modtagers email melder jeg sender spam.Avira sider det er heidden

Loggen fra ComboFix ???

--------

Hent og instalér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.
Lad programmet foretage en oprydning...

--------

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

Hej igen

Det brugte den meget tid på


Malwarebytes' Anti-Malware 1.30
Database version: 1323
Windows 5.1.2600 Service Pack 3

26-10-2008 22:36:16
mbam-log-2008-10-26 (22-36-16).txt

Skan type: Fuldstændig skanning (C:\|E:\|F:\|)
Objekter skannet: 510529
Tid tilbagelagt: 5 hour(s), 21 minute(s), 49 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 1

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
E:\backup 071006\far\File.Rescue.Plus.v4.0.0.15.Incl.Keymaker-CORE\File.Rescue.Plus.v4.0.0.15.Incl.Keymaker-CORE\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.


HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:41:26, on 26-10-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Avira\Avira Premium Security Suite\avguard.exe
C:\Programmer\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Programmer\Avira\Avira Premium Security Suite\sched.exe
C:\Programmer\Avira\Avira Premium Security Suite\avesvc.exe
C:\Programmer\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Programmer\Bonjour\mDNSResponder.exe
C:\Programmer\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\CAP4RSK.EXE
c:\Programmer\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmer\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Programmer\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Programmer\Avira\Avira Premium Security Suite\avmailc.exe
C:\Programmer\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Programmer\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Programmer\Ahead\InCD\InCD.exe
C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmer\FarStone\VirtualDrive\VDTask.exe
C:\Programmer\FarStone\VirtualDrive\VHD\RDTask.exe
C:\WINDOWS\V0330Mon.exe
C:\Programmer\Rapidshare Downloader\RD.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmer\E-Book Systems\FlipViewer\FlipViewerLibrary.exe
C:\Programmer\Genie-Soft\GBMPro8\GBMAgent.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\Creative\Shared Files\CamTray.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
C:\Programmer\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Programmer\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4LAK.EXE
C:\Programmer\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmer\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4SWK.EXE
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmer\Fælles filer\Nokia\MPAPI\MPAPI3s.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmer\HJTrenamed.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programmer\Rapidshare Downloader\jccatch.dll
O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\PROGRA~1\E-BOOK~1\FLIPVI~1\fvbho140.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Snap Shots - {BB81C3DB-2DEA-4AE9-96B3-13E6661FF03B} - C:\Programmer\Snap Shots\snapbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Snap Shots - {8CD8EA48-D284-477E-B6DF-85D1E39D855F} - C:\Programmer\Snap Shots\snapbar.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Programmer\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmer\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [VirtualDrive] "C:\Programmer\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [RAMDrive] "C:\Programmer\FarStone\VirtualDrive\VHD\RDTask.exe"
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [Ad-Watch] C:\Programmer\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [V0330Mon.exe] C:\WINDOWS\V0330Mon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmer\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [Flashget] C:\Programmer\Rapidshare Downloader\RD.exe /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [FlipViewer Library] "C:\Programmer\E-Book Systems\FlipViewer\FlipViewerLibrary.exe" /showmode=hide
O4 - HKLM\..\Run: [GBMPro8Agent] C:\Programmer\Genie-Soft\GBMPro8\GBMAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmer\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programmer\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [GBMPro8Agent] C:\Programmer\Genie-Soft\GBMPro8\GBMAgent.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programmer\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Vinduet Status for Canon LBP3200.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4LAK.EXE
O4 - Global Startup: Windows-pc-søgning.lnk = C:\Programmer\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download All with Rapidshare Downloader - C:\Programmer\Rapidshare Downloader\jc_all.htm
O8 - Extra context menu item: &Download with Rapidshare Downloader - C:\Programmer\Rapidshare Downloader\jc_link.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download with GetRight - C:\Programmer\GetRight\GRdownload.htm
O8 - Extra context menu item: Download with GetRight Pro - C:\Programmer\GetRight\GRdownload.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmer\GetRight\GRbrowse.htm
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Programmer\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.next-stay.dk
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://next-stay.dk/camping/general/smsx.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1187553241187
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {B19FDE22-5907-4315-B558-1D537E86C3E1} (FViewerLoading Class) - http://www.flipviewer.com/exe/fv421.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://87.54.59.228/activex/AMC.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://remote.compusoft.dk/inquiero/mod/setup/ntractivex118_24.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager-kontrol) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmer\Fælles filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Programmer\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Programmer\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Programmer\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmer\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Programmer\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Programmer\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Programmer\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmer\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmer\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Programmer\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Programmer\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 16312 bytes

Loggen fra ComboFix ???

Kommer her den første er den nye.

ComboFix 08-10-25.01 - cmn 2008-10-26 23:10:01.4 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1030.18.1258 [GMT 1:00]
Running from: C:\Documents and Settings\cmn\Skrivebord\ComboFix.exe

[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.

(((((((((((((((((((((((((  Files Created from 2008-09-26 to 2008-10-26  )))))))))))))))))))))))))))))))
.

2008-10-26 17:07 . 2008-10-26 17:07    <DIR>    d--------    C:\Programmer\Malwarebytes' Anti-Malware
2008-10-26 17:07 . 2008-10-26 17:07    <DIR>    d--------    C:\Documents and Settings\cmn\Application Data\Malwarebytes
2008-10-26 17:07 . 2008-10-26 17:07    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-26 17:07 . 2008-10-22 16:10    38,496    --a------    C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-26 17:07 . 2008-10-22 16:10    15,504    --a------    C:\WINDOWS\system32\drivers\mbam.sys
2008-10-26 14:15 . 2007-07-06 18:39    401,720    --a------    C:\Programmer\HJTrenamed.exe
2008-10-26 11:03 . 2008-10-26 11:03    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-10-26 11:03 . 2008-10-26 11:03    <DIR>    d--------    C:\Documents and Settings\cmn\Application Data\SUPERAntiSpyware.com
2008-10-26 11:03 . 2008-10-26 11:03    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-26 10:29 . 2008-10-26 10:29    <DIR>    d--------    C:\Programmer\CCleaner
2008-10-26 08:37 . 2008-10-26 08:37    <DIR>    d--------    C:\Programmer\HiddenFinder
2008-10-26 08:37 . 2006-02-23 22:03    8,576    --a------    C:\WINDOWS\system32\drivers\KProcWatch.sys
2008-10-24 04:40 . 2008-10-15 17:37    337,408    -----c---    C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-14 23:00 . 2008-09-08 11:41    333,824    -----c---    C:\WINDOWS\system32\dllcache\srv.sys
2008-10-14 22:59 . 2008-08-14 14:25    2,191,744    -----c---    C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-14 22:59 . 2008-08-14 14:25    2,147,840    -----c---    C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-14 22:59 . 2008-08-14 14:25    2,068,608    -----c---    C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-14 22:59 . 2008-08-14 14:25    2,026,496    -----c---    C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-14 22:59 . 2008-09-15 16:27    1,846,400    -----c---    C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-11 21:04 . 2008-10-11 21:04    <DIR>    d--------    C:\Programmer\Fælles filer\PCSuite
2008-10-11 21:04 . 2008-10-11 21:04    <DIR>    d--------    C:\Programmer\Fælles filer\Nokia
2008-10-11 21:03 . 2008-10-11 21:03    <DIR>    d--------    C:\Programmer\PC Connectivity Solution

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 22:11    ---------    d-----w    C:\Programmer\Rapidshare Downloader
2008-10-26 21:41    16,314    ----a-w    C:\Programmer\hijackthis.log
2008-10-26 10:03    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-10-25 19:23    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2008-10-25 19:09    ---------    d-----w    C:\Programmer\Banner Maker Pro 6
2008-10-25 17:13    ---------    d-----w    C:\Documents and Settings\cmn\Application Data\PC Suite
2008-10-25 13:27    ---------    d-----w    C:\Documents and Settings\cmn\Application Data\Samsung
2008-10-25 13:17    ---------    d-----w    C:\Documents and Settings\cmn\Application Data\EBookSys
2008-10-15 10:40    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-11 20:04    ---------    d-----w    C:\Programmer\Nokia
2008-10-11 20:04    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Installations
2008-09-22 12:49    ---------    d-----w    C:\Documents and Settings\cmn\Application Data\DivX
2008-09-15 15:27    1,846,400    ----a-w    C:\WINDOWS\system32\win32k.sys
2008-09-14 18:47    ---------    d-----w    C:\Programmer\MSN Messenger
2008-09-08 10:41    333,824    ----a-w    C:\WINDOWS\system32\drivers\srv.sys
2008-08-28 07:48    74,752    ----a-w    C:\WINDOWS\system32\msw3prt.dll
2008-08-28 07:48    104,960    ----a-w    C:\WINDOWS\system32\win32spl.dll
2008-08-26 08:27    826,368    ----a-w    C:\WINDOWS\system32\wininet.dll
2008-08-14 13:25    2,147,840    ----a-w    C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:25    2,026,496    ----a-w    C:\WINDOWS\system32\ntkrnlpa.exe
2007-12-18 13:33    47,360    ----a-w    C:\Documents and Settings\cmn\Application Data\pcouffin.sys
2008-03-11 10:01    56    --sh--r    C:\WINDOWS\system32\0144901BB3.sys
2008-03-11 10:01    13,146    --sha-w    C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((  snapshot@2008-10-26_15.15.49.81  )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-26 14:05:13    224,609    ----a-w    C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-10-26 15:34:27    224,606    ----a-w    C:\WINDOWS\system32\inetsrv\MetaBase.bin
- 2008-10-26 14:05:17    130,760    ----a-w    C:\WINDOWS\system32\perfc006.dat
+ 2008-10-26 15:34:36    130,760    ----a-w    C:\WINDOWS\system32\perfc006.dat
- 2008-10-26 14:05:17    108,378    ----a-w    C:\WINDOWS\system32\perfc009.dat
+ 2008-10-26 15:34:36    108,378    ----a-w    C:\WINDOWS\system32\perfc009.dat
- 2008-10-26 14:05:17    564,188    ----a-w    C:\WINDOWS\system32\perfh006.dat
+ 2008-10-26 15:34:36    564,188    ----a-w    C:\WINDOWS\system32\perfh006.dat
- 2008-10-26 14:05:17    523,684    ----a-w    C:\WINDOWS\system32\perfh009.dat
+ 2008-10-26 15:34:36    523,684    ----a-w    C:\WINDOWS\system32\perfh009.dat
+ 2008-10-26 15:30:32    16,384    ----atw    C:\WINDOWS\Temp\Perflib_Perfdata_1c4.dat
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB81C3DB-2DEA-4AE9-96B3-13E6661FF03B}]
2008-02-17 14:53    397312    --a------    C:\Programmer\Snap Shots\snapbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8CD8EA48-D284-477E-B6DF-85D1E39D855F}"= "C:\Programmer\Snap Shots\snapbar.dll" [2008-02-17 397312]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8CD8EA48-D284-477E-B6DF-85D1E39D855F}"= "C:\Programmer\Snap Shots\snapbar.dll" [2008-02-17 397312]

[HKEY_CLASSES_ROOT\clsid\{8cd8ea48-d284-477e-b6df-85d1e39d855f}]
[HKEY_CLASSES_ROOT\Snapbar.SnapShots.1]
[HKEY_CLASSES_ROOT\TypeLib\{F57712B7-CEDB-4C0E-915B-4BB043CEF769}]
[HKEY_CLASSES_ROOT\Snapbar.SnapShots]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Creative WebCam Tray"="C:\Programmer\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"GBMPro8Agent"="C:\Programmer\Genie-Soft\GBMPro8\GBMAgent.exe" [2008-01-27 230016]
"Nokia.PCSync"="C:\Programmer\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Programmer\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 143360]
"Adobe Photo Downloader"="C:\Programmer\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 155648]
"InCD"="C:\Programmer\Ahead\InCD\InCD.exe" [2006-03-23 1398272]
"Acrobat Assistant 8.0"="C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"VirtualDrive"="C:\Programmer\FarStone\VirtualDrive\VDTask.exe" [2007-07-17 159744]
"RAMDrive"="C:\Programmer\FarStone\VirtualDrive\VHD\RDTask.exe" [2007-03-02 135168]
"DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 497376]
"Ad-Watch"="C:\Programmer\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-09-26 2339840]
"V0330Mon.exe"="C:\WINDOWS\V0330Mon.exe" [2007-04-30 32768]
"avgnt"="C:\Programmer\Avira\Avira Premium Security Suite\avgnt.exe" [2008-07-17 266497]
"Flashget"="C:\Programmer\Rapidshare Downloader\RD.exe" [2007-03-27 1708032]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 8491008]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 81920]
"Share-to-Web Namespace Daemon"="C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"FlipViewer Library"="C:\Programmer\E-Book Systems\FlipViewer\FlipViewerLibrary.exe" [2007-10-25 386576]
"GBMPro8Agent"="C:\Programmer\Genie-Soft\GBMPro8\GBMAgent.exe" [2008-01-27 230016]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-02-16 282624]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 C:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2007-10-04 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\cmn\Menuen Start\Programmer\Start\
Adobe Gamma.lnk - C:\Programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Bluetooth Manager.lnk - C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-02-02 2756608]
Vinduet Status for Canon LBP3200.LNK - C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4LAK.EXE [2007-01-05 30720]
Windows-pc-s›gning.lnk - C:\Programmer\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Programmer\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmer\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
"VIDC.I420"= vdrcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programmer\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=
"C:\\Programmer\\Namo\\WebEditor 2006\\bin\\WebEditor.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\WINDOWS\\system32\\wupdmgr.exe"=
"C:\\Programmer\\Adobe\\Adobe Flash CS3\\Flash.exe"=
"C:\\Programmer\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Programmer\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Programmer\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Programmer\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Programmer\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmer\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 avfwot;avfwot;C:\WINDOWS\system32\DRIVERS\avfwot.sys [2008-05-08 71592]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;C:\Programmer\Avira\Avira Premium Security Suite\avfwsvc.exe [2008-07-17 344321]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;C:\Programmer\Avira\Avira Premium Security Suite\avmailc.exe [2008-07-17 164097]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;C:\Programmer\Avira\Avira Premium Security Suite\AVWEBGRD.EXE [2008-07-17 258305]
R2 AVEService;Avira Premium Security Suite MailGuard helper service;C:\Programmer\Avira\Avira Premium Security Suite\avesvc.exe [2008-07-17 41217]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Starttjeneste;C:\Programmer\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R3 avfwim;AvFw Packet Filter Miniport;C:\WINDOWS\system32\DRIVERS\avfwim.sys [2008-05-08 71464]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R3 V0330VID;WebCam Vista/Live! Cam Chat;C:\WINDOWS\system32\DRIVERS\V0330Vid.sys [2007-08-08 157696]
S3 KProcWatch;KProcWatch;C:\WINDOWS\system32\drivers\KProcWatch.sys [2006-02-23 8576]

*Newly Created Service* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder

2008-10-22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2008-10-25 C:\WINDOWS\Tasks\GBM - backup web-Full.job
- C:\Programmer\Genie-Soft\GBMPro8\GBM8.exe [2008-01-29 05:18]

2008-10-26 C:\WINDOWS\Tasks\GBM - New Backup Job-Full.job
- C:\Programmer\Genie-Soft\GBMPro8\GBM8.exe [2008-01-29 05:18]

2008-10-26 C:\WINDOWS\Tasks\SDMsgUpdate (SD).job
- C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe [2007-09-26 08:53]

2008-10-26 C:\WINDOWS\Tasks\User_Feed_Synchronization-{7783FD4B-D8FD-4281-905C-2C736F5F80B3}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 10:58]
.
.
------- Supplementary Scan -------
.
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: &Download All with Rapidshare Downloader - C:\Programmer\Rapidshare Downloader\jc_all.htm
O8 -: &Download with Rapidshare Downloader - C:\Programmer\Rapidshare Downloader\jc_link.htm
O8 -: Append to existing PDF - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert link target to Adobe PDF - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert link target to existing PDF - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert selected links to Adobe PDF - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Convert selected links to existing PDF - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: Convert selection to Adobe PDF - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert selection to existing PDF - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert to Adobe PDF - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Download with GetRight - C:\Programmer\GetRight\GRdownload.htm
O8 -: Download with GetRight Pro - C:\Programmer\GetRight\GRdownload.htm
O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 -: Open with GetRight Browser - C:\Programmer\GetRight\GRbrowse.htm
O8 -: Open with GetRight Pro Browser - C:\Programmer\GetRight\GRbrowse.htm

O16 -: {029FDBA6-3547-11D7-AA4C-0050BF051A00} - hxxp://downol.dr.dk/download/netradio/Rawflow.cab
C:\WINDOWS\Downloaded Program Files\Rawflow.ocx

- C:\WINDOWS\Downloaded Program Files\smsx.inf

O16 -: {B19FDE22-5907-4315-B558-1D537E86C3E1} - hxxp://www.flipviewer.com/exe/fv421.cab
C:\WINDOWS\Downloaded Program Files\httpfv.inf
C:\WINDOWS\Downloaded Program Files\httpfv.ini
C:\WINDOWS\Downloaded Program Files\httpfv.exe

O16 -: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
C:\WINDOWS\Downloaded Program Files\e-Safekey.inf
C:\WINDOWS\Downloaded Program Files\e-Safekey.dll

O16 -: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://87.54.59.228/activex/AMC.cab
C:\WINDOWS\Downloaded Program Files\setup.inf

O16 -: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} - hxxp://remote.compusoft.dk/inquiero/mod/setup/ntractivex118_24.cab
C:\WINDOWS\Downloaded Program Files\ntractivex118.inf
C:\WINDOWS\Downloaded Program Files\ntractivex118.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 23:14:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-26 23:15:55
ComboFix-quarantined-files.txt  2008-10-26 22:15:45
ComboFix2.txt  2008-10-26 14:16:47

Pre-Run: 21,278,306,304 byte ledig
Post-Run: 21,482,131,456 byte ledig

233    --- E O F ---    2008-10-25 17:32:31


OG EN FOR TIDLIGERE

ComboFix 08-10-25.01 - cmn 2008-10-26 15:07:27.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1030.18.1356 [GMT 1:00]
Running from: C:\Documents and Settings\cmn\Skrivebord\ComboFix.exe

[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\cmn\Application Data\inst.exe
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\Cache
C:\WINDOWS\temp\perflib_perfdata_1cc.dat

.
(((((((((((((((((((((((((  Files Created from 2008-09-26 to 2008-10-26  )))))))))))))))))))))))))))))))
.

2008-10-26 14:15 . 2007-07-06 18:39    401,720    --a------    C:\Programmer\HJTrenamed.exe
2008-10-26 11:03 . 2008-10-26 11:03    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-10-26 11:03 . 2008-10-26 11:03    <DIR>    d--------    C:\Documents and Settings\cmn\Application Data\SUPERAntiSpyware.com
2008-10-26 11:03 . 2008-10-26 11:03    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-26 10:29 . 2008-10-26 10:29    <DIR>    d--------    C:\Programmer\CCleaner
2008-10-26 08:37 . 2008-10-26 08:37    <DIR>    d--------    C:\Programmer\HiddenFinder
2008-10-26 08:37 . 2006-02-23 22:03    8,576    --a------    C:\WINDOWS\system32\drivers\KProcWatch.sys
2008-10-24 04:40 . 2008-10-15 17:37    337,408    -----c---    C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-14 23:00 . 2008-09-08 11:41    333,824    -----c---    C:\WINDOWS\system32\dllcache\srv.sys
2008-10-14 22:59 . 2008-08-14 14:25    2,191,744    -----c---    C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-14 22:59 . 2008-08-14 14:25    2,147,840    -----c---    C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-14 22:59 . 2008-08-14 14:25    2,068,608    -----c---    C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-14 22:59 . 2008-08-14 14:25    2,026,496    -----c---    C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-14 22:59 . 2008-09-15 16:27    1,846,400    -----c---    C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-11 21:04 . 2008-10-11 21:04    <DIR>    d--------    C:\Programmer\Fælles filer\PCSuite
2008-10-11 21:04 . 2008-10-11 21:04    <DIR>    d--------    C:\Programmer\Fælles filer\Nokia
2008-10-11 21:03 . 2008-10-11 21:03    <DIR>    d--------    C:\Programmer\PC Connectivity Solution

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 13:16    ---------    d-----w    C:\Programmer\Rapidshare Downloader
2008-10-26 10:03    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-10-25 19:23    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2008-10-25 19:09    ---------    d-----w    C:\Programmer\Banner Maker Pro 6
2008-10-25 17:13    ---------    d-----w    C:\Documents and Settings\cmn\Application Data\PC Suite
2008-10-25 13:27    ---------    d-----w    C:\Documents and Settings\cmn\Application Data\Samsung
2008-10-25 13:17    ---------    d-----w    C:\Documents and Settings\cmn\Application Data\EBookSys
2008-10-15 10:40    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-11 20:04    ---------    d-----w    C:\Programmer\Nokia
2008-10-11 20:04    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Installations
2008-09-22 12:49    ---------    d-----w    C:\Documents and Settings\cmn\Application Data\DivX
2008-09-15 15:27    1,846,400    ----a-w    C:\WINDOWS\system32\win32k.sys
2008-09-14 18:47    ---------    d-----w    C:\Programmer\MSN Messenger
2008-09-08 10:41    333,824    ----a-w    C:\WINDOWS\system32\drivers\srv.sys
2008-08-28 07:48    74,752    ----a-w    C:\WINDOWS\system32\msw3prt.dll
2008-08-28 07:48    104,960    ----a-w    C:\WINDOWS\system32\win32spl.dll
2008-08-26 08:27    826,368    ----a-w    C:\WINDOWS\system32\wininet.dll
2008-08-14 13:25    2,147,840    ----a-w    C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:25    2,026,496    ----a-w    C:\WINDOWS\system32\ntkrnlpa.exe
2007-12-18 13:33    47,360    ----a-w    C:\Documents and Settings\cmn\Application Data\pcouffin.sys
2008-03-11 10:01    56    --sh--r    C:\WINDOWS\system32\0144901BB3.sys
2008-03-11 10:01    13,146    --sha-w    C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BB81C3DB-2DEA-4AE9-96B3-13E6661FF03B}]
2008-02-17 14:53    397312    --a------    C:\Programmer\Snap Shots\snapbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8CD8EA48-D284-477E-B6DF-85D1E39D855F}"= "C:\Programmer\Snap Shots\snapbar.dll" [2008-02-17 397312]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8CD8EA48-D284-477E-B6DF-85D1E39D855F}"= "C:\Programmer\Snap Shots\snapbar.dll" [2008-02-17 397312]

[HKEY_CLASSES_ROOT\clsid\{8cd8ea48-d284-477e-b6df-85d1e39d855f}]
[HKEY_CLASSES_ROOT\Snapbar.SnapShots.1]
[HKEY_CLASSES_ROOT\TypeLib\{F57712B7-CEDB-4C0E-915B-4BB043CEF769}]
[HKEY_CLASSES_ROOT\Snapbar.SnapShots]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Creative WebCam Tray"="C:\Programmer\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"GBMPro8Agent"="C:\Programmer\Genie-Soft\GBMPro8\GBMAgent.exe" [2008-01-27 230016]
"Nokia.PCSync"="C:\Programmer\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Programmer\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 143360]
"Adobe Photo Downloader"="C:\Programmer\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 155648]
"InCD"="C:\Programmer\Ahead\InCD\InCD.exe" [2006-03-23 1398272]
"Acrobat Assistant 8.0"="C:\Programmer\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"VirtualDrive"="C:\Programmer\FarStone\VirtualDrive\VDTask.exe" [2007-07-17 159744]
"RAMDrive"="C:\Programmer\FarStone\VirtualDrive\VHD\RDTask.exe" [2007-03-02 135168]
"DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 497376]
"Ad-Watch"="C:\Programmer\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe" [2007-09-26 2339840]
"V0330Mon.exe"="C:\WINDOWS\V0330Mon.exe" [2007-04-30 32768]
"avgnt"="C:\Programmer\Avira\Avira Premium Security Suite\avgnt.exe" [2008-07-17 266497]
"Flashget"="C:\Programmer\Rapidshare Downloader\RD.exe" [2007-03-27 1708032]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 8491008]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 81920]
"Share-to-Web Namespace Daemon"="C:\Programmer\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 57344]
"FlipViewer Library"="C:\Programmer\E-Book Systems\FlipViewer\FlipViewerLibrary.exe" [2007-10-25 386576]
"GBMPro8Agent"="C:\Programmer\Genie-Soft\GBMPro8\GBMAgent.exe" [2008-01-27 230016]
"QuickTime Task"="C:\Programmer\QuickTime\qttask.exe" [2007-02-16 282624]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 C:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2007-10-04 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\cmn\Menuen Start\Programmer\Start\
Adobe Gamma.lnk - C:\Programmer\F‘lles filer\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
Bluetooth Manager.lnk - C:\Programmer\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-02-02 2756608]
Vinduet Status for Canon LBP3200.LNK - C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4LAK.EXE [2007-01-05 30720]
Windows-pc-s›gning.lnk - C:\Programmer\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Programmer\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmer\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
"VIDC.I420"= vdrcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programmer\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=
"C:\\Programmer\\Namo\\WebEditor 2006\\bin\\WebEditor.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\WINDOWS\\system32\\wupdmgr.exe"=
"C:\\Programmer\\Adobe\\Adobe Flash CS3\\Flash.exe"=
"C:\\Programmer\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Programmer\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Programmer\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Programmer\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Programmer\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmer\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 avfwot;avfwot;C:\WINDOWS\system32\DRIVERS\avfwot.sys [2008-05-08 71592]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;C:\Programmer\Avira\Avira Premium Security Suite\avfwsvc.exe [2008-07-17 344321]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;C:\Programmer\Avira\Avira Premium Security Suite\avmailc.exe [2008-07-17 164097]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;C:\Programmer\Avira\Avira Premium Security Suite\AVWEBGRD.EXE [2008-07-17 258305]
R2 AVEService;Avira Premium Security Suite MailGuard helper service;C:\Programmer\Avira\Avira Premium Security Suite\avesvc.exe [2008-07-17 41217]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Starttjeneste;C:\Programmer\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R3 avfwim;AvFw Packet Filter Miniport;C:\WINDOWS\system32\DRIVERS\avfwim.sys [2008-05-08 71464]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R3 V0330VID;WebCam Vista/Live! Cam Chat;C:\WINDOWS\system32\DRIVERS\V0330Vid.sys [2007-08-08 157696]
S3 KProcWatch;KProcWatch;C:\WINDOWS\system32\drivers\KProcWatch.sys [2006-02-23 8576]
.
Contents of the 'Scheduled Tasks' folder

2008-10-22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programmer\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2008-10-25 C:\WINDOWS\Tasks\GBM - backup web-Full.job
- C:\Programmer\Genie-Soft\GBMPro8\GBM8.exe [2008-01-29 05:18]

2008-10-25 C:\WINDOWS\Tasks\GBM - New Backup Job-Full.job
- C:\Programmer\Genie-Soft\GBMPro8\GBM8.exe [2008-01-29 05:18]

2008-10-26 C:\WINDOWS\Tasks\SDMsgUpdate (SD).job
- C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe [2007-09-26 08:53]

2008-10-25 C:\WINDOWS\Tasks\User_Feed_Synchronization-{7783FD4B-D8FD-4281-905C-2C736F5F80B3}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 10:58]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-Nokia.PCSync - C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe


.
------- Supplementary Scan -------
.
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: &Download All with Rapidshare Downloader - C:\Programmer\Rapidshare Downloader\jc_all.htm
O8 -: &Download with Rapidshare Downloader - C:\Programmer\Rapidshare Downloader\jc_link.htm
O8 -: Append to existing PDF - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert link target to Adobe PDF - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert link target to existing PDF - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert selected links to Adobe PDF - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Convert selected links to existing PDF - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: Convert selection to Adobe PDF - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert selection to existing PDF - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert to Adobe PDF - C:\Programmer\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Download with GetRight - C:\Programmer\GetRight\GRdownload.htm
O8 -: Download with GetRight Pro - C:\Programmer\GetRight\GRdownload.htm
O8 -: E&ksporter til Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 -: Open with GetRight Browser - C:\Programmer\GetRight\GRbrowse.htm
O8 -: Open with GetRight Pro Browser - C:\Programmer\GetRight\GRbrowse.htm

O16 -: {029FDBA6-3547-11D7-AA4C-0050BF051A00} - hxxp://downol.dr.dk/download/netradio/Rawflow.cab
C:\WINDOWS\Downloaded Program Files\Rawflow.ocx

- C:\WINDOWS\Downloaded Program Files\smsx.inf

O16 -: {B19FDE22-5907-4315-B558-1D537E86C3E1} - hxxp://www.flipviewer.com/exe/fv421.cab
C:\WINDOWS\Downloaded Program Files\httpfv.inf
C:\WINDOWS\Downloaded Program Files\httpfv.ini
C:\WINDOWS\Downloaded Program Files\httpfv.exe

O16 -: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
C:\WINDOWS\Downloaded Program Files\e-Safekey.inf
C:\WINDOWS\Downloaded Program Files\e-Safekey.dll

O16 -: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://87.54.59.228/activex/AMC.cab
C:\WINDOWS\Downloaded Program Files\setup.inf

O16 -: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} - hxxp://remote.compusoft.dk/inquiero/mod/setup/ntractivex118_24.cab
C:\WINDOWS\Downloaded Program Files\ntractivex118.inf
C:\WINDOWS\Downloaded Program Files\ntractivex118.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 15:12:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-26 15:16:46
ComboFix-quarantined-files.txt  2008-10-26 14:16:08

Pre-Run: 20,991,737,856 byte ledig
Post-Run: 21,497,884,672 byte ledig

223    --- E O F ---    2008-10-25 17:32:31