HiJack Log til check

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:31, on 10-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\Eset\nod32kui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\programmer\fælles filer\ahead\lib\nmbgmonitor.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\VisualTaskTips\VisualTaskTips.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmer\MagicDisc\MagicDisc.exe
C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\Programmer\MSN Messenger\msnmsgr.exe
C:\Programmer\Crazy Browser\Crazy Browser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmer\Grisoft\AVG Free\avgcc.exe
C:\Programmer\Grisoft\AVG Free\avgwb.dat
C:\Programmer\HJTrenamed.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.verdensnavle.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programmer\IE7Pro\IE7Pro.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} -

C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -

C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} -

C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Programmer\Copernic

Desktop Search 2\DesktopSearchBand201013011.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools] c:\programmer\daemon tools\daemon.exe
O4 - HKLM\..\Run: [gcasServ] c:\programmer\microsoft antispyware\gcasserv.exe
O4 - HKLM\..\Run: [UpdReg] c:\windows\updreg.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] c:\programmer\canon\easy-printtoolbox\bjpsmain.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmer\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dvd43] C:\Programmer\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmer\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [VerboseRun] "C:\Programmer\NCH Swift Sound\Verbose\verbose.exe" -logon
O4 - HKLM\..\Run: [Alt-Tab Thingy] "C:\Programmer\Alt-Tab Thingy v3\attmain.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] c:\programmer\fælles

filer\ahead\lib\nmbgmonitor.exe
O4 - HKCU\..\Run: [XPTools] c:\programmer\xp tools\xptools.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [XP Tools] C:\Programmer\XP Tools\xptools.exe /min
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Programmer\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Ejer\Skrivebord\DVD tools\utorrent.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - HKCU\..\Run: [VisualTaskTips] C:\Programmer\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [Alt-Tab Thingy] "C:\Programmer\Alt-Tab Thingy v3\attmain.exe"
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Programmer\Copernic Desktop Search

2\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [XPRepairPro2006] C:\Programmer\XPRepairPro2006\XPRepairPro.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOKAL

TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Programmer\MagicDisc\MagicDisc.exe
O4 - Startup: thoosje's sidebar.lnk = C:\Programmer\Thoosje Vista Sidebar v1.7.8\thoosje's sidebar.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} -

C:\Programmer\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} -

C:\Programmer\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -

C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Opret Foretrukken på mobil enhed - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -

C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft

ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på mobil enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -

C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programmer\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) -

http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -

http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -

http://www.cult3d.com/download/cult.cab
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) -

http://www.tvlution.com/KooPlayer.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -

http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.kortal.dk/ecwplugins/ncs.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B69B0694-EB7C-4468-B572-B781062A1EF2} (KooPlayer Control) -

http://static.mediazone.com/player/1.0.0.64/MZPlayer.CAB
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) -

https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) -

http://driveragent.com/files/driveragent.cab
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) -

https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{68978A0E-E2B5-4335-A6F0-5B03EE75A323}: NameServer =

212.242.40.3,212.242.40.51
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware

7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner -

C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner -

C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\CyberLink\Shared

Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles

filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Programmer\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino -

C:\Programmer\WinPcap\rpcapd.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programmer\Spyware

Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe

--
End of file - 13139 bytes

Alt crap skal bare fjernes - hvis muligt
Ser frem til Jeres altid gode support

(Jeg ser på den...)

... Sådan kan det let gå når man 'leger' med P2P programmer !!!
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284

Der er også et par 'grimmerter' iblandt!

---------------------------------------

Afinstaller
* µTorrent - Fildelingsprogram
via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------

Derfor gennemfør hele proceduren herfra -> http://www.eksperten.dk/artikler/1123

Aha - en artsfælle i campinglivet - nice
Jeg tæver lige knægten og fjerner det p2p
jeg er lige væk et stykke tid, men vender tilbage

Jeg kan ikke finde det nævnte program under tilføj/fjern
kigger lige under prgrammer

Logfile of HijackThis v1.99.1
Scan saved at 06:11:31, on 11-09-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmer\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Crazy Browser\Crazy Browser.exe
C:\Programmer\Eset\nod32kui.exe
C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Programmer\Logitech\iTouch\iTouch.exe
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\programmer\fælles filer\ahead\lib\nmbgmonitor.exe
C:\Programmer\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Programmer\VisualTaskTips\VisualTaskTips.exe
C:\Programmer\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\WinZip\WZQKPICK.EXE
C:\Programmer\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\d431a5ae65dfc1c172f391f669842d94\update\update.exe
C:\Documents and Settings\Ejer\Skrivebord\Clean\HiJAckThis\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.verdensnavle.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programmer\IE7Pro\IE7Pro.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Programmer\Copernic Desktop Search 2\DesktopSearchBand201013011.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools] c:\programmer\daemon tools\daemon.exe
O4 - HKLM\..\Run: [gcasServ] c:\programmer\microsoft antispyware\gcasserv.exe
O4 - HKLM\..\Run: [UpdReg] c:\windows\updreg.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] c:\programmer\canon\easy-printtoolbox\bjpsmain.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmer\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dvd43] C:\Programmer\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmer\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmer\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [VerboseRun] "C:\Programmer\NCH Swift Sound\Verbose\verbose.exe" -logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] c:\programmer\fælles filer\ahead\lib\nmbgmonitor.exe
O4 - HKCU\..\Run: [XPTools] c:\programmer\xp tools\xptools.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [XP Tools] C:\Programmer\XP Tools\xptools.exe /min
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Programmer\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - HKCU\..\Run: [VisualTaskTips] C:\Programmer\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [Alt-Tab Thingy] "C:\Programmer\Alt-Tab Thingy v3\attmain.exe"
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Programmer\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [XPRepairPro2006] C:\Programmer\XPRepairPro2006\XPRepairPro.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: MagicDisc.lnk = C:\Programmer\MagicDisc\MagicDisc.exe
O4 - Startup: thoosje's sidebar.lnk = C:\Programmer\Thoosje Vista Sidebar v1.7.8\thoosje's sidebar.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmer\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmer\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmer\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Opret Foretrukken på mobil enhed - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på mobil enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.kortal.dk/ecwplugins/ncs.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B69B0694-EB7C-4468-B572-B781062A1EF2} (KooPlayer Control) - http://static.mediazone.com/player/1.0.0.64/MZPlayer.CAB
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - https://www.plaxo.com/activex/plx_upldr-2k-xp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{68978A0E-E2B5-4335-A6F0-5B03EE75A323}: NameServer = 212.242.40.3,212.242.40.51
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmer\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmer\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Programmer\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programmer\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\Fælles filer\PCSuite\Services\ServiceLayer.exe

more to come :-)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/11/2007 at 07:34 AM

Application Version : 3.7.1018

Core Rules Database Version : 3303
Trace Rules Database Version: 1309

Scan type      : Complete Scan
Total Scan Time : 00:04:24

Memory items scanned      : 369
Memory threats detected  : 0
Registry items scanned    : 62
Registry threats detected : 0
File items scanned        : 17
File threats detected    : 10

Adware.Tracking Cookie
    C:\Documents and Settings\Ejer\Cookies\ejer@adtech[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@adbrite[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@stat.onestat[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@adultadworld[2].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@ads.adbrite[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@audit.median[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@4.adbrite[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@image.masterstats[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@track.adform[1].txt
    C:\Documents and Settings\Ejer\Cookies\ejer@3.adbrite[1].txt

rootchk stod i over 5 timer uden resultat
Combofix vil slet ikke starte

********************************* ROOTCHK-(22-08-07)-LOG, by ejvindh
11-09-2007 13:01:24,59

Driver npf (visible) is present. Run COMBOFIX by sUBs.

********************************* ROOTCHK-LOG-end


catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-11 13:01:25
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:90,f2,b1,ff,c8,73,e4,0a,62,64,6d,71,21,7e,b5,9a,9b,20,6b,82,11,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:09,88,f8,fd,d2,20,32,d5,76,5a,53,02,a6,8c,f3,fa,07,97,7b,e9,0b,..
"p0"="C:\Programmer\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

]
"khjeh"=hex:ad,c5,6b,4b,86,6b,fb,d8,d0,47,b1,ea,0f,09,15,b3,55,31,d0,ab,c9,..
"a0"=hex:20,01,00,00,72,8d,57,03,cb,65,6a,f5,c6,f0,6f,03,72,39,d1,71,c4,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

\0Jf40]
"khjeh"=hex:17,02,5f,a3,1f,28,03,56,d2,24,e8,0f,5c,4b,87,82,21,d2,a0,af,9a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

\0Jf41]
"khjeh"=hex:86,b5,02,ff,1b,97,5e,96,89,7c,55,31,66,5e,29,86,20,2e,fd,ca,a3,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:71f61582
"s2"=dword:38a6194d
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:90,f2,b1,ff,c8,73,e4,0a,62,64,6d,71,21,7e,b5,9a,9b,20,6b,82,11,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:23,11,63,65,2b,24,ae,a1,de,a2,c4,96,84,34,55,7b,f3,a4,e6,b7,1e,..
"p0"="C:\Programmer\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0000

0001]
"khjeh"=hex:ad,a9,1e,51,d0,8a,a0,f9,03,e0,37,4e,db,79,cc,b8,1b,8c,66,d7,99,..
"a0"=hex:20,01,00,00,72,8d,57,03,cb,65,6a,f5,c6,f0,6f,03,72,39,d1,71,c4,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0000

0001\0Jf40]
"khjeh"=hex:89,ee,0f,d3,67,91,e9,0b,1f,91,76,11,96,b9,1b,69,76,cf,c2,cd,f5,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0000

0001\0Jf41]
"khjeh"=hex:86,b5,02,ff,1b,97,5e,96,89,7c,55,31,66,5e,29,86,20,2e,fd,ca,a3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:90,f2,b1,ff,c8,73,e4,0a,62,64,6d,71,21,7e,b5,9a,9b,20,6b,82,11,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:23,11,63,65,2b,24,ae,a1,de,a2,c4,96,84,34,55,7b,f3,a4,e6,b7,1e,..
"p0"="C:\Programmer\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

]
"khjeh"=hex:ad,a9,1e,51,d0,8a,a0,f9,03,e0,37,4e,db,79,cc,b8,1b,8c,66,d7,99,..
"a0"=hex:20,01,00,00,72,8d,57,03,cb,65,6a,f5,c6,f0,6f,03,72,39,d1,71,c4,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

\0Jf40]
"khjeh"=hex:89,ee,0f,d3,67,91,e9,0b,1f,91,76,11,96,b9,1b,69,76,cf,c2,cd,f5,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

\0Jf41]
"khjeh"=hex:86,b5,02,ff,1b,97,5e,96,89,7c,55,31,66,5e,29,86,20,2e,fd,ca,a3,..

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden files: 0

ComboFix 07-09-10.2 - "Ejer" 2007-09-11 13:08:08.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.178 [GMT 2:00]
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\Ejer\APPLIC~1\macromedia\Flash Player\#SharedObjects\5CYZZ9PD\www.broadcaster.com
C:\DOCUME~1\Ejer\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\Ejer\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\DOCUME~1\Ejer\SKRIVE~1\internet.lnk
C:\Programmer\SC
C:\Programmer\SC\Video Converter\unins000.dat
C:\Programmer\SC\Video Converter\unins000.exe
C:\Programmer\SC\Video Converter\VC.exe
C:\Programmer\SC\Video Converter\vchelp.chm
C:\Programmer\SC\Video Converter\VCSkin.skn
C:\Programmer\SC\Video Converter\vcsplash.spl
C:\Programmer\SC\Video Converter\wmfdist.exe
C:\Programmer\SC\Video Converter\wmpcdcs8.exe
C:\WINDOWS\hosts
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll


(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_NPF
-------\NPF


(((((((((((((((((((((((((  Files Created from 2007-08-11 to 2007-09-11  )))))))))))))))))))))))))))))))
.

2007-09-11 13:06    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-09-10 17:17    <DIR>    d--------    C:\DOCUME~1\ADMINI~1\APPLIC~1\SUPERAntiSpyware.com
2007-09-10 16:31    <DIR>    d--------    C:\Programmer\CCleaner
2007-09-10 11:47    401,720    --a------    C:\Programmer\HJTrenamed.exe
2007-09-10 11:31    76,560    --a------    C:\WINDOWS\system32\drivers\tmcomm.sys
2007-09-10 11:16    <DIR>    d--------    C:\DOCUME~1\Ejer\.housecall6.6
2007-09-06 11:54    <DIR>    d--------    C:\DOCUME~1\Ejer\APPLIC~1\Politiken
2007-09-06 11:53    <DIR>    d--------    C:\Programmer\Polob32
2007-09-06 06:53    92,544    --a------    C:\WINDOWS\system32\drivers\mcdbus.sys
2007-09-06 06:53    <DIR>    d--------    C:\Programmer\MagicDisc
2007-09-03 13:01    <DIR>    d--------    C:\trashc
2007-08-29 08:15    755,200    --a------    C:\WINDOWS\system32\Ir50_32.dll
2007-08-29 08:15    56,832    --a------    C:\WINDOWS\system32\Iyvu9_32.dll
2007-08-29 08:15    144,384    --a------    C:\WINDOWS\system32\Iacenc.dll
2007-08-29 08:15    <DIR>    d--------    C:\Programmer\Intel
2007-08-24 08:34    <DIR>    d--------    C:\Programmer\Copernic Desktop Search 2
2007-08-24 08:31    <DIR>    d--------    C:\Programmer\Alt-Tab Thingy v3
2007-08-24 08:30    <DIR>    d--------    C:\Programmer\VisualTaskTips
2007-08-24 08:29    <DIR>    d--------    C:\Programmer\Thoosje Vista Sidebar v1.7.8
2007-08-21 08:14    <DIR>    d--------    C:\DOCUME~1\Ejer\APPLIC~1\Navigator
2007-08-21 08:05    <DIR>    d--------    C:\Programmer\PC_Navigator6
2007-08-11 15:26    <DIR>    d--------    C:\Programmer\Joost

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-11 07:53    ---------    d--------    C:\Programmer\SUPERAntiSpyware
2007-09-11 07:24    ---------    d--------    C:\Programmer\Microsoft AntiSpyware
2007-09-10 16:46    ---------    d--------    C:\DOCUME~1\Ejer\APPLIC~1\SUPERAntiSpyware.com
2007-09-10 15:58    ---------    d--------    C:\Programmer\CyberLink
2007-09-10 12:01    13141    --a------    C:\Programmer\hijackthis.log
2007-09-10 11:31    ---------    d--------    C:\Programmer\Crazy Browser
2007-09-10 11:06    ---------    d--------    C:\DOCUME~1\Ejer\APPLIC~1\uTorrent
2007-09-10 09:14    ---------    d--------    C:\DOCUME~1\Ejer\APPLIC~1\dvdcss
2007-09-07 09:14    ---------    d--------    C:\DOCUME~1\Ejer\APPLIC~1\Vso
2007-09-03 13:01    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-09-03 07:04    ---------    d--------    C:\Programmer\Blaze DVD Copy NP
2007-09-03 07:02    ---------    d--------    C:\Programmer\TrojanHunter 4.6
2007-09-03 07:02    ---------    d--------    C:\Programmer\Trojan Remover
2007-09-03 07:02    ---------    d--------    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trojan Remover
2007-09-03 07:01    ---------    d--h-----    C:\Programmer\InstallShield Installation Information
2007-09-03 07:01    ---------    d--------    C:\Programmer\Spy-Kill Deluxe Edition
2007-09-02 20:18    ---------    d--------    C:\Programmer\Zattoo
2007-08-29 12:13    ---------    d--------    C:\Programmer\SpeedFan
2007-08-24 11:48    ---------    d--------    C:\Programmer\Activision Value
2007-08-24 11:47    ---------    d--------    C:\Programmer\VirtualDJ
2007-08-24 11:46    ---------    d--------    C:\Programmer\LEGO Company
2007-08-24 11:44    ---------    d--------    C:\Programmer\IncrediMail
2007-08-24 11:30    ---------    d--------    C:\Programmer\Electronic Arts
2007-08-24 11:28    ---------    d--------    C:\Programmer\Advanced Spyware Remover Pro
2007-08-24 11:27    ---------    d--------    C:\Programmer\1000Kilder
2007-08-24 11:22    ---------    d--------    C:\Programmer\MasqueGames
2007-08-24 03:21    ---------    d--------    C:\Programmer\Online TV Player
2007-08-11 15:30    ---------    d--------    C:\DOCUME~1\Ejer\APPLIC~1\Joost
2007-08-08 16:18    ---------    d--------    C:\Programmer\dvdSanta
2007-07-11 13:32    ---------    d--------    C:\Programmer\Web Photo Album
2007-07-11 12:43    ---------    d--------    C:\Programmer\Web Album Generator
2007-06-13 15:22    1034240    --a------    C:\WINDOWS\explorer.exe
2007-06-05 11:22    34    --a------    C:\Programmer\Settings.txt
2007-06-05 11:20    877    ---------    C:\Programmer\Hints_Template.txt
2007-06-05 11:20    56422    ---------    C:\Programmer\Forms.NLD
2007-06-05 11:20    55674    ---------    C:\Programmer\Forms.ENU
2007-06-05 11:20    55393    ---------    C:\Programmer\Forms.DEU
2007-06-05 11:20    4281    ---------    C:\Programmer\CountryList.txt
2007-06-05 11:20    4012    ---------    C:\Programmer\Messages.DEU
2007-06-05 11:20    3861    ---------    C:\Programmer\Messages.ENU
2007-06-05 11:20    3745    ---------    C:\Programmer\Messages.NLD
2007-06-05 11:20    2494464    ---------    C:\Programmer\PolyImagePro.dll
2007-06-05 11:20    2420736    ---------    C:\Programmer\CoverPro.exe
2007-06-05 11:20    2336    ---------    C:\Programmer\Hints.NLD
2007-06-05 11:20    2330    ---------    C:\Programmer\Hints.ENU
2007-06-05 11:20    2323    ---------    C:\Programmer\Hints.DEU
2007-06-05 11:20    1471    ---------    C:\Programmer\Forms_Template.txt
2007-01-07 20:09    87608    --a------    C:\DOCUME~1\Ejer\APPLIC~1\ezpinst.exe
2007-01-07 20:09    47360    --a------    C:\DOCUME~1\Ejer\APPLIC~1\pcouffin.sys
2006-12-19 22:35    94080    --a------    C:\DOCUME~1\Ejer\APPLIC~1\ezplay.sys
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
    ---------        C:\Programmer\Fælles filer\System
    ---------        C:\Programmer\Fælles filer\Logitech
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]
"DAEMON Tools"="c:\programmer\daemon tools\daemon.exe" [2006-11-12 12:48]
"gcasServ"="c:\programmer\microsoft antispyware\gcasserv.exe" [2005-07-12 16:35]
"UpdReg"="c:\windows\updreg.exe" [2000-05-11 02:00]
"Easy-PrintToolBox"="c:\programmer\canon\easy-printtoolbox\bjpsmain.exe" [2004-01-14 03:10]
"nod32kui"="C:\Programmer\Eset\nod32kui.exe" [2007-01-30 10:17]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-02-16 11:54]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-03-02 16:24]
"dvd43"="C:\Programmer\dvd43\dvd43_tray.exe" [2006-05-22 13:26]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Programmer\Google\Gmail Notifier\gnotify.exe" [2005-07-15 23:48]
"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 11:50 C:\WINDOWS\LOGI_MWX.EXE]
"zBrowser Launcher"="C:\Programmer\Logitech\iTouch\iTouch.exe" [2004-03-18 09:33]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"VerboseRun"="C:\Programmer\NCH Swift Sound\Verbose\verbose.exe" [2007-06-28 17:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-26 17:53]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmer\fælles filer\ahead\lib\nmbgmonitor.exe" []
"XPTools"="c:\programmer\xp tools\xptools.exe" [2006-05-02 17:57]
"msnmsgr"="C:\Programmer\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55]
"XP Tools"="C:\Programmer\XP Tools\xptools.exe" [2006-05-02 17:57]
"Active Desktop Calendar"="C:\Programmer\XemiComputers\Active Desktop Calendar\ADC.exe" [2002-03-17 19:42]
"H/PC Connection Agent"="C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 16:07]
"Spyware Doctor"="C:\PROGRA~1\SPYWAR~1\swdoctor.exe" [2006-01-11 02:56]
"VisualTaskTips"="C:\Programmer\VisualTaskTips\VisualTaskTips.exe" [2006-07-31 13:33]
"Alt-Tab Thingy"="C:\Programmer\Alt-Tab Thingy v3\attmain.exe" [2007-03-15 18:48]
"Copernic Desktop Search 2"="C:\Programmer\Copernic Desktop Search 2\DesktopSearchService.exe" [2007-08-01 20:26]
"XPRepairPro2006"="C:\Programmer\XPRepairPro2006\XPRepairPro.exe" [2006-04-14 09:21]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-09-11 07:53]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="C:\Programmer\Spyware Doctor\swdoctor.exe" /Q

C:\DOCUME~1\ALLUSE~1\MENUEN~1\PROGRA~1\Start\
WinZip Quick Pick.lnk - C:\Programmer\WinZip\WZQKPICK.EXE [2006-03-10 16:49:26]

C:\DOCUME~1\Ejer\MENUEN~1\PROGRA~1\Start\
MagicDisc.lnk - C:\Programmer\MagicDisc\MagicDisc.exe [2007-09-06 06:53:44]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"=0 (0x0)
"DisableLockWorkstation"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2007-01-25 22:18 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-05-02 14:06 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" -atboottime

R0 HWFProt;Hywave File Protector HWFProt;C:\WINDOWS\system32\Drivers\HWFProt.sys
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys
R1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys
R3 Cap7134;ProVideo Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
R3 P17;Sound Blaster Live! 24-bit;C:\WINDOWS\system32\drivers\P17.sys
R3 PhTVTune;ProVideo WDM TVTuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
R3 ProtoWall;ProtoWall Network Service;C:\WINDOWS\system32\DRIVERS\ProtoWall.sys
S3 ctlsb16;Creative SB16/AWE32/AWE64-driver (WDM);C:\WINDOWS\system32\drivers\ctlsb16.sys
S3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\system32\Drivers\itchfltr.sys
S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys
S3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys
S3 STAC97NA;SigmaTel 3D Environmental Audio;C:\WINDOWS\system32\drivers\stac97na.sys
S3 STAC97NH;STAC97NH;C:\WINDOWS\system32\drivers\stac97nh.sys
S3 U81xbus;LGE U8XXX driver (WDM);C:\WINDOWS\system32\DRIVERS\U81xbus.sys
S3 U81xmdfl;LGE U8XXX USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\U81xmdfl.sys
S3 U81xmdm;LGE U8XXX USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\U81xmdm.sys
S3 U81xmgmt;LGE U8XXX USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\U81xmgmt.sys
S3 U81xobex;LGE U8XXX USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\U81xobex.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7094b2f-c16b-11da-a4df-0020ed8bd85a}]
AutoRun\command- N:\autorun.exe

*Newly Created Service* - SASDIFSV
.
Contents of the 'Scheduled Tasks' folder
"2007-09-10 07:29:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-11 13:30:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  msnmsgr = "C:\Programmer\MSN Messenger\msnmsgr.exe" /background??r

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-11 13:37:12 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-11 13:36
.
    --- E O F ---

Logfilerne er også lagt herind:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=41256

(Så lader vi den fortsætte der!)

Øhh, er det ikke spørger der afgør hvor der skal fortsættes ? ;-)

dr1 larry - drop mig et svar - synes du skal belønnes for dit engagement
Jeg fortsætter på spywarefri.dk

Nemlig ->
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=41256 (husk også at vende tilbage dertil!)

(Læg selv et [svar] og la' os alle dele..)

OKay