hijackthis log - hvem vil hjælpe!

Jeg ser på den...

Joooo .... der er mistænkelige spor...
(Har du været igang med at spille LemmingsRevolution ???)

Afinstaller
* MyWebSearch
* evt. Fildelingsprogrammer
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284
via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------

... Nu er det ikke alle (u)ønskede elementer som viser sig med en HiJackThis Log; så gennemfør proceduren herfra -> http://www.eksperten.dk/artikler/1123

Så har jeg fået udført tingene som du skrev - mywebsearch kunne jeg ikke afinstallere med tilføj/fjern programmer, men en af programmerne fandt og fjernede det så i stedet for.

Men her kommer logfilerne - i 4 forskellige kommentarer.

********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh
10-01-2008 19:39:22,87

Driver winio (visible) is present. Run COMBOFIX by sUBs.

********************************* ROOTCHK-LOG-end


catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 19:39:24
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000287

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0

Logfile of HijackThis v1.99.1
Scan saved at 19:38:09, on 10-01-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmer\Canon\IJPLM\IJPLMSVC.EXE
C:\Programmer\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programmer\Apoint2K\Apoint.exe
C:\Programmer\Power Manager\PM.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmer\Windows Defender\MSASCui.exe
C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Programmer\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Programmer\Apoint2K\Apntex.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\Programmer\LevelOne\Common\RaUI.exe
C:\Programmer\Fælles filer\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Skype\Plugin Manager\skypePM.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Fælles filer\Teleca Shared\Generic.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\49d5119b20180f75e6148cb7014d521d\update\update.exe
E:\prob\Hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmer\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ProgramPath] C:\Programmer\Power Manager\PM.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Programmer\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Programmer\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmer\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programmer\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programmer\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Programmer\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmer\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [OM_Monitor] C:\Programmer\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LevelOne Wireless Utility.lnk = C:\Programmer\LevelOne\Common\RaUI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJ
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmer\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Maria Hansen\Menuen Start\Programmer\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Programmer\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Programmer\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {11818680-FCF6-11D0-9808-0800092A4865} (Adobe Form Control) - http://www.kps.dk/Codebase/FormCtl.cab
O16 - DPF: {1469FF24-47F6-11D2-8805-006008C537E3} (Adobe Mail Control) - http://www.kps.dk/codebase/ffmail.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mariamh86.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {92EB6641-286A-11D2-A68E-00A0C996A6DD} (Adobe Signature Object) - http://www.kps.dk/codebase/jfsignature.cab
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://blanketlageret.aarhuskommune.dk/digsig/capicom/capicom.cab
O16 - DPF: {AD90E8D1-3B47-11D2-A696-00A0C996A6DD} (jfCryptoSignature Class) - http://www.kps.dk/codebase/jfcrypto.cab
O16 - DPF: {CDDCFBB3-4D93-11D2-B1A9-00A0C9B742BE} (Adobe Script Object) - http://www.kps.dk/codebase/scriptobject.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {EF2FB80F-0975-408E-A871-B00CC863478A} (Adobe Soft Font Installer) - http://www.kps.dk/codebase/fontinstaller.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Programmer\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmer\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/10/2008 at 06:35 PM

Application Version : 3.7.1018

Core Rules Database Version : 3377
Trace Rules Database Version: 1371

Scan type      : Complete Scan
Total Scan Time : 00:47:53

Memory items scanned      : 170
Memory threats detected  : 0
Registry items scanned    : 5662
Registry threats detected : 2
File items scanned        : 31136
File threats detected    : 151

Adware.MyWebSearch
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
    HKU\S-1-5-21-2775093570-4142836413-1020108974-1006\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}

Adware.Tracking Cookie
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@adbrite[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@admarketplace[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@adopt.hbmediapro[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@ads.adsag[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@ads.as4x.tmcs[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@ads.clubplanet[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@ads.mediamayhemcorp[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@ads.realtechnetwork[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@adserver.adremedy[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@adserver.easyad[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@adultfriendfinder[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@aequitas-murphy.tripod[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@as-eu.falkag[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@atwola[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@azjmp[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@bluestreak[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@bonnier.banneradministration[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@clickbank[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@edsa.122.2o7[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@ehg-micron.hitbox[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@enhance[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@find-tattoo-designs[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@findnaermeste[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@h.starware[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@http.edge.vru4[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@kanoodle[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@metatraffic[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@metatraffic[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@Metatraffic[3].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@microsofteup.112.2o7[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@microsoftwga.112.2o7[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@microsoftwlmessengermkt.112.2o7[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@msnaccountservices.112.2o7[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@mtg.banneradministration[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@mywebsearch[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@playnetwork.112.2o7[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@reduxads.valuead[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@revenue[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@stat.dealtime[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@stat.onestat[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@tripod[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@try.starware[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@vhost.oddcast[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@xiti[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria hansen@yieldmanager[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@2o7[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@ad.adserverplus[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@ad.bolddk[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@ad.ofir[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@ad.yieldmanager[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@ad.zanox[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@ad1.emediate[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@adfair[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@adfarm1.adition[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@adopt.euroclick[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@adrevolver[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@ads.addynamix[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@ads.dk-kogebogen[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@ads.estart[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@ads.gamesbannernet[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@ads.lycos-europe[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@ads.pointroll[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@ads2.jubii[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@adserver.banneradministration[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@adserver.mediarun[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@adtech[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@almbrand.112.2o7[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@as1.falkag[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@banner.fynskemedier[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@banner2.fynskemedier[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@brightcove.112.2o7[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@bs.serving-sys[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@burstnet[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@buzznet.112.2o7[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@casalemedia[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@coopdev.112.2o7[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@divx.112.2o7[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@dk.drivecleaner[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@dk.winantivirus[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@drivecleaner[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@e2.emediate[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@eas.apm.emediate[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@eas4.emediate[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@edge.ru4[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@freefind[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@gettyimages.122.2o7[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@gyldendalbogklub.112.2o7[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@ilead.itrack[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@indexstats[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@indextools[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@jobzonen.112.2o7[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@login.tracking101[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@m1.webstats.motigo[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@media.adrevolver[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@media.adrevolver[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@mediaservices.myspace[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@mycounter.tinycounter[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@online.adservicemedia[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@overture[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@partygaming.122.2o7[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@partypoker[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@perf.overture[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@pr.valueclick[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@precisionclick[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@pulz.banneradministration[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@questionmarket[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@realmedia[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@saxocom.112.2o7[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@server.iad.liveperson[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@server.iad.liveperson[3].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@server.iad.liveperson[4].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@serving-sys[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@smileycentral[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@sonyeurope.112.2o7[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@specificclick[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@stat.postdanmark[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@statcounter[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@stats.drivecleaner[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@stepstone.112.2o7[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@tdc.112.2o7[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@tipsbladet.banneradministration[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@toplist[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@track.adform[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@track.webgains[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@track.webtrekk[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@tracking.notabenestats[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@tradedoubler[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@tribalfusion[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@valueclick[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@watagame.banneradministration[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@weborama[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@winantivirus[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@www.burstnet[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@www.drivecleaner[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@www.googleadservices[10].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@www.googleadservices[11].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@www.googleadservices[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@www.googleadservices[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@www.googleadservices[3].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@www.googleadservices[4].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@www.googleadservices[5].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@www.googleadservices[6].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@www.googleadservices[7].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@www.googleadservices[8].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@www.googleadservices[9].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@www3.addfreestats[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@yadro[1].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@yourdailymedia[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@zbox.zanox[2].txt
    C:\Documents and Settings\Maria Hansen\Cookies\maria_hansen@zedo[2].txt

ComboFix 08-01-10.2 - Maria Hansen 2008-01-10 20:17:15.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.138 [GMT 1:00]
Running from: E:\prob\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Maria Hansen\Application Data\FunWebProducts
C:\Documents and Settings\Maria Hansen\Application Data\FunWebProducts\Data\Maria Hansen\avatar.dat
C:\Programmer\FunWebProducts
C:\Programmer\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Programmer\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Programmer\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Programmer\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Programmer\FunWebProducts\Shared\Cache\SmileyCentralBtn-new.html
C:\Programmer\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Programmer\MyWebSearch
C:\Programmer\MyWebSearch\bar\5.bin\F3BKGERR.JPG
C:\Programmer\MyWebSearch\bar\5.bin\F3BROVLY.DLL
C:\Programmer\MyWebSearch\bar\5.bin\F3CJPEG.DLL
C:\Programmer\MyWebSearch\bar\5.bin\F3DTACTL.DLL
C:\Programmer\MyWebSearch\bar\5.bin\F3HISTSW.DLL
C:\Programmer\MyWebSearch\bar\5.bin\F3HTMLMU.DLL
C:\Programmer\MyWebSearch\bar\5.bin\F3HTTPCT.DLL
C:\Programmer\MyWebSearch\bar\5.bin\F3IMSTUB.DLL
C:\Programmer\MyWebSearch\bar\5.bin\F3POPSWT.DLL
C:\Programmer\MyWebSearch\bar\5.bin\F3PSSAVR.SCR
C:\Programmer\MyWebSearch\bar\5.bin\F3REPROX.DLL
C:\Programmer\MyWebSearch\bar\5.bin\F3RESTUB.DLL
C:\Programmer\MyWebSearch\bar\5.bin\F3SCHMON.EXE
C:\Programmer\MyWebSearch\bar\5.bin\F3SCRCTR.DLL
C:\Programmer\MyWebSearch\bar\5.bin\F3SHLLVW.DLL
C:\Programmer\MyWebSearch\bar\5.bin\F3SPACER.WMV
C:\Programmer\MyWebSearch\bar\5.bin\F3WALLPP.DAT
C:\Programmer\MyWebSearch\bar\5.bin\F3WPHOOK.DLL
C:\Programmer\MyWebSearch\bar\5.bin\M3FFXTBR.JAR
C:\Programmer\MyWebSearch\bar\5.bin\M3FFXTBR.MANIFEST
C:\Programmer\MyWebSearch\bar\5.bin\M3HTML.DLL
C:\Programmer\MyWebSearch\bar\5.bin\M3IDLE.DLL
C:\Programmer\MyWebSearch\bar\5.bin\M3IMPIPE.EXE
C:\Programmer\MyWebSearch\bar\5.bin\M3MSG.DLL
C:\Programmer\MyWebSearch\bar\5.bin\M3NTSTBR.JAR
C:\Programmer\MyWebSearch\bar\5.bin\M3NTSTBR.MANIFEST
C:\Programmer\MyWebSearch\bar\5.bin\M3OUTLCN.DLL
C:\Programmer\MyWebSearch\bar\5.bin\M3PLUGIN.DLL
C:\Programmer\MyWebSearch\bar\5.bin\M3SKIN.DLL
C:\Programmer\MyWebSearch\bar\5.bin\M3SKPLAY.EXE
C:\Programmer\MyWebSearch\bar\5.bin\M3SLSRCH.EXE
C:\Programmer\MyWebSearch\bar\5.bin\M3SRCHMN.EXE
C:\Programmer\MyWebSearch\bar\5.bin\MWSOEPLG.DLL
C:\Programmer\MyWebSearch\bar\5.bin\MWSOESTB.DLL
C:\Programmer\MyWebSearch\bar\5.bin\NPMYWEBS.DLL
C:\Programmer\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\avatar.htm
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\close.gif
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\common-x.css
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\common.css
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\htmlctrl.js
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\include.js
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\index.htm
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\loading.gif
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\login.htm
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\logo.gif
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\max.gif
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\min.gif
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\noflash.htm
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\spacer.gif
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\spacer.swf
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\unmax.gif
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\wardrobe.htm
C:\Programmer\MyWebSearch\bar\Avatar\COMMON\window.ico
C:\Programmer\MyWebSearch\bar\Cache\001600AB
C:\Programmer\MyWebSearch\bar\Cache\00162C17
C:\Programmer\MyWebSearch\bar\Cache\001630DD.bin
C:\Programmer\MyWebSearch\bar\Cache\00163C17.bin
C:\Programmer\MyWebSearch\bar\Cache\00163D6B.bin
C:\Programmer\MyWebSearch\bar\Cache\00163F1A.bin
C:\Programmer\MyWebSearch\bar\Cache\00164141.bin
C:\Programmer\MyWebSearch\bar\Cache\001643FE.bin
C:\Programmer\MyWebSearch\bar\Cache\0017E9C5.bin
C:\Programmer\MyWebSearch\bar\Cache\0017EBEC.bin
C:\Programmer\MyWebSearch\bar\Cache\0017F011.bin
C:\Programmer\MyWebSearch\bar\Cache\0017F1FC.bin
C:\Programmer\MyWebSearch\bar\Cache\0017F42D.bin
C:\Programmer\MyWebSearch\bar\Cache\0017F603
C:\Programmer\MyWebSearch\bar\Cache\files.ini
C:\Programmer\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Programmer\MyWebSearch\bar\Game\CHESS.F3S
C:\Programmer\MyWebSearch\bar\Game\REVERSI.F3S
C:\Programmer\MyWebSearch\bar\History\search2
C:\Programmer\MyWebSearch\bar\Search\COMMON.F3S
C:\Programmer\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Programmer\MyWebSearch\bar\Settings\s_pid.dat
C:\Programmer\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\f3PSSavr.scr

.
(((((((((((((((((((((((((  Files Created from 2007-12-10 to 2008-01-10  )))))))))))))))))))))))))))))))
.

2008-01-10 19:42 . 2000-08-31 08:00    51,200    --a------    C:\WINDOWS\NirCmd.exe
2008-01-10 19:41 . 2008-01-10 19:41    1,374    --a------    C:\WINDOWS\imsins.BAK
2008-01-10 17:33 . 2008-01-10 17:33    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-10 17:32 . 2008-01-10 17:44    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-01-10 17:32 . 2008-01-10 17:32    <DIR>    d--------    C:\Documents and Settings\Maria Hansen\Application Data\SUPERAntiSpyware.com
2008-01-10 17:09 . 2008-01-10 17:09    <DIR>    d--------    C:\Programmer\CCleaner
2008-01-08 20:52 . 2008-01-08 20:53    <DIR>    d--------    C:\Documents and Settings\Maria Hansen\Application Data\Canon
2008-01-08 20:40 . 2008-01-08 20:40    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2008-01-08 20:37 . 2004-08-03 23:08    31,616    --a------    C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-08 20:37 . 2004-08-03 23:08    31,616    --a--c---    C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-08 20:37 . 2004-08-03 23:01    25,856    --a------    C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-08 20:37 . 2004-08-03 23:01    25,856    --a--c---    C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-08 20:37 . 2004-08-03 22:58    15,104    --a------    C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-08 20:37 . 2004-08-03 22:58    15,104    --a--c---    C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-08 20:34 . 2008-01-08 20:34    <DIR>    d--------    C:\Documents and Settings\Maria Hansen\Application Data\ScanSoft
2008-01-08 20:34 . 2008-01-08 20:34    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\InstallShield
2008-01-08 20:34 . 2008-01-08 20:34    406    --a------    C:\WINDOWS\MAXLINK.INI
2008-01-08 20:33 . 2008-01-08 20:33    <DIR>    d--------    C:\Programmer\Fælles filer\ScanSoft Shared
2008-01-08 20:33 . 2008-01-08 20:33    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-01-08 20:32 . 2008-01-08 20:32    <DIR>    d--------    C:\Programmer\ScanSoft
2008-01-08 20:26 . 2008-01-08 20:26    <DIR>    d--h-----    C:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-01-08 20:26 . 2007-03-18 21:00    215,040    --a------    C:\WINDOWS\system32\CNMLM8S.DLL
2008-01-08 20:25 . 2008-01-08 20:25    <DIR>    d--h-----    C:\Programmer\CanonBJ
2008-01-08 20:25 . 2007-03-23 08:30    1,400,832    --a------    C:\WINDOWS\system32\CNC210C.DLL
2008-01-08 20:25 . 2007-03-19 02:16    200,704    --a------    C:\WINDOWS\system32\CNC210L.DLL
2008-01-08 20:25 . 2007-03-15 06:12    188,416    --a------    C:\WINDOWS\system32\CNC210O.DLL
2008-01-08 20:25 . 2007-03-23 08:29    98,304    --a------    C:\WINDOWS\system32\CNC210I.DLL
2008-01-08 20:24 . 2008-01-08 20:40    <DIR>    d--------    C:\Programmer\Canon
2008-01-08 19:11 . 2008-01-08 19:11    <DIR>    d--------    C:\Programmer\support.com
2008-01-08 19:11 . 2008-01-08 19:11    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Support.com
2008-01-01 02:13 . 2008-01-01 02:14    <DIR>    d--------    C:\Programmer\DivX
2007-12-28 21:38 . 2008-01-08 20:27    <DIR>    d--------    C:\Downloads

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 19:08    ---------    d-----w    C:\Documents and Settings\Maria Hansen\Application Data\Skype
2008-01-10 18:49    ---------    d-----w    C:\Programmer\MSN Messenger
2008-01-10 16:38    ---------    d-----w    C:\Programmer\Google
2008-01-10 16:30    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-01-08 19:33    ---------    d-----w    C:\Programmer\Fælles filer\InstallShield
2007-11-29 22:30    200,704    ----a-w    C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30    1,044,480    ----a-w    C:\WINDOWS\system32\libdivx.dll
2007-11-13 10:25    20,480    ----a-w    C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:28    723,456    ----a-w    C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:44    1,291,776    ----a-w    C:\WINDOWS\system32\quartz.dll
2007-10-20 05:01    227,328    ----a-w    C:\WINDOWS\system32\wmasf.dll
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 13:00 15360]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"CTSyncU.exe"="C:\Programmer\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 14:32 700416]
"OM_Monitor"="C:\Programmer\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 19:19 57344]
"Skype"="C:\Programmer\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-04-23 15:46 1318128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTrayp"="VTtrayp.exe" [2004-11-12 11:28 143360 C:\WINDOWS\system32\VTTrayp.exe]
"VTTimer"="VTTimer.exe" [2004-11-12 11:28 53248 C:\WINDOWS\system32\VTTimer.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-11-12 11:17 73728 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-07 09:15 88363 C:\WINDOWS\AGRSMMSG.exe]
"Apoint"="C:\Programmer\Apoint2K\Apoint.exe" [2003-12-05 13:22 159744]
"ProgramPath"="C:\Programmer\Power Manager\PM.exe" [2004-09-28 17:57 155648]
"Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-08-09 13:39 183352]
"Norton Ghost 9.0"="C:\Programmer\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-07-29 04:41 1122304]
"NeroFilterCheck"="C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43 83608]
"OM_Monitor"="C:\Programmer\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 19:19 40960]
"Windows Defender"="C:\Programmer\Windows Defender\MSASCui.exe" [2006-11-03 17:20 866584]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"Sony Ericsson PC Suite"="C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"iTunesHelper"="C:\Programmer\iTunes\iTunesHelper.exe" [2007-09-26 13:42 267064]
"CanonSolutionMenu"="C:\Programmer\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 17:00 644696]
"CanonMyPrinter"="C:\Programmer\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 17:50 1603152]
"SSBkgdUpdate"="C:\Programmer\Fælles filer\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]
"OpwareSE4"="C:\Programmer\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 12:02 79400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 13:00 15360]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Adobe Reader Hurtigstart.lnk - C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
LevelOne Wireless Utility.lnk - C:\Programmer\LevelOne\Common\RaUI.exe [2007-01-01 12:27:17]
Microsoft Office.lnk - C:\Programmer\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys [2004-07-29 03:33]
R0 SiSRaid2;SiSRaid2;C:\WINDOWS\system32\drivers\SiSRaid2.sys [2005-01-11 16:58]
R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys [2004-12-24 17:04]
R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys [2004-07-29 04:13]
R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Programmer\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 08:20]
R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 09:55]
R3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2003-10-24 15:04]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2007-07-09 09:50]
R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-07-12 10:38]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 12:23]
S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 14:25]
S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 14:25]
S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 14:25]
S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 14:25]
S3 SE2Cbus;Sony Ericsson Device 044 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Cbus.sys [2006-05-15 14:56]
S3 SE2Cmdfl;Sony Ericsson Device 044 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Cmdfl.sys [2006-05-15 14:56]
S3 SE2Cmdm;Sony Ericsson Device 044 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Cmdm.sys [2006-05-15 14:56]
S3 SE2Cmgmt;Sony Ericsson Device 044 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Cmgmt.sys [2006-05-15 14:56]
S3 se2Cnd5;Sony Ericsson Device 044 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se2Cnd5.sys [2006-05-15 14:56]
S3 SE2Cobex;Sony Ericsson Device 044 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Cobex.sys [2006-05-15 14:56]
S3 se2Cunic;Sony Ericsson Device 044 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se2Cunic.sys [2006-05-15 14:56]

*Newly Created Service* - WINIO
.
Contents of the 'Scheduled Tasks' folder
"2007-12-28 20:34:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe
"2008-01-10 18:58:03 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Programmer\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 20:19:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-10 20:20:36
ComboFix-quarantined-files.txt  2008-01-10 19:20:24
.
2008-01-10 18:46:58    --- E O F ---

og forresten - lemmingsRevolutions har i den sidste tid startet op på computeren og ville have lov til at installere... :) har fjernet det...

Hmmm... denne [lemmingsRevolutions] har du vist fået 'foræret' via noget P2P program ?

Well - ComboFix mm. har gjort noget fix - der er efterfølgende oprydning tilbage ->


Kør en scanning med Hijackthis,
Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked.

Det er disse, som skal fixes:

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Maria Hansen\Menuen Start\Programmer\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe

Genstart normalt

------------------------------------------------------------------------

Ta' en oprydningtur med CCleaner (som du allerede har) - specielt punktet [Register/Problemer] ...

------------------------------------------------------------------------

Hvordan er status på putteren så nu ?

Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...

ja - det fjernede en del nasty ting på maskinen.
Så nu har jeg kun det super irreterende problem, at harddisken hele tiden arbejder som en sindsyg...

En bærbar computer... jeg er bange for at jeg desvære bliver nød til at re-installere maskinen alligevel... :(

Men tak for din hjælp Karise_larry