Søg
Avatar billede startour Nybegynder
01. oktober 2006 - 13:13 Der er 8 kommentarer og
1 løsning

Hårdt ramt af Spyware

Er der en der kan hjælpe med at tømme min PC for Spyware, Malware osv. Den arbejder meget langsomt og opfører sig underligt.
Har hentet følgende logfil fra Hijackthis, hvis det hjælper jer:

Logfile of HijackThis v1.99.1
Scan saved at 18:10:35, on 01-10-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec AntiVirus\DefWatch.exe
C:\Programmer\Symantec AntiVirus\Rtvscan.exe
C:\Programmer\MPVIDEOCODEC\pmsngr.exe
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\programmer\winantispyware 2006\was6.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\MPVIDEOCODEC\pmmon.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Programmer\WinRAR\WinRAR.exe
C:\DOCUME~1\RASMUS~1\LOKALE~1\Temp\Rar$EX02.031\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinAntiSpyware 2006] "c:\programmer\winantispyware 2006\was6.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Programmer\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmer\Symantec AntiVirus\DefWatch.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmer\Symantec AntiVirus\Rtvscan.exe
Avatar billede frankeeh Nybegynder
01. oktober 2006 - 13:37 #1
Hvis du ikk har noget virus program, hent NOD32, Derefter fjern spyware
Avatar billede startour Nybegynder
02. oktober 2006 - 08:08 #2
tak for dit svar men nej det virker desværre ikke NOD32 går i stå mit iscaningen hver gang. har Også forsøgtmed ad-aware hvor det samme sker.
Avatar billede Computer Hjælp (Gratis) Mester
02. oktober 2006 - 08:37 #3
Velkommen i "Winantispyware 2006" klubben... SUK...
Samme famillie son ErrorSafe:

Du er på vej til at blive godt 'snydt' af ErrorSafe ->
http://www.superantispyware.com/definition/ers/
http://www.grineflip.dk/support/errorsafe/
... desværre som mange andre !!!

Afinstaller
* winantispyware 2006
via
[Start][Indstilninger][Kontrolpanel][Tilføj/Fjern Programmer]

Genstart og gennemfør proceduren herfra ->
http://www.eksperten.dk/artikler/954

PS: Bruger du dette "Unibet Poker" program ?
Avatar billede startour Nybegynder
02. oktober 2006 - 11:10 #4
tak for hjælpen men jeg render desværre igen ind i problemer jeg følger vejledningen i artiklen og downloader og updatere de to scannere. Når så jeg prøver at starte computeren i fejlsikret tilstand går den simpelthen i sort og starter ikke op. Ved ikke hvorfor normalt plejer der ikke være problemer med dette.
Og ja jeg bruger unibet poker en gang imellem. Er det for øvrigt strengt nødvendigat afinstalere messenger, da jeg har lidt svært ved at undvære den?
Avatar billede Computer Hjælp (Gratis) Mester
02. oktober 2006 - 17:11 #5
Det med messenger er mest hvis du er blever 'ramt' af den berømte/berygtede MSN virus...
Skip den del...

Så kør i normal tilstand - i denne omgang...
Avatar billede startour Nybegynder
02. oktober 2006 - 21:47 #6
Her er logfilerne fra antispyware Dr. web og hijack this, som du kan se fandt specielt antispyware en del. jeg kørte programmerne i normal tilstand

SUPERAntiSpyware Scan Log
Generated 10/03/2006 at 00:41 AM

Core Rules Database Version : 3096
Trace Rules Database Version: 1123

Memory threats detected  : 2
Registry threats detected : 156
File threats detected    : 218

Trojan.Media-Codec
    C:\PROGRAMMER\MPVIDEOCODEC\PMSNGR.EXE
    C:\PROGRAMMER\MPVIDEOCODEC\PMSNGR.EXE
    C:\PROGRAMMER\MPVIDEOCODEC\PMMON.EXE
    C:\PROGRAMMER\MPVIDEOCODEC\PMMON.EXE
    HKCR\VSEnchancer.Chl
    HKCR\VSEnchancer.Chl\CLSID
    HKU\S-1-5-21-3849205493-784950871-2387590086-1005\Software\Internet Security
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006#UninstallString
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On#UninstallString
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03#UninstallString
    HKCR\EMediaCodek.Chl
    HKCR\EMediaCodek.Chl\CLSID
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPVIDEOCODEC
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPVIDEOCODEC#ProductionEnvironment
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPVIDEOCODEC#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPVIDEOCODEC#UninstallString
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPVIDEOCODEC#DisplayIcon
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPVIDEOCODEC#DisplayVersion
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPVIDEOCODEC#URLInfoAbout
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPVIDEOCODEC#Publisher
    C:\Programmer\MPVIDEOCODEC\isamonitor.exe
    C:\Programmer\MPVIDEOCODEC\isauninst.exe
    C:\Programmer\MPVIDEOCODEC\isamini.exe
    C:\Programmer\MPVIDEOCODEC\pmuninst.exe
    C:\Programmer\MPVIDEOCODEC\iesuninst.exe
    C:\Programmer\MPVIDEOCODEC\ts.ico
    C:\Programmer\MPVIDEOCODEC\ot.ico
    C:\Programmer\MPVIDEOCODEC\uninst.exe
    C:\Programmer\MPVIDEOCODEC
    C:\WINDOWS\Prefetch\PMSNGR.EXE-27665E64.pf

Adware.Tracking Cookie
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@counter7.sextracker[3].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@spylog[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@www.sextime[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@www.virusburst[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@casalemedia[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@statse.webtrendslive[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@adfair[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@hitbox[3].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@partypoker[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@e2.emediate[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@stat.dealtime[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@perf.overture[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@www.sexlinien[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@sextracker[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@server.iad.liveperson[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@links[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@forum[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@ad.yieldmanager[3].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@hg1.hitbox[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@counter1.sextracker[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@sexnoveller[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@atdmt[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@counter10.sextracker[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@sexlist[3].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@overture[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@malwarewipe[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@securityworm81[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@roiservice[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@indexstats[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@ads.cnn[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@scanner[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@secure.winantispyware[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@data3.perf.overture[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@image.masterstats[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@gostats[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@www.777-sex[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@zedo[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@ads.addynamix[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@tdstats[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@counter16.sextracker[3].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@adserver.banneradministration[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@statcounter[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@cnn.122.2o7[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@gaybigcocksex[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@xxxcounter[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@stat.postdanmark[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@winantivirus[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@2006[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@www.gayxxxsexpics[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@www.nabosex[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@revenue[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@realmedia[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@counter12.sextracker[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@sexfriends[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@list[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@cgi-bin[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@counter8.sextracker[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@toplist[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@doubleclick[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@ad.qsoft.co[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@tracker.krudtting[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@mediaplex[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@paycounter[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@media.fastclick[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@tradedoubler[3].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@troylee1.sitetracker[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@as1.falkag[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@keywordmax[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@www.gaysexypics[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@qksrv[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@counter6.sextracker[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@cs.sexcounter[3].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@mb[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@adultfriendfinder[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@fastclick[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@85337527[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@ad.ofir[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@adtech[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@www.drivecleaner[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@hardcore[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@www.xxxgaypost[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@1410359[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@counter11.sextracker[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@www.sex-sex-sex[3].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@1068627473[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@tgp[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@apmebf[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@xiti[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@revsci[3].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@microsofteup.112.2o7[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@www.xxx69[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@stats1.reliablestats[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@advertising[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@track.adform[3].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@popularscreensavers[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@counter5.sextracker[3].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@nextstat[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@www.sexdating[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@d11050r[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@www.jouwstats[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@rambler[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@tripod[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@ad1.emediate[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@dealtime[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@ilead.itrack[3].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@counter2.sextracker[3].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@theuptodatesecurity[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@counter4.sextracker[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@www.sexbilleder[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@www.sexnoveller[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@cz7.clickzs[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@counter15.sextracker[3].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@questionmarket[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@counter14.sextracker[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@www.winantivirus[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@drivecleaner[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@adbrite[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@dk.winantivirus[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@m1.webstats4u[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@free.wegcash[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@ehg-pizzahut.hitbox[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@ads.pointroll[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@sexyads[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@worldsexguide[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@1069027536[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@indextools[3].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@counter3.sextracker[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@www.amaena[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@2006[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@mt[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@go.winantispyware[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@ex=0_[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@winantispyware[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@sexyads[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@www.sex-index[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@1071321274[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@www.pesttrap[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@0[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@counter13.sextracker[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@web-stat[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@2o7[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@2006[3].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@counter9.sextracker[3].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@activate.winantispyware[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@www.winantispyware[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@www.sexdating[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@www.winantiviruspro[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@tracker.netklix[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@tacoda[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@www.thespyguard[1].txt
    C:\Documents and Settings\Rasmus Møller\Lokale indstillinger\Temp\Cookies\rasmus møller@xxxcounter[1].txt
    C:\Documents and Settings\Rasmus Møller\Lokale indstillinger\Temp\Cookies\rasmus møller@counter10.sextracker[1].txt
    C:\Documents and Settings\Rasmus Møller\Lokale indstillinger\Temp\Cookies\rasmus møller@counter7.sextracker[1].txt
    C:\Documents and Settings\Rasmus Møller\Lokale indstillinger\Temp\Cookies\rasmus møller@sextracker[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@track.adform[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@toplist[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@www.nabosex[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@www.sex-sex-sex[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@ad.ofir[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@hitbox[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@counter12.sextracker[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@adserver.banneradministration[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@ebony16-sex[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@adfair[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@tradedoubler[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@www.sexbilleder[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@2o7[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@ilead.itrack[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@revsci[2].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@counter7.sextracker[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@counter9.sextracker[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@ad.yieldmanager[1].txt
    C:\Documents and Settings\Rasmus Møller\Cookies\rasmus møller@hg1.hitbox[3].txt

Trojan.WinAntiSpyware/WinAntiVirus 2006
    HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}
    HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0
    HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\0
    HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\0\win32
    HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\FLAGS
    HKCR\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235}\1.0\HELPDIR
    HKCR\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}
    HKCR\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}\1.0
    HKCR\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}\1.0\0
    HKCR\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}\1.0\0\win32
    HKCR\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}\1.0\FLAGS
    HKCR\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9}\1.0\HELPDIR
    HKCR\Interface\{0B9A27EB-125F-4F3E-A35C-2769C47A1442}
    HKCR\Interface\{0B9A27EB-125F-4F3E-A35C-2769C47A1442}\ProxyStubClsid
    HKCR\Interface\{0B9A27EB-125F-4F3E-A35C-2769C47A1442}\ProxyStubClsid32
    HKCR\Interface\{0B9A27EB-125F-4F3E-A35C-2769C47A1442}\TypeLib
    HKCR\Interface\{0B9A27EB-125F-4F3E-A35C-2769C47A1442}\TypeLib#Version
    HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}
    HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\ProxyStubClsid
    HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\ProxyStubClsid32
    HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\TypeLib
    HKCR\Interface\{E18B69D0-7E9E-4C6E-BDD8-879A1FFF7123}\TypeLib#Version
    HKCR\AppId\WinPGI.DLL
    HKCR\AppId\WinPGI.DLL#AppID
    HKCR\AppId\{367A86A5-D048-4785-86BE-4E2706AAFDD9}
    C:\WINDOWS\system32\av.cpl
    C:\WINDOWS\system32\drivers\uwasfsd.sys
    C:\Documents and Settings\All Users\Skrivebord\WinAntiVirus Pro 2006.lnk
    C:\Documents and Settings\All Users\Menuen Start\Programmer\WinAntiVirus Pro 2006\WinAntiVirus Pro 2006.lnk
    C:\Documents and Settings\All Users\Menuen Start\Programmer\WinAntiVirus Pro 2006\WinAntiVirus Pro 2006 Brugeranvisning.lnk
    C:\Documents and Settings\All Users\Menuen Start\Programmer\WinAntiVirus Pro 2006\Henvend til kundehjælpeafdeling.lnk
    C:\Documents and Settings\All Users\Menuen Start\Programmer\WinAntiVirus Pro 2006\Afinstallér WinAntiVirus Pro 2006.lnk
    C:\Documents and Settings\All Users\Menuen Start\Programmer\WinAntiVirus Pro 2006
    C:\Documents and Settings\Rasmus Møller\Application Data\winantispyware2006freeinstall[1].exe
    C:\Documents and Settings\Rasmus Møller\Application Data\winantiviruspro2006freeinstall_dk[1].exe
    C:\System Volume Information\_restore{4D762DE3-705B-46FA-B5CF-D8CD1DA1307B}\RP187\A0031371.lnk
    C:\System Volume Information\_restore{4D762DE3-705B-46FA-B5CF-D8CD1DA1307B}\RP200\A0032524.exe
    C:\System Volume Information\_restore{4D762DE3-705B-46FA-B5CF-D8CD1DA1307B}\RP200\A0032526.exe
    C:\System Volume Information\_restore{4D762DE3-705B-46FA-B5CF-D8CD1DA1307B}\RP200\A0032528.EXE
    C:\System Volume Information\_restore{4D762DE3-705B-46FA-B5CF-D8CD1DA1307B}\RP200\A0032534.DLL
    C:\WINDOWS\Prefetch\WINANTIVIRUSPRO2006FREEINSTAL-1EA8B892.pf

Trojan.Security Toolbar
    C:\Documents and Settings\All Users\Menuen Start\Online Security Guide.url
    C:\Documents and Settings\All Users\Menuen Start\Security Troubleshooting.url
    C:\Documents and Settings\All Users\Skrivebord\Security Troubleshooting.url
    C:\Documents and Settings\All Users\Skrivebord\Online Security Guide.url

Malware.VirusBurst
    HKCR\CLSID\{CCFB2B33-F4DB-B63D-ABDC-C7384ED93B34}
    HKCR\CLSID\{CCFB2B33-F4DB-B63D-ABDC-C7384ED93B34}\bakHgdohnjdp
    HKCR\CLSID\{CCFB2B33-F4DB-B63D-ABDC-C7384ED93B34}\Control
    HKCR\CLSID\{CCFB2B33-F4DB-B63D-ABDC-C7384ED93B34}\gPtFlal
    HKCR\CLSID\{CCFB2B33-F4DB-B63D-ABDC-C7384ED93B34}\InprocServer32
    HKCR\CLSID\{CCFB2B33-F4DB-B63D-ABDC-C7384ED93B34}\InprocServer32#ThreadingModel
    HKCR\CLSID\{CCFB2B33-F4DB-B63D-ABDC-C7384ED93B34}\MiscStatus
    HKCR\CLSID\{CCFB2B33-F4DB-B63D-ABDC-C7384ED93B34}\MiscStatus\1
    HKCR\CLSID\{CCFB2B33-F4DB-B63D-ABDC-C7384ED93B34}\opar
    HKCR\CLSID\{CCFB2B33-F4DB-B63D-ABDC-C7384ED93B34}\ProgID
    HKCR\CLSID\{CCFB2B33-F4DB-B63D-ABDC-C7384ED93B34}\Programmable
    HKCR\CLSID\{CCFB2B33-F4DB-B63D-ABDC-C7384ED93B34}\rcfdepit
    HKCR\CLSID\{CCFB2B33-F4DB-B63D-ABDC-C7384ED93B34}\tfdb
    HKCR\CLSID\{CCFB2B33-F4DB-B63D-ABDC-C7384ED93B34}\ToolboxBitmap32
    HKCR\CLSID\{CCFB2B33-F4DB-B63D-ABDC-C7384ED93B34}\TypeLib
    HKCR\CLSID\{CCFB2B33-F4DB-B63D-ABDC-C7384ED93B34}\vBYlzFHsR
    HKCR\CLSID\{CCFB2B33-F4DB-B63D-ABDC-C7384ED93B34}\Version
    HKCR\CLSID\{CCFB2B33-F4DB-B63D-ABDC-C7384ED93B34}\VersionIndependentProgID
    HKCR\CLSID\{CCFB2B33-F4DB-B63D-ABDC-C7384ED93B34}\zhrIGmHTo
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Safety Alerter 2006
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Safety Alerter 2006#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Safety Alerter 2006#UninstallString
    HKCR\TypeLib\{03F89BF1-127B-44F3-B6F4-5A18FEA674CD}
    HKCR\TypeLib\{03F89BF1-127B-44F3-B6F4-5A18FEA674CD}\1.0
    HKCR\TypeLib\{03F89BF1-127B-44F3-B6F4-5A18FEA674CD}\1.0\0
    HKCR\TypeLib\{03F89BF1-127B-44F3-B6F4-5A18FEA674CD}\1.0\0\win32
    HKCR\TypeLib\{03F89BF1-127B-44F3-B6F4-5A18FEA674CD}\1.0\FLAGS
    HKCR\TypeLib\{03F89BF1-127B-44F3-B6F4-5A18FEA674CD}\1.0\HELPDIR
    HKCR\Interface\{0354A901-C606-4DCC-8EA3-4F3383ECE67C}
    HKCR\Interface\{0354A901-C606-4DCC-8EA3-4F3383ECE67C}\ProxyStubClsid
    HKCR\Interface\{0354A901-C606-4DCC-8EA3-4F3383ECE67C}\ProxyStubClsid32
    HKCR\Interface\{0354A901-C606-4DCC-8EA3-4F3383ECE67C}\TypeLib
    HKCR\Interface\{0354A901-C606-4DCC-8EA3-4F3383ECE67C}\TypeLib#Version
    HKCR\Interface\{11ED5DDF-90D0-45C1-BE2B-C9C4F98CCFE2}
    HKCR\Interface\{11ED5DDF-90D0-45C1-BE2B-C9C4F98CCFE2}\ProxyStubClsid
    HKCR\Interface\{11ED5DDF-90D0-45C1-BE2B-C9C4F98CCFE2}\ProxyStubClsid32
    HKCR\Interface\{11ED5DDF-90D0-45C1-BE2B-C9C4F98CCFE2}\TypeLib
    HKCR\Interface\{11ED5DDF-90D0-45C1-BE2B-C9C4F98CCFE2}\TypeLib#Version
    HKCR\Interface\{1FEB28BA-21B6-46F3-948A-D7CA11654FE9}
    HKCR\Interface\{1FEB28BA-21B6-46F3-948A-D7CA11654FE9}\ProxyStubClsid
    HKCR\Interface\{1FEB28BA-21B6-46F3-948A-D7CA11654FE9}\ProxyStubClsid32
    HKCR\Interface\{1FEB28BA-21B6-46F3-948A-D7CA11654FE9}\TypeLib
    HKCR\Interface\{1FEB28BA-21B6-46F3-948A-D7CA11654FE9}\TypeLib#Version
    HKCR\Interface\{340B5D33-4A0C-4673-94FA-B88ECC48773E}
    HKCR\Interface\{340B5D33-4A0C-4673-94FA-B88ECC48773E}\ProxyStubClsid
    HKCR\Interface\{340B5D33-4A0C-4673-94FA-B88ECC48773E}\ProxyStubClsid32
    HKCR\Interface\{340B5D33-4A0C-4673-94FA-B88ECC48773E}\TypeLib
    HKCR\Interface\{340B5D33-4A0C-4673-94FA-B88ECC48773E}\TypeLib#Version
    HKCR\Interface\{453B991D-6B23-48CF-A3B0-2214F437CCB0}
    HKCR\Interface\{453B991D-6B23-48CF-A3B0-2214F437CCB0}\ProxyStubClsid
    HKCR\Interface\{453B991D-6B23-48CF-A3B0-2214F437CCB0}\ProxyStubClsid32
    HKCR\Interface\{453B991D-6B23-48CF-A3B0-2214F437CCB0}\TypeLib
    HKCR\Interface\{453B991D-6B23-48CF-A3B0-2214F437CCB0}\TypeLib#Version
    HKCR\Interface\{5AC65D7D-C00C-47A4-83F7-F81073C39B25}
    HKCR\Interface\{5AC65D7D-C00C-47A4-83F7-F81073C39B25}\ProxyStubClsid
    HKCR\Interface\{5AC65D7D-C00C-47A4-83F7-F81073C39B25}\ProxyStubClsid32
    HKCR\Interface\{5AC65D7D-C00C-47A4-83F7-F81073C39B25}\TypeLib
    HKCR\Interface\{5AC65D7D-C00C-47A4-83F7-F81073C39B25}\TypeLib#Version
    HKCR\Interface\{657D5DE0-6497-4040-B604-F38C9411F64D}
    HKCR\Interface\{657D5DE0-6497-4040-B604-F38C9411F64D}\ProxyStubClsid
    HKCR\Interface\{657D5DE0-6497-4040-B604-F38C9411F64D}\ProxyStubClsid32
    HKCR\Interface\{657D5DE0-6497-4040-B604-F38C9411F64D}\TypeLib
    HKCR\Interface\{657D5DE0-6497-4040-B604-F38C9411F64D}\TypeLib#Version
    HKCR\Interface\{8A7D5862-7B00-4270-B456-CDC6779A79DD}
    HKCR\Interface\{8A7D5862-7B00-4270-B456-CDC6779A79DD}\ProxyStubClsid
    HKCR\Interface\{8A7D5862-7B00-4270-B456-CDC6779A79DD}\ProxyStubClsid32
    HKCR\Interface\{8A7D5862-7B00-4270-B456-CDC6779A79DD}\TypeLib
    HKCR\Interface\{8A7D5862-7B00-4270-B456-CDC6779A79DD}\TypeLib#Version
    HKCR\Interface\{940664C7-DE44-4B8F-A05D-FD70CAB75F2C}
    HKCR\Interface\{940664C7-DE44-4B8F-A05D-FD70CAB75F2C}\ProxyStubClsid
    HKCR\Interface\{940664C7-DE44-4B8F-A05D-FD70CAB75F2C}\ProxyStubClsid32
    HKCR\Interface\{940664C7-DE44-4B8F-A05D-FD70CAB75F2C}\TypeLib
    HKCR\Interface\{940664C7-DE44-4B8F-A05D-FD70CAB75F2C}\TypeLib#Version
    HKCR\Interface\{B7512CD1-CFDE-4498-ADBD-14B38062A478}
    HKCR\Interface\{B7512CD1-CFDE-4498-ADBD-14B38062A478}\ProxyStubClsid
    HKCR\Interface\{B7512CD1-CFDE-4498-ADBD-14B38062A478}\ProxyStubClsid32
    HKCR\Interface\{B7512CD1-CFDE-4498-ADBD-14B38062A478}\TypeLib
    HKCR\Interface\{B7512CD1-CFDE-4498-ADBD-14B38062A478}\TypeLib#Version
    HKCR\Interface\{CABABC4B-5B0F-4297-9D85-72E93616ED55}
    HKCR\Interface\{CABABC4B-5B0F-4297-9D85-72E93616ED55}\ProxyStubClsid
    HKCR\Interface\{CABABC4B-5B0F-4297-9D85-72E93616ED55}\ProxyStubClsid32
    HKCR\Interface\{CABABC4B-5B0F-4297-9D85-72E93616ED55}\TypeLib
    HKCR\Interface\{CABABC4B-5B0F-4297-9D85-72E93616ED55}\TypeLib#Version
    HKCR\Interface\{CCA1E17E-2BEE-4D53-8D00-7ADB5B35145A}
    HKCR\Interface\{CCA1E17E-2BEE-4D53-8D00-7ADB5B35145A}\ProxyStubClsid
    HKCR\Interface\{CCA1E17E-2BEE-4D53-8D00-7ADB5B35145A}\ProxyStubClsid32
    HKCR\Interface\{CCA1E17E-2BEE-4D53-8D00-7ADB5B35145A}\TypeLib
    HKCR\Interface\{CCA1E17E-2BEE-4D53-8D00-7ADB5B35145A}\TypeLib#Version
    HKCR\Interface\{CF1D16BA-2CE6-429A-A63A-3CF44D81A950}
    HKCR\Interface\{CF1D16BA-2CE6-429A-A63A-3CF44D81A950}\ProxyStubClsid
    HKCR\Interface\{CF1D16BA-2CE6-429A-A63A-3CF44D81A950}\ProxyStubClsid32
    HKCR\Interface\{CF1D16BA-2CE6-429A-A63A-3CF44D81A950}\TypeLib
    HKCR\Interface\{CF1D16BA-2CE6-429A-A63A-3CF44D81A950}\TypeLib#Version
    HKCR\Interface\{E56B4B91-E548-4E89-97AC-E9630D22A2E2}
    HKCR\Interface\{E56B4B91-E548-4E89-97AC-E9630D22A2E2}\ProxyStubClsid
    HKCR\Interface\{E56B4B91-E548-4E89-97AC-E9630D22A2E2}\ProxyStubClsid32
    HKCR\Interface\{E56B4B91-E548-4E89-97AC-E9630D22A2E2}\TypeLib
    HKCR\Interface\{E56B4B91-E548-4E89-97AC-E9630D22A2E2}\TypeLib#Version
    HKCR\Interface\{FC105E0D-AE24-43F2-89AA-E8AB8F96EF6E}
    HKCR\Interface\{FC105E0D-AE24-43F2-89AA-E8AB8F96EF6E}\ProxyStubClsid
    HKCR\Interface\{FC105E0D-AE24-43F2-89AA-E8AB8F96EF6E}\ProxyStubClsid32
    HKCR\Interface\{FC105E0D-AE24-43F2-89AA-E8AB8F96EF6E}\TypeLib
    HKCR\Interface\{FC105E0D-AE24-43F2-89AA-E8AB8F96EF6E}\TypeLib#Version
    HKCR\Interface\{FD99520A-E900-4F8D-9092-22705622D2D2}
    HKCR\Interface\{FD99520A-E900-4F8D-9092-22705622D2D2}\ProxyStubClsid
    HKCR\Interface\{FD99520A-E900-4F8D-9092-22705622D2D2}\ProxyStubClsid32
    HKCR\Interface\{FD99520A-E900-4F8D-9092-22705622D2D2}\TypeLib
    HKCR\Interface\{FD99520A-E900-4F8D-9092-22705622D2D2}\TypeLib#Version
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#pmsngr.exe [ C:\Programmer\MPVIDEOCODEC\pmsngr.exe ]
    C:\Documents and Settings\Rasmus Møller\Skrivebord\vb_distrib.exe
    C:\Programmer\vb\vb.exe
    C:\System Volume Information\_restore{4D762DE3-705B-46FA-B5CF-D8CD1DA1307B}\RP185\A0031306.exe
    C:\System Volume Information\_restore{4D762DE3-705B-46FA-B5CF-D8CD1DA1307B}\RP185\A0031312.lnk
    C:\System Volume Information\_restore{4D762DE3-705B-46FA-B5CF-D8CD1DA1307B}\RP185\A0031313.lnk
    C:\System Volume Information\_restore{4D762DE3-705B-46FA-B5CF-D8CD1DA1307B}\RP185\A0031314.lnk
    C:\System Volume Information\_restore{4D762DE3-705B-46FA-B5CF-D8CD1DA1307B}\RP185\A0031315.lnk
    C:\WINDOWS\Prefetch\VB.EXE-111F5CE4.pf

Trojan.SpyFalcon
    C:\WINDOWS\system32\zphnok.dll

Trojan.Unknown Origin
    C:\Documents and Settings\Rasmus Møller\Lokale indstillinger\Temp\tmp16.tmp

Browser Hijacker.Favorites
    C:\Documents and Settings\Rasmus Møller\Foretrukne\Online Security Test.url

Dr. Web

setup.exe    C:\Documents and Settings\Rasmus Møller\Lokale indstillinger\Temp\NI.UWA6PK_0001_N91M2107    Trojan.Fakealert    Deleted.
A0032571.exe    C:\System Volume Information\_restore{4D762DE3-705B-46FA-B5CF-D8CD1DA1307B}\RP201    Trojan.Popuper    Deleted.
A0032583.exe    C:\System Volume Information\_restore{4D762DE3-705B-46FA-B5CF-D8CD1DA1307B}\RP201    Trojan.DownLoader.10963    Deleted.
A0032584.exe    C:\System Volume Information\_restore{4D762DE3-705B-46FA-B5CF-D8CD1DA1307B}\RP201    Trojan.DownLoader.10963    Deleted.

Logfile of HijackThis v1.99.1
Scan saved at 02:37:28, on 03-10-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Symantec AntiVirus\DefWatch.exe
C:\Programmer\Eset\nod32krn.exe
C:\Programmer\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmer\Eset\nod32kui.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Rasmus Møller\Skrivebord\drweb-cureit.exe
C:\DOCUME~1\RASMUS~1\LOKALE~1\Temp\RarSFX1\_start.exe
C:\DOCUME~1\RASMUS~1\LOKALE~1\Temp\RarSFX1\cureit.exe
C:\Programmer\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rasmus Møller\Skrivebord\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmer\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Programmer\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmer\Symantec AntiVirus\DefWatch.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Programmer\Eset\nod32krn.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmer\Symantec AntiVirus\Rtvscan.exe
Avatar billede Computer Hjælp (Gratis) Mester
03. oktober 2006 - 10:18 #7
... så begynder det at se bedre ud ...

Fungerer dyret bedre nu ?
Avatar billede startour Nybegynder
03. oktober 2006 - 13:44 #8
ja det gør den faktisk -indtil videre har jeg ikke haft nogle problemer. Jeg takker mange gange for din hjælp oghvis du vil have de 200 point så skriv lige noget som svar.
Avatar billede Computer Hjælp (Gratis) Mester
04. oktober 2006 - 11:18 #9
Du er velkommen en anden gang...

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Vil skrifte antivirusprogram. Af ErikHg i Virus 22 26/11/202510:42 23/12/202514:29
Er gratis Bitdefender værd at installere ? Af Ikke-ekspert i Virus 8 31/08/202519:08 01/09/202514:18
Ukendte filer på min Pc Af jonpet i Virus 10 03/02/202514:20 04/02/202511:05
mulig ukendt virus Af jackie18 i Virus 3 18/01/202514:07 18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus 13 18/01/202511:40 20/01/202517:53
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 12:32 iPadOS 26.4.1 kan ikke opdatere Af claes57 i Apps til iOS
08/0410:38 Indholdsfortegnelse ændrer sig, når jeg gemmer som PDF Af Jan K i Word
06/0419:53 installer mange programmer på en gang Af Overgaard1654 i Andet software
06/0417:48 Min hp Officejet pro 7740 skærer det nederste af billedet i word Af rosmarin i Printere
06/0413:13 Batch OCR Af KurtG i Billedbehandling
White papers
Flere white papers »