Hijackthis - Min fars

tjekker den nu

Der er rigtig meget forskelligt snavs, så du skal igennem en hel del..

Hent og dobbeltklik på smitRem.exe
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1
Programmet pakker sig ud til mappen smitRem.

-----

Hent og kør denne scanner:
http://www.spywarefri.dk/spywarefri-onlinescan.htm

-----

Mwav: http://www.spywareinfo.dk/download/mwav.exe
(men lad være med at scanne endnu).

-----

Ewido: http://www.ewido.net/en/download/
Klik på Download now. Installer og kør Ewido. Opdater straks efter installationen programmet, (men lad være med at scanne endnu).

-----

Genstart computeren i fejlsikret tilstand(Du skal klikke på f8 tasten under genstarten (ca. lige når der er talt ram), og så vælge fejlsikret tilstand. Er du i tvivl, så klik bare på f8 flere gange.)

Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: HomepageBHO - {1ca480cd-c0e5-4548-874e-b85b17905b3a} - C:\windows\System32\hp7ACB.tmp
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - blank (file missing)

O3 - Toolbar: (no name) - {094176F9-BF35-4bcb-B68A-108DFB8C3825} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - blank (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - blank (file missing)
O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - blank (file missing)

O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [uhe2lTr] C:\WINDOWS\eenij.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [uh$vùõš/‚²‘ÆßfÏNb‰C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\eenij.exe
O4 - HKLM\..\Run: [NI.UWFX5_0001_LP1014] "C:\Documents and Settings\DaMi\Local Settings\Temporary Internet Files\Content.IE5\W5EF05AB\WinFixer2005ScannerInstall[1].exe"
O4 - HKLM\..\Run: [Á³# é"h'þ9ÓœU3rŲWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\eenij.exe
O4 - HKLM\..\Run: [links] links.exe
O4 - HKLM\..\Run: [SpyAxe] C:\Program Files\SpyAxe\spyaxe.exe /h
O4 - HKCU\..\Run: [Erss] C:\Documents and Settings\DaMi\Application Data\eold.exe
O4 - HKCU\..\Run: [WinFixer2005] "C:\Program Files\WinFixer_2005\uwfx5.exe" /min

O16 - DPF: {00000000-6666-0704-0B53-2C8830E9FAEC} - http://key.one2bill.de/soft/ieloader.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://217.73.66.1/minidialler/mddl/DK/910191__.exe

Find og slet manuet:

C:\Program Files\ISTsvc <- hele mappen
C:\WINDOWS\eenij.exe
C:\Program Files\SurfAccuracy<-hele mappen
C:\Program Files\Internet Optimizer<-hele mappen
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\SpyAxe <- hele mappen
C:\Documents and Settings\DaMi\Application Data\eold.exe
C:\Program Files\WinFixer_2005<- hele mappen

Kør nu en fuld scanning med Ewido. Når den er færdig trykker du save report og gemmer rapporten.

Klik på mwav.exe som du hentede, programmet pakker sig selv ud og starter.
Sæt flueben i følgende:
Memory, Startup folders, drive, Registry, System folders og Services.
Sæt prik i følgende:
All local drives og Scan all files. Klik på scan clean. Når scanneren er færdig med at scanne, så kopier indholdet af vinduet "Virus Log Information" herind (marker det, og tast ctrl-c)

Åbn mappen smitRem, og dobbeltklik på RunThis.bat (Følg vejledningen i vinduet.)

Klik på Start->Kontrolpanel->Skærm->Skrivebord->Tilpas Skrivebordet->Web fjern flueben i Security Info og View my Active desktop as a web page (Det er ikke sikkert det eksisterer).

Genstart og kom med en frisk Hijackthislog, samt loggen fra Ewido. Find smitfiles.txt via Start/Søg. Kopier også denne log ind.

Den  Ewido tar lidt tid, så jeg er nok tidligst færdig ved gry...

Logfile of HijackThis v1.99.1
Scan saved at 14:08:58, on 23-12-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\System32\alg.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Norman\Npf\BIN\NPFSVICE.EXE
C:\Norman\bin\ZANDA.EXE
C:\windows\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Creative\Mouse Optical\mouse_2k.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\TerraTec\Cinergy 400 TV\TTTVRC.exe
C:\Norman\bin\ZLH.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
C:\WINDOWS\System32\LVComS.exe
C:\Norman\Npf\BIN\npfmsg2.exe
C:\Norman\bin\NJEEVES.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\windows\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\InterVideo\WinDVR\WinScheduler.exe
C:\windows\System32\wuauclt.exe
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\windows\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\DaMi\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Creative\Mouse Optical\mouse_2k.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TerraTec Remote Control] C:\Program Files\TerraTec\Cinergy 400 TV\TTTVRC.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB002" /M "Stylus C66"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DVD@ccess.lnk = C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Program Files\InterVideo\WinDVR\WinScheduler.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Opret Foretrukken på mobil enhed - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på mobil enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3D2CB570-D425-11D5-ABD0-00008369C46F} (CSMenu Class) - https://netbank.bgbank.dk/html/activex/BG/Menu.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {F6A56D95-A3A3-11D2-AC26-400000058481} (Danske e-Sec) - https://business.bgbank.dk/html/activex/danskesikker/BG/DanskeSikker.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on:            00:51:59, 23-12-2005
+ Report-Checksum:        52B5721B

+ Scan result:

    HKLM\SOFTWARE\Classes\CLSID\{BE44DD6F-057A-4476-A0D5-EC926957D277} -> Dialer.Generic : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{3E4C3E0B-6BBE-4C94-86CA-6F055A989693} -> Spyware.PurityScan : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{81EB72D7-3949-450F-B035-DE599959814F} -> Spyware.PurityScan : Cleaned with backup
    HKLM\SOFTWARE\Classes\MEDIATICKETSINSTALLER.MediaTicketsInstallerCtrl.1 -> Spyware.PurityScan : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{86227D9C-0EFE-4f8a-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
    HKLM\SOFTWARE\Video1\Dialers -> Dialer.Generic : Cleaned with backup
    HKU\S-1-5-21-1085031214-1060284298-1957994488-1003\Software\Holistyc -> Dialer.Generic : Cleaned with backup
    HKU\S-1-5-21-1085031214-1060284298-1957994488-1003\Software\Holistyc\live sex cams-264129 -> Dialer.Generic : Cleaned with backup
    HKU\S-1-5-21-1085031214-1060284298-1957994488-1003\Software\Holistyc\Mega Access-1094 -> Dialer.Generic : Cleaned with backup
    HKU\S-1-5-21-1085031214-1060284298-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
    HKU\S-1-5-21-1085031214-1060284298-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00BD2861-C654-4694-A44A-98642D73247D} -> Spyware.MyTotalSearch : Cleaned with backup
    HKU\S-1-5-21-1085031214-1060284298-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{094176F1-BF35-4BCB-B68A-108DFB8C3825} -> Spyware.MyTotalSearch : Cleaned with backup
    HKU\S-1-5-21-1085031214-1060284298-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{094176F9-BF35-4BCB-B68A-108DFB8C3825} -> Spyware.MyTotalSearch : Cleaned with backup
    HKU\S-1-5-21-1085031214-1060284298-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
    HKU\S-1-5-21-1085031214-1060284298-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30CE93AE-4987-483C-9ABE-F2BD5301AB70} -> Spyware.KeenValue : Cleaned with backup
    HKU\S-1-5-21-1085031214-1060284298-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
    HKU\S-1-5-21-1085031214-1060284298-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
    HKU\S-1-5-21-1085031214-1060284298-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup
    HKU\S-1-5-21-1085031214-1060284298-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DAB941D8-BC94-4819-AB4D-5598C65FA3FE} -> Spyware.Begin2Search : Cleaned with backup
    HKU\S-1-5-21-1085031214-1060284298-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E3F7205F-2AE0-4BF0-816B-2D24A5F20EC7} -> Spyware.StripPlayer : Cleaned with backup
    HKU\S-1-5-21-1085031214-1060284298-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} -> Spyware.MoneyTree : Cleaned with backup
    HKU\S-1-5-21-1085031214-1060284298-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
    HKU\S-1-5-21-1085031214-1060284298-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
    HKU\S-1-5-21-1085031214-1060284298-1957994488-1003\Software\Premium Web Service -> Dialer.Generic : Cleaned with backup
    HKU\S-1-5-21-1085031214-1060284298-1957994488-1003\Software\Premium Web Service\Content Browser -> Dialer.Generic : Cleaned with backup
    HKU\S-1-5-21-1085031214-1060284298-1957994488-1003\Software\Premium Web Service\Content Browser\Settings -> Dialer.Generic : Cleaned with backup
    HKU\S-1-5-21-1085031214-1060284298-1957994488-1003\Software\Video1\Dialers -> Dialer.Generic : Cleaned with backup
    HKU\S-1-5-21-1085031214-1060284298-1957994488-1003\Software\Video1\Dialers\Hot_Tarts_dk -> Dialer.Generic : Cleaned with backup
    HKU\S-1-5-21-1085031214-1060284298-1957994488-1003\Software\Video1\Dialers\Hot_Tarts_mc -> Dialer.Generic : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@217.73.66[2].txt -> Spyware.Cookie.217.73.66.16 : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@ad-logics[2].txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@adbrite[1].txt -> Spyware.Cookie.Adbrite : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@as1.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@c.porngraph[1].txt -> Spyware.Cookie.Porngraph : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@centrport[2].txt -> Spyware.Cookie.Centrport : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@counter1.sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@counter10.sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@counter11.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@counter12.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@counter13.sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@counter14.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@counter15.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@counter16.sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@counter2.hitslink[1].txt -> Spyware.Cookie.Hitslink : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@counter3.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@counter4.sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@counter5.sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@counter6.sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@counter7.sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@counter8.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@counter9.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@cs.sexcounter[2].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@cz11.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@cz8.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@cz9.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@e-2dj6wfmiglcpgkq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@e-2dj6wjkosgazsgp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@ehg-bmwna.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@ehg-bskyb.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@ehg-cafepress.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@ehg-cbs.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@ehg-electrum.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@ehg-eline.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@ehg-gameshownet.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@ehg-idg.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@ehg-ignitemedia.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@ehg-interlifeform.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@ehg-ladbrokes.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@ehg-nokiafin.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@ehg-tvtv.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@euniverseads[2].txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@free.wegcash[2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@hg1.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@hotlog[1].txt -> Spyware.Cookie.Hotlog : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@media.fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@metacafe.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@microsoftwga.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@paycounter[1].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@phg.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@programs.wegcash[2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@server.iad.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@sexlist[1].txt -> Spyware.Cookie.Sexlist : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@spylog[1].txt -> Spyware.Cookie.Spylog : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@stat.onestat[2].txt -> Spyware.Cookie.Onestat : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@targetnet[1].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@track.commissionpartner[2].txt -> Spyware.Cookie.Commissionpartner : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@vad.mainentrypoint[1].txt -> Spyware.Cookie.Mainentrypoint : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@vip.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@vip2.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@ws.sexcounter[2].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@www.adengage[1].txt -> Spyware.Cookie.Adengage : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@www.etracker[2].txt -> Spyware.Cookie.Etracker : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@www.sidefind[2].txt -> Spyware.Cookie.Sidefind : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@www6.paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@xxxcounter[2].txt -> Spyware.Cookie.Xxxcounter : Cleaned with backup
    C:\Documents and Settings\DaMi\Cookies\dami@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
    C:\Documents and Settings\DaMi\Local Settings\Temporary Internet Files\Content.IE5\0DIR8HEZ\DK[1].exe -> Dialer.Generic : Cleaned with backup
    C:\Documents and Settings\DaMi\Local Settings\Temporary Internet Files\Content.IE5\0DIR8HEZ\freeboard[1].htm -> Downloader.Inor.a : Cleaned with backup
    C:\Documents and Settings\DaMi\Local Settings\Temporary Internet Files\Content.IE5\C523SLAJ\Free_Sex_Download[1].exe -> Dialer.Generic : Cleaned with backup
    C:\Documents and Settings\DaMi\Local Settings\Temporary Internet Files\Content.IE5\ILG3MTMX\WinFixer2005ScannerInstall[1].exe -> Not-A-Virus.Downloader.Agent.d : Cleaned with backup
    C:\Documents and Settings\DaMi\Local Settings\Temporary Internet Files\Content.IE5\SDMZC9QZ\1871006[1].exe/ContentBrowser.exe -> Dialer.Generic : Cleaned with backup
    C:\Documents and Settings\DaMi\Local Settings\Temporary Internet Files\Content.IE5\W5EF05AB\mm[1].js -> Spyware.Chitika : Cleaned with backup
    C:\Documents and Settings\DaMi\Local Settings\Temporary Internet Files\Content.IE5\W5EF05AB\mm[2].js -> Spyware.Chitika : Cleaned with backup
    C:\Documents and Settings\DaMi\Local Settings\Temporary Internet Files\Content.IE5\W5EF05AB\WinFixer2005ScannerInstall[2].exe -> Not-A-Virus.Downloader.Agent.d : Cleaned with backup
    C:\Documents and Settings\DaMi\Local Settings\Temporary Internet Files\Content.IE5\XM8LSN9Y\WinFixer2005ScannerInstall[1].exe -> Not-A-Virus.Downloader.Agent.d : Cleaned with backup
    C:\Documents and Settings\DaMi\Local Settings\Temporary Internet Files\Content.IE5\XM8LSN9Y\WinFixer2005ScannerInstall[2].exe -> Not-A-Virus.Downloader.Agent.d : Cleaned with backup
    C:\Documents and Settings\DaMi\Local Settings\Temporary Internet Files\Content.IE5\XM8LSN9Y\WinFixer2005ScannerInstall[3].exe -> Not-A-Virus.Downloader.Agent.d : Cleaned with backup
    C:\Documents and Settings\DaMi\Local Settings\Temporary Internet Files\Content.IE5\Z6G7V109\1871006[1].exe/ContentBrowser.exe -> Dialer.Generic : Cleaned with backup
    C:\Documents and Settings\DaMi\Local Settings\Temporary Internet Files\Content.IE5\Z6G7V109\1871006[2].exe/ContentBrowser.exe -> Dialer.Generic : Cleaned with backup
    C:\Documents and Settings\DaMi\Local Settings\Temporary Internet Files\Content.IE5\Z6G7V109\1871006[3].exe/ContentBrowser.exe -> Dialer.Generic : Cleaned with backup
    C:\Documents and Settings\DaMi\Local Settings\Temporary Internet Files\Content.IE5\Z6G7V109\Setup(1-116-49749-10041024-,DK)[1].exe -> Dialer.Generic : Cleaned with backup
    C:\Program Files\ContentBrowser\1871006\ContentBrowser.exe -> Dialer.Generic : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\910191__.exe341 -> Dialer.Generic : Cleaned with backup
    C:\WINDOWS\system32\bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\62J8ND4A\MediaTicketsInstaller[1].cab/MediaTicketsInstaller.ocx -> Spyware.MediaTickets : Cleaned with backup
    C:\WINDOWS\system32\Iodhgb32.dll -> Logger.Qukart.m : Cleaned with backup
    C:\WINDOWS\wfo.exe -> Trojan.Pakes : Cleaned with backup


::Report End




  smitRem © log file
    version 2.8

    by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: 23-12-2005
The current time is: 13:50:59,64

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!

spyaxe uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~

Online Security Guide.url
Security Troubleshooting.url


~~~ Favorites ~~~

Antivirus Test Online.url


~~~ system32 folder ~~~

1024 dir
msvol.tlb
ld****.tmp
ncompat.tlb
mscornet.exe
logfiles


~~~ Icons in System32 ~~~

ts.ico
ot.ico


~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1956 'explorer.exe'
Killing PID 1956 'explorer.exe'
Killing PID 1956 'explorer.exe'

Starting registry repairs

Deleting files


  Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~

Online Security Guide.url


~~~ Favorites ~~~



~~~ system32 folder ~~~

ld****.tmp
ncompat.tlb
mscornet.exe


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN! :)

Ja, Ewido tager tid, men den er hammer effektiv..

Hånden på hjertet, så havde jeg ikke forstillet at vi fik det hele i første hug..

Så er din log ren.

Efter sådan en tur er det altid en god ide og rydde op i dine systemgendannelses filerne.
Deaktiver systemgendannelse ( http://www.arlet.dk/systemgendannelsen.htm ) - genstart din computer - aktiver systemgendannelse.

Generel oprydning: http://www.arlet.dk/oprydning.htm

For at beskytte dig mod snavs har jeg lavet en sikkerhedspakke,
som du kan se her : www.arlet.dk/pakke.htm

god... her er dine point...