HJÆLP TIL: HijackThis, SUPERAntiSpyware og ComboFix log
Hej eksperter.Jeg har efter jeg har fået hjælp herinde stadig haft problemer med noget Pop-Ups/SpyWare. Nu har jeg kørt nogle programmer til oprydning af computeren. efter: http://www.eksperten.dk/artikler/1123
Håber der er nogle der gider hjælpe mig med at kigge mine logs igennem!?
ComboFix LOG:
ComboFix 08-06-12.2 - Administrator 2008-06-15 13:32:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1030.18.699 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Skrivebord\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM47fbcaf5.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\Fonts\CALIBRIB.TTF
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ayomcclj.ini
C:\WINDOWS\system32\bcnyyejd.ini
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\dtctewni.dll
C:\WINDOWS\system32\ecuvqova.dll
C:\WINDOWS\system32\egxwvejm.dll
C:\WINDOWS\system32\eirsbkyu.dll
C:\WINDOWS\system32\gjgrpjsw.dll
C:\WINDOWS\system32\hyamjwdi.ini
C:\WINDOWS\system32\idwjmayh.dll
C:\WINDOWS\system32\ikRsDJlm.ini
C:\WINDOWS\system32\ikRsDJlm.ini2
C:\WINDOWS\system32\jlccmoya.dll
C:\WINDOWS\system32\khowlweq.ini
C:\WINDOWS\system32\klmoq.ini
C:\WINDOWS\system32\klmoq.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\PVFOoUvw.ini
C:\WINDOWS\system32\PVFOoUvw.ini2
C:\WINDOWS\system32\qefpygnm.dll
C:\WINDOWS\system32\rluancms.dll
C:\WINDOWS\system32\ryhxcdbj.dll
C:\WINDOWS\system32\ttbnyvnd.dll
C:\WINDOWS\system32\uuebhawj.ini
C:\WINDOWS\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2008-05-15 to 2008-06-15 )))))))))))))))))))))))))))))))
.
2008-06-15 13:39 . 2008-06-15 13:39 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-15 12:39 . 2008-06-15 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-15 12:38 . 2008-06-15 12:52 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2008-06-15 12:38 . 2008-06-15 12:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-06-14 01:23 . 2008-04-13 09:36 144,384 --------- C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-06-14 01:23 . 2008-04-13 11:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-06-14 01:21 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\005703_.tmp
2008-06-13 17:48 . <DIR> C:\Programmer\Fælles filer\Scanner
2008-06-13 17:47 . 2008-06-13 17:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-06-13 17:12 . 2008-06-13 19:58 <DIR> d-------- C:\Programmer\Yahoo!
2008-06-13 17:12 . 2008-06-13 17:13 <DIR> d-------- C:\Programmer\CCleaner
2008-06-13 14:17 . 2008-06-13 14:17 <DIR> d-------- C:\Programmer\Trend Micro
2008-06-11 23:20 . 2008-06-12 15:42 <DIR> d-------- C:\Programmer\bwin
2008-06-11 19:49 . 2008-06-11 19:52 438 --a------ C:\WINDOWS\wininit.ini
2008-06-11 18:57 . 2008-06-11 23:25 <DIR> d-------- C:\Programmer\Spybot - Search & Destroy
2008-06-11 18:57 . 2008-06-11 23:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-03 09:45 . 2008-06-03 09:45 128 --a------ C:\WINDOWS\0C056A8E.dat
2008-06-02 10:01 . 2008-06-02 10:01 128 --a------ C:\WINDOWS\0FB11351.dat
2008-05-27 16:07 . 2008-05-27 16:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microgaming
2008-05-27 16:07 . 2008-06-09 14:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MGS
2008-05-22 14:21 . 2008-05-22 14:27 <DIR> d-------- C:\Programmer\MansionPoker
2008-05-15 10:21 . 2008-05-28 16:52 <DIR> d-------- C:\Programmer\Trafikteori
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 10:38 --------- d-----w C:\Programmer\Fælles filer\Wise Installation Wizard
2008-06-14 23:47 --------- d-----w C:\Programmer\Fælles filer\NSV
2008-06-14 23:11 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Azureus
2008-06-14 23:04 --------- d-----w C:\Programmer\Lavasoft
2008-06-14 22:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-14 22:17 --------- d-----w C:\Programmer\MSN Messenger
2008-06-13 12:05 --------- d-----w C:\Programmer\SopCast
2008-06-13 10:13 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7
2008-06-01 21:40 --------- d-----w C:\Programmer\Azureus
2008-05-28 18:05 --------- d-----w C:\Programmer\PokerStars
2008-05-28 16:12 --------- d-----w C:\Programmer\ScandicBookmakers.com
2008-05-28 14:45 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Microgaming
2008-05-15 08:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-01 16:42 --------- d-----w C:\Programmer\AC Tool
2008-04-27 16:08 --------- d-----w C:\Programmer\NEXON
2008-04-26 12:57 --------- d-----w C:\Programmer\Fælles filer\Adobe
2008-04-24 12:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-04-24 12:06 --------- d-----w C:\Programmer\BFG
2008-04-24 06:42 --------- d-----w C:\Programmer\Peggle Deluxe
2008-04-24 06:37 --------- d-----w C:\Programmer\ReflexiveArcade
2008-04-14 07:06 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 07:06 284,672 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 07:06 150,528 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 07:05 69,632 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 07:05 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 07:05 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 07:05 1,034,752 ----a-w C:\WINDOWS\explorer.exe
2007-05-10 13:10 81,920 ----a-w C:\Documents and Settings\Administrator\Application Data\ezpinst.exe
2007-05-10 13:10 47,360 ----a-w C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
.
[code]<pre>
----a-w 68,856 2007-12-25 11:10:55 C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w 579,072 2007-12-25 11:10:53 C:\Programmer\Grisoft\AVG7\avgcc .exe
----a-w 15,360 2007-12-24 11:36:14 C:\WINDOWS\system32\ctfmon .exe
</pre>[/code]
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG Control Center"="C:\Programmer\Grisoft\AVG7\avgcc .exe" [2007-12-25 13:10 579072]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 09:05 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 09:05 15360]
"PcSync"="C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-24 13:49 219136]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2008-06-15 12:52 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
antiwpa.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXRlJdb]
byXRlJdb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcdedb]
efcdedb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menuen Start^Programmer^Start^Screen Clipper and Launcher til OneNote 2007.lnk]
path=C:\Documents and Settings\Administrator\Menuen Start\Programmer\Start\Screen Clipper and Launcher til OneNote 2007.lnk
backup=C:\WINDOWS\pss\Screen Clipper and Launcher til OneNote 2007.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Hurtigstart.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Hurtigstart.lnk
backup=C:\WINDOWS\pss\Adobe Reader Hurtigstart.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^BestCrypt Auto Open.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\BestCrypt Auto Open.lnk
backup=C:\WINDOWS\pss\BestCrypt Auto Open.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\44c8f969]
C:\WINDOWS\system32\jlccmoya.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a------ 2001-09-04 12:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-03-22 22:10 335872 C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Programmer\BitTorrent\bittorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM47fbcaf5]
C:\WINDOWS\system32\ryhxcdbj.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 09:05 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall]
C:\Programmer\FreeCall.com\FreeCall\FreeCall.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Programmer\Fælles filer\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JewelMinerv2Setup.exe]
C:\DOWNLO~1\JEWELM~1.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\qomlk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Updates]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 15:21 2213160 C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Programmer\Fælles filer\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProxyWay]
C:\Programmer\ProxyWay\proxyway.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2003-12-19 12:53 65024 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2005-02-10 14:00 536576 C:\Programmer\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2005-02-10 14:00 98304 C:\Programmer\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]
C:\Program Files\webHancer\Programs\whAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion]
C:\Program Files\webHancer\Programs\whSurvey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"Microsoft Updates"=svshost.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmer\\Azureus\\Azureus.exe"=
"C:\\Programmer\\Internet Explorer\\iexplore.exe"=
"C:\\Programmer\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Programmer\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Programmer\\Skype\\Phone\\Skype.exe"=
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmer\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:war3
R1 BC_3DES;BC_3DES;C:\WINDOWS\system32\drivers\BC_3DES.sys [2007-05-31 05:44]
R1 BC_BF128;BC_BF128;C:\WINDOWS\system32\drivers\BC_BF128.sys [2007-05-31 05:45]
R1 BC_BF448;BC_BF448;C:\WINDOWS\system32\drivers\BC_BF448.sys [2007-05-31 05:46]
R1 BC_BFish;BC_BFish;C:\WINDOWS\system32\drivers\BC_BFish.sys [2007-05-31 05:47]
R1 BC_CAST;BC_CAST;C:\WINDOWS\system32\drivers\BC_CAST.sys [2007-05-31 05:48]
R1 BC_DES;BC_DES;C:\WINDOWS\system32\drivers\BC_DES.sys [2007-05-31 05:49]
R1 BC_Gost;BC_Gost;C:\WINDOWS\system32\drivers\BC_Gost.sys [2007-05-31 05:50]
R1 BC_RC6;BC_RC6;C:\WINDOWS\system32\drivers\BC_RC6.sys [2007-05-31 05:52]
R1 BC_RIJN;BC_RIJN;C:\WINDOWS\system32\drivers\BC_RIJN.sys [2007-05-31 05:53]
R1 BC_SERP;BC_SERP;C:\WINDOWS\system32\drivers\BC_SERP.sys [2007-05-31 05:54]
R1 BC_TFISH;BC_TFISH;C:\WINDOWS\system32\drivers\BC_TFISH.sys [2007-05-31 05:54]
R1 bcbus;BestCrypt bus driver;C:\WINDOWS\system32\DRIVERS\bcbus.sys [2007-06-13 13:17]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 09:06]
R3 mhk;mhk;C:\WINDOWS\system32\drivers\mhk.sys [2006-12-12 13:45]
R3 moh;moh;C:\WINDOWS\system32\drivers\moh.sys [2006-12-12 13:45]
S3 NetWlan5;Driver til symbolbaseret 802.11b Wireless LAN-netværkskort;C:\WINDOWS\system32\DRIVERS\NetWlan5.sys [2004-08-27 02:49]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2007-12-26 12:57]
S4 Messagcr;Messagcr;c:\temp\svchost.exe []
S4 WZCOOK;WEP/WPA-PMK key recovery service;"C:\Documents and Settings\Administrator\Skrivebord\aircrack-ng-0.9.3-win\bin\wzcook.exe" []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2008-06-13 15:20:44 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Programmer\TuneUp Utilities 2008\OneClick.exe
"2008-06-14 14:46:03 C:\WINDOWS\Tasks\User_Feed_Synchronization-{4532B0DD-FF23-4475-B392-8BD552BB5BDB}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-15 13:43:11
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-06-15 13:45:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-15 11:45:48
Pre-Run: 11,029,770,240 byte ledig
Post-Run: 10,874,171,392 byte ledig
271 --- E O F --- 2008-05-29 09:23:00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HijackThis LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:30:56, on 15-06-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programmer\Grisoft\AVG7\avgcc .exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Skrivebord\HiJackThis version.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 219.87.131.104:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {07b06614-ed67-48c5-832f-e5b373a35493} - C:\WINDOWS\system32\gjgrpjsw.dll
O2 - BHO: {d531c5b9-f2a9-577a-2a84-01ff32362ff4} - {4ff26323-ff10-48a2-a775-9a2f9b5c135d} - C:\WINDOWS\system32\qefpygnm.dll
O2 - BHO: (no name) - {657FE57A-1AC8-455E-9651-51044228C11A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar2.dll
O2 - BHO: (no name) - {AA77D00F-4E5E-4215-935B-733BC974094A} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C29714C2-E8CC-4B90-9BA6-9BAFCD273932} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKCU\..\Run: [AVG Control Center] C:\Programmer\Grisoft\AVG7\avgcc .exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170974229120
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/activex/virtools/CacheManager.CAB
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.playfirst.com/play/game/dinerdash/DinerDash.1.0.0.93.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - http://asp08.photoprintit.de/microsite/10021/defaults/activex/ImageUploader3.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)
O20 - Winlogon Notify: byXRlJdb - byXRlJdb.dll (file missing)
O20 - Winlogon Notify: efcdedb - efcdedb.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 7202 bytes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SUPERAntiSpyware LOG:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 06/15/2008 at 01:21 PM
Application Version : 4.15.1000
Core Rules Database Version : 3482
Trace Rules Database Version: 1473
Scan type : Complete Scan
Total Scan Time : 00:23:29
Memory items scanned : 236
Memory threats detected : 2
Registry items scanned : 6846
Registry threats detected : 16
File items scanned : 21748
File threats detected : 7
Trojan.Vundo-Variant/Small
C:\WINDOWS\SYSTEM32\IIFEBYPH.DLL
C:\WINDOWS\SYSTEM32\IIFEBYPH.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38777590-2D74-4E06-AD43-E33CC64B2BA0}
HKCR\CLSID\{38777590-2D74-4E06-AD43-E33CC64B2BA0}
HKCR\CLSID\{38777590-2D74-4E06-AD43-E33CC64B2BA0}\InprocServer32
HKCR\CLSID\{38777590-2D74-4E06-AD43-E33CC64B2BA0}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{38777590-2D74-4E06-AD43-E33CC64B2BA0}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\iifebYPh
Adware.Vundo Variant/Resident
C:\WINDOWS\SYSTEM32\WVUOOFVP.DLL
C:\WINDOWS\SYSTEM32\WVUOOFVP.DLL
Adware.Vundo Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{80BB55D5-0982-4A14-95AE-B5B293FF85B6}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{80BB55D5-0982-4A14-95AE-B5B293FF85B6}
Trojan.Vundo-Variant/Small-GEN
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F00A6B23-9AE9-44EE-9962-AED23241EF08}
HKCR\CLSID\{F00A6B23-9AE9-44EE-9962-AED23241EF08}
HKCR\CLSID\{F00A6B23-9AE9-44EE-9962-AED23241EF08}\InprocServer32
HKCR\CLSID\{F00A6B23-9AE9-44EE-9962-AED23241EF08}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\AWTUUVLD.DLL
C:\WINDOWS\SYSTEM32\NNNMMNOF.DLL
C:\WINDOWS\SYSTEM32\WVUNOGWX.DLL
Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@adtech[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@track.adform[2].txt
Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\aoprndtws
HKLM\SOFTWARE\Microsoft\FCOVM
HKLM\SOFTWARE\Microsoft\RemoveRP
HKU\S-1-5-21-823518204-492894223-1343024091-500\Software\Microsoft\rdfa
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
På forhånd tak for hjælpen..