Hvorfor bruger svchost.exe bruger 100% cpu-kraft

Læg lige de logs i en ny kommentar, da de er umulige at læse som de står der

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:50:29, on 04-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Norman\Npm\Bin\eLogsvc.exe
C:\Programmer\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmer\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Norman\Npf\BIN\NPFSVICE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\Fælles filer\Teleca Shared\CapabilityManager.exe
C:\Programmer\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\ewido anti-spyware 4.0\ewido.exe
C:\programmer\valve\steam\steam.exe
C:\Programmer\Norman\Npm\bin\NJEEVES.EXE
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmer\Norman\Npf\BIN\npfmsg2.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Garmin\gStart.exe
C:\Programmer\Norman\Nvc\BIN\NVCSCHED.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\MultiRes\MultiRes.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Programmer\HJTrenamed.exe
C:\Programmer\Norman\Nvc\BIN\NVCSCHED.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmer\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmer\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programmer\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Windows Sound Manager] SndMon32.exe
O4 - HKLM\..\Run: [Windows Compliant] esbbxi.exe
O4 - HKLM\..\Run: [type32] "C:\Programmer\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [System Failure Statistic] cnstat.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Norman ZANDA] C:\Programmer\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Update] msconfg.exe
O4 - HKLM\..\Run: [Micr Update] soundblaster.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmer\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
O4 - HKLM\..\Run: [$WindowsRegKey%update] IEXPLORE.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!ewido] "C:\Programmer\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\RunServices: [Windows Compliant] esbbxi.exe
O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe
O4 - HKLM\..\RunServices: [$WindowsRegKey%update] IEXPLORE.EXE
O4 - HKLM\..\RunServices: [System Failure Statistic] cnstat.exe
O4 - HKLM\..\RunServices: [Micr Update] soundblaster.exe
O4 - HKLM\..\RunServices: [Windows Sound Manager] SndMon32.exe
O4 - HKCU\..\Run: [Steam] "c:\programmer\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [$WindowsRegKey%update] IEXPLORE.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [System Failure Statistic] cnstat.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Micr Update] soundblaster.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Sound Manager] SndMon32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Windows Sound Manager] SndMon32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Windows Sound Manager] SndMon32.exe (User 'Default user')
O4 - Startup: MultiRes.lnk = C:\Programmer\MultiRes\MultiRes.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: HP Klipsamling - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programmer\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart markering - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programmer\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096492567311
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fff
O17 - HKLM\Software\..\Telephony: DomainName = fff
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fff
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fff
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = fff
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programmer\Norman\Npm\Bin\eLogsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmer\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Programmer\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Programmer\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Programmer\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programmer\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programmer\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 11685 bytes
x
x
x
x
x
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/04/2007 at 07:39 PM

Application Version : 3.9.1008

Core Rules Database Version : 3318
Trace Rules Database Version: 1319

Scan type      : Complete Scan
Total Scan Time : 00:36:48

Memory items scanned      : 221
Memory threats detected  : 0
Registry items scanned    : 6524
Registry threats detected : 0
File items scanned        : 44101
File threats detected    : 201

Adware.Tracking Cookie
    C:\Documents and Settings\Frank\Cookies\frank@ad.eyemedia[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@ads.gamesbannernet[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@cz3.clickzs[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@globalstat[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@audit.median[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@free-porn[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@ads.spele[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@cgi-bin[11].txt
    C:\Documents and Settings\Frank\Cookies\frank@adserver.banneradministration[3].txt
    C:\Documents and Settings\Frank\Cookies\frank@adfarm1.adition[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@azjmp[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@film.porno[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@http.edge.vru4[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@1071878148[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@adserver.adreactor[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@ads.flashgames247[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@a[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@cgi-bin[8].txt
    C:\Documents and Settings\Frank\Cookies\frank@eas.apm.emediate[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@pornstudsearch[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@ads.adbrite[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@bonnier.banneradministration[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@ads.gamers-globe[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@dist.belnk[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@1072730180[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@basic[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@1067427030[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@ads.heias[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@cassava[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@adbrite[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@ads.planetactive[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@adultarea[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@estat[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@i[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@cgi-bin[6].txt
    C:\Documents and Settings\Frank\Cookies\frank@4.adbrite[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@888[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@adultrealitypass[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@ad.zanox[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@ads.dailyrush[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@48940962[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@ads2.blastro[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@belnk[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@please[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@cgi-bin[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@ads.as4x.tmcs[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@adserver.71i[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@cgi-bin[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@dcsi583rp10000oevcqz9y4us_6l6d[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@ads4.blastro[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@alr[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@centrebet.advertserve[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@elitemadzone[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@admarketplace[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@ads.freeonlinegames[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@ads.freeway[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@cgi-bin[10].txt
    C:\Documents and Settings\Frank\Cookies\frank@3.adbrite[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@4670415[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@jamster.co[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@ad1.emediate[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@ads2.jubii[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@cybersexcam.vipsexcam[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@1071427968[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@image.masterstats[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@ncom.banneradministration[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@clicktorrent[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@mb[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@123stat[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@extremesex[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@cgi-bin[5].txt
    C:\Documents and Settings\Frank\Cookies\frank@adopt.hbmediapro[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@cgi-bin[9].txt
    C:\Documents and Settings\Frank\Cookies\frank@ad1.hardware[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@35439559[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@ads.clearclips[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@ads3.blastro[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@adtech[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@76711721[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@1071945428[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@adfair[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@banner.gratis-ting[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@82763522[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@adrenaline[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@adserver.adremedy[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@bannere.fyens[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@stat.postdanmark[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@vhost.oddcast[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@hentaicounter[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@server.cpmstar[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@s1[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@cyberporn[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@jubiisexbio[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@cs.sexcounter[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@tacoda[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@mediamaker[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@pornorotten[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@partners.webmasterplan[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@toplist[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@m1.webstats.motigo[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@track.adform[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@rotator.adjuggler[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@sexdebut[3].txt
    C:\Documents and Settings\Frank\Cookies\frank@renault-com[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@sexygames[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@sexdebut[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@mysextour[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@smileycentral[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@vip.clickzs[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@sexnoveller[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@partypoker[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@list[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@pornminded[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@toplist[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@track[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@news.pornoverload[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@pulz.banneradministration[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@track.commissionpartner[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@www.pornminded[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@multimediaworld[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@pornaccess[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@mdlfr[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@franceguide[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@sexfriends[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@e2.emediate[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@gratis-porno[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@indextools[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@pornotube[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@order.jamster.co[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@netxmedia[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@clicks.hmcampaign[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@www.etracker[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@www.lolitasex[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@www.elitemadzone[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@stat.inleadmedia[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@stats24[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@www.mysextour[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@indexstats[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@www.dk-sex[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@atdmt[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@www.jubiisexbio[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@tdstats[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@smartadserver[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@offers.intermediainteractive[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@qxl.banneradministration[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@www.sextv[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@youporn[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@www.mediakey[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@rambler[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@sexydane[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@renault-group[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@revsci[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@www.pornorotten[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@www.naboporno[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@tracking.notabenestats[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@warlog[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@www.free-porn[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@web-stat[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@www.gratispornofilm[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@data2.perf.overture[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@www.jackpotmadness[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@sexkanaler[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@video.pornhost[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@www.smartadserver[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@www.adultarea[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@1071214352[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@tracking.happytreefriends[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@www.highfi-stats[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@online.adservicemedia[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@www.bigcockteenaddiction[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@www.counter-strike[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@stats.gamestop[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@xxxporn[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@www2.mystats[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@www.pornolisten[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@bs.serving-sys[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@xiti[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@www.comprabanner[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@www.pornofilmer[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@www.pornodyret[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@www.pornvideos[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@zpornstars[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@perf.overture[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@www.webstat[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@yadro[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@www.pornoamateurs[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@www.sexnoveller[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@www.pornogallerier[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@www.sexydane[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@www.pornblog[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@www.nabosex[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@serving-sys[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@mediaplex[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@1070847646[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@doubleclick[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@spamfighter.112.2o7[1].txt
    C:\Documents and Settings\Frank\Cookies\frank@adverticum[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@sex-lankar[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@toplist_demo[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@toplist_porno[2].txt
    C:\Documents and Settings\Frank\Cookies\frank@www.multimediaworld[2].txt
x
x
x
x
x
x
********************************* ROOTCHK-(21-09-07)-LOG, by ejvindh
04-10-2007 19:52:20,46

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-04 19:52:21
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0050f2ea966a]
"00196349b7dc"=hex:16,6f,a2,17,4f,4b,96,f4,7f,cc,f2,8f,84,d1,27,6b
"000b2449f459"=hex:7b,ae,50,8f,63,12,94,49,47,87,84,d1,6e,7e,64,c5
"000fde146c44"=hex:48,49,2a,ac,73,f7,c6,a2,7b,88,e5,c1,47,06,33,82
,ae,50,8f,63,12,94,49,47,87,84,d1,6e,7e,64,c5
"000fde146c44"=hex:48,49,2a,ac,73,f7,c6,a2,7b,88,e5,c1,47,06,33,82
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0050f2ea966a]
"00196349b7dc"=hex:16,6f,a2,17,4f,4b,96,f4,7f,cc,f2,8f,84,d1,27,6b
"000b2449f459"=hex:7b,ae,50,8f,63,12,94,49,47,87,84,d1,6e,7e,64,c5
"000fde146c44"=hex:48,49,2a,ac,73,f7,c6,a2,7b,88,e5,c1,47,06,33,82

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0
x
x
x
x
x
ComboFix 07-10-04.6 - Frank 2007-10-04 19:56:06.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.436 [GMT 2:00]
Running from: C:\Documents and Settings\Frank\Skrivebord\SPAM\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\AutoRun.inf

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_IPRIP
-------\Iprip


(((((((((((((((((((((((((  Files Created from 2007-09-04 to 2007-10-04  )))))))))))))))))))))))))))))))
.

2007-10-04 19:54    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-10-04 18:50    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-10-04 18:50    <DIR>    d--------    C:\Documents and Settings\Frank\Application Data\SUPERAntiSpyware.com
2007-10-04 18:50    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-03 21:17    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-03 18:35    <DIR>    d--------    C:\Programmer\ewido anti-spyware 4.0
2007-10-03 17:25    <DIR>    d--------    C:\Programmer\Spyware Doctor
2007-10-02 19:34    401,720    --a------    C:\Programmer\HJTrenamed.exe
2007-10-02 17:22    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-10-02 17:14    <DIR>    d--------    C:\Programmer\CCleaner
2007-09-18 21:34    <DIR>    d--------    C:\Documents and Settings\Frank\Application Data\HP
2007-09-18 20:58    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\WEBREG
2007-09-18 20:50    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2007-09-18 20:49    267,864    -ra------    C:\hpzids01.dll
2007-09-18 20:48    954,368    -ra------    C:\WINDOWS\system32\hpotiop5.dll
2007-09-18 20:48    675,840    -ra------    C:\WINDOWS\system32\hpowiax5.dll
2007-09-18 20:48    6,784    --a--c---    C:\WINDOWS\system32\dllcache\serscan.sys
2007-09-18 20:48    6,784    --a------    C:\WINDOWS\system32\drivers\serscan.sys
2007-09-18 20:48    364,544    -ra------    C:\WINDOWS\system32\hppldcoi.dll
2007-09-18 20:48    309,760    -ra------    C:\WINDOWS\system32\difxapi.dll
2007-09-18 20:48    303,104    -ra------    C:\WINDOWS\system32\hpovst12.dll
2007-09-18 20:45    <DIR>    d--------    C:\Documents and Settings\Frank\Application Data\HPAppData
2007-09-18 20:45    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2007-09-18 20:43    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2007-09-18 20:43    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\HP
2007-09-18 20:42    <DIR>    d--------    C:\Programmer\Hewlett-Packard
2007-09-18 20:42    <DIR>    d--------    C:\Programmer\F‘lles filer\HP
2007-09-18 20:42    <DIR>    d--------    C:\Programmer\F‘lles filer\Hewlett-Packard
2007-09-18 20:41    <DIR>    d--------    C:\Programmer\HP
2007-09-18 20:39    8,138    ---------    C:\WINDOWS\hpomdl21.dat
2007-09-18 20:39    163,591    --a------    C:\WINDOWS\hpoins21.dat

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-04 20:02    ---------    d--------    C:\Programmer\Norman
2007-10-04 19:50    11687    --a------    C:\Programmer\hijackthis.log
2007-10-04 19:47    ---------    d--------    C:\Documents and Settings\All Users\Application Data\NPF
2007-10-03 20:02    ---------    d--------    C:\Programmer\Microsoft ActiveSync
2007-10-02 17:14    ---------    d--------    C:\Programmer\Yahoo!
2007-09-22 08:23    ---------    d--------    C:\Programmer\ffdshow
2007-08-26 13:41    ---------    d--------    C:\Programmer\Microsoft Publisher
2007-08-18 15:47    ---------    d--h-----    C:\Programmer\InstallShield Installation Information
2005-08-25 21:02    15296    --a------    C:\Programmer\Furnish Lite uninstal.log
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
    ---------        C:\Programmer\Fælles filer\HP
    ---------        C:\Programmer\Fælles filer\Hewlett-Packard
    ---------        C:\Programmer\Fælles filer
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
2007-03-02 16:52    1298024    -ra------    C:\Programmer\HP\Smart Web Printing\hpswp_printenhancer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
2007-03-02 16:52    177768    -ra------    C:\Programmer\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Sound Manager"="SndMon32.exe" []
"Windows Compliant"="esbbxi.exe" []
"type32"="C:\Programmer\Microsoft IntelliType Pro\type32.exe" [2004-06-03 10:51]
"System Failure Statistic"="cnstat.exe" []
"SoundMan"="SOUNDMAN.EXE" [2005-03-24 22:20 C:\WINDOWS\SOUNDMAN.EXE]
"Sony Ericsson PC Suite"="C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 18:17]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-11-10 16:06]
"nwiz"="nwiz.exe" [2005-12-10 04:06 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 04:06]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 04:06]
"Norman ZANDA"="C:\Programmer\Norman\Npm\bin\ZLH.exe" [2007-04-27 13:53]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"Microsoft Update"="msconfg.exe" []
"Micr Update"="soundblaster.exe" []
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 20:11]
"LogitechVideoTray"="C:\Programmer\Logitech\Video\LogiTray.exe" [2004-06-01 12:03]
"LogitechVideoRepair"="C:\Programmer\Logitech\Video\ISStart.exe" [2004-06-01 12:09]
"LogitechGalleryRepair"="C:\Programmer\Logitech\Video\ISStart.exe" [2004-06-01 12:09]
"IntelliPoint"="C:\Programmer\Microsoft IntelliPoint\point32.exe" [2004-06-03 10:50]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-27 02:53 C:\WINDOWS\system32\bthprops.cpl]
"AtiPTA"="C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE" [2005-11-23 03:05]
"$WindowsRegKey%update"="IEXPLORE.EXE" []
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34]
"!ewido"="C:\Programmer\ewido anti-spyware 4.0\ewido.exe" [2007-10-03 18:38]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\programmer\valve\steam\steam.exe" [2007-07-04 20:45]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:55]
"LogitechSoftwareUpdate"="C:\Programmer\Logitech\Video\ManifestEngine.exe" [2004-06-01 12:46]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-24 11:04]
"H/PC Connection Agent"="C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE" [2003-09-01 12:52]
"gStart"="C:\Garmin\gStart.exe" [2007-03-04 23:08]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 02:53]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-10-04 19:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windows Compliant"=esbbxi.exe
"Microsoft Update"=msconfg.exe
"$WindowsRegKey%update"=IEXPLORE.EXE
"System Failure Statistic"=cnstat.exe
"Micr Update"=soundblaster.exe
"Windows Sound Manager"=SndMon32.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"Windows Sound Manager"=SndMon32.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Windows Compliant"=esbbxi.exe
"Microsoft Update"=msconfg.exe
"$WindowsRegKey%update"=IEXPLORE.EXE
"System Failure Statistic"=cnstat.exe
"Micr Update"=soundblaster.exe
"Windows Sound Manager"=SndMon32.exe

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
HP Digital Imaging Monitor.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24]

C:\Documents and Settings\Frank\Menuen Start\Programmer\Start\
MultiRes.lnk - C:\Programmer\MultiRes\MultiRes.exe [2006-01-09 14:56:52]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
HP Digital Imaging Monitor.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll


R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys
R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys
R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys
R1 TDI_RD;Firewall Engine Type-R;\??\C:\WINDOWS\system32\drivers\tdi_rd.sys
R2 HPSLPSVC;HP Network Devices Support;C:\WINDOWS\system32\svchost.exe -k HPService
R2 Ndiskio;Ndiskio;\??\C:\Programmer\Norman\Nse\bin\NDISKIO.SYS
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys
R3 nvcoas;Norman Virus Control on-access component;C:\Programmer\Norman\Nvc\bin\nvcoas.exe
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Programmer\Norman\Nvc\BIN\NVCSCHED.EXE
R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys
R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
S1 atitray;atitray;\??\C:\Programmer\Radeon Omega Drivers\v3.8.221\ATI Tray Tools\atitray.sys
S3 570b8859-bba1-45bb-a923-c3c94b2187ed;570b8859-bba1-45bb-a923-c3c94b2187ed;\??\D:\Player\cds300.dll
S3 FE250;%FE250.SvcDesc%;C:\WINDOWS\system32\Drivers\FE250.sys
S3 OPENDRV;OPENDRV;\??\C:\Programmer\AOpen\SilentTek\OpenDrv.sys
S3 P1080BLK;Creative CardCam Value (Still Image);C:\WINDOWS\system32\DRIVERS\P1080Stl.sys
S3 P1080VID;Creative CardCam Value (Video);C:\WINDOWS\system32\DRIVERS\P1080Vid.sys
S3 p2pgasvc;Gruppegodkendelse på peer-netværk;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 p2pimsvc;Identitetsstyring for peer-netværk;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 p2psvc;Peer-netværk;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 PNRPSvc;PNRP (Peer Name Resolution Protocol);C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE27bus.sys
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE27mdm.sys
S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys
S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS);C:\WINDOWS\system32\DRIVERS\se27nd5.sys
S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE27obex.sys
S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM);C:\WINDOWS\system32\DRIVERS\se27unic.sys
S3 TTUSB2BDA;TTUSB2BDA USB 2.0 Driver;C:\WINDOWS\system32\DRIVERS\ttusb2bda.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc    p2psvc p2pimsvc p2pgasvc PNRPSvc
HPZ12    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    hpqcxs08 hpqddsvc
HPService    HPSLPSVC

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-04 20:06:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-04 20:09:52 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-04 20:09
.
    --- E O F ---

Det var meget bedre.. Jeg kigger på den nu

Der er meget snavs i den log..

Hvor længe har du haft norman som antivirus program??

Kør trin 2 her http://www.malwarecheck.dk/forum/viewtopic.php?t=11
og et onlinescan med bitdefender herfra: http://www.arlet.dk/onlinescannere.htm
genstart og ny hijackthis log og combofix log

FINT - jeg går i gang med det samme.....

jeg har haft den i halvt års tid. Har tidligere brugt norton - i nogle år betALTE CA. 400,- om året, men efterhånden synes dækningen blev dårlig og skulle betale mere hvis mal og ad ware skulle scannes.

Jeg savner faktisk et produkt der kan det hele , virus, firewall, ad-ware, malware osv. Findes det?

Nej, det findes ikke, men jeg kender en sammensætning der er temmelig god og en lille hemmelighed er at DEN ER GRATIS... DEt tager vi til sidst, vi skal først have fjernet alt det snavs..

Så er der et par logs klar

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:03:40, on 06-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Norman\Npm\Bin\eLogsvc.exe
C:\Programmer\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Norman\Npf\BIN\NPFSVICE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmer\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Programmer\Norman\Npm\bin\NJEEVES.EXE
C:\Programmer\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\Microsoft IntelliPoint\point32.exe
C:\Programmer\Norman\Nvc\BIN\NIP.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
C:\Programmer\Norman\Nvc\bin\cclaw.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Norman\Npf\BIN\npfmsg2.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\programmer\valve\steam\steam.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Garmin\gStart.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\TechSmith\SnagIt 8\SnagIt32.exe
C:\Programmer\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Programmer\MultiRes\MultiRes.exe
C:\Programmer\TechSmith\SnagIt 8\TSCHelp.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\Programmer\Outlook Express\msimn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\HJTrenamed.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmer\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmer\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programmer\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmer\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Windows Sound Manager] SndMon32.exe
O4 - HKLM\..\Run: [Windows Compliant] esbbxi.exe
O4 - HKLM\..\Run: [type32] "C:\Programmer\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [System Failure Statistic] cnstat.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Norman ZANDA] C:\Programmer\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Update] msconfg.exe
O4 - HKLM\..\Run: [Micr Update] soundblaster.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmer\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
O4 - HKLM\..\Run: [$WindowsRegKey%update] IEXPLORE.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\RunServices: [Windows Compliant] esbbxi.exe
O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe
O4 - HKLM\..\RunServices: [$WindowsRegKey%update] IEXPLORE.EXE
O4 - HKLM\..\RunServices: [System Failure Statistic] cnstat.exe
O4 - HKLM\..\RunServices: [Micr Update] soundblaster.exe
O4 - HKLM\..\RunServices: [Windows Sound Manager] SndMon32.exe
O4 - HKCU\..\Run: [Steam] "c:\programmer\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [$WindowsRegKey%update] IEXPLORE.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [System Failure Statistic] cnstat.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Micr Update] soundblaster.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Sound Manager] SndMon32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Windows Sound Manager] SndMon32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Windows Sound Manager] SndMon32.exe (User 'Default user')
O4 - Startup: MultiRes.lnk = C:\Programmer\MultiRes\MultiRes.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Programmer\TechSmith\SnagIt 8\SnagIt32.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: HP Klipsamling - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programmer\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart markering - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programmer\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096492567311
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fff
O17 - HKLM\Software\..\Telephony: DomainName = fff
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fff
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fff
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = fff
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programmer\Norman\Npm\Bin\eLogsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Programmer\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Programmer\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Programmer\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programmer\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programmer\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 11522 bytes



x
x
x
x
x

ComboFix 07-10-04.6 - Frank 2007-10-06 19:06:40.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.404 [GMT 2:00]
Running from: C:\Documents and Settings\Frank\Skrivebord\SPAM\ComboFix.exe
.

(((((((((((((((((((((((((  Files Created from 2007-09-06 to 2007-10-06  )))))))))))))))))))))))))))))))
.

2007-10-06 17:10    <DIR>    d--------    C:\WINDOWS\BDOSCAN8
2007-10-05 20:42    <DIR>    d--------    C:\Programmer\TechSmith
2007-10-05 20:42    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\TechSmith
2007-10-04 19:54    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-10-04 18:50    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-10-04 18:50    <DIR>    d--------    C:\Documents and Settings\Frank\Application Data\SUPERAntiSpyware.com
2007-10-04 18:50    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-03 21:17    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-03 17:25    <DIR>    d--------    C:\Programmer\Spyware Doctor
2007-10-02 19:34    401,720    --a------    C:\Programmer\HJTrenamed.exe
2007-10-02 17:14    <DIR>    d--------    C:\Programmer\CCleaner
2007-09-18 21:34    <DIR>    d--------    C:\Documents and Settings\Frank\Application Data\HP
2007-09-18 20:58    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\WEBREG
2007-09-18 20:50    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2007-09-18 20:49    267,864    -ra------    C:\hpzids01.dll
2007-09-18 20:48    954,368    -ra------    C:\WINDOWS\system32\hpotiop5.dll
2007-09-18 20:48    675,840    -ra------    C:\WINDOWS\system32\hpowiax5.dll
2007-09-18 20:48    6,784    --a--c---    C:\WINDOWS\system32\dllcache\serscan.sys
2007-09-18 20:48    6,784    --a------    C:\WINDOWS\system32\drivers\serscan.sys
2007-09-18 20:48    364,544    -ra------    C:\WINDOWS\system32\hppldcoi.dll
2007-09-18 20:48    309,760    -ra------    C:\WINDOWS\system32\difxapi.dll
2007-09-18 20:48    303,104    -ra------    C:\WINDOWS\system32\hpovst12.dll
2007-09-18 20:45    <DIR>    d--------    C:\Documents and Settings\Frank\Application Data\HPAppData
2007-09-18 20:45    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2007-09-18 20:43    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2007-09-18 20:43    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\HP
2007-09-18 20:42    <DIR>    d--------    C:\Programmer\Hewlett-Packard
2007-09-18 20:42    <DIR>    d--------    C:\Programmer\F‘lles filer\HP
2007-09-18 20:42    <DIR>    d--------    C:\Programmer\F‘lles filer\Hewlett-Packard
2007-09-18 20:41    <DIR>    d--------    C:\Programmer\HP
2007-09-18 20:39    8,138    ---------    C:\WINDOWS\hpomdl21.dat
2007-09-18 20:39    163,591    --a------    C:\WINDOWS\hpoins21.dat

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-06 19:03    11524    --a------    C:\Programmer\hijackthis.log
2007-10-06 18:55    ---------    d--------    C:\Programmer\Norman
2007-10-06 15:21    ---------    d--------    C:\Documents and Settings\All Users\Application Data\NPF
2007-10-06 07:53    ---------    d--------    C:\Programmer\Google
2007-10-06 07:43    ---------    d--------    C:\Documents and Settings\All Users\Application Data\Google
2007-10-06 07:41    ---------    d--------    C:\Programmer\Yahoo!
2007-10-05 22:02    ---------    d--h-----    C:\Programmer\InstallShield Installation Information
2007-10-03 20:02    ---------    d--------    C:\Programmer\Microsoft ActiveSync
2007-09-22 08:23    ---------    d--------    C:\Programmer\ffdshow
2007-08-26 13:41    ---------    d--------    C:\Programmer\Microsoft Publisher
2007-07-30 19:19    92504    --a------    C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19    53080    --a------    C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19    43352    --a------    C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\system32\wups.dll
2005-08-25 21:02    15296    --a------    C:\Programmer\Furnish Lite uninstal.log
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
    ---------        C:\Programmer\Fælles filer\HP
    ---------        C:\Programmer\Fælles filer\Hewlett-Packard
    ---------        C:\Programmer\Fælles filer
.

(((((((((((((((((((((((((((((  snapshot@2007-10-04_20.08.58.37  )))))))))))))))))))))))))))))))))))))))))
.
----a-w            53,248 2006-05-24 23:22:06  C:\WINDOWS\bdoscandel.exe
----a-w            45,056 2007-10-06 15:10:26  C:\WINDOWS\BDOSCAN8\avxdisk.dll
----a-w            10,240 2007-10-06 15:10:26  C:\WINDOWS\BDOSCAN8\avxs.dll
----a-w            27,136 2007-10-06 15:10:27  C:\WINDOWS\BDOSCAN8\avxt.dll
----a-w          181,760 2007-10-06 15:10:30  C:\WINDOWS\BDOSCAN8\bdcore.dll
----a-w          118,784 2005-03-01 12:08:48  C:\WINDOWS\BDOSCAN8\bdupd.dll
----a-w            53,248 2005-03-01 12:08:52  C:\WINDOWS\BDOSCAN8\ipsupd.dll
----a-w          142,848 2007-10-06 15:10:30  C:\WINDOWS\BDOSCAN8\libfn.dll
----a-w            86,016 2007-10-06 15:10:27  C:\WINDOWS\BDOSCAN8\librtvr.dll
----a-w          118,784 2005-03-01 12:08:48  C:\WINDOWS\Downloaded Program Files\bdupd.dll
----a-w            53,248 2005-03-01 12:08:52  C:\WINDOWS\Downloaded Program Files\ipsupd.dll
----a-r          112,128 2007-10-05 18:42:34  C:\WINDOWS\Installer\{524228C9-826F-4B58-9E47-4F2E5C7E9F45}\Icon55367664.exe
----a-w          135,168 2007-07-11 23:22:00  C:\WINDOWS\system32\java.exe
----a-w          135,168 2007-07-11 23:22:04  C:\WINDOWS\system32\javaw.exe
----a-w          139,264 2007-07-12 00:22:38  C:\WINDOWS\system32\javaws.exe
----a-w            73,258 2007-10-05 12:51:07  C:\WINDOWS\system32\perfc006.dat
----a-w            11,050 2007-10-05 12:51:07  C:\WINDOWS\system32\perfc009.dat
----a-w          415,362 2007-10-05 12:51:07  C:\WINDOWS\system32\perfh006.dat
----a-w            25,182 2007-10-05 12:51:07  C:\WINDOWS\system32\perfh009.dat
----a-w            13,933 2006-06-20 06:10:00  C:\WINDOWS\system32\spool\drivers\w32x86\3\SNAGITD8.DLL
----a-w          264,704 2004-08-27 00:53:46  C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRV.DLL
----a-w          197,632 2004-08-27 00:53:46  C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
----a-w          620,032 2004-08-27 00:53:18  C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIRES.DLL
.
------w            20,574 2004-08-19 09:07:16  C:\WINDOWS\system32\java.exe
------w            20,576 2004-08-19 09:07:16  C:\WINDOWS\system32\javaw.exe
----a-w            73,258 2007-10-04 18:07:46  C:\WINDOWS\system32\perfc006.dat
----a-w            11,050 2007-10-04 18:07:46  C:\WINDOWS\system32\perfc009.dat
----a-w          415,362 2007-10-04 18:07:46  C:\WINDOWS\system32\perfh006.dat
----a-w            25,182 2007-10-04 18:07:46  C:\WINDOWS\system32\perfh009.dat
----a-w          269,824 2006-12-20 10:50:04  C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRV.DLL
----a-w          197,632 2006-12-20 10:51:30  C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
----a-w          620,032 2006-12-20 10:51:28  C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIRES.DLL
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
2007-03-02 16:52    1298024    -ra------    C:\Programmer\HP\Smart Web Printing\hpswp_printenhancer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
2007-03-02 16:52    177768    -ra------    C:\Programmer\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Sound Manager"="SndMon32.exe" []
"Windows Compliant"="esbbxi.exe" []
"type32"="C:\Programmer\Microsoft IntelliType Pro\type32.exe" [2004-06-03 10:51]
"System Failure Statistic"="cnstat.exe" []
"SoundMan"="SOUNDMAN.EXE" [2005-03-24 22:20 C:\WINDOWS\SOUNDMAN.EXE]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-11-10 16:06]
"nwiz"="nwiz.exe" [2005-12-10 04:06 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 04:06]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 04:06]
"Norman ZANDA"="C:\Programmer\Norman\Npm\bin\ZLH.exe" [2007-04-27 13:53]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"Microsoft Update"="msconfg.exe" []
"Micr Update"="soundblaster.exe" []
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 20:11]
"LogitechVideoTray"="C:\Programmer\Logitech\Video\LogiTray.exe" [2004-06-01 12:03]
"LogitechVideoRepair"="C:\Programmer\Logitech\Video\ISStart.exe" [2004-06-01 12:09]
"LogitechGalleryRepair"="C:\Programmer\Logitech\Video\ISStart.exe" [2004-06-01 12:09]
"IntelliPoint"="C:\Programmer\Microsoft IntelliPoint\point32.exe" [2004-06-03 10:50]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-27 02:53 C:\WINDOWS\system32\bthprops.cpl]
"AtiPTA"="C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE" [2005-11-23 03:05]
"$WindowsRegKey%update"="IEXPLORE.EXE" []
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\programmer\valve\steam\steam.exe" [2007-10-05 14:47]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:55]
"LogitechSoftwareUpdate"="C:\Programmer\Logitech\Video\ManifestEngine.exe" [2004-06-01 12:46]
"H/PC Connection Agent"="C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE" [2003-09-01 12:52]
"gStart"="C:\Garmin\gStart.exe" [2007-03-04 23:08]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 02:53]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-10-04 19:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windows Compliant"=esbbxi.exe
"Microsoft Update"=msconfg.exe
"$WindowsRegKey%update"=IEXPLORE.EXE
"System Failure Statistic"=cnstat.exe
"Micr Update"=soundblaster.exe
"Windows Sound Manager"=SndMon32.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"Windows Sound Manager"=SndMon32.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Windows Compliant"=esbbxi.exe
"Microsoft Update"=msconfg.exe
"$WindowsRegKey%update"=IEXPLORE.EXE
"System Failure Statistic"=cnstat.exe
"Micr Update"=soundblaster.exe
"Windows Sound Manager"=SndMon32.exe

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
HP Digital Imaging Monitor.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24]
SnagIt 8.lnk - C:\Programmer\TechSmith\SnagIt 8\SnagIt32.exe [2006-06-20 08:10:00]

C:\Documents and Settings\Frank\Menuen Start\Programmer\Start\
MultiRes.lnk - C:\Programmer\MultiRes\MultiRes.exe [2006-01-09 14:56:52]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
HP Digital Imaging Monitor.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24]
SnagIt 8.lnk - C:\Programmer\TechSmith\SnagIt 8\SnagIt32.exe [2006-06-20 08:10:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll


R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys
R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys
R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys
R1 TDI_RD;Firewall Engine Type-R;\??\C:\WINDOWS\system32\drivers\tdi_rd.sys
R2 HPSLPSVC;HP Network Devices Support;C:\WINDOWS\system32\svchost.exe -k HPService
R2 Ndiskio;Ndiskio;\??\C:\Programmer\Norman\Nse\bin\NDISKIO.SYS
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys
R3 nvcoas;Norman Virus Control on-access component;C:\Programmer\Norman\Nvc\bin\nvcoas.exe
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Programmer\Norman\Nvc\BIN\NVCSCHED.EXE
R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys
R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
S1 atitray;atitray;\??\C:\Programmer\Radeon Omega Drivers\v3.8.221\ATI Tray Tools\atitray.sys
S3 570b8859-bba1-45bb-a923-c3c94b2187ed;570b8859-bba1-45bb-a923-c3c94b2187ed;\??\D:\Player\cds300.dll
S3 FE250;%FE250.SvcDesc%;C:\WINDOWS\system32\Drivers\FE250.sys
S3 OPENDRV;OPENDRV;\??\C:\Programmer\AOpen\SilentTek\OpenDrv.sys
S3 P1080BLK;Creative CardCam Value (Still Image);C:\WINDOWS\system32\DRIVERS\P1080Stl.sys
S3 P1080VID;Creative CardCam Value (Video);C:\WINDOWS\system32\DRIVERS\P1080Vid.sys
S3 p2pgasvc;Gruppegodkendelse på peer-netværk;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 p2pimsvc;Identitetsstyring for peer-netværk;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 p2psvc;Peer-netværk;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 PNRPSvc;PNRP (Peer Name Resolution Protocol);C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE27bus.sys
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE27mdm.sys
S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys
S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS);C:\WINDOWS\system32\DRIVERS\se27nd5.sys
S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE27obex.sys
S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM);C:\WINDOWS\system32\DRIVERS\se27unic.sys
S3 TTUSB2BDA;TTUSB2BDA USB 2.0 Driver;C:\WINDOWS\system32\DRIVERS\ttusb2bda.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc    p2psvc p2pimsvc p2pgasvc PNRPSvc
HPZ12    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    hpqcxs08 hpqddsvc
HPService    HPSLPSVC

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-06 19:09:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-06 19:11:01
C:\ComboFix-quarantined-files.txt ... 2007-10-06 19:10
C:\ComboFix2.txt ... 2007-10-04 20:09
.
    --- E O F ---

Du skal nu til at i gang med at fixe:
Kør Hijackthis, scan, sæt flueben ved linien/linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked, luk hijackthis igen.

O4 - HKLM\..\Run: [Windows Sound Manager] SndMon32.exe
O4 - HKLM\..\Run: [Windows Compliant] esbbxi.exe
O4 - HKLM\..\Run: [System Failure Statistic] cnstat.exe
O4 - HKLM\..\Run: [Microsoft Update] msconfg.exe
O4 - HKLM\..\Run: [Micr Update] soundblaster.exe
O4 - HKLM\..\Run: [$WindowsRegKey%update] IEXPLORE.EXE
O4 - HKLM\..\RunServices: [Windows Compliant] esbbxi.exe
O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe
O4 - HKLM\..\RunServices: [$WindowsRegKey%update] IEXPLORE.EXE
O4 - HKLM\..\RunServices: [System Failure Statistic] cnstat.exe
O4 - HKLM\..\RunServices: [Micr Update] soundblaster.exe
O4 - HKLM\..\RunServices: [Windows Sound Manager] SndMon32.exe
O4 - HKUS\S-1-5-18\..\Run: [$WindowsRegKey%update] IEXPLORE.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [System Failure Statistic] cnstat.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Micr Update] soundblaster.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Sound Manager] SndMon32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Windows Sound Manager] SndMon32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Windows Sound Manager] SndMon32.exe (User 'Default user')

Gå i søg og søg efter disse:
SndMon32.exe
esbbxi.exe
cnstat.exe
msconfg.exe
soundblaster.exe

Slet alt hvad den finder..

Genstart og ny hijackthis log og combofix log

Hej Igen - Da jeg søgte fandt jeg ingenting....jeg håber ikke det betyder noget....
MEN her har du de sidste nye logs!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:02:16, on 06-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Norman\Npm\Bin\eLogsvc.exe
C:\Programmer\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Norman\Npf\BIN\NPFSVICE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Norman\Npm\bin\NJEEVES.EXE
C:\Programmer\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Programmer\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\Programmer\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\Norman\Nvc\BIN\NIP.EXE
C:\Programmer\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Norman\Nvc\bin\cclaw.exe
C:\Programmer\Norman\Npf\BIN\npfmsg2.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\programmer\valve\steam\steam.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Garmin\gStart.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\TechSmith\SnagIt 8\SnagIt32.exe
C:\Programmer\MultiRes\MultiRes.exe
C:\Programmer\TechSmith\SnagIt 8\TSCHelp.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\Programmer\HJTrenamed.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmer\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmer\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programmer\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmer\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [type32] "C:\Programmer\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Norman ZANDA] C:\Programmer\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmer\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [Steam] "c:\programmer\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [Windows Compliant] esbbxi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Windows Compliant] esbbxi.exe (User 'Default user')
O4 - Startup: MultiRes.lnk = C:\Programmer\MultiRes\MultiRes.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Programmer\TechSmith\SnagIt 8\SnagIt32.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: HP Klipsamling - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programmer\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart markering - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programmer\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096492567311
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fff
O17 - HKLM\Software\..\Telephony: DomainName = fff
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fff
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fff
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = fff
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programmer\Norman\Npm\Bin\eLogsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Programmer\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Programmer\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Programmer\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programmer\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programmer\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10139 bytes
X
X
X
X
X
ComboFix 07-10-04.6 - Frank 2007-10-06 23:04:26.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.405 [GMT 2:00]
Running from: C:\Documents and Settings\Frank\Skrivebord\SPAM\ComboFix.exe
.

(((((((((((((((((((((((((  Files Created from 2007-09-06 to 2007-10-06  )))))))))))))))))))))))))))))))
.

2007-10-06 22:37    <DIR>    d--------    C:\Programmer\backups
2007-10-06 17:10    <DIR>    d--------    C:\WINDOWS\BDOSCAN8
2007-10-05 20:42    <DIR>    d--------    C:\Programmer\TechSmith
2007-10-05 20:42    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\TechSmith
2007-10-04 19:54    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-10-04 18:50    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2007-10-04 18:50    <DIR>    d--------    C:\Documents and Settings\Frank\Application Data\SUPERAntiSpyware.com
2007-10-04 18:50    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-03 21:17    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-03 17:25    <DIR>    d--------    C:\Programmer\Spyware Doctor
2007-10-02 19:34    401,720    --a------    C:\Programmer\HJTrenamed.exe
2007-10-02 17:14    <DIR>    d--------    C:\Programmer\CCleaner
2007-09-18 21:34    <DIR>    d--------    C:\Documents and Settings\Frank\Application Data\HP
2007-09-18 20:58    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\WEBREG
2007-09-18 20:50    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2007-09-18 20:49    267,864    -ra------    C:\hpzids01.dll
2007-09-18 20:48    954,368    -ra------    C:\WINDOWS\system32\hpotiop5.dll
2007-09-18 20:48    675,840    -ra------    C:\WINDOWS\system32\hpowiax5.dll
2007-09-18 20:48    6,784    --a--c---    C:\WINDOWS\system32\dllcache\serscan.sys
2007-09-18 20:48    6,784    --a------    C:\WINDOWS\system32\drivers\serscan.sys
2007-09-18 20:48    364,544    -ra------    C:\WINDOWS\system32\hppldcoi.dll
2007-09-18 20:48    309,760    -ra------    C:\WINDOWS\system32\difxapi.dll
2007-09-18 20:48    303,104    -ra------    C:\WINDOWS\system32\hpovst12.dll
2007-09-18 20:45    <DIR>    d--------    C:\Documents and Settings\Frank\Application Data\HPAppData
2007-09-18 20:45    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2007-09-18 20:43    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2007-09-18 20:43    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\HP
2007-09-18 20:42    <DIR>    d--------    C:\Programmer\Hewlett-Packard
2007-09-18 20:42    <DIR>    d--------    C:\Programmer\F‘lles filer\HP
2007-09-18 20:42    <DIR>    d--------    C:\Programmer\F‘lles filer\Hewlett-Packard
2007-09-18 20:41    <DIR>    d--------    C:\Programmer\HP
2007-09-18 20:39    8,138    ---------    C:\WINDOWS\hpomdl21.dat
2007-09-18 20:39    163,591    --a------    C:\WINDOWS\hpoins21.dat

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-06 23:02    10141    --a------    C:\Programmer\hijackthis.log
2007-10-06 22:52    ---------    d--------    C:\Programmer\Norman
2007-10-06 15:21    ---------    d--------    C:\Documents and Settings\All Users\Application Data\NPF
2007-10-06 07:53    ---------    d--------    C:\Programmer\Google
2007-10-06 07:43    ---------    d--------    C:\Documents and Settings\All Users\Application Data\Google
2007-10-06 07:41    ---------    d--------    C:\Programmer\Yahoo!
2007-10-05 22:02    ---------    d--h-----    C:\Programmer\InstallShield Installation Information
2007-10-03 20:02    ---------    d--------    C:\Programmer\Microsoft ActiveSync
2007-09-22 08:23    ---------    d--------    C:\Programmer\ffdshow
2007-08-26 13:41    ---------    d--------    C:\Programmer\Microsoft Publisher
2007-07-30 19:19    92504    --a------    C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19    549720    --a------    C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19    53080    --a------    C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19    43352    --a------    C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19    325976    --a------    C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19    203096    --a------    C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19    1712984    --a------    C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18    33624    --a------    C:\WINDOWS\system32\wups.dll
2005-08-25 21:02    15296    --a------    C:\Programmer\Furnish Lite uninstal.log
    ---------        C:\Programmer\Fælles filer\Wise Installation Wizard
    ---------        C:\Programmer\Fælles filer\HP
    ---------        C:\Programmer\Fælles filer\Hewlett-Packard
    ---------        C:\Programmer\Fælles filer
.

(((((((((((((((((((((((((((((  snapshot@2007-10-04_20.08.58.37  )))))))))))))))))))))))))))))))))))))))))
.
----a-w            53,248 2006-05-24 23:22:06  C:\WINDOWS\bdoscandel.exe
----a-w            45,056 2007-10-06 15:10:26  C:\WINDOWS\BDOSCAN8\avxdisk.dll
----a-w            10,240 2007-10-06 15:10:26  C:\WINDOWS\BDOSCAN8\avxs.dll
----a-w            27,136 2007-10-06 15:10:27  C:\WINDOWS\BDOSCAN8\avxt.dll
----a-w          181,760 2007-10-06 15:10:30  C:\WINDOWS\BDOSCAN8\bdcore.dll
----a-w          118,784 2005-03-01 12:08:48  C:\WINDOWS\BDOSCAN8\bdupd.dll
----a-w            53,248 2005-03-01 12:08:52  C:\WINDOWS\BDOSCAN8\ipsupd.dll
----a-w          142,848 2007-10-06 15:10:30  C:\WINDOWS\BDOSCAN8\libfn.dll
----a-w            86,016 2007-10-06 15:10:27  C:\WINDOWS\BDOSCAN8\librtvr.dll
----a-w          118,784 2005-03-01 12:08:48  C:\WINDOWS\Downloaded Program Files\bdupd.dll
----a-w            53,248 2005-03-01 12:08:52  C:\WINDOWS\Downloaded Program Files\ipsupd.dll
----a-r          112,128 2007-10-05 18:42:34  C:\WINDOWS\Installer\{524228C9-826F-4B58-9E47-4F2E5C7E9F45}\Icon55367664.exe
----a-w          135,168 2007-07-11 23:22:00  C:\WINDOWS\system32\java.exe
----a-w          135,168 2007-07-11 23:22:04  C:\WINDOWS\system32\javaw.exe
----a-w          139,264 2007-07-12 00:22:38  C:\WINDOWS\system32\javaws.exe
----a-w            73,258 2007-10-05 12:51:07  C:\WINDOWS\system32\perfc006.dat
----a-w            11,050 2007-10-05 12:51:07  C:\WINDOWS\system32\perfc009.dat
----a-w          415,362 2007-10-05 12:51:07  C:\WINDOWS\system32\perfh006.dat
----a-w            25,182 2007-10-05 12:51:07  C:\WINDOWS\system32\perfh009.dat
----a-w            13,933 2006-06-20 06:10:00  C:\WINDOWS\system32\spool\drivers\w32x86\3\SNAGITD8.DLL
----a-w          264,704 2004-08-27 00:53:46  C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRV.DLL
----a-w          197,632 2004-08-27 00:53:46  C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
----a-w          620,032 2004-08-27 00:53:18  C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIRES.DLL
----atw            16,384 2007-10-06 20:53:40  C:\WINDOWS\Temp\Perflib_Perfdata_104.dat
.
------w            20,574 2004-08-19 09:07:16  C:\WINDOWS\system32\java.exe
------w            20,576 2004-08-19 09:07:16  C:\WINDOWS\system32\javaw.exe
----a-w            73,258 2007-10-04 18:07:46  C:\WINDOWS\system32\perfc006.dat
----a-w            11,050 2007-10-04 18:07:46  C:\WINDOWS\system32\perfc009.dat
----a-w          415,362 2007-10-04 18:07:46  C:\WINDOWS\system32\perfh006.dat
----a-w            25,182 2007-10-04 18:07:46  C:\WINDOWS\system32\perfh009.dat
----a-w          269,824 2006-12-20 10:50:04  C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRV.DLL
----a-w          197,632 2006-12-20 10:51:30  C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
----a-w          620,032 2006-12-20 10:51:28  C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIRES.DLL
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
2007-03-02 16:52    1298024    -ra------    C:\Programmer\HP\Smart Web Printing\hpswp_printenhancer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
2007-03-02 16:52    177768    -ra------    C:\Programmer\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="C:\Programmer\Microsoft IntelliType Pro\type32.exe" [2004-06-03 10:51]
"SoundMan"="SOUNDMAN.EXE" [2005-03-24 22:20 C:\WINDOWS\SOUNDMAN.EXE]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-11-10 16:06]
"nwiz"="nwiz.exe" [2005-12-10 04:06 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 04:06]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 04:06]
"Norman ZANDA"="C:\Programmer\Norman\Npm\bin\ZLH.exe" [2007-04-27 13:53]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-05-21 20:11]
"LogitechVideoTray"="C:\Programmer\Logitech\Video\LogiTray.exe" [2004-06-01 12:03]
"LogitechVideoRepair"="C:\Programmer\Logitech\Video\ISStart.exe" [2004-06-01 12:09]
"LogitechGalleryRepair"="C:\Programmer\Logitech\Video\ISStart.exe" [2004-06-01 12:09]
"IntelliPoint"="C:\Programmer\Microsoft IntelliPoint\point32.exe" [2004-06-03 10:50]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-27 02:53 C:\WINDOWS\system32\bthprops.cpl]
"AtiPTA"="C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE" [2005-11-23 03:05]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\programmer\valve\steam\steam.exe" [2007-10-05 14:47]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:55]
"LogitechSoftwareUpdate"="C:\Programmer\Logitech\Video\ManifestEngine.exe" [2004-06-01 12:46]
"H/PC Connection Agent"="C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE" [2003-09-01 12:52]
"gStart"="C:\Garmin\gStart.exe" [2007-03-04 23:08]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 02:53]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-10-04 19:01]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Windows Compliant"=esbbxi.exe
"Microsoft Update"=msconfg.exe

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
HP Digital Imaging Monitor.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24]
SnagIt 8.lnk - C:\Programmer\TechSmith\SnagIt 8\SnagIt32.exe [2006-06-20 08:10:00]

C:\Documents and Settings\Frank\Menuen Start\Programmer\Start\
MultiRes.lnk - C:\Programmer\MultiRes\MultiRes.exe [2006-01-09 14:56:52]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
HP Digital Imaging Monitor.lnk - C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24]
SnagIt 8.lnk - C:\Programmer\TechSmith\SnagIt 8\SnagIt32.exe [2006-06-20 08:10:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll


R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys
R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys
R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys
R1 TDI_RD;Firewall Engine Type-R;\??\C:\WINDOWS\system32\drivers\tdi_rd.sys
R2 HPSLPSVC;HP Network Devices Support;C:\WINDOWS\system32\svchost.exe -k HPService
R2 Ndiskio;Ndiskio;\??\C:\Programmer\Norman\Nse\bin\NDISKIO.SYS
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys
R3 nvcoas;Norman Virus Control on-access component;C:\Programmer\Norman\Nvc\bin\nvcoas.exe
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Programmer\Norman\Nvc\BIN\NVCSCHED.EXE
R3 pctvvbi;PCTVVBI;C:\WINDOWS\system32\DRIVERS\pctvvbi.sys
R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS
S1 atitray;atitray;\??\C:\Programmer\Radeon Omega Drivers\v3.8.221\ATI Tray Tools\atitray.sys
S3 570b8859-bba1-45bb-a923-c3c94b2187ed;570b8859-bba1-45bb-a923-c3c94b2187ed;\??\D:\Player\cds300.dll
S3 FE250;%FE250.SvcDesc%;C:\WINDOWS\system32\Drivers\FE250.sys
S3 OPENDRV;OPENDRV;\??\C:\Programmer\AOpen\SilentTek\OpenDrv.sys
S3 P1080BLK;Creative CardCam Value (Still Image);C:\WINDOWS\system32\DRIVERS\P1080Stl.sys
S3 P1080VID;Creative CardCam Value (Video);C:\WINDOWS\system32\DRIVERS\P1080Vid.sys
S3 p2pgasvc;Gruppegodkendelse på peer-netværk;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 p2pimsvc;Identitetsstyring for peer-netværk;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 p2psvc;Peer-netværk;C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 PNRPSvc;PNRP (Peer Name Resolution Protocol);C:\WINDOWS\System32\svchost.exe -k p2psvc
S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE27bus.sys
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE27mdm.sys
S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys
S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS);C:\WINDOWS\system32\DRIVERS\se27nd5.sys
S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE27obex.sys
S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM);C:\WINDOWS\system32\DRIVERS\se27unic.sys
S3 TTUSB2BDA;TTUSB2BDA USB 2.0 Driver;C:\WINDOWS\system32\DRIVERS\ttusb2bda.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc    p2psvc p2pimsvc p2pgasvc PNRPSvc
HPZ12    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    hpqcxs08 hpqddsvc
HPService    HPSLPSVC

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-06 23:06:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-06 23:07:15
C:\ComboFix-quarantined-files.txt ... 2007-10-06 23:07
C:\ComboFix2.txt ... 2007-10-06 19:11
C:\ComboFix3.txt ... 2007-10-04 20:09
.
    --- E O F ---

Fix igen med hijackthis:
O4 - HKUS\S-1-5-18\..\Run: [Windows Compliant] esbbxi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Windows Compliant] esbbxi.exe (User 'Default user')

genstart og ny hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:04, on 07-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Norman\Npm\Bin\eLogsvc.exe
C:\Programmer\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Norman\Npf\BIN\NPFSVICE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmer\Norman\Npm\bin\NJEEVES.EXE
C:\Programmer\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Programmer\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Norman\Npm\bin\ZLH.EXE
C:\Programmer\Norman\Nvc\BIN\NIP.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\Norman\Nvc\bin\cclaw.exe
C:\Programmer\Norman\Npf\BIN\npfmsg2.exe
C:\Programmer\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\programmer\valve\steam\steam.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Garmin\gStart.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\TechSmith\SnagIt 8\SnagIt32.exe
C:\Programmer\MultiRes\MultiRes.exe
C:\Programmer\TechSmith\SnagIt 8\TSCHelp.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\HJTrenamed.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmer\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmer\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programmer\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmer\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [type32] "C:\Programmer\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Norman ZANDA] C:\Programmer\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmer\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [Steam] "c:\programmer\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Update] msconfg.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Update] msconfg.exe (User 'Default user')
O4 - Startup: MultiRes.lnk = C:\Programmer\MultiRes\MultiRes.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Programmer\TechSmith\SnagIt 8\SnagIt32.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: HP Klipsamling - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programmer\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart markering - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programmer\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096492567311
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fff
O17 - HKLM\Software\..\Telephony: DomainName = fff
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fff
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fff
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = fff
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programmer\Norman\Npm\Bin\eLogsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Programmer\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Programmer\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Programmer\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programmer\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programmer\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10139 bytes

Hent og dobbeltklik denne fil. Den pakker sig ud til C:\SDFix:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Genstart i fejlsikret, hvis du ikke ved hvordan så kig her (Scroll ned til "Sådan får du adgang til fejlsikret tilstand") http://kimludvigsen.dk/tips-windows-fejlsikret.html


Gå så ind i mappen SDFix på C drevet. Dobbeltklik på filen RunThis.bat, for at starte værktøjet. Tryk "y" for at bekræfte, at du kører værktøjet på egen risiko. Så vil værktøjet gå i gang med at fjerne trojanservicen, og lave et par reparationer af registreringsdatabasen. På et tidspunkt vil det bede dig om at trykke en taste for at genstarte computeren. Det skal du gøre, hvorefter computeren vil genstarte efter 15 sekunder.

Genstarten vil tage lidt længere end sædvanligt, idet værktøjet skal have tid til at udføre sit arbejde. Når skrivebordet dukker op, vil værktøjet skrive "Finished". Tryk herefter en taste for at indlæse dine skrivebordsikoner igen.

Åben så SDFix-mappen, find filen Report.txt, og kopier indholdet af denne fil herind.
sammen med en ny hijackthis log

SDFix: Version 1.107

Run by Frank on 07-10-2007 at 15:26

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\lotyxyx.exe.tmp - Deleted
C:\WINDOWS\system32\TFTP2964  - Deleted
C:\WINDOWS\system32\TFTP2976  - Deleted
C:\WINDOWS\system32\TFTP2992  - Deleted
C:\WINDOWS\system32\TFTP3284  - Deleted
C:\WINDOWS\system32\TFTP384  - Deleted
C:\WINDOWS\system32\TFTP4432  - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



                                Final Check:

Remaining Services:
------------------




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Wed 13 Oct 2004    1,694,208 A.SH. --- "C:\Programmer\Messenger\msmsgs.exe"
Wed  6 Oct 2004        4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed  6 Oct 2004          401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv17.bak"
Wed  6 Oct 2004        4,348 A..H. --- "C:\Documents and Settings\Frank\Dokumenter\Frank My Documents\drmv1key.bak"
Thu 23 Feb 2006          401 A..H. --- "C:\Documents and Settings\Frank\Dokumenter\Frank My Documents\drmv1lic.bak"
Fri 15 Jun 2007        32,256 ...H. --- "C:\Documents and Settings\Frank\Skrivebord\Rasmus Fodbold\~WRL0001.tmp"
Tue  3 Oct 2006        50,280 ...H. --- "C:\Programmer\F‘lles filer\Adobe\ESD\DLMCleanup.exe"
Tue 15 May 2007        44,032 ...H. --- "C:\Documents and Settings\Frank\Application Data\Microsoft\Word\~WRL1229.tmp"
Wed  6 Oct 2004        4,348 ...H. --- "C:\Documents and Settings\Frank\Dokumenter\Frank My Documents\Personal\drmv1key.bak"
Sat  3 Feb 2007          401 A..H. --- "C:\Documents and Settings\Frank\Dokumenter\Frank My Documents\Personal\drmv1lic.bak"
Sat  3 Feb 2007        9,856 A.SH. --- "C:\Documents and Settings\Frank\Dokumenter\Frank My Documents\Personal\drmv2key.bak"
Wed  6 Oct 2004        4,348 ...H. --- "C:\Documents and Settings\Frank\Dokumenter\Musik\Sikkerhedskopiering af licenser\drmv1key.bak"
Thu 23 Feb 2006          401 A..H. --- "C:\Documents and Settings\Frank\Dokumenter\Musik\Sikkerhedskopiering af licenser\drmv1lic.bak"
Tue 31 May 2005          400 A.SH. --- "C:\Documents and Settings\Frank\Dokumenter\Musik\Sikkerhedskopiering af licenser\drmv2key.bak"

Finished!



X
X
X
X
X

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:42:38, on 07-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Norman\Npm\Bin\eLogsvc.exe
C:\Programmer\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Norman\Npf\BIN\NPFSVICE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmer\Norman\Npm\bin\NJEEVES.EXE
C:\Programmer\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Programmer\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\programmer\valve\steam\steam.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmer\Norman\Nvc\BIN\NIP.EXE
C:\Garmin\gStart.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Norman\Npf\BIN\npfmsg2.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Norman\Nvc\bin\cclaw.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\TechSmith\SnagIt 8\SnagIt32.exe
C:\Programmer\MultiRes\MultiRes.exe
C:\Programmer\TechSmith\SnagIt 8\TSCHelp.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\Programmer\Outlook Express\msimn.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Programmer\HJTrenamed.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmer\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmer\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programmer\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmer\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [type32] "C:\Programmer\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Norman ZANDA] C:\Programmer\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmer\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [Steam] "c:\programmer\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - Startup: MultiRes.lnk = C:\Programmer\MultiRes\MultiRes.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Programmer\TechSmith\SnagIt 8\SnagIt32.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: HP Klipsamling - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programmer\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart markering - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programmer\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096492567311
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fff
O17 - HKLM\Software\..\Telephony: DomainName = fff
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fff
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fff
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = fff
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programmer\Norman\Npm\Bin\eLogsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Programmer\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Programmer\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Programmer\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programmer\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programmer\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10126 bytes

Så kan de lære det ;-)

Loggen er ren nu..

Kør lige trin 5 og 6 herfra: http://www.malwarecheck.dk/forum/viewtopic.php?t=11

Her kan du læse om vores skudsikre sikkerhedspakke: http://www.malwarecheck.dk/forum/viewtopic.php?t=156 . Hvis du har nogle spørgsmål, så spørger du bare..

Tusind tak for hjælpen. Nu starter maskinen meget hurtigere op, uden mærkelige fejl-meddelelser og cpuén er ikke på overarbejde som den var før, og man kan lukke windows ned uden at skulle tvangsnedlukke programmer. TUSIND tak for hjælpen.....

Velbekommen..

Glad for at det lykkes..

Hej

Har lige tjekket jobliste - cpu-brug igen. Det ser ud til at den kører på 100% igen...hvad sker der ?

Jamen, så må vi på den igen..

Ny hijackthis log

Hej Igen.


Det er meget mystisk det her. Hvis jeg kører atf-cleaner og genstarter computeren, ser det ok ud i cpu-brug. Når jeg så lukker igen og starter op næste gang, så er den gal igen.
Jeg ved ikke om det siger dig noget ???





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:44:43, on 07-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Norman\Npm\Bin\eLogsvc.exe
C:\Programmer\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Norman\Npf\BIN\NPFSVICE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmer\Norman\Npm\bin\NJEEVES.EXE
C:\Programmer\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Programmer\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Norman\Npm\bin\ZLH.EXE
C:\Programmer\Norman\Nvc\BIN\NIP.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Norman\Npf\BIN\npfmsg2.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\programmer\valve\steam\steam.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\Garmin\gStart.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\TechSmith\SnagIt 8\SnagIt32.exe
C:\Programmer\MultiRes\MultiRes.exe
C:\Programmer\TechSmith\SnagIt 8\TSCHelp.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Programmer\Outlook Express\msimn.exe
C:\Programmer\HJTrenamed.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmer\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmer\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programmer\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmer\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [type32] "C:\Programmer\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Norman ZANDA] C:\Programmer\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmer\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [Steam] "c:\programmer\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - Startup: MultiRes.lnk = C:\Programmer\MultiRes\MultiRes.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Programmer\TechSmith\SnagIt 8\SnagIt32.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: HP Klipsamling - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programmer\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart markering - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programmer\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096492567311
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fff
O17 - HKLM\Software\..\Telephony: DomainName = fff
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fff
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fff
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = fff
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programmer\Norman\Npm\Bin\eLogsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Programmer\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Programmer\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Programmer\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programmer\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programmer\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 10192 bytes

Vi skal have "opfrisket" alle dine beskyttede Windows filer:

Gå i Start->Kør. I dialogboksen skriver du sfc /scanonce (husk mellemrum imellem c og /) og klikker OK. Genstart maskinen, og så kører Windows File Protection ved boot. Din Windows CD skal sidde i. Vent til den er færdig, med at foretage dig noget. Funktionen fortæller ikke om noget er blevet rettet.

Hjalp det??

Hej

Nej, desværre ikke.

Du får lige en ny log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:00:39, on 07-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Norman\Npm\Bin\eLogsvc.exe
C:\Programmer\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Norman\Npf\BIN\NPFSVICE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmer\Norman\Npm\bin\NJEEVES.EXE
C:\Programmer\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Programmer\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmer\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\Logitech\Video\LogiTray.exe
C:\Programmer\Norman\Nvc\BIN\NIP.EXE
C:\Programmer\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\programmer\valve\steam\steam.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Norman\Nvc\bin\cclaw.exe
C:\Programmer\Norman\Npf\BIN\npfmsg2.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Logitech\Video\FxSvr2.exe
C:\Programmer\TechSmith\SnagIt 8\SnagIt32.exe
C:\Programmer\MultiRes\MultiRes.exe
C:\Programmer\TechSmith\SnagIt 8\TSCHelp.exe
C:\Programmer\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmer\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmer\HJTrenamed.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programmer\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programmer\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programmer\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programmer\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [type32] "C:\Programmer\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Norman ZANDA] C:\Programmer\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmer\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmer\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmer\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [Steam] "c:\programmer\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmer\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmer\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - Startup: MultiRes.lnk = C:\Programmer\MultiRes\MultiRes.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Programmer\TechSmith\SnagIt 8\SnagIt32.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmer\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: HP Klipsamling - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programmer\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart markering - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programmer\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Programmer\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096492567311
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install2.5/Installer.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fff
O17 - HKLM\Software\..\Telephony: DomainName = fff
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fff
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fff
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = fff
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programmer\Norman\Npm\Bin\eLogsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Programmer\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Programmer\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Programmer\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programmer\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programmer\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9994 bytes