Hijack log mv
pc lukker hele tiden ned - har fjernet en delKan ikke downloade combofix? eller slå firewall i win til?
Resten følger her
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:01, on 21-10-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Nero\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
E:\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Nero\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Windows Media Player\WMPNSCFG.exe
C:\Programmer\Picasa2\PicasaMediaDetector.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\UStorSrv.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmer\Nero\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmer\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Programmer\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmer\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Steam] "E:\steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmer\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard/dashboard.aspx?EFCCHBCBEJICEHDBCJJCCCFAAIHGAFGAGFCGB (file missing)
O9 - Extra 'Tools' menuitem: Trend Micro Security Services - {D5E1CDC8-64B9-4f8c-8155-FC3B6D6749F7} - http://tmss.trendmicro.com/dashboard/dashboard.aspx?EFCCHBCBEJICEHDBCJJCCCFAAIHGAFGAGFCGB (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tdconline.dk/start
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {410A8B3C-7CCB-40E8-8B11-28B099E5C488} (Trend Micro Security Services Control) - http://tmss.trendmicro.com/Dashboard/controls/activex_10/TMSSReportW.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142886817687
O16 - DPF: {7AEBACC1-D7E4-4360-B520-6DA4C565B42C} (UploaderCtrl Class) - http://foto.tdconline.dk/upload-classes/Uploader.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: karna.dat
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmer\Nero\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
--
End of file - 6967 bytes
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 10/21/2008 at 12:04 PM
Application Version : 4.21.1004
Core Rules Database Version : 3603
Trace Rules Database Version: 1589
Scan type : Complete Scan
Total Scan Time : 00:18:49
Memory items scanned : 205
Memory threats detected : 0
Registry items scanned : 5025
Registry threats detected : 10
File items scanned : 17598
File threats detected : 17
Trojan.Dropper/Gen-NV
[brastk] C:\WINDOWS\SYSTEM32\BRASTK.EXE
C:\WINDOWS\SYSTEM32\BRASTK.EXE
[brastk] C:\WINDOWS\SYSTEM32\BRASTK.EXE
[brastk] C:\WINDOWS\SYSTEM32\BRASTK.EXE
Adware.Tracking Cookie
C:\Documents and Settings\Susanne og Sune\Cookies\susanne_og_sune@adtech[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adtech[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revsci[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@avgtechnologies.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@track.adform[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[2].txt
Rogue.XP AntiSpyware 2009
HKLM\Software\XP_Antispyware
HKLM\Software\XP_Antispyware#email3
HKLM\Software\XP_Antispyware#info
HKU\S-1-5-21-682003330-362288127-725345543-1004\Control Panel\don't load#wscui.cpl [ No ]
C:\Programmer\XP_AntiSpyware
Trojan.Downloader-Gen
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#brastk [ C:\WINDOWS\system32\brastk.exe ]
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run#brastk [ C:\WINDOWS\system32\brastk.exe ]
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run#brastk [ C:\WINDOWS\system32\brastk.exe ]
Trojan.Dropper/Gen
C:\WINDOWS\SYSTEM32\WINI10801.EXE
C:\WINDOWS\Prefetch\WINI10801.EXE-05D729B7.pf
