problem med browser hijacker

du skal nok slå systemgendannelse fra - lade mailwarebytes fjerne den + en virusscanning og genstarte.

efter genstart oprette et gendannelsestidspunkt.

jeg kan ikke vide det men sådan ville jeg gøre.

andre forslag

... for en go' ordens skyld; stik os/mig en HiJackThis ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

(Jooo - jeg har 'virus' på hjernen...)
Ikke nødvendigvis pga virus ell. lign. men så ka' jeg se hvad der er i din opstart mm.

Mht.: Vista - HøjreMusseTast på *.EXE filen - Kør som Administrator...

------------------

... og må vi se loggen fra omtalte [Malwarebytes Anti-Malware] ?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33:38, on 23-01-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Users\Dennis Dietrich\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lookanddiscover.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETVÆRKSTJENESTE')
O4 - Global Startup: winsched.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: *.danskebank.dk
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?AuthParam=1228930859_fa2407c341d6d2eaa543b704adf240cf&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&File=jinstall-6u11-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 5428 bytes




Malwarebytes' Anti-Malware 1.33
Database version: 1683
Windows 6.0.6001 Service Pack 1

23-01-2009 21:27:42
mbam-log-2009-01-23 (21-27-42).txt

Skan type: Fuldstændig skanning (C:\|I:\|)
Objekter skannet: 118068
Tid tilbagelagt: 1 hour(s), 32 minute(s), 16 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 0
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 1
Inficerede Mapper: 0
Inficerede Filer: 0

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Nøgler:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase Filer:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page\Start Page (Hijack.Homepage) -> Bad: (http://www.lookanddiscover.com/) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Inficerede Mapper:
(Ingen mistænkelige filer fundet)

Inficerede Filer:
(Ingen mistænkelige filer fundet)

Der blev 'fixet' noget - hvordan kører PC'en så nu ?

den har stadig den browser hijacker.....

Lige en pakke mere ->

-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe  indeholder en virus.. min bullguard sletter filen (trojan.generic.1401683). det andet link virker ikke

Hmmm... det tror jeg nu er 'falsk alarm'...
ComboFix bliver ændre/forbedret tit/dagligt så det _kan_ være at der nu er en signatur som Bullguard opfatter som farlig...

MIDLERDIGT disable Bullguard og kør igen...

jeg kan ikke køre programet på vista. den nægter mig adgang.

og bullguard finder denne fil igen efter jeg startede programet op

Malware:    Trojan.Generic.1401683
    C:\Users\ddi\Desktop\ComboFix.exe

jeg fant et nyt link på www.arlet.dk og fik hentet programet uden bøvl med bullguard. programmet er igang og log kommer efter.

Altså én af disse ->
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

(NB: Det _kan_ være en ældre version...)

Mht Vista - HøjreMusseTast - "Kør som Administrator..."

ComboFix 09-01-21.04 - ddi 2009-01-26 21:20:15.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.1.1030.18.2815.1825 [GMT 1:00]
Kører fra: c:\users\ddi\Desktop\ComboFix.exe
AV: BullGuard Antivirus *On-access scanning enabled* (Updated)
FW: BullGuard Firewall *enabled*
* Dannede nyt systemgendannelsespunkt
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\winsched.exe

.
(((((((((((((((((((((((((((((  Filer skabt fra 2008-12-26 til 2009-01-26  )))))))))))))))))))))))))))))))))))
.

2009-01-14 02:12 . 2008-12-16 03:42    288,768    --a------    c:\windows\System32\drivers\srv.sys
2009-01-11 15:52 . 2009-01-12 02:19    <DIR>    d--------    c:\users\ddi\AppData\Roaming\Download Manager
2009-01-11 15:10 . 2008-12-24 16:16    401,720    --a------    c:\users\ddi\HiJackThis.exe
2009-01-01 16:56 . 1999-12-17 10:13    86,016    --a------    c:\windows\unvise32.exe
2009-01-01 16:55 . 2009-01-01 16:56    <DIR>    d--------    c:\program files\Postal2STP

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-26 20:18    ---------    d-----w    c:\users\ddi\AppData\Roaming\Azureus
2009-01-26 20:08    ---------    d-----w    c:\programdata\BullGuard
2009-01-26 20:07    ---------    d-----w    c:\users\ddi\AppData\Roaming\BullGuard
2009-01-25 20:11    ---------    d-----w    c:\programdata\NVIDIA
2009-01-23 20:30    55,504    ----a-w    c:\windows\system32\drivers\BdFileSpy.sys
2009-01-22 18:09    ---------    d-----w    c:\program files\Malwarebytes' Anti-Malware
2009-01-14 15:11    38,496    ----a-w    c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 15:11    15,504    ----a-w    c:\windows\system32\drivers\mbam.sys
2009-01-14 02:02    ---------    d-----w    c:\program files\Windows Mail
2008-12-24 14:06    ---------    d-----w    c:\programdata\DVD Shrink
2008-12-23 18:15    ---------    d-----w    c:\programdata\Microsoft Help
2008-12-23 16:32    ---------    d-----w    c:\program files\Microsoft Works
2008-12-23 16:31    ---------    d-----w    c:\program files\Microsoft.NET
2008-12-23 15:41    ---------    d-----w    c:\program files\Bonjour
2008-12-22 21:45    ---------    d-----w    c:\users\ddi\AppData\Roaming\Apple Computer
2008-12-22 21:45    ---------    d-----w    c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-22 21:45    ---------    d-----w    c:\program files\iTunes
2008-12-22 21:44    ---------    d-----w    c:\programdata\Apple Computer
2008-12-22 21:44    ---------    d-----w    c:\program files\QuickTime
2008-12-22 21:44    ---------    d-----w    c:\program files\iPod
2008-12-22 21:44    ---------    d-----w    c:\program files\Common Files\Apple
2008-12-22 21:42    ---------    d-----w    c:\program files\Apple Software Update
2008-12-22 21:41    ---------    d-----w    c:\programdata\Apple
2008-12-16 07:09    ---------    d-----w    c:\programdata\WindowsSearch
2008-12-15 21:59    ---------    d-----w    c:\programdata\e-Safekey
2008-12-13 12:56    ---------    d-----w    c:\users\ddi\AppData\Roaming\BSplayer
2008-12-13 02:00    ---------    d-----w    c:\program files\MSXML 4.0
2008-12-12 22:44    ---------    d-----w    c:\users\ddi\AppData\Roaming\vlc
2008-12-12 22:40    ---------    d-----w    c:\program files\DVD Shrink
2008-12-12 22:36    ---------    d-----w    c:\users\ddi\AppData\Roaming\BSplayer Pro
2008-12-12 22:36    ---------    d-----w    c:\program files\Webteh
2008-12-12 22:35    ---------    d-----w    c:\program files\VideoLAN
2008-12-12 22:35    ---------    d-----w    c:\program files\SLD Codec Pack
2008-12-12 22:34    ---------    d-----w    c:\program files\Haali
2008-12-12 22:33    ---------    d-----w    c:\program files\DVD Decrypter
2008-12-12 21:57    ---------    d-----w    c:\programdata\Skype
2008-12-12 21:02    ---------    d-----w    c:\users\ddi\AppData\Roaming\Malwarebytes
2008-12-12 21:02    ---------    d-----w    c:\programdata\Malwarebytes
2008-12-12 10:18    87,336    ----a-w    c:\windows\System32\dns-sd.exe
2008-12-12 10:11    61,440    ----a-w    c:\windows\System32\dnssd.dll
2008-12-10 21:55    ---------    dcsh--w    c:\program files\Common Files\WindowsLiveInstaller
2008-12-10 21:55    ---------    d-----w    c:\program files\Windows Live
2008-12-10 21:51    ---------    d-----w    c:\programdata\WLInstaller
2008-12-10 21:41    174    --sha-w    c:\program files\desktop.ini
2008-12-10 21:34    ---------    d-----w    c:\program files\Windows Sidebar
2008-12-10 21:34    ---------    d-----w    c:\program files\Windows Calendar
2008-12-10 21:33    ---------    d-----w    c:\program files\Windows Photo Gallery
2008-12-10 21:33    ---------    d-----w    c:\program files\Windows Journal
2008-12-10 21:33    ---------    d-----w    c:\program files\Windows Defender
2008-12-10 21:33    ---------    d-----w    c:\program files\Windows Collaboration
2008-12-10 20:34    101,888    ----a-w    c:\windows\System32\ifxcardm.dll
2008-12-10 20:33    82,432    ----a-w    c:\windows\System32\axaltocm.dll
2008-12-10 19:06    269,312    ----a-w    c:\windows\System32\es.dll
2008-12-10 18:14    ---------    d-----w    c:\program files\Runtime Software
2008-12-10 17:49    ---------    d-----w    c:\programdata\Azureus
2008-12-10 17:47    ---------    d-----w    c:\program files\Vuze
2008-12-10 17:41    410,984    ----a-w    c:\windows\System32\deploytk.dll
2008-12-10 17:41    ---------    d-----w    c:\program files\Java
2008-12-09 22:13    61,440    ----a-w    c:\windows\System32\winipsec.dll
2008-12-09 22:13    361,984    ----a-w    c:\windows\System32\IPSECSVC.DLL
2008-12-09 22:13    28,672    ----a-w    c:\windows\System32\FwRemoteSvr.dll
2008-12-09 22:13    272,896    ----a-w    c:\windows\System32\polstore.dll
2008-12-09 22:09    94,720    ----a-w    c:\windows\System32\PortableDeviceClassExtension.dll
2008-12-09 22:09    241,152    ----a-w    c:\windows\System32\PortableDeviceApi.dll
2008-12-09 22:09    160,768    ----a-w    c:\windows\System32\PortableDeviceTypes.dll
2008-12-09 22:02    428,544    ----a-w    c:\windows\System32\EncDec.dll
2008-12-09 22:02    293,376    ----a-w    c:\windows\System32\psisdecd.dll
2008-12-09 21:57    296,960    ----a-w    c:\windows\System32\gdi32.dll
2008-12-09 21:56    212,480    ----a-w    c:\windows\system32\drivers\mrxsmb10.sys
2008-12-09 21:54    541,696    ----a-w    c:\windows\AppPatch\AcLayers.dll
2008-12-09 21:54    52,736    ----a-w    c:\windows\AppPatch\iebrshim.dll
2008-12-09 21:54    460,288    ----a-w    c:\windows\AppPatch\AcSpecfc.dll
2008-12-09 21:54    4,240,384    ----a-w    c:\windows\System32\GameUXLegacyGDFs.dll
2008-12-09 21:54    28,672    ----a-w    c:\windows\System32\Apphlpdm.dll
2008-12-09 21:54    2,560    ----a-w    c:\windows\AppPatch\AcRes.dll
2008-12-09 21:54    2,154,496    ----a-w    c:\windows\AppPatch\AcGenral.dll
2008-12-09 21:54    173,056    ----a-w    c:\windows\AppPatch\AcXtrnal.dll
2008-12-09 21:54    1,695,744    ----a-w    c:\windows\System32\gameux.dll
2008-12-09 21:53    303,616    ----a-w    c:\windows\System32\wmpeffects.dll
2008-12-09 21:52    2,048    ----a-w    c:\windows\System32\msxml3r.dll
2008-12-09 21:52    2,032,640    ----a-w    c:\windows\System32\win32k.sys
2008-12-09 21:52    1,191,936    ----a-w    c:\windows\System32\msxml3.dll
2008-12-09 21:48    2,048    ----a-w    c:\windows\System32\tzres.dll
2008-12-09 21:43    2,927,104    ----a-w    c:\windows\explorer.exe
2008-12-09 21:39    827,392    ----a-w    c:\windows\System32\wininet.dll
2008-12-09 21:36    9,847,296    ----a-w    c:\windows\System32\NlsData000a.dll
2008-12-09 21:34    988,216    ----a-w    c:\windows\System32\winload.exe
2008-12-09 21:34    927,288    ----a-w    c:\windows\System32\winresume.exe
2008-12-09 21:34    615,992    ----a-w    c:\windows\System32\ci.dll
2008-12-09 21:34    6,656    ----a-w    c:\windows\System32\kbd106n.dll
2008-12-09 21:34    46,592    ----a-w    c:\windows\System32\setbcdlocale.dll
2008-12-09 21:34    40,960    ----a-w    c:\windows\System32\srclient.dll
2008-12-09 21:34    378,368    ----a-w    c:\windows\System32\srcore.dll
2008-12-09 21:34    318,464    ----a-w    c:\windows\System32\rstrui.exe
2008-12-09 21:34    19,000    ----a-w    c:\windows\System32\kd1394.dll
2008-12-09 21:34    14,848    ----a-w    c:\windows\System32\srdelayed.exe
2008-12-09 21:31    712,704    ----a-w    c:\windows\System32\WindowsCodecs.dll
2008-12-09 21:31    425,472    ----a-w    c:\windows\System32\PhotoMetadataHandler.dll
2008-12-09 21:31    347,136    ----a-w    c:\windows\System32\WindowsCodecsExt.dll
2008-12-09 21:29    443,392    ----a-w    c:\windows\System32\win32spl.dll
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2009-01-22 304464]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-08-01 547360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-01 92704]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-02 6335008]
"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\bullguard.exe" [2009-01-22 304464]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-10 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3282772502-311691218-292615738-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{542DC000-07CA-4661-8154-AD1C20A6810C}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{AB8A051F-DAC7-453B-8F1C-13C8CF79DE9E}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{CD0EA6EA-AEA8-4193-8794-47954AB4A2EB}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7AF6A2AC-F5E3-4D97-996A-70CDB2FDB6E6}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{B0261F3C-447E-441D-82B4-AE1AC9313761}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{868C4944-3142-4CFE-ABB2-F3F6F206BFF0}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1AA2AED8-3283-44D6-9DAF-CEE01F6A4197}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4AF2E6AD-CAEA-4FAB-9A02-489AD5529C4D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0484FFB7-C17C-4484-8C25-015B8D76DA00}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R1 afw;Agnitum Firewall Driver;c:\windows\System32\drivers\afw.sys [2008-11-10 28696]
R3 AfwCore;Agnitum Firewall Core Driver;c:\windows\System32\drivers\AfwCore.sys [2008-12-09 263192]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-08-05 44576]
R3 Reconn;BullGuard Email Monitor;c:\program files\BullGuard Ltd\BullGuard\Reconn.sys [2008-07-29 16984]
R4 BdFileSpy;BullGuard File Monitor Driver;c:\windows\System32\drivers\BdFileSpy.sys [2008-12-09 55504]
R4 BsFileScan;BullGuard File Scan Service;c:\windows\System32\svchost.exe -k BullGuard [2008-12-10 21504]
R4 BsFire;BullGuard Firewall Service;c:\windows\System32\svchost.exe -k BullGuard [2008-12-10 21504]
R4 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\System32\svchost.exe -k BullGuard [2008-12-10 21504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard    REG_MULTI_SZ      BgMainSvc BsFileScan BsMailProxy BsFire
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.google.dk/
uInternet Settings,ProxyOverride = *.local
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: danskebank.dk
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-26 21:22:23
Windows 6.0.6001 Service Pack 1 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
Gennemført tid: 2009-01-26 21:24:15
ComboFix-quarantined-files.txt  2009-01-26 20:24:13

Pre-Kørsel: 110.986.231.808 byte ledig
Post-Kørsel: 111,110,950,912 byte ledig

196    --- E O F ---    2009-01-19 22:50:48

c:\programdata\Azureus
c:\program files\vuze\azureus.exe

???

I altså hvor har jeg altså nogle gange lade folk sejle i deres egen så når de leger med P2P programmer. Eller rettere reslutater derfra!!!Og så lade programmet få frit forbindelse igennem firewall mm.
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284

AFINSTALL
* Azureus
OG HVAD DU ELLERS MÅTTE HAVE AF DEN SLAGS PROGRAMMER.

...