ok så er det gjort, nu bliver min startside da ikke ændret mere..
her er de 2 logfiler
SUPERAntiSpyware Scan Log
Generated 04/07/2006 at 10:02 PM
Core Rules Database Version : 2853
Trace Rules Database Version: 1029
Memory threats detected : 0
Registry threats detected : 10
File threats detected : 111
Trojan.Windows Installer
[Windows installer] :C:\winstall.exe
:C:\winstall.exe
Adware.PayTime
[PayTime] :C:\WINDOWS\system32\paytime.exe
:C:\WINDOWS\system32\paytime.exe
Trojan.SYWSVCS
[aupd] :C:\WINDOWS\system32\sywsvcs.exe
:C:\WINDOWS\system32\sywsvcs.exe
Malware.SpywareQuake
C:\Program Files\SpywareQuake\SpywareQuake.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SpywareQuake.exe
HKLM\Software\SpywareQuake
HKLM\Software\SpywareQuake#refid
Adware.Tracking Cookie
C:\Documents and Settings\Rasmus\Cookies\rasmus@www.dafreexxxmovies[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@aff.primaryads[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@advert.savvy[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@www.eurocarsex[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@smileycentral[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@tacoda[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@www.hardsextacy[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@cgi-bin[3].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@4stats[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@ad.zanox[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@tgp.xxxkey[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@toplist[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@xiti[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@www.sexygonzo[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@www.myfirstdatesex[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@ultra-xxx[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@hit.stat[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@www.sexfarmer[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@dealtime[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@cs.sexcounter[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@ad.adocean[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@sc[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@vipsexpics[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@www.888[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@dist.belnk[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@ads.planetactive[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@lynxtrack[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@www.my-teensex[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@adopt.euroclick[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@yadro[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@serving-sys[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@count[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@e-2dj6wjlywldpaho.stats.esomniture[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@ad.yieldmanager[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@belnk[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@cz11.clickzs[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@revsci[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@track.adform[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@private-teen-sex[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@roiservice[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@st[37].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@adultfriendfinder[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@www.webstat[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@rec[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@e-2dj6wjl4wnajmho.stats.esomniture[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@c.enhance[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@www.18teenssex[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@tribalfusion[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@stat.dealtime[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@e2.emediate[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@www.sexy-photos[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@st[21].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@adopt.hbmediapro[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@ad.yieldmanager[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@atdmt[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@counter.cnw[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@st[7].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@www.sextask[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@image.masterstats[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@www.xxxvogue[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@atwola[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@yieldmanager[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@adfair[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@www.nexxx[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@doubleclick[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@www.sexuploader[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@www.xxxporn-babes[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@122.2o7[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@statsgold[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@1068711394[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@cassava[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@cz5.clickzs[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@ads.gamershell[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@www.thesexsquare[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@www.gimmesex[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@1070480034[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@adtech[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@adlegend[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@azjmp[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@vip2.clickzs[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@e-2dj6wgkocjajehp.stats.esomniture[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@80570461[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@dealtime.co[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@mediaplex[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@48940962[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@stats1.reliablestats[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@www.dailysexy[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@ad1.emediate[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@888[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@www.megasexnetwork[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@webstat[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@straight3[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@ehg-nvidia.hitbox[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@www.sextasya[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@straight2[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@cgi-bin[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@checkstat[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@xml.bravenetmedianetwork[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@www.statspage[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@burstnet[2].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@fcstats.bcentral[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@as1.falkag[1].txt
C:\Documents and Settings\Rasmus\Cookies\rasmus@1072199669[1].txt
Trojan.Child/Bug
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{4F141CBA-1457-6CCA-03A7-7AA21B61EA0F} [ OutPost FireWall ]
HKCR\CLSID\{4F141CBA-1457-6CCA-03A7-7AA21B61EA0F}
HKCR\CLSID\{4F141CBA-1457-6CCA-03A7-7AA21B61EA0F}\InProcServer32
HKCR\CLSID\{4F141CBA-1457-6CCA-03A7-7AA21B61EA0F}\InProcServer32#ThreadingModel
Trojan.Security Toolbar
C:\Documents and Settings\All Users\Menuen Start\Online Security Guide.url
Trojan.Zlob-BY
C:\WINDOWS\system32\ncompat.tlb
Trojan.WINSYS
C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\WinSys.exe
C:\WINDOWS\system32\WinSys.exe
-------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 22:08:01, on 07-04-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\ZoneAlarm\zlclient.exe
C:\WINDOWS\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\Mixer.exe
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\superantispyware\SUPERAntiSpyware.exe
C:\Programmer\GetRight\getright.exe
C:\Programmer\GetRight\getright.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Rasmus\Skrivebord\hijack\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
file:///C:/Documents%20and%20Settings/Rasmus/Dokumenter/startside.htmR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
file:///C:/Documents%20and%20Settings/Rasmus/Dokumenter/startside.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmer\GetRight\xx2gr.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NeroCheck] :C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] :C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmer\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\WINDOWS\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKCU\..\Run: [CTFMON.EXE] :C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] :"C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\superantispyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programmer\GetRight\getright.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search -
res://c:\programmer\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word -
res://c:\programmer\google\GoogleToolbar2.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links -
res://c:\programmer\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page -
res://c:\programmer\google\GoogleToolbar2.dll/cmcache.htmlO8 - Extra context menu item: Download with GetRight - C:\Programmer\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmer\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages -
res://c:\programmer\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English -
res://c:\programmer\google\GoogleToolbar2.dll/cmtrans.htmlO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\superantispyware\SASWINLO.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
