Hjælp NT ROOTKIT.AT + andet godt

Har fået lidt "utøj" i pelsen og søger hjælp.
Har læst artikel 1232
Har prøvet at fjerne problemerne med Panda uden held.
her er mine log filer.


Malwarebytes' Anti-Malware 1.30
Database version: 1373
Windows 5.1.2600 Service Pack 3

08-11-2008 18:43:25
mbam-log-2008-11-08 (18-43-25).txt

Skan type: Fuldstændig skanning (C:\|)
Objekter skannet: 96401
Tid tilbagelagt: 30 minute(s), 44 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 4
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 4

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ati2joxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ati2joxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati2joxx (Rootkit.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpsr (Trojan.Agent) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
C:\System Volume Information\_restore{726DC0D9-37C2-4585-A9AE-0CE80C12CA81}\RP1\A0001015.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{726DC0D9-37C2-4585-A9AE-0CE80C12CA81}\RP1\A0001063.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ati2joxx.sys (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\temp\BN2.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.



ComboFix 08-11-07.01 - Familien 2008-11-08 18:53:08.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1030.18.80 [GMT 1:00]
Kører fra: c:\documents and settings\Familien\Skrivebord\viruskampen fortsætter\ComboFix.exe

[COLOR=RED][B]advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\tcpwrk.dll
c:\windows\system32\winprint.dll

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICF
-------\Service_tcpsr


(((((((((((((((((((((((((((((  Filer skabt fra 2008-10-08 til 2008-11-08  )))))))))))))))))))))))))))))))))))
.

2008-11-07 23:21 . 2008-11-07 23:21    <DIR>    d--------    c:\programmer\Malwarebytes' Anti-Malware
2008-11-07 23:21 . 2008-11-07 23:21    <DIR>    d--------    c:\documents and settings\Familien\Application Data\Malwarebytes
2008-11-07 23:21 . 2008-11-07 23:21    <DIR>    d--------    c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-07 23:21 . 2008-10-22 16:10    38,496    --a------    c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-07 23:21 . 2008-10-22 16:10    15,504    --a------    c:\windows\system32\drivers\mbam.sys
2008-11-07 22:08 . 2008-11-07 22:08    <DIR>    d--------    c:\programmer\Panda Security
2008-11-07 22:08 . 2008-06-19 17:24    28,544    --a------    c:\windows\system32\drivers\pavboot.sys
2008-11-07 21:17 . 2008-11-07 21:17    <DIR>    d--------    c:\programmer\CCleaner
2008-11-07 20:48 . 2008-11-07 20:48    <DIR>    d--------    c:\programmer\Trend Micro
2008-11-07 01:20 . 2008-11-07 01:20    <DIR>    d--------    c:\documents and settings\Familien\Application Data\Viewpoint
2008-11-04 23:07 . 2008-11-04 23:07    <DIR>    d--h-----    c:\windows\system32\GroupPolicy
2008-10-31 23:40 . 2008-11-08 18:43    32,768    --a------    c:\windows\system32\drivers\ati2joxx.sys
2008-10-30 16:00 . 2008-10-30 16:00    <DIR>    d--------    c:\programmer\MSXML 4.0
2008-10-29 17:38 . 2008-10-29 17:38    <DIR>    d--------    c:\documents and settings\All Users\Application Data\Ahead
2008-10-29 17:37 . 2008-10-29 17:37    <DIR>    d--------    c:\programmer\Nero
2008-10-29 17:37 . 2008-10-29 17:37    <DIR>    d--------    c:\documents and settings\All Users\Application Data\Nero
2008-10-24 06:30 . 2008-10-15 17:37    337,408    -----c---    c:\windows\system32\dllcache\netapi32.dll
2008-10-16 08:02 . 2008-09-08 11:41    333,824    -----c---    c:\windows\system32\dllcache\srv.sys
2008-10-16 08:01 . 2008-08-14 14:25    2,191,744    -----c---    c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-16 08:01 . 2008-08-14 14:25    2,147,840    -----c---    c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 08:01 . 2008-08-14 14:25    2,068,608    -----c---    c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 08:01 . 2008-08-14 14:25    2,026,496    -----c---    c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-16 08:01 . 2008-09-15 16:27    1,846,400    -----c---    c:\windows\system32\dllcache\win32k.sys
2008-10-11 09:44 . 2008-10-11 09:44    <DIR>    d--------    c:\documents and settings\Familien\Application Data\SPAMfighter
2008-10-11 09:43 . 2008-11-08 18:44    <DIR>    d--------    c:\programmer\SPAMfighter
2008-10-11 09:43 . 2008-10-11 09:43    <DIR>    d--------    c:\programmer\Fælles filer\Application

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-08 19:21    1,284    ----a-w    c:\windows\system32\drivers\APPFLTR.CFG.bck
2008-11-08 19:21    1,284    ----a-w    c:\windows\system32\drivers\APPFLTR.CFG
2008-11-08 19:20    13,880    ----a-w    c:\windows\system32\drivers\COMFiltr.sys
2008-11-08 17:44    280,524    ----a-w    c:\windows\system32\drivers\APPFCONT.DAT.bck
2008-11-08 17:44    280,524    ----a-w    c:\windows\system32\drivers\APPFCONT.DAT
2008-11-07 23:57    14,336    ----a-w    c:\windows\system32\svchost.exe
2008-11-02 21:17    ---------    d-----w    c:\documents and settings\Familien\Application Data\Azureus
2008-11-02 20:51    ---------    d--h--w    c:\programmer\InstallShield Installation Information
2008-11-02 20:51    ---------    d-----w    c:\programmer\IKEA Home Planner Kitchen
2008-10-29 16:38    ---------    d-----w    c:\programmer\Fælles filer\Ahead
2008-10-29 16:36    ---------    d-----w    c:\programmer\Ahead
2008-09-21 12:01    21,419    ----a-w    c:\windows\system32\drivers\AegisP.sys
2008-09-21 12:00    ---------    d-----w    c:\programmer\Siemens
2008-09-21 12:00    ---------    d-----w    c:\documents and settings\Familien\Application Data\InstallShield
2008-09-15 15:27    1,846,400    ----a-w    c:\windows\system32\win32k.sys
2008-09-08 10:41    333,824    ----a-w    c:\windows\system32\drivers\srv.sys
2008-08-26 08:27    826,368    ----a-w    c:\windows\system32\wininet.dll
2008-08-14 13:25    2,191,744    ----a-w    c:\windows\system32\ntoskrnl.exe
2008-08-14 13:25    2,068,608    ----a-w    c:\windows\system32\ntkrnlpa.exe
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\programmer\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-21 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-15 4112384]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-15 81920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"zBrowser Launcher"="c:\programmer\Logitech\iTouch\iTouch.exe" [2003-04-07 631364]
"Easy-PrintToolBox"="c:\programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"QuickTime Task"="c:\programmer\QuickTime\qttask.exe" [2005-07-06 77824]
"APVXDWIN"="c:\programmer\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" [2007-07-23 406832]
"SCANINICIO"="c:\programmer\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe" [2007-07-11 27952]
"SunJavaUpdateSched"="c:\programmer\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]
"SPAMfighter Agent"="c:\programmer\SPAMfighter\SFAgent.exe" [2008-09-22 324232]
"NBKeyScan"="c:\programmer\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2008-02-21 1647912]
"nwiz"="nwiz.exe" [2004-07-15 c:\windows\system32\nwiz.exe]
"nForce Tray Options"="sstray.exe" [2002-12-05 c:\windows\system32\sstray.exe]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 c:\windows\LOGI_MWX.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
Adobe Gamma Loader.lnk - c:\programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-20 113664]
Adobe Reader Hurtigstart.lnk - c:\programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Gigaset WLAN Adapter Monitor.lnk - c:\programmer\Siemens\Gigaset USB Adapter 300\GUI.exe [2008-09-21 815104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2007-02-15 19:02 50736 c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bjrjglr]
bjrjglr.dll [BU]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2joxx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:azureus
"6881:UDP"= 6881:UDP:azureus
"49152:TCP"= 49152:TCP:danishbits
"49152:UDP"= 49152:UDP:danishbits

R0 ati2joxx;ati2joxx;c:\windows\system32\Drivers\ati2joxx.sys [2008-11-08 32768]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT.SYS [2007-05-11 71736]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT.SYS [2007-05-11 51256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetmon.SYS [2007-05-11 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT.SYS [2007-07-11 191672]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETFLTDI.SYS [2007-05-11 08:33 132920]
R1 SMSFLT;SMS Filter Plugin;c:\windows\system32\Drivers\SMSFLT.SYS [2007-05-11 37304]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT.SYS [2007-05-11 30648]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\programmer\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-20 98304]
R2 cpoint;Panda CPoint Driver;c:\windows\system32\drivers\cpoint.sys [2007-06-08 24760]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\programmer\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-20 118784]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\programmer\SPAMfighter\sfus.exe [2008-09-22 184968]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys [ ]
R3 CBPSp50;CBPSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\CBPSp50.sys [2006-11-28 27072]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\DRIVERS\COMFiltr.sys [2008-11-08 13880]
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\netimflt.sys [2007-04-24 142128]
R3 PavSRK.sys;PavSRK.sys;c:\windows\system32\PavSRK.sys [ ]
R3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [ ]
S0 fyii;fyii;c:\windows\system32\drivers\zndupqnm.sys [ ]
S0 stdtvjz;stdtvjz;c:\windows\system32\drivers\fdui.sys [ ]
S0 yhcccdj;yhcccdj;c:\windows\system32\drivers\qyiugi.sys [ ]
S3 CBPMp50;CBPMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\CBPMp50.sys [ ]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\DRIVERS\rt2870.sys [2007-10-28 529408]
.
.
------- Yderligere scanning -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.dk/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -:     c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 -: Easy-WebPrint Add To Print List - c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 -: Easy-WebPrint High Speed Print - c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 -: Easy-WebPrint Preview - c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 -: Easy-WebPrint Print - c:\programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {029FDBA6-3547-11D7-AA4C-0050BF051A00} - hxxp://downol.dr.dk/download/netradio/Rawflow.cab
c:\windows\Downloaded Program Files\Rawflow.ocx

O16 -: {1221EA33-878F-4672-B799-05DAAF1298CF} - hxxp://resources.tele2.dk/privat/internet/pctest/systeminfo1.dll
c:\windows\Downloaded Program Files\systeminfo1.dll

O16 -: {1D381386-B2F7-4A83-AE20-B9796A68397C} - hxxps://www.borgerblanketter.dk/bb/proXSign1.cab
c:\windows\Downloaded Program Files\proXSign1.inf
c:\windows\Downloaded Program Files\nproXSign1.dll

O16 -: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} - hxxps://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe

O16 -: {4B4420CE-1DE7-4D81-ADF7-F88B45880F80} - hxxps://ler.ler.dk/GeoLer/GeoLer.CAB
c:\windows\Downloaded Program Files\GeoLer.INF
c:\windows\system32\MSVCRT.DLL
c:\windows\system32\RICHED32.DLL
c:\windows\system32\MSCOMCTL.OCX
c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
c:\windows\Downloaded Program Files\GraphicsMill20BaseCodecs.dll
c:\windows\Downloaded Program Files\dk.png
c:\windows\system32\GdTransMS.dll
c:\windows\system32\KmsSysMS.dll
c:\windows\Downloaded Program Files\ZOOMIN.ICO
c:\windows\Downloaded Program Files\system.ico
c:\windows\Downloaded Program Files\HAND.ICO
c:\windows\Downloaded Program Files\geojardraw.ico
c:\windows\Downloaded Program Files\geojardraw2.ico
c:\windows\Downloaded Program Files\center.ICO
c:\windows\Downloaded Program Files\ZOOMOUT.ICO
c:\windows\system32\msstkprp.dll
c:\windows\system32\richtx32.ocx
c:\windows\Downloaded Program Files\GraphicsMill20.dll
c:\windows\Downloaded Program Files\GraphicsMill20Controls.ocx
c:\windows\system32\KMSTRLIB.dll
c:\windows\Downloaded Program Files\GeoLer.ocx

O16 -: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} - hxxps://opdatering.tdc.dk/csp/authenticode/tdccsp-0506.exe

O16 -: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp07.photoprintit.de/microsite/defaults/activex/ImageUploader3.cab
c:\windows\Downloaded Program Files\ImageUploader_3.inf
c:\windows\Downloaded Program Files\ImageUploader_3.ocx

O16 -: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} - hxxp://gis.hng.dk/GEOWMAP2/HTML/acgm/acgm.cab
c:\windows\Downloaded Program Files\acgm.inf
c:\windows\system32\msvcrt.dll
c:\windows\system32\snbdpl1.dll
c:\windows\system32\snbd9dm.dll
c:\windows\system32\igsnrn22.dll
c:\windows\system32\igsnpb22.dll
c:\windows\system32\igsnol22.dll
c:\windows\system32\igsncm22.dll
c:\windows\system32\browser.exa
c:\windows\system32\Acgm.Dll
.
.
------- Fil Associationer -------
.
JSEFile=c:\progra~1\PANDAS~1\PANDAP~1\PavScrip.exe "%1" %*
VBEFile=c:\progra~1\PANDAS~1\PANDAP~1\PavScrip.exe "%1" %*
VBSFile=c:\progra~1\PANDAS~1\PANDAP~1\PavScrip.exe "%1" %*
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-08 20:19:49
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwEnumerateKey, ZwClose, ZwEnumerateValueKey, ZwQueryValueKey, ZwOpenFile

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
------------------------ Andre kørende processer ------------------------
.
c:\programmer\Panda Software\Panda Platinum 2006 Internet Security\PAVSRV51.EXE
c:\programmer\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE
c:\programmer\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
c:\windows\system32\nvsvc32.exe
c:\programmer\Panda Software\Panda Platinum 2006 Internet Security\PsCtrlS.exe
c:\programmer\Panda Software\Panda Platinum 2006 Internet Security\PAVFNSVR.EXE
c:\programmer\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
c:\programmer\Panda Software\Panda Platinum 2006 Internet Security\FIREWALL\PSHost.exe
c:\programmer\Panda Software\Panda Platinum 2006 Internet Security\PsImSvc.exe
c:\windows\system32\rundll32.exe
c:\programmer\Panda Software\Panda Platinum 2006 Internet Security\SrvLoad.exe
c:\windows\system32\rundll32.exe
c:\programmer\Logitech\MouseWare\system\EM_EXEC.EXE
c:\programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\msiexec.exe
c:\programmer\Fælles filer\Ahead\Lib\NMIndexStoreSvr.exe
c:\programmer\Panda Software\Panda Platinum 2006 Internet Security\WebProxy.exe
c:\programmer\Panda Software\Panda Platinum 2006 Internet Security\psimreal.exe
c:\programmer\Panda Software\Panda Platinum 2006 Internet Security\PavBckPT.exe
.
**************************************************************************
.
Gennemført tid: 2008-11-08 20:25:48 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2008-11-08 19:25:34
ComboFix2.txt  2008-11-08 16:43:12
ComboFix3.txt  2008-11-08 00:05:38

Pre-Kørsel: 103.334.363.136 byte ledig
Post-Kørsel: 103,323,164,672 byte ledig

250    --- E O F ---    2008-11-04 18:55:39



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:30:15, on 08-11-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
C:\Programmer\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Panda Software\Panda Platinum 2006 Internet Security\PsCtrls.exe
C:\Programmer\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
C:\Programmer\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Programmer\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
c:\programmer\panda software\panda platinum 2006 internet security\firewall\PSHOST.EXE
C:\Programmer\Panda Software\Panda Platinum 2006 Internet Security\psimsvc.exe
C:\Programmer\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Panda Software\Panda Platinum 2006 Internet Security\ApvxdWin.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\sstray.exe
C:\Programmer\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\SPAMfighter\SFAgent.exe
C:\Programmer\Logitech\MouseWare\system\em_exec.exe
C:\Programmer\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe
C:\Programmer\Siemens\Gigaset USB Adapter 300\GUI.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmer\Panda Software\Panda Platinum 2006 Internet Security\WebProxy.exe
C:\Programmer\Panda Software\Panda Platinum 2006 Internet Security\PavBckPT.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmer\Windows NT\Tilbehør\wordpad.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmer\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmer\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmer\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programmer\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Programmer\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmer\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Gigaset WLAN Adapter Monitor.lnk = C:\Programmer\Siemens\Gigaset USB Adapter 300\GUI.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programmer\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {1221EA33-878F-4672-B799-05DAAF1298CF} (sysinfo1 Class) - http://resources.tele2.dk/privat/internet/pctest/systeminfo1.dll
O16 - DPF: {1D381386-B2F7-4A83-AE20-B9796A68397C} (proXSign Class) - https://www.borgerblanketter.dk/bb/proXSign1.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {4B4420CE-1DE7-4D81-ADF7-F88B45880F80} (GeoLer.ctlGeoLer) - https://ler.ler.dk/GeoLer/GeoLer.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://gis.frederiksberg.dk/viewer/v65/mgaxctrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://opdatering.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp07.photoprintit.de/microsite/defaults/activex/ImageUploader3.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://gis.hng.dk/GEOWMAP2/HTML/acgm/acgm.cab
O20 - Winlogon Notify: bjrjglr - bjrjglr.dll (file missing)
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Programmer\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Programmer\Panda Software\Panda Platinum 2006 Internet Security\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programmer\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programmer\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Programmer\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Programmer\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\programmer\panda software\panda platinum 2006 internet security\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Programmer\Panda Software\Panda Platinum 2006 Internet Security\psimsvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Programmer\SPAMfighter\sfus.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Programmer\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe

--
End of file - 10503 bytes