Check af HijackThis log

Jeg ser på det, øjeblik.

Puha - der er rigtig meget snavs. Derfor start med at følge vejledningen her: http://www.eksperten.dk/artikler/1123

Bagefter send loggen fra SuperAntiSpyware, Combofix og hijackthis herind, og så skal jeg nok lave en yderligere vejledning til dig, hvis det er nødvendigt.

Super, takker, det prøver jeg nu.

Så kom jeg så langt:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:51:37, on 06-07-2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\INKLAB\mfp.exe
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Programmer\HP\HP Software Update\HPWuSchd.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\WINDOWS\system32\internat.exe
C:\Programmer\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\InkLab\inklab.exe
C:\Programmer\InkLab\inetlink.exe
C:\Programmer\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMER\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1030,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Programmer\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Programmer\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Programmer\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Programmer\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: InkLab.lnk = C:\Programmer\InkLab\inklab.exe
O4 - Global Startup: Scan to mail (options).lnk = C:\Programmer\InkLab\inetlink.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Nordea Online investering 7 - https://www.onlineinvestering.nordea.dk/oiclient.cab
O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) - http://www.skylinesoft.com/interactive/TerraExplorer/Install/TEInstallPlugIn.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Connect Support Server - Unknown owner - C:\WINDOWS\btwdin.exe (file missing)
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Mfp - Unknown owner - C:\PROGRA~1\INKLAB\mfp.exe
O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\system32\irdvxc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 5612 bytes



ComboFix 08-07-05.1 - standard 06-07-2008 15:13:34.1 - FAT32x86
Microsoft Windows 2000 Professional  5.0.2195.4.1252.1.1030.18.118 [GMT 2:00]
Running from: C:\Documents and Settings\standard\Skrivebord\Henriksen\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\start.exe
C:\WINDOWS\system32\autorun.ini
C:\WINDOWS\Web\default.htt

.
(((((((((((((((((((((((((  Files Created from 2008-06-06 to 2008-07-06  )))))))))))))))))))))))))))))))
.

2008-07-06 15:22 . 08-07-06 15:22     16,384    --a----t-    C:\WINDOWS\SYSTEM32\Perflib_Perfdata_21c.dat
2008-07-06 13:19 . 08-07-06 13:19     <DIR>    d--------    C:\WINDOWS\All Users\Programdata\SUPERAntiSpyware.com
2008-07-06 13:19 . 08-07-06 13:19     <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-07-06 13:19 . 08-07-06 13:19     <DIR>    d--------    C:\Documents and Settings\standard\Application Data\SUPERAntiSpyware.com
2008-07-06 13:13 . 08-07-06 13:13     <DIR>    d--------    C:\Programmer\CCleaner
2008-07-06 13:12 . 03-06-19 21:05     30,768    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\disk.sys
2008-07-06 12:41 . 08-07-06 12:41     <DIR>    d--------    C:\Programmer\Trend Micro
2008-07-06 12:29 . 08-07-06 10:03     158,208    --a------    C:\WINDOWS\msconfig.exe
2008-07-05 15:16 . 08-07-05 15:16     <DIR>    d--------    C:\Programmer\Alwil Software
2008-07-05 13:36 . 08-07-05 13:36     <DIR>    d--------    C:\Programmer\Panda Security
2008-07-05 13:36 . 08-06-19 17:24     28,544    --a------    C:\WINDOWS\SYSTEM32\DRIVERS\pavboot.sys
2008-07-05 13:05 . 08-07-05 13:05     <DIR>    d--------    C:\WINDOWS\All Users\Programdata\Lavasoft
2008-07-05 13:05 .     <DIR>        C:\Programmer\Fælles filer\Wise Installation Wizard
2008-06-18 20:29 . 08-06-18 20:29     <DIR>    d--------    C:\WINDOWS\All Users\Programdata\TEMP

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-05 11:07    9,344    ----a-w    C:\WINDOWS\system32\drivers\NSDriver.sys
2008-07-05 11:07    8,064    ----a-w    C:\WINDOWS\system32\drivers\AWRTRD.sys
2008-07-05 11:07    5,376    ----a-w    C:\WINDOWS\system32\drivers\AWRTPD.sys
2008-07-05 11:07    12,632    ----a-w    C:\WINDOWS\SYSTEM32\lsdelete.exe
2008-05-27 13:18    95,536    ----a-w    C:\WINDOWS\SYSTEM32\sfc.dll
2008-05-27 13:18    41,744    ------w    C:\WINDOWS\SYSTEM32\FTP.EXE
2008-05-27 13:18    17,680    ------w    C:\WINDOWS\SYSTEM32\tftp.exe
2003-08-11 10:28    305    ---h--w    C:\Programmer\desktop.ini
2003-08-11 10:26    22,029    ---h--w    C:\Programmer\folder.htt
2004-06-25 06:38    1,682    --sha-w    C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
2004-06-25 06:38    56    --sh--r    C:\WINDOWS\SYSTEM32\64E9DB7742.sys
2003-08-21 06:21    551    --sha-r    C:\WINDOWS\SYSTEM32\systeem\SHR.bat
.

------- Sigcheck -------

02-08-23 00:00  7952  9e64ad53cfd9da2d22e8a924f8c6e62c    C:\WINDOWS\SYSTEM32\svchost.exe
02-08-23 01:00  7952  9e64ad53cfd9da2d22e8a924f8c6e62c    C:\WINDOWS\SYSTEM32\dllcache\svchost.exe

03-06-19 21:05  69904  aafe9791c3564ec0dc76b566c4188a6f    C:\WINDOWS\SYSTEM32\ws2_32.dll
02-08-23 00:00  68368  37c1c931399c27a5a5d3f55d3b5e29d1    C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
03-06-19 21:05  69904  aafe9791c3564ec0dc76b566c4188a6f    C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll

03-06-19 21:05  332144  5f1be742b1f2196663255991ae7acc83    C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys
02-08-23 00:00  329456  8b3cfa597a7b4ae984b8b7f21feff037    C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
03-06-19 21:05  332144  5f1be742b1f2196663255991ae7acc83    C:\WINDOWS\ServicePackFiles\i386\tcpip.sys

03-06-19 21:05  170928  fb4f2d0595bd3546a4dd915e4a9b4809    C:\WINDOWS\SYSTEM32\DRIVERS\ndis.sys
02-08-23 00:00  167344  880e0a9b181c05ab45f282ceec47b6b4    C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
03-06-19 21:05  170928  fb4f2d0595bd3546a4dd915e4a9b4809    C:\WINDOWS\ServicePackFiles\i386\ndis.sys

04-10-21 18:58  1704896  56d6b81d8c5f7ec9c476ad33f220161d    C:\WINDOWS\SYSTEM32\NTKRNLPA.EXE
04-10-21 18:58  1704896  56d6b81d8c5f7ec9c476ad33f220161d    C:\WINDOWS\SYSTEM32\dllcache\ntkrnlpa.exe
02-08-23 00:00  1687936  f504c1b862e57b89bc01d8d734c1c776    C:\WINDOWS\$NtUninstallQ811493$\ntkrnlpa.exe
02-12-12 14:43  1689408  eb652ecbbe9dab341b7dbcd58bb404fe    C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
03-06-19 21:05  1694656  62adf3f7bc1501bcdfcd1306ea95cd2e    C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
04-10-21 18:58  1704896  56d6b81d8c5f7ec9c476ad33f220161d    C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
04-03-24 03:26  1699840  8bd5f6683d79469bd6b859abaed87574    C:\WINDOWS\$NtUninstallKB840987$\ntkrnlpa.exe
03-06-19 21:05  1694656  62adf3f7bc1501bcdfcd1306ea95cd2e    C:\WINDOWS\$NtUninstallKB835732$\ntkrnlpa.exe
04-06-17 20:03  1704320  2d63e9667d0f8635c79520ed752824b6    C:\WINDOWS\$NtUninstallKB885835$\ntkrnlpa.exe

04-10-21 18:58  1681984  575e092b47879c640a5e737bfda157fd    C:\WINDOWS\SYSTEM32\NTOSKRNL.EXE
04-10-21 18:58  1681984  575e092b47879c640a5e737bfda157fd    C:\WINDOWS\SYSTEM32\dllcache\ntoskrnl.exe
02-08-23 00:00  1713296  fa86430f013ffb335022e1168a5e82cc    C:\WINDOWS\$NtUninstallQ811493$\ntoskrnl.exe
02-12-12 14:43  1667520  5a630075b24d16d1fd0298838aec0e5e    C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
03-06-19 21:05  1719632  6db3dd3be4018021a17ecb4b399ce740    C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
04-10-21 18:58  1681984  575e092b47879c640a5e737bfda157fd    C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
04-03-24 03:26  1726608  fdaf1afd92afcc93feff17721d541a33    C:\WINDOWS\$NtUninstallKB840987$\ntoskrnl.exe
03-06-19 21:05  1719632  6db3dd3be4018021a17ecb4b399ce740    C:\WINDOWS\$NtUninstallKB835732$\ntoskrnl.exe
04-06-17 20:03  1681536  da996152fcc0fce87cc223e947a83637    C:\WINDOWS\$NtUninstallKB885835$\ntoskrnl.exe

03-06-19 21:05  243472  23f39fac3bcbd1ecfc01061329a60b5b    C:\WINDOWS\explorer.exe
03-06-19 21:05  243472  23f39fac3bcbd1ecfc01061329a60b5b    C:\WINDOWS\ServicePackFiles\i386\explorer.exe

03-06-19 21:05  89360  b51c27c8c0e5fbd681f9906756b44e38    C:\WINDOWS\SYSTEM32\SERVICES.EXE
02-08-23 00:00  88848  6264d0d483ee255f4f135d442895c808    C:\WINDOWS\$NtServicePackUninstall$\services.exe
03-06-19 21:05  89360  b51c27c8c0e5fbd681f9906756b44e38    C:\WINDOWS\ServicePackFiles\i386\services.exe

04-03-24 03:26  34576  0e368b09a8a52c62961ecc9148834aa0    C:\WINDOWS\SYSTEM32\LSASS.EXE
04-03-24 03:26  34576  0e368b09a8a52c62961ecc9148834aa0    C:\WINDOWS\SYSTEM32\dllcache\lsass.exe
02-08-23 00:00  34576  e211c3ba7ca3e36d4741d66c6c632648    C:\WINDOWS\$NtUninstallQ329115$\lsass.exe
02-11-11 15:45  34576  2fb6caaf1f499d91368f5e4131398348    C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
03-06-19 21:05  34576  f15d72dd30f69c13fd8f298dae2d0c20    C:\WINDOWS\ServicePackFiles\i386\lsass.exe
03-06-19 21:05  34576  f15d72dd30f69c13fd8f298dae2d0c20    C:\WINDOWS\$NtUninstallKB835732$\lsass.exe

03-06-19 21:05  45328  4bc9d3982f0386b1b96a0b87ddf30740    C:\WINDOWS\SYSTEM32\spoolsv.exe
02-08-23 01:00  45328  c3481609d395df47a7d5d4edbcc6d47c    C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
03-06-19 21:05  45328  4bc9d3982f0386b1b96a0b87ddf30740    C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
04-12-10 10:27     2367760    --a------    c:\WINDOWS\system32\SHELL32.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [08-02-29 16:03  1481968]
"internat.exe"="internat.exe" [02-08-23 00:00  20752 C:\WINDOWS\SYSTEM32\internat.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pdfFactory Dispatcher v2"="C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [04-05-27 13:20  442368]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPWuSchd.exe" [03-08-04 17:28  49152]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [07-07-12 04:00  132496]
"Dell Photo AIO Printer 922"="C:\Programmer\Dell Photo AIO Printer 922\dlbtbmgr.exe" [04-06-18 16:30  290816]
"Synchronization Manager"="mobsync.exe" [03-06-19 21:05  111888 C:\WINDOWS\SYSTEM32\mobsync.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Programmer\Symantec\LiveUpdate\ALUNotify.exe" [04-12-14 12:24  263824]
"internat.exe"="internat.exe" [02-08-23 00:00  20752 C:\WINDOWS\SYSTEM32\internat.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Programmer\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 21:05  187664]

C:\Documents and Settings\standard\Menuen Start\Programmer\Start\
Picture Motion Browser Media Check Tool.lnk - C:\Programmer\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-12-26 18:44:16 344064]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
InkLab.lnk - C:\Programmer\InkLab\inklab.exe [2005-11-25 17:03:26 598528]
Scan to mail (options).lnk - C:\Programmer\InkLab\inetlink.exe [2005-11-25 17:03:41 70144]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmer\SUPERAntiSpyware\SASSEH.DLL" [06-12-20 12:55  77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
07-04-19 12:41  294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nwprovau]
03-06-19 21:05  140048 C:\WINDOWS\SYSTEM32\NWPROVAU.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll
"VIDC.VDOM"= vdowave.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages    REG_MULTI_SZ      msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [08-06-19 17:24 ]
R0 SONYPVM1;Sony Memory Stick Driver(SONYPVM1);C:\WINDOWS\system32\DRIVERS\SONYPVM1.SYS [06-10-30 13:46 ]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [08-05-16 01:20 ]
R2 aswMon;avast! Standard Shield Support;C:\WINDOWS\system32\drivers\aswMon.sys [08-01-17 18:34 ]
R2 lfmf84nt;Lfmf84nt;C:\WINDOWS\system32\Lfmf84nt.sys [01-02-23 10:25 ]
R2 Mfp;Mfp;C:\PROGRA~1\INKLAB\mfp.exe [02-02-06 13:58 ]
R3 openhci;Driver til Microsoft USB åben værtscontroller;C:\WINDOWS\system32\DRIVERS\openhci.sys [03-06-19 21:05 ]
R3 SiSV;SiSV;C:\WINDOWS\system32\DRIVERS\SiSV.sys [99-09-28 04:02 ]
S2 Bluetooth Connect Support Server;Bluetooth Connect Support Server;C:\WINDOWS\btwdin.exe []
S2 MSDisk;Network helper Service;C:\WINDOWS\system32\irdvxc.exe []

*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS
.
Contents of the 'Scheduled Tasks' folder
"2008-07-05 20:19:02 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Programmer\Symantec\LiveUpdate\NDETECT.EXE
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ffqvss - grwfsrs.exe
HKCU-Run-gqvqevs - seeffkme.exe
HKCU-Run-Ultra Edit v5.1 - ultraedit.exe
HKCU-Run-gqgqqger - gqgeqegl.exe
HKCU-Run-Mfqneqfeb - vdddwq.exe
HKCU-Run-DfqwSfS - ffsqsd.exe
HKCU-Run-RagesCamera - Ragesn.exe
HKCU-Run-MSDatabla - vadaSq.exe
HKCU-Run-Syntax Script - systacq.exe
HKCU-Run-Will I Ever - anqbse.exe
HKCU-Run-UltraEdit - uledit.exe
HKCU-Run-jidifedig - xudexoli.exe
HKCU-Run-gf84kdo2 - fjs7s.exe
HKCU-Run-Micrsoft Driver - msdriver.exe
HKLM-Run-SSC_UserPrompt - C:\Programmer\Fælles filer\Symantec Shared\Security Center\UsrPrmpt.exe
HKLM-Run-Will I Ever - anqbse.exe
HKLM-Run-UltraEdit - uledit.exe
HKLM-Run-My Computer - cqcags.exe
HKLM-Run-jidifedig - xudexoli.exe
HKLM-Run-gf84kdo2 - fjs7s.exe
HKLM-Run-stone - stone.exe
HKLM-Run-Micrsoft Driver - msdriver.exe
HKLM-Run-ipyjy - woniz.exe
HKLM-RunServices-RagesCamera - Ragesn.exe
HKLM-RunServices-MSDatabla - vadaSq.exe
HKLM-RunServices-Syntax Script - systacq.exe
HKLM-RunServices-Will I Ever - anqbse.exe
HKLM-RunServices-UltraEdit - uledit.exe
HKLM-RunServices-Microsoft Internet Explorer - IEXPLORE.EXE
HKLM-RunServices-My Computer - cqcags.exe
HKLM-RunServices-Internet Explorer Configuration - IEXPLORE.EXE
HKLM-RunServices-jidifedig - xudexoli.exe
HKLM-RunServices-gf84kdo2 - fjs7s.exe
HKLM-RunServices-stone - stone.exe
HKLM-RunServices-Micrsoft Driver - msdriver.exe
HKLM-RunServices-ipyjy - woniz.exe
HKU-Default-Run-ffqvss - grwfsrs.exe
HKU-Default-Run-gqvqevs - seeffkme.exe
HKU-Default-Run-Ultra Edit v5.1 - ultraedit.exe
HKU-Default-Run-Microsoft Synchronization Manager - svhost.exe
HKU-Default-Run-gqgqqger - gqgeqegl.exe
HKU-Default-Run-Mfqneqfeb - vdddwq.exe
HKU-Default-Run-DfqwSfS - ffsqsd.exe
HKU-Default-Run-reggsdg - spoolsrv.exe
HKU-Default-Run-RagesCamera - Ragesn.exe
HKU-Default-Run-MSDatabla - vadaSq.exe
HKU-Default-Run-Syntax Script - systacq.exe
HKU-Default-Run-Will I Ever - anqbse.exe
HKU-Default-Run-UltraEdit - uledit.exe
HKU-Default-Run-Microsoft Internet Explorer - IEXPLORE.EXE
HKU-Default-Run-My Computer - cqcags.exe
HKU-Default-Run-jidifedig - xudexoli.exe
HKU-Default-Run-gf84kdo2 - fjs7s.exe
HKU-Default-Run-Micrsoft Driver - msdriver.exe
HKU-Default-Run-Microsoft System Services - services9.exe
HKU-Default-Run-Ecat - yetenyve.exe
MSConfigStartUp-Internet Explorer Configuration - IEXPLORE.EXE


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-06 15:23:06
Windows 5.0.2195 Service Pack 4 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
  RagesCamera = Ragesn.exe??????????????????????????????????????????????????????+
  MSDatabla = vadaSq.exe??????????????????????????????????????????????????????U
  Syntax Script = systacq.exe??????????????????????????????????????????????????????
  Will I Ever = anqbse.exe??????????????????????????????????????????????????????=
  UltraEdit = uledit.exe??????????????????????????????????????????????????????b
  Microsoft Internet Explorer = IEXPLORE.EXE?????????????????????????????????????????????????????
  My Computer = cqcags.exe??????????????????????????????????????????????????????<
  Internet Explorer Configuration = IEXPLORE.EXE?
  jidifedig = xudexoli.exe?????????????????????????????????????????????????????
  gf84kdo2 = fjs7s.exe????????????????????????????????????????????????????????
  Micrsoft Driver = msdriver.exe?
  ipyjy = woniz.exe????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-06 15:25:36 - machine was rebooted
ComboFix-quarantined-files.txt  2008-07-06 13:25:20

Pre-Run: 33,519,861,760 byte ledig
Post-Run: 33,606,270,976 byte ledig

236

Det ser ud til at have klaret jobbet - kører windows som det skal nu?

Ja, den starter fint op nu, ingen problemer.

Du mener altså den er helt ren nu så ??

Takker for din hjælp.

Ja, den ser ud til at være ren.

Ok, det er jo kanon. TAK :-)

HOVSA - Du har rester efter bla. Symantec/Norton (Du bruger jo Avast4 nu)

-----------

Klik på Start->Kør skriv Services.msc og klik OK.
Find Tjenesten (Hvis den er der)
* Bluetooth Connect Support Server - Unknown owner
* Network helper Service (MSDisk) - Unknown owner
* SymWMI Service (SymWSC) - Symantec Corporation
stop den hvis den kører, højreklik på den og vælg Starttype Deaktiveret.

-----------

Lidt efterfølgende oprydning ->

Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Programmer\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

O23 - Service: Bluetooth Connect Support Server - Unknown owner - C:\WINDOWS\btwdin.exe (file missing)
O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\system32\irdvxc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\Security Center\SymWSC.exe

------------------------------------------------------------------------

Manuelt slet følgende mapper (hvis de stadig er der?)
C:\Programmer\Symantec\
C:\Programmer\Norton AntiVirus\
C:\Programmer\Fælles filer\Symantec Shared\
C:\Documents and Settings\All Users\Application Data\Symantec\
C:\Documents and Settings\[Bruger]\Application Data\Symantec\

C:\Programmer\Panda Security

------------------------------------------------------------------------

Registreringsdatabase oprydning kan anbefales ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.

Tak, så fik jeg lige slettet lidt mere.