Kedelig melding

... for en go' ordens skyld; stik os/mig en HiJackThis ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

(Jooo - jeg har 'virus' på hjernen...)

Mht.: Vista - HøjreMusseTast på *.EXE filen - Kør som Administrator...

------------------

Velkommen til Eksperten.dk
Generelt -> http://expfaq.dk/

Her er så min log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:47, on 10-07-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tp4mon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\system32\IoCtlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\IBM\Skrivebord\HiJackThis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmer\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: ¹ºÎï³µ - {FFB2385E-E812-4091-8C12-2370DC67F769} - http://www.eachnet.com/specials/cheap.html?adid=dzcm_dza_000_soft0_cheap (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoCtlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmer\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmer\Spyware Doctor\pctsSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 4972 bytes

... Nu er det ikke alle (u)ønskede elementer som viser sig med en HiJackThis Log; så gennemfør proceduren herfra -> http://www.eksperten.dk/artikler/1123

Brug stadig denne version -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Tak tak

Vi prøver igen...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:10:32, on 10-07-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tp4mon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\system32\IoCtlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\IBM\Skrivebord\HiJackThis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmer\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: ¹ºÎï³µ - {FFB2385E-E812-4091-8C12-2370DC67F769} - http://www.eachnet.com/specials/cheap.html?adid=dzcm_dza_000_soft0_cheap (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoCtlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmer\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmer\Spyware Doctor\pctsSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 4886 bytes

Pga. mistanke ->
Gennemfør proceduren herfra -> http://www.eksperten.dk/artikler/1123
PS: Brug stadig denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Jeg beklager, men jeg læste ikke vejledningen første gang. Here we go...

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/10/2008 at 06:07 PM

Application Version : 4.15.1000

Core Rules Database Version : 3501
Trace Rules Database Version: 1492

Scan type      : Complete Scan
Total Scan Time : 00:35:17

Memory items scanned      : 149
Memory threats detected  : 0
Registry items scanned    : 4390
Registry threats detected : 0
File items scanned        : 12652
File threats detected    : 0

Adware.Tracking Cookie
    .adtech.de [ C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\63mhocsn.default\cookies.txt ]
    .doubleclick.net [ C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\63mhocsn.default\cookies.txt ]
    track.adform.net [ C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\63mhocsn.default\cookies.txt ]
    track.adform.net [ C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\63mhocsn.default\cookies.txt ]
    .politiken.112.2o7.net [ C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\63mhocsn.default\cookies.txt ]
    www.googleadservices.com [ C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\63mhocsn.default\cookies.txt ]
    .advertising.com [ C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\63mhocsn.default\cookies.txt ]
    .advertising.com [ C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\63mhocsn.default\cookies.txt ]
    .advertising.com [ C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\63mhocsn.default\cookies.txt ]
    .advertising.com [ C:\Documents and Settings\IBM\Application Data\Mozilla\Firefox\Profiles\63mhocsn.default\cookies.txt ]




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:42:21, on 10-07-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tp4mon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\IoCtlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmer\Mozilla Firefox\firefox.exe
C:\Documents and Settings\IBM\Skrivebord\HiJackThis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmer\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra button: ¹ºÎï³µ - {FFB2385E-E812-4091-8C12-2370DC67F769} - http://www.eachnet.com/specials/cheap.html?adid=dzcm_dza_000_soft0_cheap (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoCtlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmer\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmer\Spyware Doctor\pctsSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmer\Fælles filer\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5029 bytes


ComboFix 08-07-08.9 - IBM 2008-07-10 19:43:40.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.90 [GMT 2:00]
Running from: C:\Documents and Settings\IBM\Skrivebord\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((  Files Created from 2008-06-10 to 2008-07-10  )))))))))))))))))))))))))))))))
.

2008-07-09 23:22 . 2008-07-10 00:13    0    --a------    C:\23990098.$$$
2008-07-09 02:03 . 2008-07-09 18:21    864,256    -r-------    C:\WINDOWS\system32\fda.dll
2008-07-09 01:16 . 2008-07-09 01:16    <DIR>    d--------    C:\Documents and Settings\IBM\Application Data\Malwarebytes
2008-07-09 01:16 . 2008-07-09 01:16    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-09 01:16 . 2008-07-07 17:35    34,296    --a------    C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-09 01:16 . 2008-07-07 17:35    17,144    --a------    C:\WINDOWS\system32\drivers\mbam.sys
2008-07-09 01:15 . 2008-07-09 01:16    <DIR>    d--------    C:\Programmer\Malwarebytes' Anti-Malware
2008-07-09 00:52 . 2008-07-09 00:52    <DIR>    d--------    C:\Programmer\CCleaner
2008-07-08 23:18 . 2008-07-09 23:15    <DIR>    d--------    C:\Kaspersky
2008-06-19 12:48 . 2008-06-19 12:48    <DIR>    d--------    C:\Programmer\Transcend
2008-06-11 12:13 . 2008-06-14 20:00    272,256    ---------    C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 12:13 . 2008-06-14 20:00    272,256    -----c---    C:\WINDOWS\system32\dllcache\bthport.sys

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-10 15:23    ---------    d-----w    C:\Programmer\SUPERAntiSpyware
2008-07-10 15:15    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-07-09 22:31    ---------    d---a-w    C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-09 21:47    ---------    d-----w    C:\Programmer\Spyware Doctor
2008-07-09 11:48    ---------    d-----w    C:\Programmer\Java
2008-06-20 17:42    246,784    ----a-w    C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45    360,320    ----a-w    C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44    138,368    ----a-w    C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52    225,920    ----a-w    C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 10:49    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2008-06-10 10:37    ---------    d-----w    C:\Documents and Settings\IBM\Application Data\Skype
2008-05-27 15:09    ---------    d-----w    C:\Programmer\Fælles filer\PC Tools
2008-05-27 15:05    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\PC Tools
2008-05-27 14:13    ---------    d-----w    C:\Programmer\PC Tools AntiVirus
2008-05-27 14:13    ---------    d-----w    C:\Documents and Settings\IBM\Application Data\PC Tools
2008-05-21 10:04    ---------    d-----w    C:\Programmer\Common Files
2008-05-07 05:16    1,291,776    ----a-w    C:\WINDOWS\system32\quartz.dll
2008-04-23 07:20    826,368    ----a-w    C:\WINDOWS\system32\wininet.dll
.

(((((((((((((((((((((((((((((  snapshot@2008-07-09_23.02.12,44  )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-09 14:12:24    2,048    --s-a-w    C:\WINDOWS\bootstat.dat
+ 2008-07-10 16:49:31    2,048    --s-a-w    C:\WINDOWS\bootstat.dat
+ 2008-07-10 15:16:31    34,304    ----a-r    C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF1.exe
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2007-10-26 21:32 65536]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-07-10 17:23 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-04-07 00:19 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-04-07 00:07 114688]
"REGSHAVE"="C:\Programmer\REGSHAVE\REGSHAVE.EXE" [2002-02-04 22:32 53248]
"RemoteControl"="C:\Programmer\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"TrackPointSrv"="tp4mon.exe" [2004-08-26 19:53 82432 C:\WINDOWS\system32\tp4mon.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 08:53 88363 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Gamma Loader.exe.lnk - C:\Programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-26 17:13:19 113664]
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:54 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmer\SUPERAntiSpyware\SASSEH.DLL" [2008-07-10 17:23 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-03-04 13:54 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^EZ-DUB Finder.lnk]
backup=C:\WINDOWS\pss\EZ-DUB Finder.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\Internet Explorer\\IEXPLORE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16128:TCP"= 16128:TCP:NortonAV
"12245:TCP"= 12245:TCP:NortonAV
"12669:TCP"= 12669:TCP:NortonAV
"14304:TCP"= 14304:TCP:NortonAV
"17725:TCP"= 17725:TCP:NortonAV

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-04-10 15:14]
R3 {A7E39B01-B403-11d4-BD18-00D0B7A1821E};AIM 3.0 Part 01 Codec Driver VCH-A;C:\WINDOWS\system32\drivers\Vch.sys [2003-04-15 10:40]
R3 IMWEB51;High Rate Wireless LAN Mini-PCI LAN Driver;C:\WINDOWS\system32\DRIVERS\IMWEBN51.sys [2003-06-04 15:33]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4e80517-3ad4-11dc-bcf1-00096b427b84}]
\Shell\AutoRun\command - E:\ts650.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-07-10 17:48:25 C:\WINDOWS\Tasks\135ac.job"
- C:\WINDOWS\Downlo~1\135ac.dll,Always
"2008-07-10 17:48:24 C:\WINDOWS\Tasks\135b.job"
- C:\WINDOWS\Downlo~1\135b.dll,Run
"2008-07-10 17:48:24 C:\WINDOWS\Tasks\135dc.job"
- C:\WINDOWS\Downlo~1\135dc.dll,Always
"2008-07-10 17:41:24 C:\WINDOWS\Tasks\135sc.job"
- C:\WINDOWS\Downlo~1\135sc.dll,Always
"2008-06-25 08:01:08 C:\WINDOWS\Tasks\3f1.job"
- C:\WINDOWS\system32\fd1.dll,Always
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 19:46:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-10 19:49:11
ComboFix-quarantined-files.txt  2008-07-10 17:49:03
ComboFix2.txt  2008-07-09 21:02:58
ComboFix3.txt  2008-07-09 14:41:05
ComboFix4.txt  2008-07-09 12:05:44

Pre-Run: 28,619,784,192 byte ledig
Post-Run: 28,615,356,416 byte ledig

126    --- E O F ---    2008-07-09 11:49:48

Jeg synes du lige skal checke (=SLETTE) hvad du har i mappen:

C:\WINDOWS\Downlo~1\

-------------------

Lidt mere 'automatisk' ->

-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Der dukker et vindue op, hvor du skal kopiere indholdet mellem ~~~ skrift ind:

~~~~~~~~~~~~~~~~~~
Files to delete:
C:\WINDOWS\Tasks\135ac.job
C:\WINDOWS\Downlo~1\135ac.dll
C:\WINDOWS\Tasks\135b.job
C:\WINDOWS\Downlo~1\135b.dll
C:\WINDOWS\Tasks\135dc.job
C:\WINDOWS\Downlo~1\135dc.dll
C:\WINDOWS\Tasks\135sc.job
C:\WINDOWS\Downlo~1\135sc.dll
C:\WINDOWS\Tasks\3f1.job
C:\WINDOWS\system32\fd1.dll

Folders to delete:

~~~~~~~~~~~~~~~~~~

-- Klik på EXECUTE - og la' PC'en selv genstarte.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-----------------

Ta' en tur med CCleaner som du allerede har...

Det ser ud til at virke. Mange mange mange tak. Det var måske uskadeligt, men uendeligt irriterende.
Jeg har tidligere forsøgt at slette, hvad der lå i C:\WINDOWS\Downlo~1\ - uden held. Nu lykkedes det, det hjalp dog ikke, men det gjorde Avenger altså.

Tak.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\Tasks\135ac.job" deleted successfully.

Error:  file "C:\WINDOWS\Downlo~1\135ac.dll" not found!
Deletion of file "C:\WINDOWS\Downlo~1\135ac.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\Tasks\135b.job" deleted successfully.

Error:  file "C:\WINDOWS\Downlo~1\135b.dll" not found!
Deletion of file "C:\WINDOWS\Downlo~1\135b.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\Tasks\135dc.job" deleted successfully.

Error:  file "C:\WINDOWS\Downlo~1\135dc.dll" not found!
Deletion of file "C:\WINDOWS\Downlo~1\135dc.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\Tasks\135sc.job" deleted successfully.

Error:  file "C:\WINDOWS\Downlo~1\135sc.dll" not found!
Deletion of file "C:\WINDOWS\Downlo~1\135sc.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\WINDOWS\Tasks\3f1.job" deleted successfully.

Error:  file "C:\WINDOWS\system32\fd1.dll" not found!
Deletion of file "C:\WINDOWS\system32\fd1.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Completed script processing.

*******************

Finished!  Terminate.

Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...

--------------

Husk M$ ServicePack3 til XP -> http://www.microsoft.com/downloads/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&displaylang=da