Måske virus.

jeg har ikke meget forstand på det med at tjekke loggen, men har da kigget lidt engang i mellem. Jeg ved ikke helt med disse:

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

og jeg vd ikke hvad det her er

C:\Program Files\Video Add-on\isfmntr.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\icmntr.exe

De to øverste er legale, henholdsvis google toolbar og HP printer.
hpztsb09.exe is a Hewlett Packard utility which allows diagnostic and maintenance of your HP Deskjet series printer.

De fire nederste er til gengæld Smidfraud, de skal væk.

Download http://siri.urz.free.fr/Fix/SmitfraudFix.exe (by S!Ri)
Eller her:
http://72.232.135.12/siri/SmitfraudFix.exe
Til roden af C:drevet

Genstart i fejlsikret tilstand, hvis du ikke ved hvordan så kig her:
http://www.ctrlaltdel.dk/forum/forum_posts.asp?TID=23&PN=1


Dobbeltklik på C:\Smitfraud exe. Vælg option #2 - Clean.
Det vil også checke om systemfilen wininet.dll er inficeret. Hvis den er det, vil du blive bedt om tilladelse til at erstatte den med en anden. Her skal du vælge "Yes", ved at taste "y".

Programmet bliver muligvis nødt til at genstarte undervejs. Herefter vil der dukke en liste med resultaterne af rensningen op . Kopiér denne liste ind i tråden sammen med logfilerne herfra:
http://www.spywarefri.dk/forum/links/hjtanv.htm
Vi skal se logs fra AVG, Combofix, rootchk og Hijackthis i nævnte rækkefølge, samt Smidfraudfixloggen.

skal allesammen køres i fejlsikret tilstand?

AVG log:

a---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at:    14:06:36 16-10-2007

+ Scan result:   



C:\Documents and Settings\Morten Rask\Cookies\morten_rask@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Morten Rask\Cookies\morten_rask@edsa.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Morten Rask\Cookies\morten_rask@mathworks.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Morten Rask\Cookies\morten_rask@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Morten Rask\Cookies\morten_rask@nike.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Morten Rask\Cookies\morten_rask@pentonmedia.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Morten Rask\Cookies\morten_rask@primediabusiness.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Morten Rask\Cookies\morten_rask@stepstone.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Morten Rask\Cookies\morten_rask@adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Morten Rask\Cookies\morten_rask@ads.adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Morten Rask\Cookies\morten_rask@ad.adocean[1].txt -> TrackingCookie.Adocean : No action taken.
C:\Documents and Settings\Morten Rask\Cookies\morten_rask@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\Morten Rask\Cookies\morten_rask@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Morten Rask\Cookies\morten_rask@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Morten Rask\Cookies\morten_rask@connextra[1].txt -> TrackingCookie.Connextra : No action taken.
C:\Documents and Settings\Morten Rask\Cookies\morten_rask@www.etracker[1].txt -> TrackingCookie.Etracker : No action taken.
C:\Documents and Settings\Morten Rask\Cookies\morten_rask@hit.gemius[2].txt -> TrackingCookie.Gemius : No action taken.
C:\Documents and Settings\Morten Rask\Cookies\morten_rask@ilead.itrack[1].txt -> TrackingCookie.Itrack : No action taken.
C:\Documents and Settings\Morten Rask\Cookies\morten_rask@server.iad.liveperson[4].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Morten Rask\Cookies\morten_rask@server.lon.liveperson[2].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Morten Rask\Cookies\morten_rask@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Morten Rask\Cookies\morten_rask@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
C:\Documents and Settings\Morten Rask\Cookies\morten_rask@overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Morten Rask\Cookies\morten_rask@perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Morten Rask\Cookies\morten_rask@revsci[1].txt -> TrackingCookie.Revsci : No action taken.
C:\Documents and Settings\Morten Rask\Cookies\morten_rask@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Morten Rask\Cookies\morten_rask@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Morten Rask\Cookies\morten_rask@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : No action taken.
C:\Documents and Settings\Morten Rask\Cookies\morten_rask@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Morten Rask\Cookies\morten_rask@valueclick[1].txt -> TrackingCookie.Valueclick : No action taken.
C:\Documents and Settings\Morten Rask\Cookies\morten_rask@weborama[1].txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\Morten Rask\Cookies\morten_rask@m.webtrends[1].txt -> TrackingCookie.Webtrends : No action taken.
C:\Documents and Settings\Morten Rask\Cookies\morten_rask@yadro[2].txt -> TrackingCookie.Yadro : No action taken.


::Report end

combofix:

ComboFix 07-10-16.1 - Morten Rask 2007-10-16 14:10:00.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.212 [GMT 2:00]
Running from: C:\Documents and Settings\Morten Rask\Desktop\spywarefri\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((  Files Created from 2007-09-16 to 2007-10-16  )))))))))))))))))))))))))))))))
.

2007-10-16 14:08    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-10-16 13:07    <DIR>    d--------    C:\Documents and Settings\Morten Rask\Application Data\Grisoft
2007-10-16 13:07    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-16 13:07    10,872    --a------    C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-16 13:03    3,374    --a------    C:\WINDOWS\system32\tmp.reg
2007-10-16 13:02    <DIR>    d--------    C:\SmitfraudFix
2007-10-16 13:02    289,144    --a------    C:\WINDOWS\system32\VCCLSID.exe
2007-10-16 13:02    288,417    --a------    C:\WINDOWS\system32\SrchSTS.exe
2007-10-16 13:02    53,248    --a------    C:\WINDOWS\system32\Process.exe
2007-10-16 13:02    51,200    --a------    C:\WINDOWS\system32\dumphive.exe
2007-10-16 13:02    25,600    --a------    C:\WINDOWS\system32\WS2Fix.exe
2007-10-16 12:52    1,035,316    --a------    C:\SmitfraudFix.exe
2007-10-16 11:51    <DIR>    d--------    C:\Program Files\Video Add-on
2007-10-11 19:17    <DIR>    d--------    C:\Program Files\BingoLiner
2007-10-04 22:13    <DIR>    d--------    C:\Program Files\FileZilla_2_1_4b
2007-10-04 22:12    1,586,164    --a------    C:\Program Files\FileZilla_2_1_4b.zip
2007-09-26 09:22    <DIR>    d--------    C:\Program Files\Photoshop CS2 v9.0 + working KeyGen
2007-09-26 09:21    <DIR>    d--------    C:\Program Files\txline2003
2007-09-26 09:20    2,094,080    --a------    C:\Program Files\RFSim99.exe
2007-09-26 09:20    517,067    --a------    C:\Program Files\txline2003.zip
2007-09-26 09:15    <DIR>    d--------    C:\Program Files\smith_v191
2007-09-24 13:51    <DIR>    d--------    C:\Program Files\Common Files\L&H
2007-09-24 13:50    <DIR>    d--------    C:\Program Files\Microsoft ActiveSync
2007-09-24 11:21    <DIR>    d--------    C:\WINDOWS\system32\WinXP
2007-09-24 11:21    <DIR>    d--------    C:\WINDOWS\system32\Vista_x64
2007-09-24 11:21    <DIR>    d--------    C:\Jennic
2007-09-24 11:21    <DIR>    d--------    C:\Documents and Settings\Morten Rask\Application Data\codeblocks
2007-09-24 11:20    <DIR>    d--------    C:\Program Files\Code Blocks
2007-09-21 13:17    <DIR>    d--------    C:\Documents and Settings\Morten Rask\Application Data\AWR
2007-09-21 13:17    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\AWR
2007-09-21 13:12    <DIR>    d--------    C:\Program Files\AWR
2007-09-21 13:10    <DIR>    d--------    C:\Program Files\Microwave office
2007-09-19 12:15    2,732,032    --a------    C:\WINDOWS\system32\Netw2r32.dll
2007-09-19 12:15    2,210,048    --a------    C:\WINDOWS\system32\drivers\w29n51.sys
2007-09-19 12:15    557,056    --a------    C:\WINDOWS\system32\Netw2c32.dll
2007-09-19 12:12    <DIR>    d--------    C:\Intel
2007-09-18 11:04    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-18 11:01    <DIR>    d--------    C:\Program Files\Spyware mm
2007-09-17 12:09    <DIR>    d--------    C:\Documents and Settings\Morten Rask\Application Data\Subversion
2007-09-17 12:00    <DIR>    d--------    C:\Program Files\TortoiseSVN

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-05 15:12    ---------    d-----w    C:\Documents and Settings\Morten Rask\Application Data\Microgaming
2007-09-27 07:16    ---------    d-----w    C:\Program Files\bet365MPP
2007-09-24 10:48    ---------    d-----w    C:\Program Files\Common Files\Adobe
2007-09-06 07:02    ---------    d-----w    C:\Program Files\Expekt Poker
2007-09-06 06:50    205,853    ----a-w    C:\Program Files\SetupPokerExpect.exe
2007-09-05 07:52    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2007-08-31 09:29    ---------    d-----w    C:\Program Files\UnibetpokerMPP
2007-08-22 07:05    ---------    d-----w    C:\Program Files\MSXML 6.0
2007-08-21 06:15    683,520    ----a-w    C:\WINDOWS\system32\inetcomm.dll
2007-07-30 17:19    92,504    ----a-w    C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19    549,720    ----a-w    C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19    53,080    ----a-w    C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19    43,352    ----a-w    C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19    325,976    ----a-w    C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19    203,096    ----a-w    C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19    1,712,984    ----a-w    C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18    33,624    ----a-w    C:\WINDOWS\system32\wups.dll
2007-05-14 18:31    413,696    ----a-w    C:\Program Files\Downloader_for_Visio_Professional_2003.exe
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{23ED2206-856D-461A-BBCF-1C2466AC5AE3}"= C:\Program Files\Video Add-on\ictmdl.dll [2007-10-16 11:51 80896]

[HKEY_CLASSES_ROOT\CLSID\{23ED2206-856D-461A-BBCF-1C2466AC5AE3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{23ED2206-856D-461A-BBCF-1C2466AC5AE3}"= C:\Program Files\Video Add-on\ictmdl.dll [2007-10-16 11:51 80896]

[HKEY_CLASSES_ROOT\CLSID\{23ED2206-856D-461A-BBCF-1C2466AC5AE3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 09:38]
"DXDllRegExe"="dxdllreg.exe" []
"PRONoMgr.exe"="C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2003-12-10 03:36]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 10:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-02-10 22:10]
"SoundMan"="SOUNDMAN.EXE" [2003-12-19 11:53 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2003-07-25 05:22 C:\WINDOWS\AGRSMMSG.exe]
"CplBCL50"="C:\Program Files\EzButton\CplBCL50.EXE" [2004-03-02 11:45]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-01-09 08:09]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-01-09 08:09]
"SecuUFD"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-01-05 12:52]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 18:28]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-21 22:49]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2001-12-12 19:46]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-31 11:03]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
GlobeTrotter Connect.lnk - C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe [2006-10-09 11:39:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINDOWS\system32\LgNotify.dll 2003-12-16 17:49 110592 C:\WINDOWS\system32\LgNotify.dll

R0 Daemon;Daemon;C:\WINDOWS\system32\DRIVERS\daemon.sys
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys
R2 GtDetectSc;GT Detect;C:\WINDOWS\system32\GtDetectSc.exe
R2 IOPort;IOPort;\??\C:\WINDOWS\system32\DRIVERS\IOPORT.SYS
R2 mxssvr;NI Configuration Manager;"C:\Program Files\National Instruments\MAX\nimxs.exe"
R2 NITaggerService;National Instruments Variable Engine;"C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe"
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.sys
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;C:\WINDOWS\system32\Drivers\WBSD.SYS
S3 GTFFBUS;GT FF BUS;C:\WINDOWS\system32\DRIVERS\gtffbus.sys
S3 GtFUsb;GlobeTrotter 3G+ Fuji Filter Service;C:\WINDOWS\system32\Drivers\GtFUsb.sys
S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;C:\WINDOWS\system32\DRIVERS\Gtm51Irp.sys
S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys
S3 GTUQBUS;GT UQ BUS;C:\WINDOWS\system32\DRIVERS\gtuqbus.sys
S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ec72d20-057d-11dc-a809-000e355001b4}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL GlobeTrotterConnect.msi AUTORUN=1

*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
*Newly Created Service* - AVG_ANTI-SPYWARE_GUARD
*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-16 14:15:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-16 14:16:55
.
    --- E O F ---

********************************* ROOTCHK-(21-09-07)-LOG, by ejvindh
16-10-2007 14:19:45,60

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-16 14:19:46
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000008b0

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0

hiJackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:21:36, on 16-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\GtDetectSc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\EzButton\CplBCL50.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Morten Rask\Desktop\spywarefri\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-cache.iha.dk:3128
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYWAR~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: IE Custom Tools - {23ED2206-856D-461A-BBCF-1C2466AC5AE3} - C:\Program Files\Video Add-on\ictmdl.dll
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CplBCL50] C:\Program Files\EzButton\CplBCL50.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: GlobeTrotter Connect.lnk = C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: bet365 Poker - {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - C:\Program Files\bet365MPP\MPPoker.exe
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYWAR~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYWAR~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {76805459-88F6-4BB1-8EC1-1A4DDC777CFD} (KMDWebSign.zskwsax) - http://logon.kmd.dk/program/zskwsax.CAB
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GT Detect (GtDetectSc) - OptionNV - C:\WINDOWS\system32\GtDetectSc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\system32\S24EvMon.exe

--
End of file - 9047 bytes

SmitFraudFix v2.240

Scan done at 13:03:05,85, 16-10-2007
Run from C:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1      localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\DOCUME~1\MORTEN~1\FAVORI~1\Online Security Test.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Jeg håber jeg har gjort det rigtigt nu.

Jeg tilføjer gerne ekstra point,men jeg kan ikke lige huske hvordan man gør! Kan du?

Det må have hjulpet for jeg får ingen warnings længere om malware og spyware samt virus:-)

Men jeg har fået en ny toolbar der hedder:

"security toolbar 7.1"

hvorfra jeg kan trykke ->block adware/popups og -> remove spyware

Desuden er security level 4 ud af 10

Startsiden er også ændret til msn.dk men er det ikke en standard startside?

Hent Ccleaner her:
http://www.filehippo.com/download_ccleaner/
Installer Ccleaner, husk at fjerne fluebenet udfor installation af Yahoo toolbar.
Start programmet, fjern fluebenet i cookies.
Klik på kør Cleaner og lad den fjerne hvad den finder.
Klik så på Problemer ovre i venstre side (den blå terning), klik på Skan efter problemer, når den er færdig, klik på Udbedre valgte problemer, lav evt. en backup af registreringsdatabasen, klik så på udbedre alle valgte problemer.
Klik på OK, klik på Luk når den er færdig.
Genstart.
---------------------------------------
Hent og installer denne scanner:
http://www.superantispyware.com/downloads/SUPERAntiSpyware1241.exe

Start programmet, klik på Check for updates, når det er opdateret, luk programmet, du skal ikke scanne endnu.
---------------------------------------
Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe

---------------------------------------
Kopiér indholdet mellem de bølgede linier ind i et notepad-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt. Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

~~~~~~~~~~~~~~~~~~~~~~~~~~

Folder::
C:\Program Files\Video Add-on
C:\Program Files\Photoshop CS2 v9.0 + working KeyGen

Registry::
[-HKEY_CLASSES_ROOT\CLSID\{23ED2206-856D-461A-BBCF-1C2466AC5AE3}]
[-HKEY_CLASSES_ROOT\CLSID\{23ED2206-856D-461A-BBCF-1C2466AC5AE3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{23ED2206-856D-461A-BBCF-1C2466AC5AE3}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{23ED2206-856D-461A-BBCF-1C2466AC5AE3}"=-

~~~~~~~~~~~~~~~~~~~~~~~~~~
Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
---------------------------------------
Genstart i fejlsikret (tryk på <F8> under opstarten)
Start SuperAntiSpyware, klik på Scan your Computer, sæt flueben i de drev der skal scannes.
(Fixed disk betyder harddisk)
Flyt prikken til Perform complete scan og klik på Næste, så kører scanningen.

Når den er færdig kommer der et vindue med en opsummering, klik på OK, klik så på næste og så på Udfør.

Der kommer et vindue med Quarantine and removal Complete, klik på OK, klik på Udfør.
Luk programmet, genstart normalt.
---------------------------------------
Start SuperAntiSpyware igen, klik på Preferences, skift til fanebladet Statistics/Logs, i vinduet dobbeltklikker du på SUPERAntiSpyware Scan Log, den åbner i notesblok, kopier resultatet herind.
Vi skal også se en frisk hijackthislog, samt den nye combofixlog.

SuperAntispyware log:

SUPERAntiSpyware Scan Log
Generated 10/17/2007 at 10:46 AM

Application Version : 3.5.1016

Core Rules Database Version : 3325
Trace Rules Database Version: 1326

Scan type      : Complete Scan
Total Scan Time : 01:07:23

Memory items scanned      : 203
Memory threats detected  : 0
Registry items scanned    : 7299
Registry threats detected : 3
File items scanned        : 37606
File threats detected    : 66

Adware.Tracking Cookie
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@atdmt[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@adtech[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@track.adform[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@2o7[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@ad.adocean[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@ad.ofir[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@ad1.emediate[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@ad2.pl.mediainter[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@adbrite[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@adfair[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@ads.adbrite[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@ads.espn.adsonar[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@ads.mediamayhemcorp[2].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@ads2.jubii[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@adserver.banneradministration[2].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@adtech[2].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@atdmt[2].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@bs.serving-sys[2].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@click2pay[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@click2pay[3].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@clicksor[2].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@e2.emediate[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@eas.apm.emediate[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@eas4.emediate[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@edsa.122.2o7[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@ieee.adbureau[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@ilead.itrack[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@img.jubiisexbio[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@imrworldwide[2].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@indextools[2].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@jubiisexbio[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@keywordmax[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@mathworks.112.2o7[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@mediaplex[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@msnaccountservices.112.2o7[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@nike.112.2o7[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@overture[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@pentonmedia.122.2o7[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@perf.overture[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@pornhub[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@primediabusiness.122.2o7[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@revsci[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@server.iad.liveperson[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@server.iad.liveperson[3].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@server.iad.liveperson[4].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@server.lon.liveperson[2].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@server.lon.liveperson[3].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@serving-sys[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@sitestats.ets[2].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@stepstone.112.2o7[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@tacoda[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@track.adform[2].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@track.webgains[2].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@valueclick[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@weborama[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@www.etracker[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@www.googleadservices[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@www.googleadservices[2].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@www.googleadservices[3].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@www.jubiisexbio[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@xiti[1].txt
    C:\Documents and Settings\Morten Rask\Cookies\morten_rask@yadro[2].txt

Trojan.Media-Codec/V4
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center#UninstallString

Adware.Casino Games (Golden Palace Casino)
    C:\PROGRAM FILES\EXPEKT POKER\CASINO.EXE
    C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\EXPEKT POKER\EXPEKT POKER.LNK
    C:\WINDOWS\Prefetch\CASINO.EXE-04010907.pf

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:04, on 17-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\GtDetectSc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\EzButton\CplBCL50.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Morten Rask\Desktop\spywarefri\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-cache.iha.dk:3128
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYWAR~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CplBCL50] C:\Program Files\EzButton\CplBCL50.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: GlobeTrotter Connect.lnk = C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: bet365 Poker - {B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} - C:\Program Files\bet365MPP\MPPoker.exe
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYWAR~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYWAR~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {76805459-88F6-4BB1-8EC1-1A4DDC777CFD} (KMDWebSign.zskwsax) - http://logon.kmd.dk/program/zskwsax.CAB
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GT Detect (GtDetectSc) - OptionNV - C:\WINDOWS\system32\GtDetectSc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\system32\S24EvMon.exe

--
End of file - 9218 bytes

ComboFix 07-10-16.1 - Morten Rask 2007-10-17 10:57:14.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.96 [GMT 2:00]
Running from: C:\Documents and Settings\Morten Rask\Desktop\spywarefri\ComboFix.exe
.

(((((((((((((((((((((((((  Files Created from 2007-09-17 to 2007-10-17  )))))))))))))))))))))))))))))))
.

2007-10-16 22:15    <DIR>    d--------    C:\Program Files\SUPERAntiSpyware
2007-10-16 22:15    <DIR>    d--------    C:\Documents and Settings\Morten Rask\Application Data\SUPERAntiSpyware.com
2007-10-16 22:15    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-16 21:49    <DIR>    d--------    C:\Program Files\CCleaner
2007-10-16 14:08    51,200    --a------    C:\WINDOWS\NirCmd.exe
2007-10-16 13:07    <DIR>    d--------    C:\Documents and Settings\Morten Rask\Application Data\Grisoft
2007-10-16 13:07    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-16 13:07    10,872    --a------    C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-16 13:03    3,374    --a------    C:\WINDOWS\system32\tmp.reg
2007-10-16 13:02    <DIR>    d--------    C:\SmitfraudFix
2007-10-16 13:02    289,144    --a------    C:\WINDOWS\system32\VCCLSID.exe
2007-10-16 13:02    288,417    --a------    C:\WINDOWS\system32\SrchSTS.exe
2007-10-16 13:02    53,248    --a------    C:\WINDOWS\system32\Process.exe
2007-10-16 13:02    51,200    --a------    C:\WINDOWS\system32\dumphive.exe
2007-10-16 13:02    25,600    --a------    C:\WINDOWS\system32\WS2Fix.exe
2007-10-16 12:52    1,035,316    --a------    C:\SmitfraudFix.exe
2007-10-11 19:17    <DIR>    d--------    C:\Program Files\BingoLiner
2007-10-04 22:13    <DIR>    d--------    C:\Program Files\FileZilla_2_1_4b
2007-10-04 22:12    1,586,164    --a------    C:\Program Files\FileZilla_2_1_4b.zip
2007-09-26 09:21    <DIR>    d--------    C:\Program Files\txline2003
2007-09-26 09:20    2,094,080    --a------    C:\Program Files\RFSim99.exe
2007-09-26 09:20    517,067    --a------    C:\Program Files\txline2003.zip
2007-09-26 09:15    <DIR>    d--------    C:\Program Files\smith_v191
2007-09-24 13:51    <DIR>    d--------    C:\Program Files\Common Files\L&H
2007-09-24 13:50    <DIR>    d--------    C:\Program Files\Microsoft ActiveSync
2007-09-24 11:21    <DIR>    d--------    C:\WINDOWS\system32\WinXP
2007-09-24 11:21    <DIR>    d--------    C:\WINDOWS\system32\Vista_x64
2007-09-24 11:21    <DIR>    d--------    C:\Jennic
2007-09-24 11:21    <DIR>    d--------    C:\Documents and Settings\Morten Rask\Application Data\codeblocks
2007-09-24 11:20    <DIR>    d--------    C:\Program Files\Code Blocks
2007-09-21 13:17    <DIR>    d--------    C:\Documents and Settings\Morten Rask\Application Data\AWR
2007-09-21 13:17    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\AWR
2007-09-21 13:12    <DIR>    d--------    C:\Program Files\AWR
2007-09-21 13:10    <DIR>    d--------    C:\Program Files\Microwave office
2007-09-19 12:15    2,732,032    --a------    C:\WINDOWS\system32\Netw2r32.dll
2007-09-19 12:15    2,210,048    --a------    C:\WINDOWS\system32\drivers\w29n51.sys
2007-09-19 12:15    557,056    --a------    C:\WINDOWS\system32\Netw2c32.dll
2007-09-19 12:12    <DIR>    d--------    C:\Intel
2007-09-18 11:04    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-18 11:01    <DIR>    d--------    C:\Program Files\Spyware mm
2007-09-17 12:09    <DIR>    d--------    C:\Documents and Settings\Morten Rask\Application Data\Subversion
2007-09-17 12:00    <DIR>    d--------    C:\Program Files\TortoiseSVN

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-16 20:15    ---------    d-----w    C:\Program Files\Common Files\Wise Installation Wizard
2007-10-05 15:12    ---------    d-----w    C:\Documents and Settings\Morten Rask\Application Data\Microgaming
2007-09-27 07:16    ---------    d-----w    C:\Program Files\bet365MPP
2007-09-24 10:48    ---------    d-----w    C:\Program Files\Common Files\Adobe
2007-09-06 07:02    ---------    d-----w    C:\Program Files\Expekt Poker
2007-09-06 06:50    205,853    ----a-w    C:\Program Files\SetupPokerExpect.exe
2007-09-05 07:52    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2007-08-31 09:29    ---------    d-----w    C:\Program Files\UnibetpokerMPP
2007-08-22 07:05    ---------    d-----w    C:\Program Files\MSXML 6.0
2007-08-21 06:15    683,520    ----a-w    C:\WINDOWS\system32\inetcomm.dll
2007-07-30 17:19    92,504    ----a-w    C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19    549,720    ----a-w    C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19    53,080    ----a-w    C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19    43,352    ----a-w    C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19    325,976    ----a-w    C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19    203,096    ----a-w    C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19    1,712,984    ----a-w    C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18    33,624    ----a-w    C:\WINDOWS\system32\wups.dll
2007-05-14 18:31    413,696    ----a-w    C:\Program Files\Downloader_for_Visio_Professional_2003.exe
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 09:38]
"PRONoMgr.exe"="C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2003-12-10 03:36]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 10:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-02-10 22:10]
"SoundMan"="SOUNDMAN.EXE" [2003-12-19 11:53 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2003-07-25 05:22 C:\WINDOWS\AGRSMMSG.exe]
"CplBCL50"="C:\Program Files\EzButton\CplBCL50.EXE" [2004-03-02 11:45]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-01-09 08:09]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-01-09 08:09]
"SecuUFD"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-01-05 12:52]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 18:28]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-03-21 22:49]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2001-12-12 19:46]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-31 11:03]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-01-10 15:14]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
GlobeTrotter Connect.lnk - C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe [2006-10-09 11:39:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2006-10-19 09:12 258048 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
C:\WINDOWS\system32\LgNotify.dll 2003-12-16 17:49 110592 C:\WINDOWS\system32\LgNotify.dll

R0 Daemon;Daemon;C:\WINDOWS\system32\DRIVERS\daemon.sys
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys
R2 GtDetectSc;GT Detect;C:\WINDOWS\system32\GtDetectSc.exe
R2 IOPort;IOPort;\??\C:\WINDOWS\system32\DRIVERS\IOPORT.SYS
R2 mxssvr;NI Configuration Manager;"C:\Program Files\National Instruments\MAX\nimxs.exe"
R2 NITaggerService;National Instruments Variable Engine;"C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe"
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.sys
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;C:\WINDOWS\system32\Drivers\WBSD.SYS
S3 GTFFBUS;GT FF BUS;C:\WINDOWS\system32\DRIVERS\gtffbus.sys
S3 GtFUsb;GlobeTrotter 3G+ Fuji Filter Service;C:\WINDOWS\system32\Drivers\GtFUsb.sys
S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;C:\WINDOWS\system32\DRIVERS\Gtm51Irp.sys
S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys
S3 GTUQBUS;GT UQ BUS;C:\WINDOWS\system32\DRIVERS\gtuqbus.sys
S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ec72d20-057d-11dc-a809-000e355001b4}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL GlobeTrotterConnect.msi AUTORUN=1

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-17 11:03:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-17 11:05:04
C:\ComboFix2.txt ... 2007-10-16 22:46
C:\ComboFix3.txt ... 2007-10-16 14:16
.
    --- E O F ---

Så er der kommet nye logs. Jeg oplever ikke nogen problemer nu, men det kan da godt være at der er mere der gemmer sig. Den ekstra toolbar er væk, og internettet kører godt igen.

Hvis du mener de er rene, så smider du selvfølgelig bare et svar.

Dine logs er rene. :-)

For at holde den ren kan du kigge på vores pakke til formålet.
http://www.spywarefri.dk/manualer/sikkerhedspakke.htm
Som minimum anbefaler jeg Spywareguard, Spywareblaster, Zoned-out og IE Privacy Keeper.
Jeg vil dog anbefale at du køber enten SaS eller AVG Antispy, de er lige nummeret mere effektive.
Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414
http://fromsej.dk/html/avoid.html
Mvh:
Fromsej/Team Spywarefri.

Tak for point. :-)