check af Hijack This

Jeg sys ikke lige jeg kan finde noget unormalt.

ok - men har fået on besked om at der skulle være entrojaner ved navn Downloader- Buffy

Er den ikke blevet fjernet så ?? For jeg ser ikke noget i loggen.

Prøver at kikke endnu engang .....

Er der ellers noget der med fordel kan fjernes.....

Der er nu klar indikation på infektion i den log. Derfor vil jeg anbefale dig at køre hele den procedure, som nævnes her:
http://www.eksperten.dk/artikler/1123
...og lægge de nævnte logs herind til gennemsyn. Så skal jeg se på det *S*

ok, men det må så blive senere på dagen, hvis der også skal soves lidt.

Min log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/09/2007 at 04:26 AM

Application Version : 3.9.1008

Core Rules Database Version : 3302
Trace Rules Database Version: 1308

Scan type      : Complete Scan
Total Scan Time : 00:43:06

Memory items scanned      : 178
Memory threats detected  : 0
Registry items scanned    : 5492
Registry threats detected : 0
File items scanned        : 26126
File threats detected    : 0

********************************* ROOTCHK-(22-08-07)-LOG, by ejvindh
09-09-2007  7:34:42,75

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-09 07:34:43
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden files: 0

ComboFix 07-09-09.4 - "Jan" 2007-09-09  7:38:29.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.586 [GMT 2:00]
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\Jan\APPLIC~1\DriveCleaner 2006 Free
C:\DOCUME~1\Jan\APPLIC~1\DriveCleaner 2006 Free\Logs\update.log
C:\DOCUME~1\Jan\err.log
C:\Programmer\MW
C:\WA6P
C:\WINDOWS\system32\stera.log


(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_FOPN


(((((((((((((((((((((((((  Files Created from 2007-08-09 to 2007-09-09  )))))))))))))))))))))))))))))))
.

2007-09-09 07:37    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-09-09 01:49    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-09-09 01:49    <DIR>    d--------    C:\DOCUME~1\Jan\APPLIC~1\SUPERAntiSpyware.com
2007-09-09 01:49    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-09 00:11    <DIR>    d--------    C:\WINDOWS\system32\ActiveScan
2007-09-08 23:50    <DIR>    d--------    C:\DOCUME~1\Jan\.housecall6.6
2007-09-08 10:48    <DIR>    d--------    C:\DOCUME~1\Jan\APPLIC~1\Printer Info Cache
2007-08-24 17:04    <DIR>    d--------    C:\Programmer\Gadwin Systems
2007-08-24 14:56    <DIR>    d--------    C:\Programmer\Lavasoft
2007-08-24 14:56    <DIR>    d--------    C:\Programmer\F‘lles filer\Wise Installation Wizard
2007-08-24 14:56    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-24 12:26    <DIR>    d--------    C:\Programmer\Sunbelt Software
2007-08-24 12:25    95,608    --a------    C:\WINDOWS\system32\AVASTSS.scr
2007-08-24 12:25    94,416    --a------    C:\WINDOWS\system32\drivers\aswmon2.sys
2007-08-24 12:25    92,848    --a------    C:\WINDOWS\system32\drivers\aswmon.sys
2007-08-24 12:25    801,144    --a------    C:\WINDOWS\system32\aswBoot.exe
2007-08-24 12:25    42,912    --a------    C:\WINDOWS\system32\drivers\aswTdi.sys
2007-08-24 12:25    26,624    --a------    C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-24 12:25    23,152    --a------    C:\WINDOWS\system32\drivers\aswRdr.sys
2007-08-24 03:40    <DIR>    d--------    C:\DOCUME~1\Jan\APPLIC~1\FastStone
2007-08-24 02:31    <DIR>    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-24 01:49    271,224    --a------    C:\WINDOWS\system32\mucltui.dll
2007-08-24 01:30    <DIR>    d--------    C:\Programmer\FastStone MaxView
2007-08-24 01:30    <DIR>    d--------    C:\Programmer\FastStone Image Viewer
2007-08-24 00:55    <DIR>    d--------    C:\Programmer\Microsoft CAPICOM 2.1.0.2
2007-08-24 00:10    24,816    --a------    C:\WINDOWS\system32\mdimon.dll
2007-08-24 00:09    <DIR>    d--------    C:\Programmer\Microsoft.NET
2007-08-24 00:08    <DIR>    d--------    C:\WINDOWS\SHELLNEW
2007-08-24 00:06    <DIR>    dr-h-----    C:\MSOCache
2007-08-23 23:18    <DIR>    d--------    C:\Programmer\TimeTool

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-09 03:39    326    --a------    C:\WINDOWS\system32\drivers\fwdrv.err
2007-09-08 10:53    ---------    d--------    C:\DOCUME~1\Jan\APPLIC~1\Image Zone Express
2007-09-06 12:00    26624    --a------    C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-24 15:00    9344    --a------    C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-24 15:00    8320    --a------    C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-24 12:23    ---------    d--------    C:\DOCUME~1\Jan\APPLIC~1\Lavasoft
2007-08-24 02:10    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\NPF
2007-08-24 02:02    5    --a------    C:\NPF_USER.DAT
2007-08-23 23:32    ---------    d--------    C:\Programmer\Google
2007-08-23 22:49    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-23 21:34    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-03 12:01    ---------    d-a------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-03 00:49    ---------    d--------    C:\Programmer\MyProduct
2007-08-02 09:47    888832    --a------    C:\WINDOWS\system32\registry3312.exe
2007-07-30 19:19    92504    --a------    C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19    53080    --a------    C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19    43352    --a------    C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\system32\wups.dll
2007-07-30 19:18    207736    --a------    C:\WINDOWS\system32\muweb.dll
2007-07-28 23:48    ---------    d--------    C:\Programmer\Windows Defender
2007-07-26 23:20    ---------    d--------    C:\Programmer\SpeedBit Video Accelerator
2007-07-26 00:11    ---------    d--------    C:\Programmer\AskPBar
2007-07-25 16:07    ---------    d--------    C:\Programmer\Yahoo!
2007-07-25 11:06    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
2007-07-25 02:12    ---------    d--------    C:\DOCUME~1\Jan\APPLIC~1\Apple Computer
2007-07-25 02:11    ---------    d--------    C:\Programmer\Apple Software Update
2007-07-25 02:10    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-20 21:56    ---------    d--------    C:\Programmer\Arcade Lines
2007-07-20 21:53    520192    --a------    C:\WINDOWS\system32\Ekstra Bladet screensaver.scr
2007-07-18 10:31    ---------    d--------    C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
2007-07-18 10:28    ---------    d--h-----    C:\Programmer\InstallShield Installation Information
2007-07-15 18:30    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-07-15 01:25    50688    --a------    C:\WINDOWS\system32\wbhelp2.dll
2007-07-15 01:05    ---------    d--------    C:\Programmer\CCleaner
2007-07-14 01:29    ---------    d--------    C:\Programmer\MSXML 4.0
2007-07-13 20:07    ---------    d--------    C:\Programmer\Windows Media Connect 2
2007-07-11 18:11    ---------    d--------    C:\DOCUME~1\Jan\APPLIC~1\SPAMfighter
2007-07-11 17:17    ---------    d--------    C:\Programmer\Common Files
2007-07-09 19:39    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
2007-07-09 15:13    ---------    d--------    C:\DOCUME~1\Jan\APPLIC~1\HP
2007-07-04 14:22    1184400    --a------    C:\WINDOWS\system32\FreeImage.dll
2007-06-26 08:10    1104896    --a------    C:\WINDOWS\system32\msxml3.dll
2007-06-19 15:32    282112    --a------    C:\WINDOWS\system32\gdi32.dll
2007-06-13 15:22    1034240    --a------    C:\WINDOWS\explorer.exe
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
    ---------        C:\Programmer\Fælles filer\System
    ---------        C:\Programmer\Fælles filer\Microsoft Shared
    ---------        C:\Programmer\Fælles filer\HP
    ---------        C:\Programmer\Fælles filer\DESIGNER
    ---------        C:\Programmer\Fælles filer\Apple
    ---------        C:\Programmer\Fælles filer
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 12:22]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"Windows Defender"="C:\Programmer\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 17:23 C:\WINDOWS\StartupMonitor.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=":C:\Programmer\Messenger\msmsgs.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 02:53]
"Gadwin PrintScreen 2.6"="C:\Programmer\Gadwin Systems\PrintScreen\PrintScreen.exe" [2003-07-16 11:29]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-09-09 02:22]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\DOCUME~1\ALLUSE~1\MENUEN~1\PROGRA~1\Start\
HP Digital Imaging Monitor.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]

C:\DOCUME~1\Jan\MENUEN~1\PROGRA~1\Start\
MutiKeyboard Driver.lnk - C:\Programmer\MultiKeyboard Driver\KbdDrv.exe [2007-06-27 22:52:19]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Programmer\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wa6pcw]
"C:\Programmer\Fælles filer\WinAntiVirus Pro 2006\wa6pcw.exe" -c

R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R1 TDI_RD;Firewall Engine Type-R;\??\C:\WINDOWS\System32\drivers\tdi_rd.sys
R2 sbbotdi;sbbotdi;\??\C:\PROGRA~1\SPEEDB~1\sbbotdi.sys
R3 Usbfilt;UsbFilt;\??\C:\WINDOWS\SYSTEM32\DRIVERS\usbfilt.sys
S3 N100;Compaq Ethernet eller Fast Ethernet NIC-driver;C:\WINDOWS\system32\DRIVERS\n100325.sys
S3 NetWlan5;Driver til symbolbaseret 802.11b Wireless LAN-netværkskort;C:\WINDOWS\system32\DRIVERS\NetWlan5.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-08-29 20:08:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2007-09-09 05:46:20 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmer\Windows Defender\MpCmdRun.exe
"2007-08-27 21:44:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Programmer\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-05-19 21:44:59 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Programmer\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-09 07:44:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\WINDOWS\system32\cmd.exe [3672] 0x85A85D18


scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Aavmker4]


[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aawservice]
"ImagePath"="\"C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe\""
.
Completion time: 2007-09-09  7:46:36 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-09 07:46
.
    --- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 07:31:46, on 09-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Programmer\Norman\NPF\NPFSVICE.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\WINDOWS\StartupMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\MultiKeyboard Driver\KbdDrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Jan\Skrivebord\Ny mappe\alternativ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [windows] :C:\Program Files\Windows Media Player\windowsmediaplayer.exe
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] :"C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Programmer\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: MutiKeyboard Driver.lnk = C:\Programmer\MultiKeyboard Driver\KbdDrv.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: *.danicapension.dk
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187907598203
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187907810500
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netpension.danicapension.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F9F8BC4-8D36-4DCB-99B6-55B5EDB8263F}: NameServer = 208.67.222.222,208.67.220.220
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Programmer\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: Norman Type-R - Unknown owner - C:\Programmer\Norman\NPF\NPFSVICE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Det hjalp lidt, men der er stadig lidt tilbage. Prøv nu følgende:

-- Det ser ud til at du har 2 antivirus installeret: Avast og Norman. Det er uhensigtsmæssigt, og vil nemt kunne give en sløv computer. Derfor bør du afinstallere det ene.

-- Kopiér så indholdet mellem de bølgede linier ind i et notepad-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt. Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

~~~~~~~~~~~~~~~~~~~~~~~~~~
File::
C:\WINDOWS\system32\registry3312.exe

Folder::
C:\Programmer\Fælles filer\WinAntiVirus Pro 2006

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wa6pcw]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows"=-
~~~~~~~~~~~~~~~~~~~~~~~~~~
Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen. Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind til gennemsyn

-- Lav også en ny log med Hijackthis, som du lægger herind til gennemsyn.

ok ... er igang

[code]
2007-05-12 11:29      2    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\stera.log.vir
2007-05-12 11:30      0    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Jan\err.log.vir
2007-05-13 11:20      1750    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\Jan\APPLIC~1\DriveCleaner 2006 Free\Logs\update.log.vir
2007-07-08 21:23      15399    --a------    C:\Qoobox\Quarantine\C\ComboFix\FProps.vbs.vir
2007-08-02 09:47      888832    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\registry3312.exe.vir
2007-09-09 07:40      774    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_FOPN.reg.cf


Mappetr‘
Diskenhedens serienummer er F0B1-ED45
C:\QOOBOX\QUARANTINE
+---C
|  +---ComboFix
|  |      FProps.vbs.vir
|  |     
|  +---DOCUME~1
|  |  \---Jan
|  |      |  err.log.vir
|  |      | 
|  |      \---APPLIC~1
|  |          \---DriveCleaner 2006 Free
|  |              \---Logs
|  |                      update.log.vir
|  |                     
Ny log:

|  \---WINDOWS
|      \---system32
|              registry3312.exe.vir
|              stera.log.vir
|             
\---Registry_backups
        LEGACY_FOPN.reg.cf
       
[/code]

Logfile of HijackThis v1.99.1
Scan saved at 15:07:35, on 09-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmer\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\WINDOWS\StartupMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\MultiKeyboard Driver\KbdDrv.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Jan\Skrivebord\HijackThis\alternativ.exe
C:\WINDOWS\System32\HPZipm12.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] :"C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 2.6] C:\Programmer\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: MutiKeyboard Driver.lnk = C:\Programmer\MultiKeyboard Driver\KbdDrv.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: *.danicapension.dk
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187907598203
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187907810500
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netpension.danicapension.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F9F8BC4-8D36-4DCB-99B6-55B5EDB8263F}: NameServer = 208.67.222.222,208.67.220.220
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Programmer\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Det ville være rart hvis der var en der kunne fortsætte, da det er vedr. en pcèr i Sverige, og jeg skal tilbage til Danmark i aften.

<ejvindh> ska' nok komme tilbage til dig...

Loggen er ren. For at gøre arbejdet helt færdig:
Det kan være en god ide og rydde op i systemgendannelses filerne. Deaktiver systemgendannelse (http://www.spywarefri.dk/virusscannere.htm#alle) - genstart din computer - aktiver systemgendannelse.
Og så kan det også være en god ide at skjule dine systemfiler og -mapper igen, så du ikke ved en fejl kommer til at slette en vigtig fil. Det gør du samme sted, hvor du satte det til at vise alle filer, denne gang vælger du bare: Vis ikke skjulte filer og mapper.

Det kan også være en god ide at få renset ud i dine midlertidige filer. Det kan gøres på en hurtig og nem måde med denne fil
www.spywareinfo.dk/download/cleantempxp2k.bat
---------------------------

For at forhindre gentagelser, vil jeg anbefale dig at lægge nogle små programmer ind, som forhindrer spyware i at komme ind i første omgang. Du finder links og gode råd her:
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm

Jeg vil også foreslå, at du læser disse artikler om hvordan du kan undgå at blive inficeret i fremtiden:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
http://www.ejvindh.net/viewtopic.php?t=37

Tak for hjælpen.... Kommer nok med en ny log, da jeg er ved at se på en anden pcèr

... i en anden tråd ...

Du er velkommen :-)