Tak for svar.
Jeg har været inde og køre de 4 programmer og har fået nedennævnte 2 logs.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49, on 2008-08-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Panda Software\AVTC\PavSrv51.exe
C:\Programmer\Panda Software\AVTC\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Programmer\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Programmer\Panda Software\AVTC\PSKMsSvc.exe
C:\Programmer\Panda Software\AVTC\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Panda Software\AVTC\ClShield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\Panda Software\AVTC\SRVLOAD.EXE
C:\Programmer\Panda Software\AVTC\WebProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmer\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programmer\Galtech\WordPoint\WDpoint.exe
C:\Programmer\Fælles filer\GuruNet Shared\agtserv.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Panda Software\AVTC\psimreal.exe
C:\Programmer\Panda Software\AVTC\avciman.exe
C:\Documents and Settings\mj.ARKITEKT\Desktop\Spywarefri\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://companyweb/default.aspxR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.comO2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmer\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programmer\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmer\Panda Software\AVTC\ClShield.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat-assistenten.lnk = C:\Programmer\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WordPoint.lnk = C:\Programmer\Galtech\WordPoint\WDpoint.exe
O8 - Extra context menu item: &Windows Live Search -
res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Åbn på ny baggrundsfane -
res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/229?a3568d649ade47abaa10d828b0adce36
O8 - Extra context menu item: Åbn på ny forgrundsfane -
res://C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/230?a3568d649ade47abaa10d828b0adce36
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: HP Smart markering - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programmer\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O15 - Trusted Zone: *.bgbank.dk
O15 - Trusted Zone: *.golfbox.dk
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (Adobe Form Control) -
http://www.kps.dk/Codebase/FormCtl.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {19AB65C9-3E4E-11D2-A97F-080009B3CC88} (Adobe Version Management Object) -
http://www.kps.dk/codebase/VersionManager.cabO16 - DPF: {1E69721D-9104-11D3-82D3-D06650C10000} (DafoloControl Class) -
http://www.diaform.dk/menu/config/version5_ny/codebase/Dafolo.cabO16 - DPF: {224F7DEA-B7C1-11D3-AB40-00902712A5C9} -
http://www.diaform.dk/menu/config/version5_ny/codebase/plsspeller.cabO16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
http://acs.pandasoftware.com/activescan/cabs/as2stubie.cabO16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) -
https://netbank.bgbank.dk/html/activex/BG/Menu.cabO16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) -
http://www.geograf.com/viewer/mgaxctrl.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1174480977546O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193305090156O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) -
https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cabO16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) -
file://D:\+AutoCAD 2007 Grundlæggende 2D\Film\tsccinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) -
https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocxO16 - DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} (Adobe Script Object) -
http://www.kps.dk/codebase/scriptobject.cabO16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) -
https://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cabO16 - DPF: {EF2FB80F-0975-408E-A871-B00CC863478A} (Adobe Soft Font Installer) -
http://www.kps.dk/codebase/fontinstaller.cabO16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) -
file://C:\Program Files\AutoCAD LT 2000i\AcPreview.ocx
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) -
https://business.bgbank.dk/html/activex/danskesikker/BG/DanskeSikker.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Arkitekt.net
O17 - HKLM\Software\..\Telephony: DomainName = Arkitekt.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{6504D0A8-ABE7-4F1C-8576-2AFD1606EB90}: NameServer = 192.168.10.142
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Arkitekt.net
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Programmer\Fælles filer\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda AdminSecure Communications Agent (PAVAGENTE) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
O23 - Service: Panda AdminSecure Scheduler (PavAtScheduler) - Panda Software - C:\Programmer\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Software International - C:\Programmer\Panda Software\AVTC\PavSrv51.exe
O23 - Service: Panda AntiSpam Engine (PMShellSrv) - Panda Software International - C:\Programmer\Panda Software\AVTC\PSKMsSvc.exe
O23 - Service: Panda IManager Service (PsImSvc) - Panda Software International - C:\Programmer\Panda Software\AVTC\PsImSvc.exe
O24 - Desktop Component 0: (no name) -
http://www.standard.skolekom.emu.dk/Icons/c28445O24 - Desktop Component 1: (no name) -
http://companyweb/_themes/sky/background_sky.gif--
End of file - 10316 bytes
ComboFix 08-08-25.01 - mj 2008-08-26 11:38:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.598 [GMT 2:00]
Running from: C:\Documents and Settings\mj.ARKITEKT\Desktop\Spywarefri\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator.ARKITEKT\Application Data\Microsoft\Internet Explorer\Quick Launch\PCPrivacyCleaner.lnk
C:\Programmer\PCPrivacyCleaner
C:\Programmer\VirusRemover2008
C:\WINDOWS\system32\__c002DF7E.dat
C:\WINDOWS\system32\__c003EBF6.dat
C:\WINDOWS\system32\__c008A7FF.dat
C:\WINDOWS\system32\__c00D9010.dat
C:\WINDOWS\system32\~.exe
C:\xcrashdump.dat
.
((((((((((((((((((((((((( Files Created from 2008-07-26 to 2008-08-26 )))))))))))))))))))))))))))))))
.
2008-08-26 10:26 . 2008-08-26 10:26 <DIR> d-------- C:\Programmer\Malwarebytes' Anti-Malware
2008-08-26 10:26 . 2008-08-26 10:26 <DIR> d-------- C:\Documents and Settings\mj.ARKITEKT\Application Data\Malwarebytes
2008-08-26 10:26 . 2008-08-26 10:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-26 10:26 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-26 10:26 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-25 13:42 . 2008-08-25 13:42 <DIR> d-------- C:\Programmer\CCleaner
2008-08-25 13:38 . 2008-08-25 13:38 <DIR> d-------- C:\Programmer\RegCure
2008-08-25 12:59 . 2008-08-25 14:44 <DIR> d-------- C:\m† slettes
2008-08-25 11:22 . 2008-08-25 12:53 20,352,631,808 --a------ C:\backup 25-08-2008.bkf
2008-08-20 10:31 . 2008-08-26 11:28 <DIR> d-------- C:\Virusfiler
2008-08-20 08:27 . 2008-08-20 08:27 <DIR> d-------- C:\Programmer\Panda Security
2008-08-20 08:27 . 2008-06-19 17:24 28,544 --------- C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-20 08:21 . 2001-07-30 16:40 24,576 --------- C:\WINDOWS\system32\msxml3a.dll
2008-08-20 08:21 . 2008-08-20 08:21 18 --------- C:\WINDOWS\PavRet.ini
2008-08-20 08:20 . 2007-01-25 11:09 6,821,083 --------- C:\WINDOWS\PavAgent.exe
2008-08-20 08:20 . 2006-02-13 19:19 45,056 --------- C:\WINDOWS\ExecAg.exe
2008-08-19 12:44 . 2008-08-20 09:23 <DIR> d-------- C:\skal overf›res til server
2008-08-12 10:23 . 2008-08-12 10:23 <DIR> d-------- C:\Documents and Settings\Administrator.ARKITEKT\Application Data\Share-to-Web Upload Folder
2008-08-12 10:23 . 2008-08-12 10:27 <DIR> d-------- C:\Documents and Settings\Administrator.ARKITEKT\Application Data\HPAppData
2008-08-11 09:28 . 2008-08-11 09:28 70,471,816 --------- C:\
08-08-11fin.fbk
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 06:15 --------- d-----w C:\Documents and Settings\mj.ARKITEKT\Application Data\HPAppData
2008-08-25 13:19 --------- d-----w C:\Programmer\Windows Live Toolbar
2008-08-25 13:19 --------- d-----w C:\Programmer\Microsoft Works
2008-08-25 13:13 --------- d-----w C:\Programmer\Fælles filer\GuruNet Shared
2008-08-25 13:13 --------- d-----w C:\Programmer\Fælles filer\Autodesk Shared
2008-08-22 08:59 --------- d-----w C:\Documents and Settings\mj.ARKITEKT\Application Data\AdobeUM
2008-08-20 06:41 --------- d-----w C:\Programmer\Spybot - Search & Destroy
2008-08-20 06:41 --------- d-----w C:\Programmer\Google
2008-08-20 06:35 --------- d-----w C:\Programmer\Fælles filer\InstallShield
2008-08-20 06:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-19 09:22 --------- d-----w C:\Programmer\Fælles filer\Accent Shared
2008-08-13 06:15 --------- d-----w C:\Programmer\Java
2008-07-03 11:55 --------- d-----w C:\Programmer\Windows Media Connect 2
2008-06-26 06:08 --------- d-----w C:\Programmer\Windows Live
2008-06-26 06:07 --------- dcsh--w C:\Programmer\Fælles filer\WindowsLiveInstaller
2008-06-26 06:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-03-30 09:22 14,994,152 ------w C:\Programmer\GoogleEarthWin_EARV.exe
2004-08-04 12:00 94,784 --sh--w C:\WINDOWS\twain.dll
2004-08-04 12:00 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-04 12:00 1,028,096 --sh--w C:\WINDOWS\system32\mfc42.dll
2004-08-04 12:00 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2004-08-04 12:00 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll
2004-08-04 12:00 343,040 --sh--w C:\WINDOWS\system32\msvcrt.dll
2007-12-04 18:38 550,912 --sh--w C:\WINDOWS\system32\oleaut32.dll
2004-08-04 12:00 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll
2004-08-04 12:00 11,776 --sh--w C:\WINDOWS\system32\regsvr32.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"MsnMsgr"="C:\Programmer\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-07-13 09:34 8466432]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"APVXDWIN"="C:\Programmer\Panda Software\AVTC\ClShield.exe" [2006-09-27 12:56 307200]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-07-13 09:34 81920]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]
C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Acrobat-assistenten.lnk - C:\Programmer\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50 217193]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 15:18:22 10872]
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office\OSA9.EXE [1999-02-18 05:05:56 65588]
Microsoft Works Calendar Reminders.lnk - C:\Programmer\F‘lles filer\Microsoft Shared\Works Shared\wkcalrem.exe [1999-08-06 17:53:00 53317]
WordPoint.lnk - C:\Programmer\Galtech\WordPoint\WDpoint.exe [2007-06-11 13:30:29 634880]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2006-02-17 09:32 45056 C:\WINDOWS\system32\avldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--------- 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--------- 2001-07-03 09:11 57344 C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--------- 2005-05-03 18:43 69632 C:\WINDOWS\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--------- 2007-07-13 09:34 1626112 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--------- 2005-06-29 13:25 14720000 C:\WINDOWS\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Business Solutions-Navision\\Client\\fin.exe"=
"C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe"= C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmer\\Windows Live\\Messenger\\livecall.exe"=
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\drivers\ShldDrv.sys [2005-08-29 14:23]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\system32\DRIVERS\PavProc.sys [2006-08-11 13:41]
R3 SMBus_2k;SMBus_2k;C:\WINDOWS\system32\drivers\SMBus_2k.sys [2005-10-17 15:42]
S0 a320raid;a320raid;C:\WINDOWS\system32\DRIVERS\a320raid.sys [2004-06-11 13:09]
.
Contents of the 'Scheduled Tasks' folder
2008-01-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]
2008-01-13 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Programmer\Norton Security Scan\Nss.exe [2007-04-19 23:42]
2008-08-26 C:\WINDOWS\Tasks\RegCure Program Check.job
- C:\Programmer\RegCure\RegCure.exe [2008-04-21 23:21]
2008-08-25 C:\WINDOWS\Tasks\RegCure.job
- C:\Programmer\RegCure\RegCure.exe [2008-04-21 23:21]
.
- - - - ORPHANS REMOVED - - - -
Notify-ac3f3e9d382 - C:\WINDOWS\system32\__c008A7FF.dat
Notify-__c002DF7E - C:\WINDOWS\system32\__c002DF7E.dat
MSConfigStartUp-A00F2C81AD - C:\DOCUME~1\MJ3995~1.ARK\LOCALS~1\Temp\_A00F2C81AD.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page =
hxxp://companyweb/default.aspxR0 -: HKCU-Main,SearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8R0 -: HKLM-Main,Start Page =
hxxp://www.yahoo.comR1 -: HKCU-SearchURL,(Default) =
hxxp://www.google.com/search?q=%sO8 -: &Windows Live Search - C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Åbn på ny baggrundsfane - C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/229?a3568d649ade47abaa10d828b0adce36
O8 -: Åbn på ny forgrundsfane - C:\Programmer\Windows Live Toolbar\Components\da-dk\msntabres.dll.mui/230?a3568d649ade47abaa10d828b0adce36
O15 -: Trusted Zone: *.bgbank.dk
O15 -: Trusted Zone: *.golfbox.dk
O17 -: HKLM\CCS\Interface\{6504D0A8-ABE7-4F1C-8576-2AFD1606EB90}: NameServer = 192.168.10.142
O16 -: {19AB65C9-3E4E-11D2-A97F-080009B3CC88} -
hxxp://www.kps.dk/codebase/VersionManager.cabC:\WINDOWS\Downloaded Program Files\CONFLICT.2\UpdateControls.inf
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\VersionManagerResEN.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UpdateControls.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\resourcesen.dll
O16 -: {1E69721D-9104-11D3-82D3-D06650C10000} -
hxxp://www.diaform.dk/menu/config/version5_ny/codebase/Dafolo.cabC:\WINDOWS\Downloaded Program Files\dafoloFFControl.inf
C:\WINDOWS\system32\Atl.dll
C:\WINDOWS\Downloaded Program Files\DafoloFFControl.dll
O16 -: {3D2CB570-D425-11D5-ABD0-00008369C46F} -
hxxps://netbank.bgbank.dk/html/activex/BG/Menu.cabC:\WINDOWS\Downloaded Program Files\Menu.inf
C:\WINDOWS\Downloaded Program Files\menu.dll
O16 -: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} -
file://D:\+AutoCAD 2007 Grundlæggende 2D\Film\tsccinst.cab
C:\WINDOWS\Downloaded Program Files\tsccinst.inf
C:\WINDOWS\Downloaded Program Files\tsccinst.dll
O16 -: {D8575CE3-3432-4540-88A9-85A1325D3375} -
hxxps://netbank.bgbank.dk/html/activex/e-Safekey/BG/e-Safekey.cabC:\WINDOWS\Downloaded Program Files\e-Safekey.inf
C:\WINDOWS\Downloaded Program Files\e-Safekey.dll
O16 -: {F6A56D95-A3A3-11D2-AC26-400000058481} -
hxxps://business.bgbank.dk/html/activex/danskesikker/BG/DanskeSikker.cabC:\WINDOWS\Downloaded Program Files\DanskeSikker.inf
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\Downloaded Program Files\DanskeSikker.ocx
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-26 11:43:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\mswkscal.ldb
scan completed successfully
hidden files: 1
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmer\Panda Software\AVTC\pavsrv51.exe
C:\Programmer\Panda Software\AVTC\AVENGINE.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Programmer\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
C:\Programmer\Panda Software\AVTC\pskmssvc.exe
C:\Programmer\Panda Software\AVTC\PSIMSVC.EXE
C:\Programmer\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\Panda Software\AVTC\SrvLoad.exe
C:\Programmer\Panda Software\AVTC\WebProxy.exe
C:\Programmer\Fælles filer\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programmer\Fælles filer\GuruNet Shared\agtserv.exe
.
**************************************************************************
.
Completion time: 2008-08-26 11:48:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-26 09:48:04
Pre-Run: 204,388,331,520 bytes free
Post-Run: 204,445,761,536 byte ledig
213 --- E O F --- 2008-08-18 10:03:25
Hvad gør jeg nu ?
Ny bruger
Nybegynder
Opret
Preview
