www.888.com popper af og til op når jeg går på nettet

Hvis du bruger XP kan du gennemføre denne vejledning http://www.eksperten.dk/artikler/1123

Faktisk kan den vejledning vist efterhånden bruges af alle windows versioner - hvis nogen er uenig så skriv det lige.

Jeg benytter Vista på den omtalte maskine.

Prøv bare at følge vejledningen.

Undskyld ventetiden,
Jeg har nu scannet med Superantispyware, men kan ikke finde nogen logfil derfra. Bagefter har jeg kørt Highjack og har fået en logfil.
Nu kører jeg en combofix.exe og vender tilbage senere.

Nu har jeg også en logfil fra combofix.exe

Skal jeg bare ligge loggene ind her?

Jeg har 3 logfiler nu, en fra hvert program

Læg logfilerne herind, så de kan blive tjekket. Er problemet der stadig?

Ja problemet er der stadig, da jeg gik på nettet første gang i dag skete det via et link i en mail fra TDC, umiddelbart efter TDC's side var kommet frem, åbnede der sig en side med noget poker et eller andet og lidt efter åbnede der en side med 888.com

Logfile of HijackThis v1.99.1
Scan saved at 23:30:12, on 13-04-2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\MP4 Player\Mp4Player.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Users\Per\Desktop\nye filer\hijack.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.info
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/13/2008 at 11:25 PM

Application Version : 4.0.1154

Core Rules Database Version : 3437
Trace Rules Database Version: 1429

Scan type      : Complete Scan
Total Scan Time : 00:15:24

Memory items scanned      : 206
Memory threats detected  : 0
Registry items scanned    : 6170
Registry threats detected : 0
File items scanned        : 16490
File threats detected    : 71

Adware.Tracking Cookie
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@advertising[2].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@adtech[2].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@adtech[1].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@adsrevenue[1].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@stat.dealtime[2].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@adserver.banneradministration[2].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@tradedoubler[1].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@ad.yieldmanager[2].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@adserver.adservinginternational[2].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@statse.webtrendslive[2].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@interclick[2].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@indextools[2].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@track.adform[2].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@traffictracker[1].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@ad.adultland[1].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@ad1.emediate[2].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@www.googleadservices[2].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@ads.planetactive[1].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@www.googleadservices[8].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@www.googleadservices[7].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@www.googleadservices[6].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@www.googleadservices[4].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@www.googleadservices[3].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@ads.revsci[1].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@122.2o7[2].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@2o7[2].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@ad.zanox[1].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@apmebf[1].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@atdmt[2].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@bs.serving-sys[1].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@casalemedia[1].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@clickshift[1].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@doubleclick[1].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@doubleclick[2].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@edsa.122.2o7[1].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@e2.emediate[2].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@eas.apm.emediate[1].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@eas4.emediate[2].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@eboks.112.2o7[1].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@ehg-camcorderinfo.hitbox[2].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@ehg-nokiafin.hitbox[2].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@fastclick[2].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@find[2].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@hitbox[2].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@ilead.itrack[2].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@imrworldwide[2].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@indexstats[1].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@lenovo.112.2o7[1].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@mediaplex[1].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@mediaplex[2].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@msnaccountservices.112.2o7[1].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@msnportal.112.2o7[1].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@partygaming.122.2o7[1].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@partypoker[2].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@sales.liveperson[2].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@qxl.adservinginternational[1].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@qxl.banneradministration[2].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@revsci[2].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@sales.liveperson[3].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@saxocom.112.2o7[1].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@serving-sys[2].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@shopping.112.2o7[1].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@stat.postdanmark[1].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@statcounter[1].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@stepstone.112.2o7[1].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@telmore.112.2o7[1].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@track.adform[1].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@tribalfusion[1].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@www.googleadservices[1].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@valueclick[1].txt
    C:\Users\Per\AppData\Roaming\Microsoft\Windows\Cookies\Low\per@zedo[1].txt

ComboFix 08-04-12.7 - Per 2008-04-13 23:53:15.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic  6.0.6000.0.1252.1.1030.18.1397 [GMT 2:00]
Running from: C:\Users\Per\Desktop\nye filer\ComboFix.exe
.

(((((((((((((((((((((((((  Files Created from 2008-03-13 to 2008-04-13  )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 12:12    ---------    d-----w    C:\Program Files\CCleaner
2008-04-13 12:11    ---------    d-----w    C:\Program Files\eMule
2008-04-13 10:58    ---------    d-----w    C:\Users\Per\AppData\Roaming\SUPERAntiSpyware.com
2008-04-13 10:58    ---------    d-----w    C:\ProgramData\SUPERAntiSpyware.com
2008-04-13 10:58    ---------    d-----w    C:\Program Files\SUPERAntiSpyware
2008-04-13 10:57    ---------    d-----w    C:\Program Files\Common Files\Wise Installation Wizard
2008-04-13 09:56    ---------    d-----w    C:\Users\Per\AppData\Roaming\AVG7
2008-04-10 09:06    ---------    d-----w    C:\Program Files\Windows Mail
2008-04-10 08:56    944,184    ----a-w    C:\Windows\System32\winload.exe
2008-04-10 08:56    7,168    ----a-w    C:\Windows\System32\f3ahvoas.dll
2008-04-10 08:56    620,088    ----a-w    C:\Windows\System32\ci.dll
2008-04-10 08:56    6,656    ----a-w    C:\Windows\System32\kbd106n.dll
2008-04-10 08:56    40,960    ----a-w    C:\Windows\System32\srclient.dll
2008-04-10 08:56    371,712    ----a-w    C:\Windows\System32\srcore.dll
2008-04-10 08:56    313,856    ----a-w    C:\Windows\System32\rstrui.exe
2008-04-10 08:56    19,000    ----a-w    C:\Windows\System32\kd1394.dll
2008-04-10 08:56    16,384    ----a-w    C:\Windows\System32\srdelayed.exe
2008-04-10 08:55    2,027,008    ----a-w    C:\Windows\System32\win32k.sys
2008-04-10 08:54    296,448    ----a-w    C:\Windows\System32\gdi32.dll
2008-04-10 08:53    83,968    ----a-w    C:\Windows\System32\dnsrslvr.dll
2008-04-10 08:53    24,576    ----a-w    C:\Windows\System32\dnscacheugc.exe
2008-04-10 08:52    826,368    ----a-w    C:\Windows\System32\wininet.dll
2008-04-10 08:52    56,320    ----a-w    C:\Windows\System32\iesetup.dll
2008-04-10 08:52    52,736    ----a-w    C:\Windows\AppPatch\iebrshim.dll
2008-04-10 08:52    26,624    ----a-w    C:\Windows\System32\ieUnatt.exe
2008-04-08 16:22    ---------    d-----w    C:\Program Files\4U Computing
2008-04-08 16:18    ---------    d-----w    C:\Program Files\MP4 Player
2008-03-18 08:34    ---------    d-----w    C:\Program Files\Windows Live
2008-03-17 21:21    ---------    d-----w    C:\ProgramData\WLInstaller
2008-03-17 21:12    ---------    d-----w    C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-17 21:09    ---------    dcsh--w    C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-17 15:36    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2008-03-17 15:36    ---------    d-----w    C:\Program Files\Common Files\Nikon
2008-03-13 09:47    41,984    ----a-w    C:\Windows\system32\drivers\monitor.sys
2008-03-13 09:47    1,060,920    ----a-w    C:\Windows\system32\drivers\ntfs.sys
2008-03-13 09:46    53,768    ----a-w    C:\Windows\system32\drivers\avgwfp.sys
2008-03-12 23:27    ---------    d-----w    C:\Program Files\WON
2008-03-12 23:27    ---------    d-----w    C:\Program Files\Common Files\InstallShield
2008-03-12 19:13    ---------    d-----w    C:\Users\Per\AppData\Roaming\PeerNetworking
2008-03-11 22:20    ---------    d-----w    C:\Program Files\Hewlett-Packard
2008-03-11 18:52    ---------    d-----w    C:\Program Files\Java
2008-03-11 18:50    ---------    d-----w    C:\Program Files\Common Files\Java
2008-03-11 18:39    ---------    d-----w    C:\Users\Per\AppData\Roaming\Cryptomathic
2008-03-11 18:37    ---------    d-----w    C:\Program Files\TDC
2008-03-10 22:22    ---------    d-----w    C:\Program Files\Common Files\Adobe
2008-03-10 22:16    20,176    ------w    C:\Windows\system32\drivers\PxHelp20.sys
2008-03-10 22:16    ---------    d-----w    C:\Program Files\WinAce
2008-03-10 18:53    ---------    d-----w    C:\Program Files\WinISO
2008-03-10 18:21    ---------    d-----w    C:\ProgramData\eMule
2008-03-10 14:14    ---------    d-----w    C:\Users\Per\AppData\Roaming\proDAD
2008-03-10 14:14    ---------    d-----w    C:\Program Files\proDAD
2008-03-10 14:00    ---------    d-----w    C:\Program Files\AdorageI-SAL
2008-03-10 14:00    ---------    d-----w    C:\Program Files\AdorageI-GfxDatas
2008-03-10 12:26    ---------    d-----w    C:\Program Files\Microsoft Works
2008-03-10 12:25    ---------    d-----w    C:\Program Files\Microsoft.NET
2008-03-10 11:44    ---------    d-----w    C:\ProgramData\e-Safekey
2008-03-05 17:16    ---------    d-----w    C:\Program Files\MSXML 4.0
2008-03-04 22:13    174    --sha-w    C:\Program Files\desktop.ini
2008-03-04 22:09    ---------    d-----w    C:\Program Files\Windows Sidebar
2008-03-04 22:09    ---------    d-----w    C:\Program Files\Windows Defender
2008-03-04 22:09    ---------    d-----w    C:\Program Files\Windows Calendar
2008-03-04 22:05    87,040    ----a-w    C:\Windows\System32\msoert2.dll
2008-03-04 22:05    704,000    ----a-w    C:\Windows\System32\PhotoScreensaver.scr
2008-03-04 22:05    67,584    ----a-w    C:\Windows\System32\wlanhlp.dll
2008-03-04 22:05    542,720    ----a-w    C:\Windows\System32\sysmain.dll
2008-03-04 22:05    502,784    ----a-w    C:\Windows\System32\wlansvc.dll
2008-03-04 22:05    47,104    ----a-w    C:\Windows\System32\wlanapi.dll
2008-03-04 22:05    39,424    ----a-w    C:\Windows\System32\ACCTRES.dll
2008-03-04 22:05    297,984    ----a-w    C:\Windows\System32\wlansec.dll
2008-03-04 22:05    290,816    ----a-w    C:\Windows\System32\wlanmsm.dll
2008-03-04 22:05    258,232    ----a-w    C:\Windows\system32\drivers\acpi.sys
2008-03-04 22:05    24,064    ----a-w    C:\Windows\System32\wtsapi32.dll
2008-03-04 22:05    205,824    ----a-w    C:\Windows\System32\msoeacct.dll
2008-03-04 22:05    2,923,520    ----a-w    C:\Windows\explorer.exe
2008-03-04 22:04    194,560    ----a-w    C:\Windows\System32\WebClnt.dll
2008-03-04 22:04    110,080    ----a-w    C:\Windows\system32\drivers\mrxdav.sys
2008-03-04 22:03    49,664    ----a-w    C:\Windows\System32\csrsrv.dll
2008-03-04 22:03    376,320    ----a-w    C:\Windows\System32\winsrv.dll
2008-03-04 21:59    374,456    ----a-w    C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-03-04 21:58    8,147,968    ----a-w    C:\Windows\System32\wmploc.DLL
2008-03-04 21:58    7,680    ----a-w    C:\Windows\System32\spwmp.dll
2008-03-04 21:58    414,208    ----a-w    C:\Windows\System32\msscp.dll
2008-03-04 21:58    4,096    ----a-w    C:\Windows\System32\dxmasf.dll
2008-03-04 21:58    356,864    ----a-w    C:\Windows\System32\MediaMetadataHandler.dll
2008-03-04 21:57    86,016    ----a-w    C:\Windows\System32\icfupgd.dll
2008-03-04 21:57    63,488    ----a-w    C:\Windows\system32\drivers\mpsdrv.sys
2008-03-04 21:57    61,952    ----a-w    C:\Windows\System32\cmifw.dll
2008-03-04 21:57    396,800    ----a-w    C:\Windows\System32\MPSSVC.dll
2008-03-04 21:57    392,192    ----a-w    C:\Windows\System32\FirewallAPI.dll
2008-03-04 21:57    23,040    ----a-w    C:\Windows\system32\drivers\tunnel.sys
2008-03-04 21:57    178,688    ----a-w    C:\Windows\System32\iphlpsvc.dll
2008-03-04 21:57    16,896    ----a-w    C:\Windows\System32\wfapigp.dll
2008-03-04 21:57    15,360    ----a-w    C:\Windows\system32\drivers\TUNMP.SYS
2008-03-04 21:56    45,112    ----a-w    C:\Windows\system32\drivers\pciidex.sys
2008-03-04 21:56    3,504,696    ----a-w    C:\Windows\System32\ntkrnlpa.exe
2008-03-04 21:56    3,470,392    ----a-w    C:\Windows\System32\ntoskrnl.exe
2008-03-04 21:56    211,000    ----a-w    C:\Windows\system32\drivers\volsnap.sys
2008-03-04 21:56    21,560    ----a-w    C:\Windows\system32\drivers\atapi.sys
2008-03-04 21:56    2,048    ----a-w    C:\Windows\System32\msxml3r.dll
2008-03-04 21:56    17,464    ----a-w    C:\Windows\system32\drivers\intelide.sys
.

(((((((((((((((((((((((((((((  snapshot@2008-04-13_23.40.32.72  )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-13 21:38:22    262,144    ----a-w    C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-04-13 21:52:19    262,144    ----a-w    C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-04-13 21:38:31    262,144    ----a-w    C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-04-13 21:53:17    262,144    ----a-w    C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-04-13 21:31:08    80,082    ----a-w    C:\Windows\System32\perfc006.dat
+ 2008-04-13 21:42:46    80,082    ----a-w    C:\Windows\System32\perfc006.dat
- 2008-04-13 21:31:08    103,726    ----a-w    C:\Windows\System32\perfc009.dat
+ 2008-04-13 21:42:46    103,726    ----a-w    C:\Windows\System32\perfc009.dat
- 2008-04-13 21:31:08    485,362    ----a-w    C:\Windows\System32\perfh006.dat
+ 2008-04-13 21:42:46    485,362    ----a-w    C:\Windows\System32\perfh006.dat
- 2008-04-13 21:31:08    609,944    ----a-w    C:\Windows\System32\perfh009.dat
+ 2008-04-13 21:42:46    609,944    ----a-w    C:\Windows\System32\perfh009.dat
- 2008-04-13 21:28:35    5,406    ----a-w    C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-950466850-309737511-3282017993-1000_UserData.bin
+ 2008-04-13 21:40:00    5,576    ----a-w    C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-950466850-309737511-3282017993-1000_UserData.bin
- 2008-04-13 21:28:35    46,522    ----a-w    C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-13 21:39:59    46,790    ----a-w    C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-04 23:50 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"MP4 Player"="C:\Program Files\MP4 Player\mp4Player.exe" [2007-09-19 15:00 639488]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-03-05 00:01 1006264]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-01-03 16:26 90112]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-01-03 16:26 13515296]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-01-03 16:26 86016]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-04 00:23 579072]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-04 00:23 219136]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-04 02:12:18 113664]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-03-10 20:49:49 106560]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-03-04 00:23 9216 C:\Windows\System32\avgwlntf.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{570B3114-6A6A-4794-B898-A3EAD28ACDC9}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{0866666B-F84B-4A49-9653-B490F9D4AF29}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{55047662-8631-4527-97ED-A19E013C32C1}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{E29D66FE-C53C-4902-9171-2613FF697F4E}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{F4C05F44-8C1A-4A76-B9D1-D6F2A75D77F8}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{004795F8-B3B6-43C4-9C27-C9279573AE8C}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{FB5A28DA-6513-4C5E-A132-72E647BA1F83}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:umi
"{311B6A8B-61AD-4458-972C-2E5116E6D934}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:umi
"TCP Query User{661747DB-2D5C-4CC9-BF21-39D75BF8104A}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{3BA4C937-96E5-4E37-B50D-50F12ECADBAD}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{8BEEC8F3-10B0-4D45-A3BA-A36BB83B76F4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{BBBB90E1-203B-4091-93B5-779F817B8C0D}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{4ABEC729-4461-472F-A00A-3B27170201A2}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{8CD57086-D9D6-460E-B780-7A351C1A899E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 05:47]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 04:40]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-13 11:46]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork    REG_MULTI_SZ      PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60c32c8e-e95d-11dc-a4f5-806e6f6e6963}]
\shell\AutoRun\command - D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cd2e4ce-e937-11dc-aec1-806e6f6e6963}]
\shell\AutoRun\command - E:\PLAY.EXE "playlist.m3u"

.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 23:54:54
Windows 6.0.6000  NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-13 23:55:25
ComboFix-quarantined-files.txt  2008-04-13 21:55:20
ComboFix2.txt  2008-04-13 21:41:03
      Systemet kan ikke finde meddelelsesteksten for meddelelsesnummer 0x2379 i meddelelsesfilen for Application.
      Systemet kan ikke finde meddelelsesteksten for meddelelsesnummer 0x2379 i meddelelsesfilen for Application.
.
2008-04-10 09:00:48    --- E O F ---

Ka' I dog snart lære det !!!

Afinstaller

* eMule
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284

via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

Og slet alt hvad der har med EMule at gøre ->
C:\Program Files\eMule
C:\ProgramData\eMule

---------------------------------------

http://www.precisesecurity.com/threats/casino-on-net-www888com/ her står hvordan det fjernes

Respons?

Forsigtig forespørgsel - har du 'styr' over dine gamle spm. -> http://www.eksperten.dk/list.phtml?sort=&order=DESC&status_1=on&status_2=on&spm_creator=perav&spm_part=&spm_answer=&find=&engine=exp

http://expfaq.dk/behandling_af_svar#behandling_af_svar

kom med et svar så jeg kan få lukket denne tråd:-)

Sorry jeg fik ikke skrevet at pcen kører fint nu :-)
Jeg takker for hjælpen

Ping...
(Det var et [svar]...)

Svar