CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg

Log ind eller opret profil

Du kan også logge ind via nedenstående tjenester

miklar Nybegynder

28. oktober 2007 - 16:55 Der er 6 kommentarer

Hijack This + andre logfiler

Er der ikke nok én, der vil se på mine logfiler og se, hvad der ligger derinde? Jeg havde problemer med Your Privacy Guard for et par dage siden, men troede, de var løst efter at have kørt hele rensningsprocessen igennem. Nu kan jeg igen ikke slutte overvågningen til på min Norton 360.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:42:43, on 28-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\stsystra.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\Dell\Media Experience\DMXLauncher.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\Programmer\Opera\Opera.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\system32\taskmgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mikkellarsen.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Authentic-ID Toolbar - {B0DF5714-5A99-4A21-9C98-4F93FB5C398C} - C:\Programmer\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll
O3 - Toolbar: Mostrar la Barra de herramientas de Norton - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: (no name) - {2106BEDE-F5E8-4DE8-A081-A7E5EAD1529B} - (no file)
O3 - Toolbar: VSPopUp - {C89657E6-D083-4EA3-81D2-D7AD3D0ED490} - C:\WINDOWS\system32\vsPop.dll
O3 - Toolbar: Authentic-ID Toolbar - {B0DF5714-5A99-4A21-9C98-4F93FB5C398C} - C:\Programmer\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DMXLauncher] "C:\Programmer\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Authentic-ID Toolbar] rundll32.exe "C:\Programmer\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll",LoadTrayIcon
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Programmer\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Programmer\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Startup: emptemp2.lnk = C:\Programmer\Empty Temp Folders 2.8.3\emptemp2.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Windows-pc-søgning.lnk = C:\Programmer\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175021881167
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188754522250
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FEA61C2C-28A2-43F5-B94F-8758471BDBE8}: NameServer = 80.58.0.33,80.58.32.97
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FÆLLES~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 12713 bytes

______________________________________________________________________

ComboFix 07-10-23.2 - Mikkel 2007-10-28 14:25:00.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.175 [GMT 1:00]
Running from: C:\Documents and Settings\Mikkel\Skrivebord\Antispyware\Combofix\ComboFix.exe
((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-28 )))))))))))))))))))))))))))))))
2007-10-26 15:04 <DIR> d-------- C:\Documents and Settings\Mikkel\Application Data\Authentic-ID
2007-10-26 14:56 <DIR> d-------- C:\Programmer\Windows Defender
2007-10-26 14:55 <DIR> d-------- C:\Programmer\Authentic-ID
2007-10-26 14:55 560,128 --a------ C:\WINDOWS\system32\htmlayout.dll
2007-10-26 14:55 388,126 --a------ C:\WINDOWS\system32\sqlite3.dll
2007-10-26 14:55 258,352 --a------ C:\WINDOWS\system32\unicows.dll
2007-10-26 14:46 <DIR> d-------- C:\Programmer\VSPopUp
2007-10-26 14:46 299,008 --a------ C:\WINDOWS\system32\vsPop.dll
2007-10-26 14:46 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2007-10-26 11:34 <DIR> d-------- C:\Programmer\CCleaner
2007-10-26 09:19 <DIR> d-------- C:\Documents and Settings\Mikkel\WINDOWS
2007-10-26 08:39 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-25 23:16 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-25 22:59 <DIR> d-------- C:\Programmer\Trend Micro
2007-10-25 22:59 401,720 --a------ C:\Programmer\HiJackThis.exe
2007-10-25 22:59 318,369 --a------ C:\Programmer\HiJackThis.zip
2007-10-25 22:58 812,344 --a------ C:\Programmer\HJTInstall.exe
2007-10-25 22:56 7,467,056 --a------ C:\Programmer\spybotsd15.exe
2007-10-25 22:53 27,932 --a------ C:\Programmer\spybot lang.dansk.zip
2007-10-25 22:38 <DIR> d-------- C:\Programmer\SpywareBlaster
2007-10-25 22:36 2,566,736 --a------ C:\Programmer\spywareblastersetup351.exe
2007-10-25 16:51 1,036,738 --a------ C:\Programmer\SmitfraudFix.exe
2007-10-25 16:44 2,996 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-25 15:50 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2007-10-25 15:50 <DIR> d-------- C:\Documents and Settings\Mikkel\Application Data\SUPERAntiSpyware.com
2007-10-25 15:48 <DIR> d-------- C:\Programmer\Fælles filer\Wise Installation Wizard
2007-10-25 15:48 <DIR> d-------- C:\Documents and Settings\Mikkel\SmitfraudFix
2007-10-25 15:47 5,914,648 --a------ C:\Programmer\SUPERAntiSpyware.exe
2007-10-25 15:46 <DIR> d-------- C:\Programmer\SmitfraudFix
2007-10-25 12:05 <DIR> d-------- C:\Documents and Settings\Mikkel\Application Data\Grisoft
2007-10-25 12:02 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-25 12:00 12,413,440 --a------ C:\Programmer\avgas-setup-7.5.1.43.exe
2007-10-25 08:02 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-10 13:44 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-03 13:14 <DIR> d-------- C:\Programmer\iPod
2007-10-02 10:43 <DIR> d-------- C:\WINDOWS\pss
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-10-28 13:17 --------- d-----w C:\Documents and Settings\Mikkel\Application Data\Skype
2007-10-26 14:18 --------- d-----w C:\Programmer\Fælles filer\Symantec Shared
2007-10-25 16:29 28,672 ----a-w C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-10-25 11:01 --------- d-----w C:\Programmer\Windows Desktop Search
2007-10-25 10:59 --------- d-----w C:\Programmer\Opera
2007-10-25 10:59 --------- d-----w C:\Programmer\Norton 360
2007-10-25 10:41 --------- d-----w C:\Programmer\iTunes
2007-10-03 18:39 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-03 18:39 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-10-03 18:39 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-03 18:39 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-03 18:39 --------- d-----w C:\Programmer\Symantec
2007-09-20 17:01 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 12:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-09-18 12:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 12:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 12:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-18 12:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-09-18 12:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-09-18 12:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-09-16 09:46 --------- d-----w C:\Programmer\Fælles filer\Skype
2007-09-11 22:06 --------- d-----w C:\Programmer\Apple Software Update
2007-09-03 15:01 164 ----a-w C:\install.dat
2007-09-03 14:59 --------- d-----w C:\Programmer\CA
2007-09-03 14:58 --------- d-----w C:\Programmer\PCPitstop
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 10:00 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:00 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:00 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:00 6,058,496 ----a-w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:00 52,224 ----a-w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:00 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:00 459,264 ----a-w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:00 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:00 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:00 383,488 ----a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:00 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:00 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:00 267,776 ----a-w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:00 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:00 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:00 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:00 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:00 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:00 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:00 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:00 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:00 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:00 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:19 63,488 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:19 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:19 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 17:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2007-07-30 17:18 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-06-01 10:05 25,754,696 -c--a-w C:\WINDOWS\Media\wmp11-windowsxp-x86-DA-DK.exe
2007-06-15 12:08:08 168 -csh--r C:\WINDOWS\system32\BA9AA1007F.sys
2007-06-15 12:09:59 5,018 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
((((((((((((((((((((((((((((( snapshot@2007-10-26_ 9.47.25.48 )))))))))))))))))))))))))))))))))))))))))
- 2007-10-20 04:03:30 136,192 ----a-w C:\WINDOWS\catchme.exe
+ 2007-10-20 05:03:30 136,192 ----a-w C:\WINDOWS\catchme.exe
- 2007-10-26 07:45:21 220,482 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2007-10-28 09:37:43 220,482 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
- 2007-07-11 08:13:23 122,194 -c--a-w C:\WINDOWS\system32\perfc006.dat
+ 2007-10-28 09:40:54 122,194 ----a-w C:\WINDOWS\system32\perfc006.dat
- 2007-07-11 08:13:23 100,308 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-10-28 09:40:54 100,308 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-07-11 08:13:23 542,472 -c--a-w C:\WINDOWS\system32\perfh006.dat
+ 2007-10-28 09:40:54 542,472 ----a-w C:\WINDOWS\system32\perfh006.dat
- 2007-07-11 08:13:23 502,372 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-10-28 09:40:55 502,372 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-07-22 16:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-04-02 13:21:27 139,776 ----a-w C:\WINDOWS\system32\swreg.exe
- 2006-01-09 08:36:06 40,960 ----a-w C:\WINDOWS\system32\swsc.exe
+ 2006-11-29 15:21:29 370,688 ----a-w C:\WINDOWS\system32\swsc.exe
- 2006-12-01 04:20:32 79,360 ----a-w C:\WINDOWS\system32\swxcacls.exe
+ 2006-12-01 03:20:32 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0DF5714-5A99-4A21-9C98-4F93FB5C398C}]
2007-04-25 12:43 458752 --a------ C:\Programmer\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B0DF5714-5A99-4A21-9C98-4F93FB5C398C}"= C:\Programmer\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll [2007-04-25 12:43 458752]

[HKEY_CLASSES_ROOT\CLSID\{B0DF5714-5A99-4A21-9C98-4F93FB5C398C}]
[HKEY_CLASSES_ROOT\ToolbarATL.ToolbarIE.1]
[HKEY_CLASSES_ROOT\TypeLib\{80EEF183-5101-409D-9F26-A4F95370E1D1}]
[HKEY_CLASSES_ROOT\ToolbarATL.ToolbarIE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 10:38 C:\WINDOWS\stsystra.exe]
"ATICCC"="C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41]
"DMXLauncher"="C:\Programmer\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12]
"ccApp"="C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20]
"ISUSPM Startup"="C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50]
"ISUSScheduler"="C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 14:49]
"TkBellExe"="C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" [2007-03-27 19:48]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"QuickTime Task"="C:\Programmer\QuickTime\QTTask.exe" [2007-06-29 05:24]
"Google Desktop Search"="C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-14 10:31]
"Symantec PIF AlertEng"="C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"!AVG Anti-Spyware"="C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"Authentic-ID Toolbar"="C:\Programmer\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll" [2007-04-25 12:43]
"Windows Defender"="C:\Programmer\Windows Defender\MSASCui.exe" [2006-11-03 18:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 13:00]
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" [2007-08-31 16:40]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 17:24]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 13:06]
"SpybotSD TeaTimer"="C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 15:46]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"IETI"=C:\Programmer\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART

C:\Documents and Settings\Mikkel\Menuen Start\Programmer\Start\
emptemp2.lnk - C:\Programmer\Empty Temp Folders 2.8.3\emptemp2.exe [2001-08-16 20:06:08]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programmer\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
"C:\Programmer\McAfee\SpamKiller\MSKDetct.exe" /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Programmer\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitStopEraser]
C:\Programmer\PCPitstop\Erase\PCPitStopErase.exe /remindme

R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ
R2 Programador de LiveUpdate automático;Programador de LiveUpdate automático;"C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
R2 SMTPSVC;Simple Mail Transport Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe
R2 SQLWriter;SQL Server VSS Writer;"c:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe"
S4 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-10-24 11:14:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-28 09:40:30 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmer\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-28 14:29:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-28 14:31:13
C:\ComboFix2.txt ... 2007-10-26 09:57
C:\ComboFix3.txt ... 2007-10-26 08:48
.
--- E O F ---

SmitFraudFix v2.242

Scan done at 14:44:57,35, 28-10-2007
Run from C:\Documents and Settings\Mikkel\Skrivebord\Antispyware\Smitfraud\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\stsystra.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\Dell\Media Experience\DMXLauncher.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Programmer\Opera\Opera.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mikkel
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mikkel\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Mikkel\FORETR~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Programmer
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~2\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 440x 10/100 Integrated Controller - Miniport til Packet Scheduler
DNS Server Search Order: 80.58.0.33
DNS Server Search Order: 80.58.32.97

HKLM\SYSTEM\CCS\Services\Tcpip\..\{FEA61C2C-28A2-43F5-B94F-8758471BDBE8}: NameServer=80.58.0.33,80.58.32.97
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FEA61C2C-28A2-43F5-B94F-8758471BDBE8}: NameServer=80.58.0.33,80.58.32.97
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FEA61C2C-28A2-43F5-B94F-8758471BDBE8}: NameServer=80.58.0.33,80.58.32.97

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
_________________________________________

********************************* ROOTCHK-(21-09-07)-LOG, by ejvindh
2007-10-28 14:26:45.95

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end
catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-28 14:26:55
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex]
"pkm:catalog:LastCatalogCrawlId"=dword:000002e0
"pkm:catalog:LastCatalogCrawlModified"=dword:00000711
"pkm:catalog:LastCatalogCrawlExcludes"=dword:00000350
"pkm:catalog:LastCatalogCrawlKBytes"=dword:00000005
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex]
"CheckPointNumber"=dword:00000003
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\737]
"CrawlType"=dword:00000002
"InProgress"=dword:00000001
"DoneAddingCrawlSeeds"=dword:00000001
"LogName"="C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Crwl737.gthr"
"CheckPoint"=hex:a9,09,00,00,00,00,00,00
"IsCatalogLevel"=dword:00000000
"LogStartAddId"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\1]
"CrawlNumberInProgress"=dword:000002e1

scanning hidden files ...
hidden processes: 0
hidden services: 0
hidden files: 0

Ccleaner:
RENSNING FÆRDIG - (2.598 sek)
------------------------------------------------------------------------------------------
5,51MB fjernet.
------------------------------------------------------------------------------------------
Detaljer om de slettede filer
------------------------------------------------------------------------------------------
IE midlertidige Internet filer (805 filer) 4,97MB
C:\Documents and Settings\Mikkel\Cookies\mikkel@xiti[1].txt 106 bytes
C:\Documents and Settings\Mikkel\Cookies\mikkel@google[1].txt 130 bytes
C:\Documents and Settings\Mikkel\Cookies\mikkel@doubleclick[1].txt 87 bytes
C:\Documents and Settings\Mikkel\Cookies\mikkel@es.sitestat[1].txt 99 bytes
C:\Documents and Settings\Mikkel\Cookies\mikkel@es.sitestat[3].txt 110 bytes
C:\Documents and Settings\Mikkel\Cookies\mikkel@microsoft[1].txt 246 bytes
C:\Documents and Settings\Mikkel\Cookies\mikkel@ojdinteractiva[1].txt 98 bytes
C:\Documents and Settings\Mikkel\Cookies\mikkel@update.microsoft[1].txt 146 bytes
C:\Documents and Settings\Mikkel\Cookies\mikkel@www.guiacampsa[1].txt 87 bytes
Markeret til sletning: C:\Documents and Settings\Mikkel\Cookies\index.dat
C:\WINDOWS\system32\wbem\Logs\FrameWork.log 780 bytes
C:\WINDOWS\system32\wbem\Logs\wbemess.log 28,40KB
C:\WINDOWS\system32\wbem\Logs\wmiprov.log 429 bytes
C:\WINDOWS\0.log 0 bytes
C:\WINDOWS\Debug\UserMode\userenv.log 3,79KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\dcache4.url 20 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O755.htm 5,78KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O756.jpg 19,17KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O757.jpg 1,05KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O758.gif 913 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O759.htm 205 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O75A.css 1,32KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O75B.gif 313 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O75C.htm 221 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O75D.gif 1,77KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O75E.gif 2,47KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O75F.ico 894 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O75H.swf 20,40KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O75I.js 71,19KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O75J.gif 54 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O75K.js 4,65KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O75L.js 1,48KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O75M.gif 65 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O75N.js 475 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O75O.css 10,04KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O75P.js 1 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O75Q.js 247 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O75R.gif 429 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O75T.gif 48 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O75U.js 22,84KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O75V.htm 54 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O75W.gif 65 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O75X.gif 86 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O75Y.js 16,51KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O760.png 1.007 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O762.png 1,96KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O763.htm 1,10KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O764.js 4,67KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O766.gif 62 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O768.js 4,27KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O769.htm 1,10KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O76A.gif 907 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O76B.gif 67 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O76C.js 10,54KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O76D.htm 2,04KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O76E.gif 4,64KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O76F.png 1,48KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O76G.gif 67 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O76H.gif 43 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O76I.gif 35 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O76J.js 475 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O76K.js 1,42KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O76L.js 2,36KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O76N.js 20,91KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O76O.htm 1,74KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O76Q.gif 56 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O76R.js 508 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O76S.htm 1,10KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O76T.htm 2,21KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O76U.htm 1,75KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O76V.htm 1,10KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O76W.htm 1,49KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O76X.htm 1,47KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O76Y.js 1 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O76Z.gif 43 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O770.js 448 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O771.js 250 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O773.js 274 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O775.js 508 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O776.gif 35 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O777.gif 907 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O778.htm 180 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O77B.htm 1,57KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O77C.gif 43 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O77D.htm 940 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O77E.js 801 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O77F.gif 4,64KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O77G.gif 20,30KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O77H.htm 1,47KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O77I.gif 43 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O77J.gif 35 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O77L.js 1 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O77M.swf 20,87KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O77N.gif 8,01KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O77O.gif 35 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O77P.js 1,67KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O77Q.htm 2,68KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O77R.htm 944 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O77S.gif 43 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O77T.js 250 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O77U.htm 944 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O77V.js 1 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O77W.js 448 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O77X.htm 181 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O77Y.js 863 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O77Z.htm 181 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O780.js 1,57KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O781.htm 1,56KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O782.htm 940 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O783.js 1 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O784.js 420 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O785.js 1 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O786.htm 1,10KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O787.htm 180 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0O788.htm 479 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\global.dat 2,57KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\opera.dir 119 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\download.dat 12 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\vlink4.dat 11,14KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\sessions\autosave.win 1,00KB
C:\Documents and Settings\Mikkel\Application Data\Macromedia\Flash Player\#SharedObjects\BW8ZYSPG\skype.com\#ui\preferences.sol 233 bytes
C:\Documents and Settings\Mikkel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 348 bytes
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\logfile.txt 116 bytes
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{12AA1A44-8977-437F-A09E-7651B03C0ED8} 5,52KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{156E4F68-DC0A-43B3-AA1C-DE3CCDF822ED} 5,52KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{195AB09B-3D4B-40CC-B3E4-C514763C3D25} 5,52KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{203EC02D-B9D6-4210-AEE6-4A68EC5D3C07} 5,52KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{20D97898-DF93-4139-B35C-19C1B566BDB0} 5,44KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{30F3DE79-74E3-40F3-AC37-DA9948966B20} 5,52KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{3385A67F-C4FC-4610-B9DB-59ED990371DD} 5,52KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{366AEE10-4EB4-47A2-BFC5-E6FCAA103FE5} 5,39KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{3B5A7379-A3C1-45E3-8373-20086BA4A157} 5,52KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{48F3F9C9-A246-4A7A-98A6-B54512F730C7} 5,40KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{4ADA4921-E6AB-46A3-8D8C-AA93F2979CB8} 5,38KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{59C5C639-A468-4990-B709-CE0A85275259} 5,52KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{78E05BE5-562C-4705-AFE1-08CB4F028745} 5,44KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{7E402A5D-50DA-413B-96F2-A5176B8A240A} 5,52KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{86A8D0C2-6AEF-4488-A933-2D9803816711} 5,52KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{90F01F00-F9D6-4561-8F19-661A7BB2DFBA} 5,38KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{A12032E1-92B2-48AA-B32F-F26B575057C3} 5,38KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{A1EB244A-7C3B-4BB9-98B3-A6D05D6121F1} 5,52KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{A229B70C-A4C8-4D23-968F-51FC460AB21E} 5,48KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{A9D3783E-B1C6-4D96-A9D8-A3579A2EEB18} 5,52KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{AF6E1C79-0AC1-4A28-AAE7-5A54FDABE302} 5,39KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{BC86F385-0AB4-4E91-B5CD-77F59855A31A} 5,52KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{BD82653A-8732-408E-B347-D5E41754769F} 5,52KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{BFF4A701-C9C7-48E3-A906-D2D7E92893F9} 5,52KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{C2F44CBE-F950-41C5-B335-33BC09D7D57D} 5,52KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{C83AD949-F3CF-4913-97C2-5634C70243CB} 5,52KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{D658E083-E6BC-4246-B5CA-DE6B9EE04A9D} 5,52KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{DD9112C6-676F-45B7-88B2-734D823955E1} 5,52KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{E1A225A0-05C2-41F5-8B80-08841FC4F32A} 5,52KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{F0D5981F-B9FF-459F-8A7A-A62C4744EA3A} 5,38KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{FB887ED5-535B-4D36-BEEE-8A51CBD57BC4} 5,52KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Scans\History\Results\Resource\{FEAEF6A5-8432-48DE-A09F-827351735285} 5,52KB

________________________________________

Og så lige en beskrivelse af det oprindelige problem med Your Privacy Guard (kan springes over - konklusionen er, at Norton igen er stået af):

Det første symptom var en række forskellige "windows-agtige" pop ups med titler som "System Alert. System detected virus activities...", "Spyware Alert. Security warning. Worm.Win 32.NetSky detected...", "Windows Internet Explorer. YourPrivacyGuard may find dangerous traces..." m.fl. Det skete, uden at mit virusprogram Norton 360 havde opfanget noget.
Samtidig var der en lille blinkende rød cirkel med et hvidt kors indeni på proceslinjen.
Hver gang blev der også åbnet et vindue i IE med en ny startsideadresse, oftest relateret til (anti)spywareprogrammer, fx. http://pcsecuresystem...", http://yourprivacyguard..., http:scanner.adwareremover2007.com/..., //http://softwarereferral.com/... Men også i ny og næ til "andre slags sider", fx. http://www.ripetv.com/girls...
På alle disse sider var der en ny værktøjsbjælke kaldet "The nssfrch" med knapper som "Remove Popups", "Scan Spyware" etc.
Der kom derudover på et tidspunkt et billede, der dækkede hele skrivebordet, af en rød djævel på rød baggrund med teksten "Your Privacy is in danger. Download pricacy protection software now" (billedet kaldet spacer.gif lå på file:///C:/windows/privacy_danger/images/spacer.gif og var dateret 18.05.2007)
Efter et stykke tid blev der også lukket ned for overvågningen i min Norton 360 - også Autoprotect i IE.
Når jeg kørte et systemtjek fandt og afhjalp Norton 360 to problemer (AV System Care og Downloader.MisleadApp), men lige lidt hjalp det.
Jeg kørte AdAware, AVG-Antispyware, Spybot, Spywareblaster, Superantispyware, F-Secure online, Panda online, Symantec online og Kapersky online. De fleste fandt ikke noget, men selv de, der gjorde, har heller ikke hjulpet.
Til sidst har jeg kørt henholdsvis Smitfraudfix v. 2.241 og ComboFix. De har i hvert fald fjernet symptomerne, men jeg er altså slet ikke sikker på, om buggen er helt væk…

Synes godt om

Computer Hjælp (Gratis) Mester

28. oktober 2007 - 17:11 #1

Du har vist haft gang i skytset *S*

Forslag lige nu:
Afinstall Norton 360 efter alle kunstens regler
Rul CCleaner - speciel punktet Problemer
Install Norton 360 igen - og opdater selvfølgelig denne.

???

Synes godt om

miklar Nybegynder

29. oktober 2007 - 13:33 #2

Tak for svaret. Ja, jeg har skudt lidt med spredehagl, må jeg indrømme. Jeg prøver at følge dit råd og ser, hvordan det virker.

Synes godt om

miklar Nybegynder

01. november 2007 - 11:25 #3

Den er sgu stadig gal. Jeg har kørt Kaspersky, og den har fundet forskellige ting:

Thursday, November 01, 2007 11:16:25 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/11/2007
Kaspersky Anti-Virus database records: 449568

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 97003
Number of viruses found 5
Number of infected objects 19
Number of suspicious objects 0
Duration of the scan process 02:00:48

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.169.Crwl Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.169.gthr Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.ci Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wsb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.wid Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Crwl764.gthr Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Crwl765.gthr Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy951.gthr Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf1.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_524.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-10262007-155808.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-11-01_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\D1F3DE35.TMP Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Lokale indstillinger\Oversigt\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Mikkel\Application Data\Authentic-ID\database.db Object is locked skipped

C:\Documents and Settings\Mikkel\Application Data\Microsoft\Outlook\outitems.log Object is locked skipped

C:\Documents and Settings\Mikkel\Application Data\Microsoft\Outlook\Outlook.srs Object is locked skipped

C:\Documents and Settings\Mikkel\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped

C:\Documents and Settings\Mikkel\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\ApplicationHistory\cli.exe.843bf18c.ini.inuse Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Google\Google Desktop\3dfc17ceaedd\dbc2e.ht1 Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Google\Google Desktop\3dfc17ceaedd\dbdam Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Google\Google Desktop\3dfc17ceaedd\dbdao Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Google\Google Desktop\3dfc17ceaedd\dbeam Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Google\Google Desktop\3dfc17ceaedd\dbeao Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Google\Google Desktop\3dfc17ceaedd\dbm Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Google\Google Desktop\3dfc17ceaedd\dbu2d.ht1 Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Google\Google Desktop\3dfc17ceaedd\dbvm.cf1 Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Google\Google Desktop\3dfc17ceaedd\dbvmh.ht1 Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Google\Google Desktop\3dfc17ceaedd\fii.cf1 Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Google\Google Desktop\3dfc17ceaedd\fiih.ht1 Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Google\Google Desktop\3dfc17ceaedd\hp Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Google\Google Desktop\3dfc17ceaedd\hpt2i.ht1 Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Google\Google Desktop\3dfc17ceaedd\rpm.cf1 Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Google\Google Desktop\3dfc17ceaedd\rpm1m.cf1 Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Google\Google Desktop\3dfc17ceaedd\rpm1mh.ht1 Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Google\Google Desktop\3dfc17ceaedd\rpmh.ht1 Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Google\Google Desktop\3dfc17ceaedd\safeweb\goog-black-enchashm.cf1 Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Google\Google Desktop\3dfc17ceaedd\safeweb\goog-black-enchashmh.ht1 Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Google\Google Desktop\3dfc17ceaedd\safeweb\goog-black-urlm.cf1 Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Google\Google Desktop\3dfc17ceaedd\safeweb\goog-black-urlmh.ht1 Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Google\Google Desktop\3dfc17ceaedd\safeweb\goog-malware-domainm.cf1 Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Google\Google Desktop\3dfc17ceaedd\safeweb\goog-malware-domainmh.ht1 Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Google\Google Desktop\3dfc17ceaedd\safeweb\goog-white-domainm.cf1 Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Google\Google Desktop\3dfc17ceaedd\safeweb\goog-white-domainmh.ht1 Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Microsoft\Business Contact Manager\MSSmallBusiness3.ldf Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Microsoft\Business Contact Manager\MSSmallBusiness3.mdf Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Microsoft\Desktop Search\Logs\OTFSMonLog.txt Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft på arbejde~.feed-ms Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Microsoft\Feeds\Microsoft-feeds~\Microsoft derhjemme~.feed-ms Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Microsoft\Outlook\archive.pst Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Microsoft\Outlook\Outlook.pst Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Microsoft\Outlook\~archive.pst.tmp Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Microsoft\Outlook\~Outlook.pst.tmp Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Application Data\Microsoft\Windows Defender\FileTracker\{F88FCAE0-759F-44A7-AEE5-98BDD932C35A} Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Oversigt\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Oversigt\History.IE5\MSHist012007110120071102\index.dat Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Temp\Perflib_Perfdata_ac8.dat Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Temp\Perflib_Perfdata_cb4.dat Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Temp\toolbar0.log Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Temp\~DF94FC.tmp Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Temp\~DFABAC.tmp Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Temp\~DFAF34.tmp Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Temp\~DFAF4D.tmp Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Temp\~DFE9C5.tmp Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Temp\~DFF105.tmp Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Temp\~DFF798.tmp Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Temp\~DFF866.tmp Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Temp\~DFFA22.tmp Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Temp\~DFFA87.tmp Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Mikkel\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Mikkel\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Mikkel\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Mikkel\Skrivebord\Antispyware\Smitfraud\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Mikkel\Skrivebord\Antispyware\Smitfraud\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Mikkel\Skrivebord\Antispyware\Smitfraud\SmitfraudFix.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Mikkel\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Desktop Search\Logs\UNCFATPHLog.txt Object is locked skipped

C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Lokale indstillinger\Temp\Perflib_Perfdata_1b0.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Programmer\Fælles filer\Symantec Shared\coShared\WA\1.5\NCOWAD.dat Object is locked skipped

C:\Programmer\Fælles filer\Symantec Shared\coShared\WA\1.5\NCOWADMT.dat Object is locked skipped

C:\Programmer\Fælles filer\Symantec Shared\coShared\WA\1.5\NCOWAS.dat Object is locked skipped

C:\Programmer\Fælles filer\Symantec Shared\coShared\WA\1.5\NCOWAS.ldb Object is locked skipped

C:\Programmer\Fælles filer\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped

C:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped

C:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped

C:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped

C:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped

C:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped

C:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped

C:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped

C:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped

C:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_241.trc Object is locked skipped

C:\Programmer\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Programmer\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Programmer\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Programmer\SmitfraudFix.exe RarSFX: infected - 2 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP160\A0033415.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped

C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP160\A0033416.exe/stream/data0003 Infected: Trojan-Downloader.Win32.Zlob.dvz skipped

C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP160\A0033416.exe/stream Infected: Trojan-Downloader.Win32.Zlob.dvz skipped

C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP160\A0033416.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP160\A0033424.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped

C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP160\A0033464.exe Infected: not-a-virus:FraudTool.Win32.SpywareBot.c skipped

C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP162\A0035562.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP162\A0035562.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP162\A0035562.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP162\A0035585.ocx Infected: Trojan.Win32.Agent.cjl skipped

C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP162\A0035674.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped

C:\System Volume Information\_restore{26FBF7D6-90BD-4B6B-9B40-27D3A07CC125}\RP170\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{30CEC9FE-2056-4EE5-818B-0280DD902791}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\etc\Hosts.bak Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\inetsrv\urlscan\urlscan.110107.log Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\TEMP\JET88F5.tmp Object is locked skipped

C:\WINDOWS\TEMP\JET8A2E.tmp Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan was interrupted by user! (den var gået i tomgang...)

Du får også lige en ny Hijack This-log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:03, on 01-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\stsystra.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\Dell\Media Experience\DMXLauncher.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\Windows Desktop Search\WindowsSearch.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Opera\Opera.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mikkellarsen.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Authentic-ID Toolbar - {B0DF5714-5A99-4A21-9C98-4F93FB5C398C} - C:\Programmer\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll
O3 - Toolbar: Mostrar la Barra de herramientas de Norton - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: (no name) - {2106BEDE-F5E8-4DE8-A081-A7E5EAD1529B} - (no file)
O3 - Toolbar: VSPopUp - {C89657E6-D083-4EA3-81D2-D7AD3D0ED490} - C:\WINDOWS\system32\vsPop.dll
O3 - Toolbar: Authentic-ID Toolbar - {B0DF5714-5A99-4A21-9C98-4F93FB5C398C} - C:\Programmer\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DMXLauncher] "C:\Programmer\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Authentic-ID Toolbar] rundll32.exe "C:\Programmer\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll",LoadTrayIcon
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Programmer\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Programmer\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Startup: emptemp2.lnk = C:\Programmer\Empty Temp Folders 2.8.3\emptemp2.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Windows-pc-søgning.lnk = C:\Programmer\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175021881167
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188754522250
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FEA61C2C-28A2-43F5-B94F-8758471BDBE8}: NameServer = 80.58.0.33,80.58.32.97
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FÆLLES~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12933 bytes

Og ComboFix:
ComboFix 07-10-23.2 - Mikkel 2007-11-01 11:20:24.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1030.18.190 [GMT 1:00]
Running from: C:\Documents and Settings\Mikkel\Skrivebord\Antispyware\Combofix\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-10-01 to 2007-11-01 )))))))))))))))))))))))))))))))
.

2007-11-01 11:20 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-28 14:44 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-28 14:44 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-28 14:44 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-10-28 14:44 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-26 15:04 <DIR> d-------- C:\Documents and Settings\Mikkel\Application Data\Authentic-ID
2007-10-26 14:56 <DIR> d-------- C:\Programmer\Windows Defender
2007-10-26 14:55 <DIR> d-------- C:\Programmer\Authentic-ID
2007-10-26 14:55 560,128 --a------ C:\WINDOWS\system32\htmlayout.dll
2007-10-26 14:55 388,126 --a------ C:\WINDOWS\system32\sqlite3.dll
2007-10-26 14:55 258,352 --a------ C:\WINDOWS\system32\unicows.dll
2007-10-26 14:46 <DIR> d-------- C:\Programmer\VSPopUp
2007-10-26 14:46 299,008 --a------ C:\WINDOWS\system32\vsPop.dll
2007-10-26 14:46 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2007-10-26 11:34 <DIR> d-------- C:\Programmer\CCleaner
2007-10-26 09:19 <DIR> d-------- C:\Documents and Settings\Mikkel\WINDOWS
2007-10-26 08:39 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-25 23:16 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-25 22:59 <DIR> d-------- C:\Programmer\Trend Micro
2007-10-25 22:59 401,720 --a------ C:\Programmer\HiJackThis.exe
2007-10-25 22:59 318,369 --a------ C:\Programmer\HiJackThis.zip
2007-10-25 22:58 812,344 --a------ C:\Programmer\HJTInstall.exe
2007-10-25 22:56 7,467,056 --a------ C:\Programmer\spybotsd15.exe
2007-10-25 22:53 27,932 --a------ C:\Programmer\spybot lang.dansk.zip
2007-10-25 22:38 <DIR> d-------- C:\Programmer\SpywareBlaster
2007-10-25 22:36 2,566,736 --a------ C:\Programmer\spywareblastersetup351.exe
2007-10-25 16:51 1,036,738 --a------ C:\Programmer\SmitfraudFix.exe
2007-10-25 16:44 3,398 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-25 15:50 <DIR> d-------- C:\Programmer\SUPERAntiSpyware
2007-10-25 15:50 <DIR> d-------- C:\Documents and Settings\Mikkel\Application Data\SUPERAntiSpyware.com
2007-10-25 15:48 <DIR> d-------- C:\Programmer\Fælles filer\Wise Installation Wizard
2007-10-25 15:48 <DIR> d-------- C:\Documents and Settings\Mikkel\SmitfraudFix
2007-10-25 15:47 5,914,648 --a------ C:\Programmer\SUPERAntiSpyware.exe
2007-10-25 15:46 <DIR> d-------- C:\Programmer\SmitfraudFix
2007-10-25 12:05 <DIR> d-------- C:\Documents and Settings\Mikkel\Application Data\Grisoft
2007-10-25 12:02 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-25 12:00 12,413,440 --a------ C:\Programmer\avgas-setup-7.5.1.43.exe
2007-10-25 08:02 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-10 13:44 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-03 13:14 <DIR> d-------- C:\Programmer\iPod
2007-10-02 10:43 <DIR> d-------- C:\WINDOWS\pss

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-01 07:59 --------- d-----w C:\Documents and Settings\Mikkel\Application Data\Skype
2007-10-29 12:39 --------- d-----w C:\Programmer\Fælles filer\Symantec Shared
2007-10-25 16:29 28,672 ----a-w C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-10-25 11:01 --------- d-----w C:\Programmer\Windows Desktop Search
2007-10-25 10:59 --------- d-----w C:\Programmer\Opera
2007-10-25 10:59 --------- d-----w C:\Programmer\Norton 360
2007-10-25 10:41 --------- d-----w C:\Programmer\iTunes
2007-10-03 18:39 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-03 18:39 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-10-03 18:39 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-03 18:39 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-10-03 18:39 --------- d-----w C:\Programmer\Symantec
2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 12:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 12:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-09-18 12:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 12:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 12:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-18 12:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-09-18 12:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-09-18 12:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-09-16 09:46 --------- d-----w C:\Programmer\Fælles filer\Skype
2007-09-11 22:06 --------- d-----w C:\Programmer\Apple Software Update
2007-09-03 15:01 164 ----a-w C:\install.dat
2007-09-03 14:59 --------- d-----w C:\Programmer\CA
2007-09-03 14:58 --------- d-----w C:\Programmer\PCPitstop
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 10:00 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:00 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:00 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:00 6,058,496 ----a-w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:00 52,224 ----a-w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:00 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:00 459,264 ----a-w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:00 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:00 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:00 383,488 ----a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:00 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:00 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:00 267,776 ----a-w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:00 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:00 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:00 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:00 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:00 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:00 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:00 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:00 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:00 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:00 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:19 63,488 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:19 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:19 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-01 10:05 25,754,696 -c--a-w C:\WINDOWS\Media\wmp11-windowsxp-x86-DA-DK.exe
2007-06-15 12:08:08 168 -csh--r C:\WINDOWS\system32\BA9AA1007F.sys
2007-06-15 12:09:59 5,018 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2007-10-26_ 9.47.25.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-20 04:03:30 136,192 ----a-w C:\WINDOWS\catchme.exe
+ 2007-10-20 05:03:30 136,192 ----a-w C:\WINDOWS\catchme.exe
+ 2007-09-21 14:53:44 385,536 ----a-w C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll
- 2007-10-26 07:45:21 220,482 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2007-11-01 07:54:52 220,480 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
- 2007-07-11 08:13:23 122,194 -c--a-w C:\WINDOWS\system32\perfc006.dat
+ 2007-10-28 09:40:54 122,194 ----a-w C:\WINDOWS\system32\perfc006.dat
- 2007-07-11 08:13:23 100,308 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-10-28 09:40:54 100,308 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-07-11 08:13:23 542,472 -c--a-w C:\WINDOWS\system32\perfh006.dat
+ 2007-10-28 09:40:54 542,472 ----a-w C:\WINDOWS\system32\perfh006.dat
- 2007-07-11 08:13:23 502,372 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-10-28 09:40:55 502,372 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-07-22 16:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-04-02 13:21:27 139,776 ----a-w C:\WINDOWS\system32\swreg.exe
- 2006-01-09 08:36:06 40,960 ----a-w C:\WINDOWS\system32\swsc.exe
+ 2006-11-29 15:21:29 370,688 ----a-w C:\WINDOWS\system32\swsc.exe
- 2006-12-01 04:20:32 79,360 ----a-w C:\WINDOWS\system32\swxcacls.exe
+ 2006-12-01 03:20:32 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0DF5714-5A99-4A21-9C98-4F93FB5C398C}]
2007-04-25 12:43 458752 --a------ C:\Programmer\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B0DF5714-5A99-4A21-9C98-4F93FB5C398C}"= C:\Programmer\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll [2007-04-25 12:43 458752]

[HKEY_CLASSES_ROOT\CLSID\{B0DF5714-5A99-4A21-9C98-4F93FB5C398C}]
[HKEY_CLASSES_ROOT\ToolbarATL.ToolbarIE.1]
[HKEY_CLASSES_ROOT\TypeLib\{80EEF183-5101-409D-9F26-A4F95370E1D1}]
[HKEY_CLASSES_ROOT\ToolbarATL.ToolbarIE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 10:38 C:\WINDOWS\stsystra.exe]
"ATICCC"="C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41]
"DMXLauncher"="C:\Programmer\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12]
"ccApp"="C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20]
"ISUSPM Startup"="C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50]
"ISUSScheduler"="C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32]
"HP Software Update"="C:\Programmer\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 14:49]
"TkBellExe"="C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" [2007-03-27 19:48]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"QuickTime Task"="C:\Programmer\QuickTime\QTTask.exe" [2007-06-29 05:24]
"Google Desktop Search"="C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-14 10:31]
"Symantec PIF AlertEng"="C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"!AVG Anti-Spyware"="C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"Authentic-ID Toolbar"="C:\Programmer\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll" [2007-04-25 12:43]
"Windows Defender"="C:\Programmer\Windows Defender\MSASCui.exe" [2006-11-03 18:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 13:00]
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" [2007-08-31 16:40]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 17:24]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 13:06]
"SpybotSD TeaTimer"="C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 15:46]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"IETI"=C:\Programmer\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART

C:\Documents and Settings\Mikkel\Menuen Start\Programmer\Start\
emptemp2.lnk - C:\Programmer\Empty Temp Folders 2.8.3\emptemp2.exe [2001-08-16 20:06:08]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Programmer\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
"C:\Programmer\McAfee\SpamKiller\MSKDetct.exe" /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Programmer\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitStopEraser]
C:\Programmer\PCPitstop\Erase\PCPitStopErase.exe /remindme

R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ
R2 Programador de LiveUpdate automático;Programador de LiveUpdate automático;"C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
R2 SMTPSVC;Simple Mail Transport Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe
R2 SQLWriter;SQL Server VSS Writer;"c:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe"
S4 viaagp;VIA AGP-busfilter;C:\WINDOWS\system32\DRIVERS\viaagp.sys

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-10-31 12:14:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-11-01 07:57:41 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmer\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-01 11:22:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-01 11:23:32
C:\ComboFix2.txt ... 2007-11-01 11:06
C:\ComboFix3.txt ... 2007-10-28 14:31
.
--- E O F ---

Og Smitfraud:

SmitFraudFix v2.242

Scan done at 11:20:57.54, 2007-11-01
Run from C:\Documents and Settings\Mikkel\Skrivebord\Antispyware\Smitfraud\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\stsystra.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\Programmer\Dell\Media Experience\DMXLauncher.exe
C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmer\HP\HP Software Update\HPWuSchd2.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\Windows Desktop Search\WindowsSearch.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Opera\Opera.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\ComboFix\vfind.cfexe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\ComboFix\vfind.cfexe
C:\ComboFix\mtee.cfexe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mikkel

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Mikkel\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Mikkel\FORETR~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Programmer

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~2\\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 440x 10/100 Integrated Controller - Miniport til Packet Scheduler
DNS Server Search Order: 80.58.0.33
DNS Server Search Order: 80.58.32.97

HKLM\SYSTEM\CCS\Services\Tcpip\..\{FEA61C2C-28A2-43F5-B94F-8758471BDBE8}: NameServer=80.58.0.33,80.58.32.97
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FEA61C2C-28A2-43F5-B94F-8758471BDBE8}: NameServer=80.58.0.33,80.58.32.97
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FEA61C2C-28A2-43F5-B94F-8758471BDBE8}: NameServer=80.58.0.33,80.58.32.97

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Og Ccleaner:
RENSNING FÆRDIG - (5.059 sek)
------------------------------------------------------------------------------------------
1.49MB fjernet.
------------------------------------------------------------------------------------------

Detaljer om de slettede filer
------------------------------------------------------------------------------------------
IE midlertidige Internet filer (40 filer) 0.29MB
C:\Documents and Settings\Mikkel\Cookies\mikkel@www.kaspersky[1].txt 93 bytes
C:\WINDOWS\system32\wbem\Logs\FrameWork.log 260 bytes
C:\WINDOWS\system32\wbem\Logs\wbemess.log 1.39KB
C:\WINDOWS\Debug\UserMode\userenv.log 214 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\dcache4.url 20 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5LP.htm 5.78KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5LQ.jpg 19.17KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5LR.jpg 1.05KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5LS.gif 913 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5LT.htm 205 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5LU.css 1.32KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5LV.gif 313 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5LW.htm 221 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5LX.gif 1.77KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5LY.gif 2.47KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5LZ.htm 267 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5M0.ico 1.37KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5M1.htm 6.67KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5M2.png 6.19KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5M3.htm 6.83KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5M4.htm 265 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5M5.gif 285 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5M6.js 1.47KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5M7.gif 1.97KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5M8.gif 642 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5M9.gif 1.00KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5MA.gif 43 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5MB.gif 3.19KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5MC.gif 112 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5MD.gif 4.31KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5ME.gif 43 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5MF.tmp 1 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5MG.htm 2.76KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5MH.css 53.84KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5MI.gif 43 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5MJ.js 793 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5MK.js 5.67KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5ML.gif 897 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5MM.gif 43 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5MN.gif 1.03KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5MO.gif 1.56KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5MP.gif 1.90KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5MQ.gif 51 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5MR.gif 1.51KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5MS.js 60 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5MT.gif 652 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5MU.js 255 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5MV.htm 3.86KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5MW.js 15.18KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5MX.tmp 110 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5MY.gif 184 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5MZ.gif 2.32KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5N0.gif 1.02KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5N1.js 1.23KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5N2.css 7.74KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5N3.gif 279 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5N4.js 448 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5N5.js 1.93KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5N6.gif 281 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5N7.js 3.38KB
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cache4\opr0P5N8.gif 234 bytes
C:\Documents and Settings\Mikkel\Application Data\Opera\Opera\profile\cac

Synes godt om

miklar Nybegynder

01. november 2007 - 11:44 #4

Jeg har lige kørt en rensning med Smitfraud i fejlsikret tilstand. Her er rapporten + den nye Hijack This:

SmitFraudFix v2.246

Scan done at 11:34:16,57, 01-11-2007
Run from C:\Documents and Settings\Mikkel\Skrivebord\Antispyware\Smitfraud\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 440x 10/100 Integrated Controller - Miniport til Packet Scheduler
DNS Server Search Order: 80.58.0.33
DNS Server Search Order: 80.58.32.97

HKLM\SYSTEM\CCS\Services\Tcpip\..\{FEA61C2C-28A2-43F5-B94F-8758471BDBE8}: NameServer=80.58.0.33,80.58.32.97
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FEA61C2C-28A2-43F5-B94F-8758471BDBE8}: NameServer=80.58.0.33,80.58.32.97
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FEA61C2C-28A2-43F5-B94F-8758471BDBE8}: NameServer=80.58.0.33,80.58.32.97

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:24, on 01-11-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\explorer.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe
C:\Programmer\Opera\Opera.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Authentic-ID Toolbar - {B0DF5714-5A99-4A21-9C98-4F93FB5C398C} - C:\Programmer\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll
O3 - Toolbar: Mostrar la Barra de herramientas de Norton - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programmer\Fælles filer\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: VSPopUp - {C89657E6-D083-4EA3-81D2-D7AD3D0ED490} - C:\WINDOWS\system32\vsPop.dll
O3 - Toolbar: Authentic-ID Toolbar - {B0DF5714-5A99-4A21-9C98-4F93FB5C398C} - C:\Programmer\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmer\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DMXLauncher] "C:\Programmer\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmer\Fælles filer\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmer\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Authentic-ID Toolbar] rundll32.exe "C:\Programmer\Authentic-ID\Authentic-ID Toolbar\ToolbarATL.dll",LoadTrayIcon
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Programmer\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Programmer\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Startup: emptemp2.lnk = C:\Programmer\Empty Temp Folders 2.8.3\emptemp2.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Windows-pc-søgning.lnk = C:\Programmer\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1175021881167
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188754522250
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FEA61C2C-28A2-43F5-B94F-8758471BDBE8}: NameServer = 80.58.0.33,80.58.32.97
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FÆLLES~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmer\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Programmer\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmer\Fælles filer\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10426 bytes

Synes godt om

miklar Nybegynder

03. november 2007 - 19:27 #5

- det var det her spørgsmål, jeg mente. Bare sig til, hvis du vil have points her også.

Synes godt om

Computer Hjælp (Gratis) Mester

03. november 2007 - 20:35 #6

(Ikke helt forstået?)

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Ukendte filer på min Pc Af jonpet i Virus	10	03/02/202514:20	04/02/202511:05
mulig ukendt virus Af jackie18 i Virus	3	18/01/202514:07	18/01/202516:39
virus popper op med jævne mellemrum Af Malm i Virus	13	18/01/202511:40	20/01/202517:53
Total AV Af Malm i Virus	10	16/01/202516:48	17/01/202520:47
pop up black friday Af Malm i Virus	12	22/11/202420:49	03/12/202411:04

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS