-2B7BFCBB28D3}
    HKCR\CLSID\{2EBC25FD-CDC9-4354-B220-2B7BFCBB28D3}
    HKCR\CLSID\{2EBC25FD-CDC9-4354-B220-2B7BFCBB28D3}\InprocServer32
    HKCR\CLSID\{2EBC25FD-CDC9-4354-B220-2B7BFCBB28D3}\InprocServer32#ThreadingModel
    HKCR\CLSID\{2EBC25FD-CDC9-4354-B220-2B7BFCBB28D3}\ProgID
    HKCR\CLSID\{2EBC25FD-CDC9-4354-B220-2B7BFCBB28D3}\Programmable
    HKCR\CLSID\{2EBC25FD-CDC9-4354-B220-2B7BFCBB28D3}\TypeLib
    HKCR\CLSID\{2EBC25FD-CDC9-4354-B220-2B7BFCBB28D3}\VersionIndependentProgID
    C:\WINDOWS\VNBPTXLF.DLL
    HKCR\CLSID\{02715E47-5A8E-495B-8F63-0D30470B8E72}

Unclassified.Unknown Origin
    HKLM\Software\Classes\CLSID\{0656A137-B161-CADD-9777-E37A75727E78}
    HKLM\Software\Classes\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
    HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}
    HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32
    HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\InprocServer32#ThreadingModel
    C:\WINDOWS\SYSTEM32\RQRHXVUL.DLL
    HKU\S-1-5-21-1343024091-1960408961-839522115-1004\Software\Classes\CLSID\{0656A137-B161-CADD-9777-E37A75727E78}
    HKCR\CLSID\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}
    HKCR\CLSID\{0656A137-B161-CADD-9777-E37A75727E78}

Adware.Vundo-Variant
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17F32BBB-A8F1-4D94-8E2F-CCDD1EBD23C5}
    HKCR\CLSID\{17F32BBB-A8F1-4D94-8E2F-CCDD1EBD23C5}
    HKCR\CLSID\{17F32BBB-A8F1-4D94-8E2F-CCDD1EBD23C5}\InprocServer32
    HKCR\CLSID\{17F32BBB-A8F1-4D94-8E2F-CCDD1EBD23C5}\InprocServer32#ThreadingModel

Adware.Tracking Cookie
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@doubleclick[3].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@track.adform[4].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@protect.trustedantivirus[7].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@adnetserver[4].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@clickbank[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@partygaming.122.2o7[3].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@stat.dealtime[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@zedo[3].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@insightexpressai[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@adrevolver[3].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@adtech[3].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@partypoker[4].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@protect.trustedantivirus[4].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@int.sitestat[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@ad1.emediate[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@anad.tacoda[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@www.system-defender[3].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@questionmarket[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@mediaplex[3].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@apmebf[3].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@statse.webtrendslive[4].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@clicktorrent[3].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@shopping.112.2o7[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@pacificpoker[3].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@atdmt[4].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@adopt.specificclick[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@www.burstnet[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@adbrite[3].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@specificclick[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@burstnet[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@media.adrevolver[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@ad.yieldmanager[4].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@casalemedia[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@ehg-sigames.hitbox[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@pacificpoker[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@ad.yieldmanager[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@ad.yieldmanager[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@partygaming.122.2o7[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@partygaming.122.2o7[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@ads.dk-kogebogen[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@adnetserver[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@adnetserver[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@mediaplex[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@mediaplex[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@eas4.emediate[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@ad.bolddk[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@www.ticketsnow2[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@www.pornospasserforum[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@yadro[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@teliasonera.112.2o7[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@partner.smartresponse-media[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@media.adrevolver[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@media.adrevolver[3].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@eas.apm.emediate[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@fastclick[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@counter.hitslink[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@pro-market[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@ads.planetactive[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@ads.habbohotel[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@ads2.jubii[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@clickbank[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@adserver.adservinginternational[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@hitbox[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@revsci[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@2o7[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@hitbox[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@ehg-deltatre.hitbox[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@ehg-pcsecurityshield.hitbox[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@kontera[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@server.iad.liveperson[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@bs.serving-sys[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@partypoker[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@partypoker[3].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@tribalfusion[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@serving-sys[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@www.media-ads[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@incentaclick[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@directtrack[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@www.livewebstats[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@www.zanox-affiliate[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@adrevolver[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@www.incentaclick[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@track.adform[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@track.adform[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@ads.sun[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@cpvfeed[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@free-porn[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@adbrite[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@adserver.adtech[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@ehg-segaofamerica.hitbox[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@bfast[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@atdmt[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@atdmt[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@tradedoubler[3].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@tradedoubler[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@ad.zanox[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@statse.webtrendslive[3].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@advertising[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@advertising[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@clicktorrent[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@ad.zanox[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@statse.webtrendslive[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@adtech[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@apmebf[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@doubleclick[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@doubleclick[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@adtech[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@date.ventivmedia[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@angleinteractive.directtrack[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@zedo[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@ad1.emediate[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@ads.revsci[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@e2.emediate[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@ilead.itrack[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@statcounter[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@imrworldwide[2].txt

Browser Hijacker.Internet Explorer Settings Hijack
    HKU\S-1-5-21-1343024091-1960408961-839522115-1004\Software\Microsoft\Internet Explorer\Main#Start Page [ http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 ]

Trojan.DNSChanger-Codec
    HKU\S-1-5-21-1343024091-1960408961-839522115-1004\Software\uninstall

Desktop Hijacker.AboutYourPrivacy
    C:\WINDOWS\privacy_danger\images\capt.gif
    C:\WINDOWS\privacy_danger\images\danger.jpg
    C:\WINDOWS\privacy_danger\images\down.gif
    C:\WINDOWS\privacy_danger\images\spacer.gif
    C:\WINDOWS\privacy_danger\images
    C:\WINDOWS\privacy_danger\index.htm
    C:\WINDOWS\privacy_danger
    C:\Documents and Settings\Kim Kirk\Skrivebord\Error Cleaner.url
    C:\Documents and Settings\Kim Kirk\Skrivebord\Privacy Protector.url
    C:\Documents and Settings\Kim Kirk\Skrivebord\Spyware&Malware Protection.url
    C:\Documents and Settings\Kim Kirk\Foretrukne\Error Cleaner.url
    C:\Documents and Settings\Kim Kirk\Foretrukne\Privacy Protector.url
    C:\Documents and Settings\Kim Kirk\Foretrukne\Spyware&Malware Protection.url

Trojan.Net-MU/Gen
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#uninstallString

Malware.LocusSoftware Inc/PCPrivacyTool
    HKLM\Software\Purchased Products
    HKLM\Software\Purchased Products\System Error Repair
    HKLM\Software\Purchased Products\System Error Repair#domain
    HKLM\Software\Purchased Products\System Error Repair#pname
    HKLM\Software\Purchased Products\System Error Repair#cname

Rogue.NoWayVirus
    HKLM\Software\NoWayVirus
    HKLM\Software\NoWayVirus#ProductCode
    HKLM\Software\NoWayVirus#InstallDate

Trojan.Net-QDN/NMC
    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#qdnkewfa [ {928AAA33-25A0-46D1-A564-C1160F2023FF} ]
    C:\WINDOWS\QDNKEWFA.DLL

Trojan.Net-MGS/NMC
    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#mgsvflkw [ {AB18E903-7718-423B-B209-66EA79D5BC84} ]
    C:\WINDOWS\MGSVFLKW.DLL

Adware.INetDelivery
    C:\Programmer\Inet Delivery\inetdl.exe
    C:\Programmer\Inet Delivery\intdel.exe
    C:\Programmer\Inet Delivery
    C:\Programmer\akl\akl.dll
    C:\Programmer\akl\akl.exe
    C:\Programmer\akl\uninstall.exe
    C:\Programmer\akl\unsetup.exe
    C:\Programmer\akl

Adware.SXGAdvisor-A
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B7C1531D-66C3-4B3A-AAB9-011A9989C112}\RP84\A0012673.DLL
    D:\DD2\BACKUPS\BACKUP-20080412-145107-375.DLL
    D:\RECYCLER\S-1-5-21-1343024091-1960408961-839522115-1004\DD2\BACKUPS\BACKUP-20080412-145107-375.DLL

Adware.Vundo-Variant/Small-A
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B7C1531D-66C3-4B3A-AAB9-011A9989C112}\RP85\A0013698.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B7C1531D-66C3-4B3A-AAB9-011A9989C112}\RP89\A0013916.DLL
    C:\WINDOWS\SYSTEM32\KEQERFPJ.DLL
    C:\WINDOWS\SYSTEM32\WIICGESP.DLL

Adware.Vundo-Variant/H
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B7C1531D-66C3-4B3A-AAB9-011A9989C112}\RP90\A0013939.DLL

Trojan.Unclassified/Multi-Dropper
    C:\WINDOWS\SYSTEM32\BONGBKVQ.EXE
    C:\WINDOWS\Prefetch\BONGBKVQ.EXE-35B8CA86.pf

Trojan.Unclassified/MRT-Fake
    C:\WINDOWS\SYSTEM32\NESRWMBU.DLL
    C:\WINDOWS\SYSTEM32\TVRCDDMK.DLL
    C:\WINDOWS\SYSTEM32\WJRIJSXF.DLL
    C:\WINDOWS\SYSTEM32\YHTASJMS.DLL
----------
Logfile of HijackThis v1.99.1
Scan saved at 16:37, on 2008-04-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
H:\Check computer\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Programmer\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Programmer\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Programmer\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Programmer\BitComet\BitComet.exe/AddAllLink.htm
O10 - Unknown file in Winsock LSP: c:\programmer\bonjour\mdnsnsp.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FLLESF~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: nnnoMCrp - nnnoMCrp.dll (file missing)
O20 - Winlogon Notify: rqRHxvUl - rqRHxvUl.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
----------
ComboFix 08-04-22.1 - Kim Kirk 2008-04-23 16:25:02.2 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.783 [GMT 2:00]
Running from: H:\Check computer\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Kim Kirk\Skrivebordblackbird.jpg
C:\Documents and Settings\Kim Kirk\SkrivebordEditorFKWP1.5.exe
C:\Documents and Settings\Kim Kirk\SkrivebordEditorFKWP2.0.exe
C:\Documents and Settings\Kim Kirk\Skrivebordfilemanagerclient.exe
C:\Documents and Settings\Kim Kirk\Skrivebordfkwp1.5.exe
C:\Documents and Settings\Kim Kirk\Skrivebordfkwp2.0.exe
C:\Documents and Settings\Kim Kirk\Skrivebordfwebd.exe
C:\Documents and Settings\Kim Kirk\SkrivebordFWebdEditor.exe
C:\Documents and Settings\Kim Kirk\SkrivebordTrojan.Win32.BlackBird.exe
C:\Documents and Settings\Kim Kirk\Skrivebordvirii
C:\Programmer\PC-Cleaner
C:\Programmer\PC-Cleaner\com\pcsd.dll
C:\Programmer\PC-Cleaner\Uninstall.exe
C:\WINDOWS\a.bat
C:\WINDOWS\apoxqwfv.exe
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mslagent
C:\WINDOWS\mslagent\2_mslagent.dll
C:\WINDOWS\mslagent\mslagent.exe
C:\WINDOWS\mslagent\uninstall.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\ifqwsirt.ini
C:\WINDOWS\system32\jpfreqek.ini
C:\WINDOWS\system32\StsDMUvw.ini
C:\WINDOWS\system32\StsDMUvw.ini2
C:\WINDOWS\system32\yexjjfhx.ini
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32smp
C:\WINDOWS\system32smp\msrc.exe
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32VBIEWER.OCX
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\Web\def.htm
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp

----- BITS: Possible infected sites -----

hxxp://83.91.17.76
.
(((((((((((((((((((((((((  Files Created from 2008-03-23 to 2008-04-23  )))))))))))))))))))))))))))))))
.

2008-04-23 13:36 .     <DIR>        C:\Programmer\Fælles filer\Wise Installation Wizard
2008-04-23 12:55 . 2008-04-23 12:55    0    --a------    C:\rollback.ini
2008-04-23 12:51 . 2008-04-23 12:51    <DIR>    d--------    C:\Documents and Settings\Kim Kirk\Application Data\MailFrontier
2008-04-23 12:48 . 2008-04-23 16:30    1,876,256    --ahs----    C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-23 12:48 . 2008-04-23 13:50    32,348    --ahs----    C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-23 12:44 . 2008-04-23 12:44    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-23 12:44 . 2007-11-14 16:05    75,248    --a------    C:\WINDOWS\zllsputility.exe
2008-04-23 12:44 . 2004-04-27 04:40    11,264    --a------    C:\WINDOWS\system32\SpOrder.dll
2008-04-23 12:44 . 2008-04-23 12:51    4,212    ---h-----    C:\WINDOWS\system32\zllictbl.dat
2008-04-23 12:43 . 2008-04-23 12:43    <DIR>    d--------    C:\Programmer\Zone Labs
2008-04-23 12:42 . 2008-04-23 16:28    <DIR>    d--------    C:\WINDOWS\Internet Logs
2008-04-23 12:19 . 2008-04-23 12:20    1,540,617    ---hs----    C:\WINDOWS\system32\psegciiw.ini
2008-04-23 11:33 . 2008-04-23 13:36    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-04-23 11:33 . 2008-04-23 13:36    <DIR>    d--------    C:\Documents and Settings\Kim Kirk\Application Data\SUPERAntiSpyware.com
2008-04-23 11:15 . 2008-04-23 11:15    <DIR>    d--------    C:\Programmer\CCleaner
2008-04-12 14:48 . 2008-04-12 14:48    <DIR>    d--------    C:\Programmer\Yahoo!
2008-04-12 01:16 . 2008-04-12 14:49    <DIR>    d--------    C:\Documents and Settings\Kim Kirk\Application Data\TmpRecentIcons
2008-04-11 23:58 . 2008-04-11 23:58    <DIR>    d--------    C:\Documents and Settings\Kim Kirk\Application Data\PC-Cleaner
2008-04-11 23:54 . 2008-04-23 16:08    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\dototwrq
2008-04-04 22:19 . 2008-04-12 09:04    54,156    --ah-----    C:\WINDOWS\QTFont.qfn
2008-04-04 22:19 . 2008-04-04 22:19    1,409    --a------    C:\WINDOWS\QTFont.for
2008-04-04 22:18 . 2008-04-04 22:18    <DIR>    d--------    C:\Programmer\iTunes
2008-04-04 22:18 . 2008-04-04 22:18    <DIR>    d--------    C:\Programmer\iPod
2008-04-04 22:17 . 2008-04-04 22:17    <DIR>    d--------    C:\Programmer\QuickTime
2008-04-04 14:17 . 2008-04-04 14:17    <DIR>    d--------    C:\Programmer\NeroInstall.bak
2008-04-04 14:16 . 2008-04-04 14:16    <DIR>    d--------    C:\Documents and Settings\Kim Kirk\Application Data\Nero
2008-04-04 14:12 .     <DIR>        C:\Programmer\Fælles filer\Nero
2008-04-04 14:12 . 2008-04-04 14:12    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Nero
2008-03-28 23:37 . 2008-03-28 23:37    90,112    --a------    C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37    57,344    --a------    C:\WINDOWS\system32\QuickTime.qts
2008-03-25 15:38 . 2008-04-23 12:32    <DIR>    d--------    C:\Spil
2008-03-24 23:45 . 2008-03-24 23:45    <DIR>    d--------    C:\Programmer\directx

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-23 11:51    141,824    ----a-w    C:\WINDOWS\Internet Logs\xDB1.tmp
2008-04-23 11:51    1,789,952    ----a-w    C:\WINDOWS\Internet Logs\xDB2.tmp
2008-04-13 09:55    ---------    d-----w    C:\Documents and Settings\Kim Kirk\Application Data\Azureus
2008-04-12 13:02    ---------    d-----w    C:\Programmer\Azureus
2008-04-12 12:51    ---------    d-----w    C:\Programmer\Windows Live Toolbar
2008-04-04 12:12    ---------    d-----w    C:\Programmer\Nero
2008-04-04 12:05    ---------    d-----w    C:\Programmer\Fælles filer\Ahead
2008-04-04 11:29    360,064    ----a-w    C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-04 11:28    2,560    ----a-w    C:\WINDOWS\system32\bitcometres.dll
2008-04-04 11:28    ---------    d-----w    C:\Programmer\BitComet
2008-04-04 11:00    ---------    d-----w    C:\Documents and Settings\Kim Kirk\Application Data\Apple Computer
2008-04-01 10:44    ---------    d-----w    C:\Programmer\Java
2008-03-21 21:41    ---------    d-----w    C:\Programmer\Safari
2008-03-17 11:49    ---------    d-----w    C:\Programmer\Fælles filer\Adobe
2008-03-17 11:22    ---------    d-----w    C:\Programmer\Windows Live Safety Center
2008-03-07 10:24    ---------    d-----w    C:\Documents and Settings\Kim Kirk\Application Data\InterVideo
2008-03-07 10:22    209,637    ----a-w    C:\WINDOWS\IPUI_DivXG400.exe
2008-03-07 10:22    ---------    d-----w    C:\Programmer\Fælles filer\InterVideo
2008-03-07 10:21    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2008-03-07 10:21    ---------    d-----w    C:\Programmer\InterVideo
2008-03-07 10:20    ---------    d-----w    C:\Programmer\XviD
2008-03-07 10:19    ---------    d-----w    C:\Programmer\DivX
2008-03-06 22:19    ---------    d-----w    C:\Programmer\Sports Interactive
2008-03-04 11:27    ---------    d-----w    C:\Programmer\Windows Live
2008-03-04 11:26    ---------    d-----w    C:\Programmer\Microsoft SQL Server Compact Edition
2008-03-04 11:25    ---------    d-----w    C:\Programmer\Windows Live Favorites
2008-03-04 11:23    ---------    dcsh--w    C:\Programmer\Fælles filer\WindowsLiveInstaller
2008-03-04 11:20    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-28 15:38    972,072    ----a-w    C:\WINDOWS\UNNeroMediaHome.exe
2008-02-26 14:14    972,072    ----a-w    C:\WINDOWS\UNRecode.exe
2008-02-24 19:02    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-18 14:04    95,600    ----a-w    C:\WINDOWS\system32\NeroCo.dll
2008-01-29 10:02    107,368    ----a-w    C:\WINDOWS\system32\GEARAspi.dll
2003-04-22 09:24    16,606    ----a-w    C:\Documents and Settings\Kim Kirk\hpomdl01.dat
2003-04-09 12:13    577,536    ----a-w    C:\Documents and Settings\Kim Kirk\Setup.exe
2003-03-09 20:30    274,432    ----a-w    C:\Documents and Settings\Kim Kirk\hpzglu07.exe
2003-03-09 20:30    237,568    ----a-w    C:\Documents and Settings\Kim Kirk\hpzc3212.dll
2003-03-09 20:30    184,320    ----a-w    C:\Documents and Settings\Kim Kirk\hpzscr07.dll
2003-03-09 20:30    16,352    ----a-w    C:\Documents and Settings\Kim Kirk\HPZUCI12.DLL
2002-09-09 17:48    458,752    ----a-w    C:\Documents and Settings\Kim Kirk\tls704d.dll
2002-09-09 17:48    22,608    ----a-w    C:\Documents and Settings\Kim Kirk\usbprint.sys
2002-09-09 17:48    12,288    ----a-w    C:\Documents and Settings\Kim Kirk\usbmon.dll
2002-09-09 17:47    70,656    ----a-w    C:\Documents and Settings\Kim Kirk\msvcirt.dll
2002-09-09 17:47    254,005    ----a-w    C:\Documents and Settings\Kim Kirk\msvcrt.dll
2002-09-09 17:47    212,992    ----a-w    C:\Documents and Settings\Kim Kirk\hpzpnp07.dll
2002-09-09 17:46    49,212    ----a-w    C:\Documents and Settings\Kim Kirk\hpzjvp01.dll
2002-09-09 17:46    417,849    ----a-w    C:\Documents and Settings\Kim Kirk\hpzjpp01.dll
2002-09-09 17:46    28,722    ----a-w    C:\Documents and Settings\Kim Kirk\hpzjlog.dll
2002-09-09 17:46    249,913    ----a-w    C:\Documents and Settings\Kim Kirk\hpzjut01.dll
2002-09-06 09:54    995,383    ----a-w    C:\Documents and Settings\Kim Kirk\MFC42.DLL
2008-01-20 16:08    32,768    --sha-w    C:\WINDOWS\system32\config\systemprofile\Lokale indstillinger\Oversigt\History.IE5\MSHist012008012020080121\index.dat
.

------- Sigcheck -------

2006-04-20 14:18  360576  b2220c618b42a2212a59d91ebd6fc4b4    C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53  360832  64798ecfa43d78c7178375fcdd16d8c8    C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-01-23 20:37  359040  a14fafd66adbd55a86f17a37e5ec4263    C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-04-04 13:29  360064  cda1df697530378413219713085d67b4    C:\WINDOWS\system32\dllcache\tcpip.sys
2008-04-04 13:29  360064  cda1df697530378413219713085d67b4    C:\WINDOWS\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 14:00 15360]
"BitComet"="C:\Programmer\BitComet\BitComet.exe" [2008-03-25 08:38 2196280]
"msnmsgr"="C:\Programmer\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 14:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-27 14:00 44544]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnoMCrp]
nnnoMCrp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRHxvUl]
rqRHxvUl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= L3CODECP.ACM
"vidc.ap41"= apmpg4v1.dll
"vidc.divf"= divx412.dll
"vidc.div3"= DivXc32.dll
"vidc.div4"= DivXc32f.dll
"vidc.hfyu"= huffyuv.dll
"msacm.DivXa32"= DivXa32.acm
"msacm.lameacm"= lameACM.dll
"vidc.mjpg"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv
"vidc.xvid"= xvid.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmer\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Programmer\\Internet Explorer\\iexplore.exe"=
"C:\\Programmer\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"14366:TCP"= 14366:TCP:BitComet 14366 TCP
"14366:UDP"= 14366:UDP:BitComet 14366 UDP

R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 14:53]
R2 fsssvc;Windows Live OneCare Familiesikkerhed;"C:\Programmer\Windows Live\Familiesikkerhed\fsssvc.exe" [2007-10-17 14:53]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 13:50]
S3 naecd;naecd;C:\DOCUME~1\KIMKIR~1\LOKALE~1\Temp\naecd.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-04-11 13:46:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2008-04-23 11:23:01 C:\WINDOWS\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
----------
Avatar billede nva Praktikant
24. april 2008 - 08:04 #8
Du skal lige hente den nyeste HiJackThis http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Jeg synes jeg så noge Vundo i dine logs, så for en sikkerheds skyld kan du gøre dette (med tak til Ejvind):

-- Download dette fix til rodbiblioteket på din computer (som regel c:\):
http://www.atribune.org/ccount/click.php?id=4

-- Dobbeltklik på VundoFix.exe for at køre det. Klik på "Scan for Vundo"-knappen. Når programmet er færdig med at scanne, skal du klikke på "Remove Vundo"-knappen

Du vil så blive spurgt om du er sikker på, at du vil fjerne filerne. Her skal du klikke på "Yes". Herefter bliver dit skrivebord blankt, og fixet vil forsøge at fjerne Vundo. Når den er færdig, vil værktøjet have lov til at genstarte computeren. Det skal du acceptere.

Genstart herefter computeren, og lav en ny log med HJT, som du lægger herind. Læg også indholdet af denne fil herind: C:\vundofix.txt

Bemærk: Det er muligt at Vundofix ved første scanning finder en fil, som den ikke kan fjerne i første omgang. Så vil Vundofixet genstarte, og fortsætte efter genstarten. HVis dette sker, skal du bare følge instruksionerne ovenfor efter genstarten (startende med "Klik på Scan for Vundo-knappen")

Du bør fixe:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O20 - Winlogon Notify: nnnoMCrp - nnnoMCrp.dll (file missing)
O20 - Winlogon Notify: rqRHxvUl - rqRHxvUl.dll (file missing)

og så ville jeg afinstaller Bitcomet
Avatar billede daki Juniormester
24. april 2008 - 11:46 #9
BitComet vil blive fjernet :-)

/dan


nye logs:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37, on 2008-04-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\BitComet\BitComet.exe
C:\Programmer\Windows Live\Messenger\msnmsgr.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Programmer\internet explorer\iexplore.exe
C:\VundoFix.exe
C:\WINDOWS\system32\wuauclt.exe
H:\Check computer\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmer\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecialAction
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Programmer\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Programmer\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Programmer\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Programmer\BitComet\BitComet.exe/AddAllLink.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208965498796
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 4217 bytes

----------

VundoFix V7.0.3

Scan started at 11:33:41 2008-04-24

Listing files found while scanning....

No infected files were found.

----------
Avatar billede nva Praktikant
24. april 2008 - 15:17 #10
Kør denne http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

O4 - HKCU\..\Run: [BitComet] "C:\Programmer\BitComet\BitComet.exe" /tray

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Programmer\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Programmer\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Programmer\BitComet\BitComet.exe/AddAllLink.htm
Avatar billede nva Praktikant
24. april 2008 - 15:26 #11
Glemte denne:

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
Avatar billede nva Praktikant
15. maj 2008 - 13:16 #12
Lægger et svar, som du bare afviser, hvis du ikke kunne bruge mit input.
Avatar billede daki Juniormester
19. maj 2008 - 07:56 #13
Tak for hjælpen....
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 08:19 Gendan W10 efter nulstillet computer Af barth i Andet software
08/0112:38 Kopiere fra stifinder Af hkprofil i Office & Kontorpakker
07/0118:18 jpg til jpeg Af Nysum i Billedbehandling
07/0113:19 Formateret USB Af arnepedersen i Backup- & Antivirus
05/0116:37 Mine højtalere siger "blop" under dvale. Af valby i Diverse
White papers
Flere white papers »