Hijackthis tjek

Jo - den er jo helt gal!!!

Nemlig med din opfølgning på dine tidligere spørgsmål -> http://www.eksperten.dk/list/spoergsmaal/enriko (Dem der ikke er grønne)

http://www.eksperten.dk/faq#faq-3

---

... er der nogen grund til at du ikke har instaleret M$ Servicepack3 + efterfølgende mange opdateringer fra WindowsUpdate ???

Ved du selv hvad dette er ->
* [Internet Today Task]
*  QuestService Service

---

Hent og instalér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/manual-for-installation-og-brug-af-ccleaner/
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.
http://vistaguide.dk/?Artikler/CCleaner-GuideTilOptimeringAfVista/763
Lad programmet foretage en oprydning...

--------

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

Den her pc tilhører min veninde, og hun havde ikke en antirus program der virkede overhovedet , så det har gjort at hendes blev flyldt på spyware og virusser osv, men når det er renses så skal vi installer SP3



Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

29-12-2009 01:32:04
mbam-log-2009-12-29 (01-32-04).txt

Skan type: Hurtig skanning
Objekter skannet: 155122
Tid tilbagelagt: 11 minute(s), 41 second(s)

Inficerede Hukommelses Processer: 2
Inficerede Hukommelses Moduler: 1
Inficerede Registeringsdatabase Nøgler: 41
Inficerede Registeringsdatabase Værdier: 4
Inficerede Registeringsdatabase Filer: 1
Inficerede Mapper: 52
Inficerede Filer: 244

Inficerede Hukommelses Processer:
C:\Documents and Settings\All Users\Application Data\QuestService\questservice131.exe (Adware.DoubleD) -> Unloaded process successfully.
C:\Programmer\QuestService\questservice.exe (Adware.DoubleD) -> Unloaded process successfully.

Inficerede Hukommelses Moduler:
C:\Programmer\QuestService\questservice.dll (Adware.DoubleD) -> Delete on reboot.

Inficerede Registeringsdatabase Nøgler:
HKEY_CLASSES_ROOT\explorerbar.cmw (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{f5b8c69c-9b45-4a6a-9380-df225c546ae7} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{629cd6c2-e4c5-4554-aeb8-12e4e2cd40ff} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.cmw.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.tcp (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{2a743834-05f4-4ed4-8a1c-41332b10ac0c} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1081d532-7de4-40bd-b912-388fa6b27c78} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.tcp.1 (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{565dd573-549e-4da9-8cd7-6ae3df25339a} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d74e9dd-8987-448b-b2cb-67fff2b8a932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3de88beb-f271-484a-ba71-01d30f439f0c} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{50ad41d2-b1f0-47cc-9ea7-395355eaeebd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8ceb185e-81a5-46d3-bc20-c555d605afbd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a72522ba-9ff3-4c83-abc6-9b476728a396} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5762628-ae15-4ca6-96c4-b00dd17f3419} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d062e03e-65ca-49e4-9b15-31938ba98922} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{b72681c0-a222-4b21-a0e2-53a5a5ca3d411} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\questservice (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AppDataLow\SOFTWARE\Internet Today (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Automated Content Enhancer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Customized Platform Advancer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Web Search Operator (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\QuestService Service (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Automated Content Enhancer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Customized Platform Advancer (Adware.DoubleD) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{8141440e-08f0-4339-9959-5c31c6a69f23} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e63605fc-d583-4c81-867f-9457bdb3ea1b} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{e889f097-b0be-471b-89ad-b86b6f04b506} (Adware.DoubleD) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Filer:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Inficerede Mapper:
C:\Documents and Settings\Compaq_Ejer\Application Data\RegSweep (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\RegSweep\Log (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Data (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Loader (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Loader\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Updater\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Programmer\Advantage (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Programmer\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302} (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Programmer\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Programmer\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Programmer\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Programmer\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Programmer\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Programmer\Internet Today\1.1.0.1090 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Internet Today (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Web Search Operator (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Web Search Operator\3.1.0.1800 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Web Search Operator\3.1.0.1800\Data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Web Search Operator\3.1.0.1800\FF (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Web Search Operator\3.1.0.1800\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Web Search Operator\3.1.0.1800\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Web Search Operator\3.1.0.1800\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Textual Content Provider (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Textual Content Provider\1.1.0.1380 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Textual Content Provider\1.1.0.1380\data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Automated Content Enhancer\4.1.0.5050 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Automated Content Enhancer\4.1.0.5050\Data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Automated Content Enhancer\4.1.0.5050\FF (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Automated Content Enhancer\4.1.0.5050\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Automated Content Enhancer\4.1.0.5050\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Automated Content Enhancer\4.1.0.5050\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Content Management Wizard\1.1.0.1820 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Automated Content Enhancer (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Customized Platform Advancer (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Customized Platform Advancer\3.1.0.1540 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Customized Platform Advancer\3.1.0.1540\Data (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Customized Platform Advancer\3.1.0.1540\FF (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Customized Platform Advancer\3.1.0.1540\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Customized Platform Advancer\3.1.0.1540\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Customized Platform Advancer\3.1.0.1540\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Content Management Wizard (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\QuestService (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Programmer\QuestService (Adware.DoubleD) -> Delete on reboot.

Inficerede Filer:
C:\Programmer\Content Management Wizard\1.1.0.1820\CMWIE.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Textual Content Provider\1.1.0.1380\TCPIE.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Automated Content Enhancer\4.1.0.5050\ACEIEAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Customized Platform Advancer\3.1.0.1540\CPAIEAddOn.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\RegSweep\Errors.stg (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\RegSweep\Results.stg (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\RegSweep\Log\2007 Jun 15 - 01_08_38 PM.log (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\RegSweep\Log\2007 Jun 15 - 01_08_39 PM.log (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\RegSweep\Log\2007 Jun 15 - 01_23_28 PM.log (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\RegSweep\Log\2007 Jun 15 - 01_23_29 PM.log (Rogue.RegSweep) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Uninstall.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Data\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Loader\loader.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Updater\updater.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Updater\VideoEggBroker.exe.old (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Updater\4665\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Ejer\Application Data\VideoEgg\Updater\4665\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Programmer\Advantage\AdVantage.cch (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Programmer\Advantage\AdVantage.db (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Programmer\Advantage\ffext.mod (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Programmer\Advantage\user.db (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Programmer\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Programmer\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\advantage.png (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Programmer\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\vssver2.scc (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Programmer\Internet Today\1.1.0.1090\InternetToday.ico (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Internet Today\1.1.0.1090\InternetToday.skf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Internet Today\1.1.0.1090\mfc80.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Internet Today\1.1.0.1090\Microsoft.VC80.CRT.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Internet Today\1.1.0.1090\Microsoft.VC80.MFC.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Internet Today\1.1.0.1090\msvcr80.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Internet Today\1.1.0.1090\SkinCrafterDll.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Internet Today\1.1.0.1090\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Internet Today\1.1.0.1090\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Web Search Operator\3.1.0.1800\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Web Search Operator\3.1.0.1800\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Web Search Operator\3.1.0.1800\WSO.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Web Search Operator\3.1.0.1800\WSOCommon.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Web Search Operator\3.1.0.1800\wsopx.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Web Search Operator\3.1.0.1800\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Web Search Operator\3.1.0.1800\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Web Search Operator\3.1.0.1800\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Web Search Operator\3.1.0.1800\FF\chrome\WSOAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Web Search Operator\3.1.0.1800\FF\chrome\content\WSOAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Web Search Operator\3.1.0.1800\FF\chrome\content\WSOAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Web Search Operator\3.1.0.1800\FF\components\WSOFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Web Search Operator\3.1.0.1800\FF\components\WSOFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Web Search Operator\3.1.0.1800\FF\components\WSOFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Textual Content Provider\1.1.0.1380\tcppx.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Textual Content Provider\1.1.0.1380\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Textual Content Provider\1.1.0.1380\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Textual Content Provider\1.1.0.1380\data\pxtmpdata.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Textual Content Provider\1.1.0.1380\data\TP_Config.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Textual Content Provider\1.1.0.1380\data\TP_Data.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Automated Content Enhancer\4.1.0.5050\ACECommon.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Automated Content Enhancer\4.1.0.5050\ACEIEAddOnSub.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Automated Content Enhancer\4.1.0.5050\ACEIEAddOnSubL.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Automated Content Enhancer\4.1.0.5050\acepx.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Automated Content Enhancer\4.1.0.5050\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Automated Content Enhancer\4.1.0.5050\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Automated Content Enhancer\4.1.0.5050\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Automated Content Enhancer\4.1.0.5050\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Automated Content Enhancer\4.1.0.5050\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Automated Content Enhancer\4.1.0.5050\FF\chrome\ACEAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Automated Content Enhancer\4.1.0.5050\FF\chrome\content\ACEAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Automated Content Enhancer\4.1.0.5050\FF\chrome\content\ACEAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Automated Content Enhancer\4.1.0.5050\FF\components\ACEFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Automated Content Enhancer\4.1.0.5050\FF\components\ACEFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Automated Content Enhancer\4.1.0.5050\FF\components\ACEFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Content Management Wizard\1.1.0.1820\cmwpx.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Content Management Wizard\1.1.0.1820\cmwsh.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Content Management Wizard\1.1.0.1820\config.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Content Management Wizard\1.1.0.1820\data.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Content Management Wizard\1.1.0.1820\exclude.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Content Management Wizard\1.1.0.1820\MatchingData.zd5 (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Content Management Wizard\1.1.0.1820\pxtmpdata.mx (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Content Management Wizard\1.1.0.1820\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Content Management Wizard\1.1.0.1820\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Customized Platform Advancer\3.1.0.1540\CPACommon.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Customized Platform Advancer\3.1.0.1540\CPAHelper.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Customized Platform Advancer\3.1.0.1540\CPAIEAddOnSub.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Customized Platform Advancer\3.1.0.1540\CPAIEAddOnSubL.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Customized Platform Advancer\3.1.0.1540\unins000.dat (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Customized Platform Advancer\3.1.0.1540\unins000.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Customized Platform Advancer\3.1.0.1540\Data\config.md (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Customized Platform Advancer\3.1.0.1540\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Customized Platform Advancer\3.1.0.1540\FF\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Customized Platform Advancer\3.1.0.1540\FF\chrome\CPAAddOn.jar (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Customized Platform Advancer\3.1.0.1540\FF\chrome\content\CPAAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Customized Platform Advancer\3.1.0.1540\FF\chrome\content\CPAAddOn.xul (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Customized Platform Advancer\3.1.0.1540\FF\components\CPAFFAddOn.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Customized Platform Advancer\3.1.0.1540\FF\components\CPAFFAddOn.xpt (Adware.Agent) -> Quarantined and deleted successfully.
C:\Programmer\Customized Platform Advancer\3.1.0.1540\FF\components\CPAFFHelperComponent.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\QuestService\questservice129.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\QuestService\questservice131.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Programmer\QuestService\questservice.dll (Adware.DoubleD) -> Delete on reboot.
C:\Programmer\QuestService\questservice.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Programmer\QuestService\uninstall.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Programmer\Mozilla Firefox\searchPlugins\questservice129.xml (Adware.DoubleD) -> Quarantined and deleted successfully.



*************************************

Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:36:17, on 29-12-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Programmer\Hp\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Messenger\msmsgs.exe
C:\Programmer\JustVoip.com\JustVoip\JustVoip.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\Programmer\DAEMON Tools Lite\DTLite.exe
C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmer\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmer\OpenOffice.org 3\program\soffice.exe
C:\Programmer\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmer\Skype\Plugin Manager\skypePM.exe
C:\Programmer\TeamViewer\Version4\TeamViewer.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programmer\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programmer\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmer\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [JustVoip] "C:\Programmer\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmer\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Programmer\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PalTalk.lnk = C:\Programmer\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: &Google Search - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Programmer\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Programmer\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programmer\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Programmer\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Programmer\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Tilslutningshjælp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Tilslutningshjælp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1259627035000
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 7878 bytes

Hold da fest - MalwareBytes fik en del at se til der !!!
Den længeste log jeg har set længe !!!

---

Generelt: Rent oprydnings mæssigt - Bruger du/hun
* [JustVoip]
* DAEMON Tools
* [Skype]
* Messenger (Den GAMLE version!)
* Paltalk Messenger

---

Eftercheck desuden her ->
http://kundeservice.tdc.dk/testcenter/

---

Husk M$ ServicePack3 til XP -> http://www.microsoft.com/downloads/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&displaylang=da + efterfølgende MANGE opdateringer fra WindowsUpdate !!!

ha hun bruger dem alle sammen , da vi ikke kan installer den seneste live messenger. we kan heller ikke downloade sp3 fra  igennem windows update da der stor siden kan ikke vises. Vi kan ikke engang logge på avast.com og downloade antivirus program derfra. men jeg måtte selv downloade til min og få det overført til hendes pc.

SP kan da hentes som selvstændig fil fra nævnte sted !!!

---

Men SÅ meget 'snavs' bør du også rulle denne pakke ->

-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

NB: Du må ikke døbe den Combofix.exe, men eksempelvis BANAN.exe

-- Kør så combofix.exe (BANAN.exe), som du hentede tidligere, og følg anvisningerne.

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

ComboFix 09-12-29.04 - Compaq_Ejer 29-12-2009  23:31:56.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.45.1030.18.446.109 [GMT 1:00]
Kører fra: c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Skrivebord\æbler.exe
AV: avast! antivirus 4.8.1368 [VPS 091227-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programmer\AskSearch\bin\DefaultSearch.dll
c:\programmer\winvi
c:\programmer\winvi\dsktp\AC_RunActiveContent.js
c:\programmer\winvi\dsktp\desktop.html
c:\programmer\winvi\dsktp\internetDetection.swf
c:\programmer\winvi\dsktp\settings.sol
c:\programmer\winvi\Uninst.exe
c:\programmer\winvi\version.ini
c:\recycler\S-1-5-21-2188247239-1476439941-3733671959-1008
c:\recycler\S-1-5-21-2209692479-3304722041-564669748-1008
c:\recycler\S-1-5-21-2373819670-2370809547-2251113747-1008
c:\recycler\S-1-5-21-2373819670-2370809547-2251113747-1009
c:\recycler\S-1-5-21-790525478-57989841-725345543-1003
C:\VDM13D.tmp
C:\VDM13E.tmp
C:\VDM1A.tmp
C:\VDM1B.tmp
C:\VDM30.tmp
C:\VDM31.tmp

.
(((((((((((((((((((((((((((((  Filer skabt fra 2009-11-28 til 2009-12-29  )))))))))))))))))))))))))))))))))))
.

2009-12-29 00:11 . 2009-12-29 00:11    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\Malwarebytes
2009-12-29 00:10 . 2009-12-03 15:14    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-29 00:10 . 2009-12-29 00:10    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-29 00:10 . 2009-12-29 00:11    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2009-12-29 00:10 . 2009-12-03 15:13    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-12-28 23:46 . 2009-11-24 23:49    48560    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2009-12-28 23:46 . 2009-11-24 23:48    23120    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2009-12-28 23:46 . 2009-11-24 23:47    27408    ----a-w-    c:\windows\system32\drivers\aavmker4.sys
2009-12-28 23:46 . 2009-11-24 23:47    97480    ----a-w-    c:\windows\system32\AvastSS.scr
2009-12-28 23:46 . 2009-11-24 23:50    20560    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2009-12-28 23:46 . 2009-11-24 23:50    114768    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2009-12-28 23:46 . 2009-11-24 23:51    93424    ----a-w-    c:\windows\system32\drivers\aswmon.sys
2009-12-28 23:46 . 2009-11-24 23:50    94160    ----a-w-    c:\windows\system32\drivers\aswmon2.sys
2009-12-28 23:45 . 2009-11-24 23:54    1280480    ----a-w-    c:\windows\system32\aswBoot.exe
2009-12-28 23:22 . 2009-12-28 23:22    --------    d-----w-    c:\programmer\CCleaner
2009-12-28 01:37 . 2009-12-28 01:37    --------    d-----w-    c:\programmer\Trend Micro
2009-12-24 15:43 . 2009-12-24 15:43    --------    d-----w-    c:\programmer\Fælles filer\Macrovision Shared
2009-12-24 15:42 . 2009-12-25 20:36    --------    d-----w-    c:\documents and settings\All Users\Application Data\Rosetta Stone
2009-12-24 15:42 . 2009-12-24 15:42    --------    d-----w-    c:\programmer\Rosetta Stone
2009-12-24 15:35 . 2009-12-29 00:43    --------    d-----w-    c:\programmer\DAEMON Tools Toolbar
2009-12-24 15:35 . 2009-12-24 15:35    691696    ----a-w-    c:\windows\system32\drivers\sptd.sys
2009-12-24 15:34 . 2009-12-24 15:36    --------    d-----w-    c:\programmer\DAEMON Tools Lite
2009-12-24 15:34 . 2009-12-24 15:48    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\DAEMON Tools Lite
2009-12-24 15:33 . 2009-12-24 15:34    --------    d-----w-    c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-12-23 22:11 . 2009-12-28 16:10    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\dvdcss
2009-12-23 09:51 . 2006-06-01 18:48    27648    ------w-    c:\windows\system32\dllcache\jgpl400.dll
2009-12-23 09:51 . 2006-06-01 18:48    163840    ------w-    c:\windows\system32\dllcache\jgdw400.dll
2009-12-23 09:50 . 2009-02-09 11:51    2060288    ------w-    c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-23 09:50 . 2009-02-09 11:51    2018304    ------w-    c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-23 09:50 . 2009-02-09 11:51    2183040    ------w-    c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-23 09:49 . 2009-02-09 11:51    2138624    ------w-    c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-21 18:37 . 2009-12-28 16:10    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\vlc
2009-12-21 17:03 . 2009-12-21 17:03    --------    d-----w-    c:\programmer\VideoLAN
2009-12-18 23:10 . 2009-12-18 23:10    138056    ----a-w-    c:\windows\system32\drivers\PnkBstrK.sys
2009-12-18 23:09 . 2009-12-18 23:09    189248    ----a-w-    c:\windows\system32\PnkBstrB.exe
2009-12-18 23:09 . 2009-12-18 23:09    75064    ----a-w-    c:\windows\system32\PnkBstrA.exe
2009-12-18 23:09 . 2009-12-18 23:09    2395944    ----a-w-    c:\windows\system32\pbsvc_heroes.exe
2009-12-18 23:09 . 2009-12-18 23:09    --------    d-----w-    c:\windows\system32\LogFiles
2009-12-03 06:34 . 2009-12-03 06:36    --------    d-----w-    C:\.SabsabiOnline_file_store_32
2009-12-01 23:58 . 2009-12-01 23:58    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\InterVideo
2009-12-01 00:24 . 2009-08-06 18:24    44768    ----a-w-    c:\windows\system32\wups2.dll
2009-11-30 23:54 . 2009-12-28 23:25    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\TeamViewer
2009-11-30 23:54 . 2009-11-30 23:54    --------    d-----w-    c:\programmer\TeamViewer
2009-11-30 23:52 . 2009-11-30 23:52    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\temp
2009-11-30 23:21 . 2009-11-30 23:21    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\Template

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-29 21:56 . 2009-11-28 00:05    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\Skype
2009-12-29 19:03 . 2008-08-22 19:15    --------    d-----w-    c:\programmer\Tales of Pirates Online
2009-12-29 16:11 . 2009-11-28 00:22    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\skypePM
2009-12-28 23:23 . 2008-02-20 21:50    --------    d-----w-    c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-28 14:27 . 2009-02-28 22:34    --------    d-----w-    c:\programmer\Norman
2009-12-28 01:00 . 2004-12-03 19:32    63404    ----a-w-    c:\windows\system32\perfc006.dat
2009-12-28 01:00 . 2004-12-03 19:32    396444    ----a-w-    c:\windows\system32\perfh006.dat
2009-12-28 00:44 . 2008-02-20 21:50    --------    d-----w-    c:\programmer\Spybot - Search & Destroy
2009-12-23 16:02 . 2006-04-14 00:01    --------    d-----w-    c:\programmer\MSN Messenger
2009-12-22 16:27 . 2005-01-02 07:40    --------    d-----w-    c:\programmer\Symantec
2009-12-22 13:03 . 2005-01-02 07:24    --------    d-----w-    c:\programmer\Fælles filer\Real
2009-12-22 13:01 . 2005-01-02 07:40    --------    d-----w-    c:\programmer\Fælles filer\Symantec Shared
2009-12-18 23:10 . 2009-12-18 23:10    138056    ----a-w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\PnkBstrK.sys
2009-12-18 22:29 . 2009-08-14 18:58    --------    d-----w-    c:\programmer\EA Games
2009-12-01 00:19 . 2009-11-26 23:49    --------    d-----w-    c:\programmer\Gameztar Toolbar
2009-11-30 23:36 . 2009-11-30 23:21    348    ----a-w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\wklnhst.dat
2009-11-29 18:17 . 2009-11-22 18:01    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\HpUpdate
2009-11-28 00:23 . 2009-11-28 00:23    56    ---ha-w-    c:\windows\system32\ezsidmv.dat
2009-11-27 15:08 . 2009-11-23 15:28    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\JustVoip
2009-11-23 17:08 . 2009-11-21 17:35    39896    ----a-w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-11-23 17:07 . 2009-11-23 17:07    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\Leadertech
2009-11-23 13:34 . 2009-11-23 13:34    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\HPQ
2009-11-23 06:23 . 2009-11-23 06:08    38    ----a-w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\jagex_runescape_preferences.dat
2009-11-23 06:23 . 2009-11-23 06:08    63    ----a-w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\jagex_runescape_preferences2.dat
2009-11-22 18:52 . 2009-11-22 18:52    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\AdobeUM
2009-11-22 18:48 . 2009-11-22 18:48    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\OpenOffice.org
2009-11-22 18:42 . 2009-03-03 16:43    --------    d-----w-    c:\programmer\OpenOffice.org 3
2009-11-22 18:01 . 2005-01-02 07:27    --------    d-----w-    c:\programmer\Hewlett-Packard
2009-11-22 00:56 . 2005-02-02 05:51    --------    d-----w-    c:\programmer\Fælles filer\Tjenester
2009-11-21 23:25 . 2008-11-24 20:44    --------    d-----w-    c:\documents and settings\All Users\Application Data\NOS
2009-11-21 17:42 . 2005-01-02 07:40    --------    d-----w-    c:\documents and settings\All Users\Application Data\Symantec
2009-11-21 17:21 . 2009-11-21 17:21    411368    ----a-w-    c:\windows\system32\deploytk.dll
2009-11-21 17:17 . 2009-11-21 17:17    1830    --sha-r-    c:\windows\system32\drivers\103C_HP_CPC_EP148AA-B1V SR1719ND EL610_YC_0Pres_QCZB604_E61DKheRED1_48_IAMETHYST-M_SMSI_V1.0_B3.43_T060112_WXH2_L406_M447_J200_7AMD_8Athlon 64_92.19_#060411_N10EC8139_Z_G10025954_OTSSTcorp CD DVDW TS-H552D_DHWP2678.MRK
2009-11-21 17:16 . 2009-11-21 17:15    160    ----a-w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Lokale indstillinger\Application Data\fusioncache.dat
2009-11-21 14:37 . 2009-09-12 22:00    --------    d-----w-    c:\documents and settings\yonases\Application Data\Skype
2009-11-21 09:46 . 2009-09-25 17:16    --------    d-----w-    c:\documents and settings\yonases\Application Data\skypePM
2009-11-21 00:13 . 2009-03-01 12:50    --------    d-----w-    c:\programmer\Windows Live
2009-11-19 13:14 . 2009-09-08 19:38    6414    ----a-w-    c:\documents and settings\yonases\Application Data\wklnhst.dat
2009-11-18 21:21 . 2006-12-04 16:36    14774    ----a-w-    c:\documents and settings\Compaq_Ejer\Application Data\wklnhst.dat
2009-11-17 14:26 . 2006-04-11 13:14    --------    d-----w-    c:\documents and settings\Compaq_Ejer\Application Data\Skype
2009-11-16 19:50 . 2008-12-06 13:11    --------    d-----w-    c:\documents and settings\Compaq_Ejer\Application Data\skypePM
2009-11-13 14:08 . 2009-09-08 16:57    --------    d-----w-    c:\programmer\GodsWar Online
2009-11-09 18:08 . 2009-04-29 13:45    --------    d-----w-    c:\programmer\Fælles filer\DVDVideoSoft
2009-11-09 18:07 . 2009-04-29 13:45    --------    d-----w-    c:\programmer\DVDVideoSoft
2009-10-18 17:57 . 2007-01-16 13:08    37080    ----a-w-    c:\documents and settings\Compaq_Ejer\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-10-17 22:19 . 2009-09-16 02:02    37080    ----a-w-    c:\documents and settings\yonases\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2004-08-27 12:00 . 2006-04-11 20:48    167324    --sha-r-    c:\windows\system32\edhqu.dll
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\programmer\Messenger\msmsgs.exe" [2004-10-13 1694208]
"JustVoip"="c:\programmer\JustVoip.com\JustVoip\JustVoip.exe" [2009-11-12 9052464]
"Skype"="c:\programmer\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"MsnMsgr"="c:\programmer\MSN Messenger\MsnMsgr.Exe" [2005-06-14 6856704]
"DAEMON Tools Lite"="c:\programmer\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"SpybotSD TeaTimer"="c:\programmer\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2009-11-21 149280]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"ATIPTA"="c:\programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-14 344064]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\programmer\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84\Menuen Start\Programmer\Start\
OpenOffice.org 3.0.lnk - c:\programmer\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Menuen Start\Programmer\Start\
OpenOffice.org 3.1.lnk - c:\programmer\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
BlueSoleil.lnk - c:\programmer\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-9-19 1048576]
Microsoft Office.lnk - c:\programmer\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"c:\\Programmer\\JustVoip.com\\JustVoip\\JustVoip.exe"=
"c:\\Programmer\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmer\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Programmer\\MSN Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programmer\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Programmer\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1074:TCP"= 1074:TCP:qktuw

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [29-12-2009 00:46 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29-12-2009 00:46 20560]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24-12-2009 16:35 691696]
S2 kjcbg;Image Shell;c:\windows\system32\svchost.exe -k netsvcs [11-04-2006 21:49 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
kjcbg
.
Indhold af mappen 'Planlagte Opgaver'

2009-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmer\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-12-21 c:\windows\Tasks\Internettjenester.job
- c:\programmer\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-08 18:23]

2009-12-29 c:\windows\Tasks\Norton Security Scan for Compaq_Ejer.job
- c:\programmer\Norton Security Scan\Nss.exe [2008-09-19 02:18]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://google.dk/
IE: &Google Search - c:\programmer\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\programmer\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\programmer\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\programmer\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\programmer\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\programmer\Google\GoogleToolbar1.dll/cmtrans.html
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-29 23:50
Windows 5.1.2600 Service Pack 2 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kjcbg]
"ServiceDll"="c:\windows\system32\edhqu.dll"
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(552)
c:\windows\system32\Ati2evxx.dll
.
Gennemført tid: 2009-12-29  23:57:57
ComboFix-quarantined-files.txt  2009-12-29 22:57
ComboFix2.txt  2008-03-25 22:34

Pre-Kørsel: 122.076.598.272 byte ledig
Post-Kørsel: 135.605.661.696 byte ledig

- - End Of File - - 9BF2DD84220119AA3ECADD88FF32E013

Jeps - der blev nappet lidt mere ...

Manuelt Slet følgende filer
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\Internettjenester.job
c:\windows\Tasks\Norton Security Scan for Compaq_Ejer.job

---

Ta' en oprydning med førnævnte CCleaner...

----

Hvordan er status så nu ? Specielt med WindowsUpdate mm. ???

hmm det er også slettet , nej der er ikke hul til  windows update. igår fandt jeg ud af at automatiske opdateringer i services.msc var stoppet, så  startede jeg det og vupti så var der hul igennem , da der kom to opdateringer nederst i højre hjørne, men jeg kunne stadig ikke bruge internet explorer til det. jeg har installeret firefox med windows update plugin , det virker heller ikke. Idag er der slet ikek hul igennem , ingen opdateringer, auto opdateringer i services.msc er startet . jeg aner ikke hvad det er.

Jeg har kørt cc cleaner , jeg har kørt spybot , jeg har kørt antimalmware

jubiii :D

efter jeg har lige starter atuo opdateringer igennem services.msc så kom den  berømte gule opdaterings ikon , den er igang med hente opdateringer, skid være at jeg ikke kan hente det via IE. :) forehåbentlig efter SP3 vil alt virke som det skal

Husk SP3 kan evt. hentes som selvstændig fil ved ->
http://www.microsoft.com/downloads/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&displaylang=da

Jeg undrer mig nu lidt over bla. denne:
S2 kjcbg;Image Shell;c:\windows\system32\svchost.exe -k netsvcs

sp3 kan ikke  installeres færdigt da den kræver en file (user32.dll) , selv om jeg peger på den rigtige stie så gider den ikke, det er vist fordi der mangler nogen opdateringer  før sp3, før installationen kan genemføres.



F-ARN undskyld hvad mener du helt? jeg er ikke med

Det er f-arn



De her ser mærkelige ud.

S2 kjcbg;Image Shell;c:\windows\system32\svchost.exe -k netsvcs [11-04-2006 21:49 14336]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
kjcbg
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kjcbg]
"ServiceDll"="c:\windows\system32\edhqu.dll"

ok hvad skal jeg gøre ? slette det? hvad siger karise larry

Send en ny Combofix log herind så jeg kan se om der er ændret noget.

<f-arn> har ret... Fortsæt bare...

Jeg kunne desværre ikke få hende til køre comboen , eller vi årøvede men det gik ikke. Men jeg har nu hentet en ny hijack log.

Det mærkelige er , at vi via internet explorer ikke kan logge på microsofts hjemmeside, så vi har ikke adgang til opdateringer. Automatiske opdateringer virker heller ikke . hvergang man genstarter den , så er automatiske opdateringer deaktiveret (services.msc) , så når jeg slå det til , så sker ikke andet end at det er aktiveret, men der kommer ingen opdateringer , selv om jeg har valgt at den skal hente opdateringer. Vælger jeg at  hente hele sp3  (direkte på min egen pc og derefter kopier til hendes ) og derefter installer det  så virker det heller ikke da den stadig brokker sig over user32.dll filen.

Jeg håbede på den nye internet explorer vil måske hjælpe , men det gør det ikke .

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:24:01, on 07-01-2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Hp\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\Programmer\Skype\Plugin Manager\skypePM.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmer\TeamViewer\Version4\TeamViewer.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Programmer\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [JustVoip] "C:\Programmer\JustVoip.com\JustVoip\JustVoip.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Programmer\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmer\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: PalTalk.lnk = C:\Programmer\Paltalk Messenger\paltalk.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmer\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Tilslutningshjælp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Tilslutningshjælp - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1259627035000
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmer\Fælles filer\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\Nokia\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7241 bytes

... vi prøvede men det gik ik... - ???

---

http://www.spywarefri.dk/viden/windows-update-virker-ikke-og-opdateringer-kan-ikke-installeres/

det er svært at få en pige til gøre nogle svære ting :)


ComboFix 10-01-04.01 - Compaq_Ejer 11-01-2010  0:07.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.45.1030.18.446.157 [GMT 1:00]
Kører fra: c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Skrivebord\midlertidig\æbler.exe
AV: avast! antivirus 4.8.1368 [VPS 100110-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((  Filer skabt fra 2009-12-10 til 2010-01-10  )))))))))))))))))))))))))))))))))))
.

2010-01-03 21:32 . 2010-01-03 21:32    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\Nokia
2010-01-03 21:28 . 2010-01-03 21:28    --------    d-----w-    c:\documents and settings\All Users\Application Data\NokiaMusic
2009-12-30 23:32 . 2009-12-30 23:32    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\SUPERAntiSpyware.com
2009-12-29 00:11 . 2009-12-29 00:11    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\Malwarebytes
2009-12-29 00:10 . 2009-12-29 00:10    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-24 15:42 . 2010-01-10 17:30    --------    d-----w-    c:\documents and settings\All Users\Application Data\Rosetta Stone
2009-12-24 15:34 . 2009-12-24 15:48    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\DAEMON Tools Lite
2009-12-24 15:33 . 2009-12-24 15:34    --------    d-----w-    c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-12-23 22:11 . 2009-12-28 16:10    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\dvdcss
2009-12-21 18:37 . 2010-01-08 13:29    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\vlc

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 23:33 . 2009-11-28 00:05    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\Skype
2010-01-10 23:29 . 2009-11-28 00:22    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\skypePM
2010-01-10 08:44 . 2008-08-22 19:15    --------    d-----w-    c:\programmer\Tales of Pirates Online
2010-01-06 23:26 . 2008-02-20 21:50    --------    d-----w-    c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-06 22:36 . 2009-11-30 23:54    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\TeamViewer
2010-01-05 09:52 . 2010-01-05 09:52    4096    ----a-w-    c:\windows\system32\01.tmp
2010-01-03 21:38 . 2010-01-03 21:25    --------    d-----w-    c:\programmer\Nokia
2010-01-03 21:38 . 2010-01-03 21:30    --------    d-----w-    c:\programmer\Fælles filer\Nokia
2010-01-03 21:26 . 2010-01-03 21:26    --------    d-----w-    c:\programmer\DIFX
2009-12-30 23:17 . 2006-04-14 00:01    --------    d-----w-    c:\programmer\MSN Messenger
2009-12-29 00:43 . 2009-12-24 15:35    --------    d-----w-    c:\programmer\DAEMON Tools Toolbar
2009-12-29 00:11 . 2009-12-29 00:10    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2009-12-28 23:22 . 2009-12-28 23:22    --------    d-----w-    c:\programmer\CCleaner
2009-12-28 14:27 . 2009-02-28 22:34    --------    d-----w-    c:\programmer\Norman
2009-12-28 01:37 . 2009-12-28 01:37    --------    d-----w-    c:\programmer\Trend Micro
2009-12-28 01:00 . 2004-12-03 19:32    63404    ----a-w-    c:\windows\system32\perfc006.dat
2009-12-28 01:00 . 2004-12-03 19:32    396444    ----a-w-    c:\windows\system32\perfh006.dat
2009-12-28 00:44 . 2008-02-20 21:50    --------    d-----w-    c:\programmer\Spybot - Search & Destroy
2009-12-24 15:43 . 2009-12-24 15:43    --------    d-----w-    c:\programmer\Fælles filer\Macrovision Shared
2009-12-24 15:42 . 2009-12-24 15:42    --------    d-----w-    c:\programmer\Rosetta Stone
2009-12-24 15:36 . 2009-12-24 15:34    --------    d-----w-    c:\programmer\DAEMON Tools Lite
2009-12-24 15:35 . 2009-12-24 15:35    691696    ----a-w-    c:\windows\system32\drivers\sptd.sys
2009-12-22 16:27 . 2005-01-02 07:40    --------    d-----w-    c:\programmer\Symantec
2009-12-22 13:03 . 2005-01-02 07:24    --------    d-----w-    c:\programmer\Fælles filer\Real
2009-12-22 13:01 . 2005-01-02 07:40    --------    d-----w-    c:\programmer\Fælles filer\Symantec Shared
2009-12-21 17:03 . 2009-12-21 17:03    --------    d-----w-    c:\programmer\VideoLAN
2009-12-18 23:10 . 2009-12-18 23:10    138056    ----a-w-    c:\windows\system32\drivers\PnkBstrK.sys
2009-12-18 23:10 . 2009-12-18 23:10    138056    ----a-w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\PnkBstrK.sys
2009-12-18 23:09 . 2009-12-18 23:09    189248    ----a-w-    c:\windows\system32\PnkBstrB.exe
2009-12-18 23:09 . 2009-12-18 23:09    75064    ----a-w-    c:\windows\system32\PnkBstrA.exe
2009-12-18 23:09 . 2009-12-18 23:09    2395944    ----a-w-    c:\windows\system32\pbsvc_heroes.exe
2009-12-18 22:29 . 2009-08-14 18:58    --------    d-----w-    c:\programmer\EA Games
2009-12-03 15:14 . 2009-12-29 00:10    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2009-12-29 00:10    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-12-01 23:58 . 2009-12-01 23:58    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\InterVideo
2009-12-01 00:19 . 2009-11-26 23:49    --------    d-----w-    c:\programmer\Gameztar Toolbar
2009-11-30 23:54 . 2009-11-30 23:54    --------    d-----w-    c:\programmer\TeamViewer
2009-11-30 23:36 . 2009-11-30 23:21    348    ----a-w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\wklnhst.dat
2009-11-30 23:21 . 2009-11-30 23:21    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\Template
2009-11-29 18:17 . 2009-11-22 18:01    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\HpUpdate
2009-11-28 00:23 . 2009-11-28 00:23    56    ---ha-w-    c:\windows\system32\ezsidmv.dat
2009-11-27 15:08 . 2009-11-23 15:28    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\JustVoip
2009-11-24 23:54 . 2009-12-28 23:45    1280480    ----a-w-    c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-12-28 23:46    93424    ----a-w-    c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-12-28 23:46    94160    ----a-w-    c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-12-28 23:46    114768    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-12-28 23:46    20560    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-12-28 23:46    48560    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-12-28 23:46    23120    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-12-28 23:46    27408    ----a-w-    c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-12-28 23:46    97480    ----a-w-    c:\windows\system32\AvastSS.scr
2009-11-23 17:08 . 2009-11-21 17:35    39896    ----a-w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-11-23 17:07 . 2009-11-23 17:07    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\Leadertech
2009-11-23 13:34 . 2009-11-23 13:34    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\HPQ
2009-11-23 06:23 . 2009-11-23 06:08    38    ----a-w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\jagex_runescape_preferences.dat
2009-11-23 06:23 . 2009-11-23 06:08    63    ----a-w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\jagex_runescape_preferences2.dat
2009-11-22 18:52 . 2009-11-22 18:52    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\AdobeUM
2009-11-22 18:48 . 2009-11-22 18:48    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\OpenOffice.org
2009-11-22 18:42 . 2009-03-03 16:43    --------    d-----w-    c:\programmer\OpenOffice.org 3
2009-11-22 18:01 . 2005-01-02 07:27    --------    d-----w-    c:\programmer\Hewlett-Packard
2009-11-22 00:56 . 2005-02-02 05:51    --------    d-----w-    c:\programmer\Fælles filer\Tjenester
2009-11-21 23:25 . 2008-11-24 20:44    --------    d-----w-    c:\documents and settings\All Users\Application Data\NOS
2009-11-21 17:42 . 2005-01-02 07:40    --------    d-----w-    c:\documents and settings\All Users\Application Data\Symantec
2009-11-21 17:21 . 2009-11-21 17:21    411368    ----a-w-    c:\windows\system32\deploytk.dll
2009-11-21 17:17 . 2009-11-21 17:17    1830    --sha-r-    c:\windows\system32\drivers\103C_HP_CPC_EP148AA-B1V SR1719ND EL610_YC_0Pres_QCZB604_E61DKheRED1_48_IAMETHYST-M_SMSI_V1.0_B3.43_T060112_WXH2_L406_M447_J200_7AMD_8Athlon 64_92.19_#060411_N10EC8139_Z_G10025954_OTSSTcorp CD DVDW TS-H552D_DHWP2678.MRK
2009-11-21 17:16 . 2009-11-21 17:15    160    ----a-w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Lokale indstillinger\Application Data\fusioncache.dat
2009-11-21 14:37 . 2009-09-12 22:00    --------    d-----w-    c:\documents and settings\yonases\Application Data\Skype
2009-11-21 09:46 . 2009-09-25 17:16    --------    d-----w-    c:\documents and settings\yonases\Application Data\skypePM
2009-11-21 00:13 . 2009-03-01 12:50    --------    d-----w-    c:\programmer\Windows Live
2009-11-19 13:14 . 2009-09-08 19:38    6414    ----a-w-    c:\documents and settings\yonases\Application Data\wklnhst.dat
2009-11-18 21:21 . 2006-12-04 16:36    14774    ----a-w-    c:\documents and settings\Compaq_Ejer\Application Data\wklnhst.dat
2009-11-17 14:26 . 2006-04-11 13:14    --------    d-----w-    c:\documents and settings\Compaq_Ejer\Application Data\Skype
2009-11-16 19:50 . 2008-12-06 13:11    --------    d-----w-    c:\documents and settings\Compaq_Ejer\Application Data\skypePM
2009-11-13 14:08 . 2009-09-08 16:57    --------    d-----w-    c:\programmer\GodsWar Online
2009-10-18 17:57 . 2007-01-16 13:08    37080    ----a-w-    c:\documents and settings\Compaq_Ejer\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-10-17 22:19 . 2009-09-16 02:02    37080    ----a-w-    c:\documents and settings\yonases\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2004-08-27 12:00 . 2006-04-11 20:48    167324    --sha-r-    c:\windows\system32\edhqu.dll
.

------- Sigcheck -------

• 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
  

• 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
  

• 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
  

• 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
  

[7] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys

• 2005-03-14 . 6129E70F3D2F1E60860C930EBEAF92C2 . 359936 . . [5.1.2600.2631] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
  

• 2005-03-14 . 0E66B538096A6529D1AC66E78EB0D5C8 . 359808 . . [5.1.2600.2631] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
  

• 2005-03-14 . 0E66B538096A6529D1AC66E78EB0D5C8 . 359808 . . [5.1.2600.2631] . . c:\windows\erdnt\cache\tcpip.sys
  

• 2005-03-14 . 0E66B538096A6529D1AC66E78EB0D5C8 . 359808 . . [5.1.2600.2631] . . c:\windows\system32\dllcache\tcpip.sys
  

• 2005-03-14 . 0E66B538096A6529D1AC66E78EB0D5C8 . 359808 . . [5.1.2600.2631] . . c:\windows\system32\drivers\tcpip.sys
  

• 2005-03-14 . 0E66B538096A6529D1AC66E78EB0D5C8 . 359808 . . [5.1.2600.2631] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
  

[7] 2004-08-27 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JustVoip"="c:\programmer\JustVoip.com\JustVoip\JustVoip.exe" [2009-11-12 9052464]
"Skype"="c:\programmer\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"MsnMsgr"="c:\programmer\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"DAEMON Tools Lite"="c:\programmer\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-27 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2009-11-21 149280]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"ATIPTA"="c:\programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-14 344064]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HP Software Update"="c:\programmer\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84\Menuen Start\Programmer\Start\
OpenOffice.org 3.0.lnk - c:\programmer\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
BlueSoleil.lnk - c:\programmer\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-9-19 1048576]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"c:\\Programmer\\JustVoip.com\\JustVoip\\JustVoip.exe"=
"c:\\Programmer\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmer\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programmer\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Programmer\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Programmer\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmer\\MSN Messenger\\livecall.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1074:TCP"= 1074:TCP:qktuw

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [29-12-2009 00:46 114768]
R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\sasdifsv.sys [29-02-2008 16:03 8944]
R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [29-02-2008 16:03 51440]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29-12-2009 00:46 20560]
S3 jrjwqnj;jrjwqnj;c:\windows\system32\01.tmp [05-01-2010 10:52 4096]
S3 SASENUM;SASENUM;c:\programmer\SUPERAntiSpyware\SASENUM.SYS [16-02-2006 16:51 4096]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24-12-2009 16:35 691696]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
kjcbg
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://google.dk/
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-11 00:28
Windows 5.1.2600 Service Pack 2 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jrjwqnj]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kjcbg]
"ServiceDll"="c:\windows\system32\edhqu.dll"
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(548)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1304)
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmer\Alwil Software\Avast4\aswUpdSv.exe
c:\programmer\Alwil Software\Avast4\ashServ.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\ALCXMNTR.EXE
c:\programmer\Alwil Software\Avast4\ashMaiSv.exe
c:\programmer\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Gennemført tid: 2010-01-11  00:40:07 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2010-01-10 23:40
ComboFix2.txt  2009-12-29 22:57
ComboFix3.txt  2008-03-25 22:34

Pre-Kørsel: 134.157.938.688 byte ledig
Post-Kørsel: 134.132.944.896 byte ledig

- - End Of File - - BD99A04CEDAD57713191837CECBEBBB8

Karise Lary

vi prøvede med linket hvilket gjorde at hun kunne bruge internet explorer (før det hade internet explorer med at ikke starte når man startede den , så gik den ned osv ) , men der er stadig ikke adgang til windows update, der er stadig " siden kan ikke vises .

Flyt lige æbler.exe ud på skrivebordet igen.

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript.txt

Du skal sikre dig at den ikke kommer til at hedde CFScript.txt.txt


Killall::
Snapshot::
FCopy::
c:\windows\$NtUninstallKB951748_0$\tcpip.sys | c:\windows\system32\drivers\tcpip.sys
c:\windows\$NtUninstallKB951748_0$\tcpip.sys | c:\windows\system32\dllcache\tcpip.sys
File::
c:\windows\system32\01.tmp
c:\windows\system32\edhqu.dll
Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jrjwqnj]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kjcbg]
Driver::
jrjwqnj
NetSvc::
kjcbg



Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

Her er den


ComboFix 10-01-04.01 - Compaq_Ejer 11-01-2010  23:50:47.3.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.45.1030.18.446.189 [GMT 1:00]
Kører fra: c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Skrivebord\æbler.exe
Kommandoer benyttet :: c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Skrivebord\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100111-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\system32\01.tmp"
"c:\windows\system32\edhqu.dll"
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\01.tmp
c:\windows\system32\edhqu.dll

.
--------------- FCopy ---------------

c:\windows\$NtUninstallKB951748_0$\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys
c:\windows\$NtUninstallKB951748_0$\tcpip.sys --> c:\windows\system32\dllcache\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_kjcbg
-------\Service_kjcbg


(((((((((((((((((((((((((((((  Filer skabt fra 2009-12-11 til 2010-01-11  )))))))))))))))))))))))))))))))))))
.

2010-01-03 21:32 . 2010-01-03 21:32    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\Nokia
2010-01-03 21:28 . 2010-01-03 21:28    --------    d-----w-    c:\documents and settings\All Users\Application Data\NokiaMusic
2009-12-30 23:32 . 2009-12-30 23:32    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\SUPERAntiSpyware.com
2009-12-29 00:11 . 2009-12-29 00:11    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\Malwarebytes
2009-12-29 00:10 . 2009-12-29 00:10    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-24 15:42 . 2010-01-10 17:30    --------    d-----w-    c:\documents and settings\All Users\Application Data\Rosetta Stone
2009-12-24 15:34 . 2009-12-24 15:48    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\DAEMON Tools Lite
2009-12-24 15:33 . 2009-12-24 15:34    --------    d-----w-    c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-12-23 22:11 . 2009-12-28 16:10    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\dvdcss
2009-12-21 18:37 . 2010-01-11 16:27    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\vlc

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-11 23:12 . 2009-11-28 00:05    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\Skype
2010-01-11 23:11 . 2009-11-28 00:22    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\skypePM
2010-01-11 21:02 . 2008-08-22 19:15    --------    d-----w-    c:\programmer\Tales of Pirates Online
2010-01-06 23:26 . 2008-02-20 21:50    --------    d-----w-    c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-06 22:36 . 2009-11-30 23:54    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\TeamViewer
2010-01-03 21:38 . 2010-01-03 21:25    --------    d-----w-    c:\programmer\Nokia
2010-01-03 21:38 . 2010-01-03 21:30    --------    d-----w-    c:\programmer\Fælles filer\Nokia
2010-01-03 21:26 . 2010-01-03 21:26    --------    d-----w-    c:\programmer\DIFX
2009-12-30 23:17 . 2006-04-14 00:01    --------    d-----w-    c:\programmer\MSN Messenger
2009-12-29 00:43 . 2009-12-24 15:35    --------    d-----w-    c:\programmer\DAEMON Tools Toolbar
2009-12-29 00:11 . 2009-12-29 00:10    --------    d-----w-    c:\programmer\Malwarebytes' Anti-Malware
2009-12-28 23:22 . 2009-12-28 23:22    --------    d-----w-    c:\programmer\CCleaner
2009-12-28 14:27 . 2009-02-28 22:34    --------    d-----w-    c:\programmer\Norman
2009-12-28 01:37 . 2009-12-28 01:37    --------    d-----w-    c:\programmer\Trend Micro
2009-12-28 01:00 . 2004-12-03 19:32    63404    ----a-w-    c:\windows\system32\perfc006.dat
2009-12-28 01:00 . 2004-12-03 19:32    396444    ----a-w-    c:\windows\system32\perfh006.dat
2009-12-28 00:44 . 2008-02-20 21:50    --------    d-----w-    c:\programmer\Spybot - Search & Destroy
2009-12-24 15:43 . 2009-12-24 15:43    --------    d-----w-    c:\programmer\Fælles filer\Macrovision Shared
2009-12-24 15:42 . 2009-12-24 15:42    --------    d-----w-    c:\programmer\Rosetta Stone
2009-12-24 15:36 . 2009-12-24 15:34    --------    d-----w-    c:\programmer\DAEMON Tools Lite
2009-12-24 15:35 . 2009-12-24 15:35    691696    ----a-w-    c:\windows\system32\drivers\sptd.sys
2009-12-22 16:27 . 2005-01-02 07:40    --------    d-----w-    c:\programmer\Symantec
2009-12-22 13:03 . 2005-01-02 07:24    --------    d-----w-    c:\programmer\Fælles filer\Real
2009-12-22 13:01 . 2005-01-02 07:40    --------    d-----w-    c:\programmer\Fælles filer\Symantec Shared
2009-12-21 17:03 . 2009-12-21 17:03    --------    d-----w-    c:\programmer\VideoLAN
2009-12-18 23:10 . 2009-12-18 23:10    138056    ----a-w-    c:\windows\system32\drivers\PnkBstrK.sys
2009-12-18 23:10 . 2009-12-18 23:10    138056    ----a-w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\PnkBstrK.sys
2009-12-18 23:09 . 2009-12-18 23:09    189248    ----a-w-    c:\windows\system32\PnkBstrB.exe
2009-12-18 23:09 . 2009-12-18 23:09    75064    ----a-w-    c:\windows\system32\PnkBstrA.exe
2009-12-18 23:09 . 2009-12-18 23:09    2395944    ----a-w-    c:\windows\system32\pbsvc_heroes.exe
2009-12-18 22:29 . 2009-08-14 18:58    --------    d-----w-    c:\programmer\EA Games
2009-12-03 15:14 . 2009-12-29 00:10    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 15:13 . 2009-12-29 00:10    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2009-12-01 23:58 . 2009-12-01 23:58    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\InterVideo
2009-12-01 00:19 . 2009-11-26 23:49    --------    d-----w-    c:\programmer\Gameztar Toolbar
2009-11-30 23:54 . 2009-11-30 23:54    --------    d-----w-    c:\programmer\TeamViewer
2009-11-30 23:36 . 2009-11-30 23:21    348    ----a-w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\wklnhst.dat
2009-11-30 23:21 . 2009-11-30 23:21    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\Template
2009-11-29 18:17 . 2009-11-22 18:01    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\HpUpdate
2009-11-28 00:23 . 2009-11-28 00:23    56    ---ha-w-    c:\windows\system32\ezsidmv.dat
2009-11-27 15:08 . 2009-11-23 15:28    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\JustVoip
2009-11-24 23:54 . 2009-12-28 23:45    1280480    ----a-w-    c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-12-28 23:46    93424    ----a-w-    c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-12-28 23:46    94160    ----a-w-    c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-12-28 23:46    114768    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-12-28 23:46    20560    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-12-28 23:46    48560    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-12-28 23:46    23120    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-12-28 23:46    27408    ----a-w-    c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-12-28 23:46    97480    ----a-w-    c:\windows\system32\AvastSS.scr
2009-11-23 17:08 . 2009-11-21 17:35    39896    ----a-w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-11-23 17:07 . 2009-11-23 17:07    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\Leadertech
2009-11-23 13:34 . 2009-11-23 13:34    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\HPQ
2009-11-23 06:23 . 2009-11-23 06:08    38    ----a-w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\jagex_runescape_preferences.dat
2009-11-23 06:23 . 2009-11-23 06:08    63    ----a-w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\jagex_runescape_preferences2.dat
2009-11-22 18:52 . 2009-11-22 18:52    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\AdobeUM
2009-11-22 18:48 . 2009-11-22 18:48    --------    d-----w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Application Data\OpenOffice.org
2009-11-22 18:42 . 2009-03-03 16:43    --------    d-----w-    c:\programmer\OpenOffice.org 3
2009-11-22 18:01 . 2005-01-02 07:27    --------    d-----w-    c:\programmer\Hewlett-Packard
2009-11-22 00:56 . 2005-02-02 05:51    --------    d-----w-    c:\programmer\Fælles filer\Tjenester
2009-11-21 23:25 . 2008-11-24 20:44    --------    d-----w-    c:\documents and settings\All Users\Application Data\NOS
2009-11-21 17:42 . 2005-01-02 07:40    --------    d-----w-    c:\documents and settings\All Users\Application Data\Symantec
2009-11-21 17:21 . 2009-11-21 17:21    411368    ----a-w-    c:\windows\system32\deploytk.dll
2009-11-21 17:17 . 2009-11-21 17:17    1830    --sha-r-    c:\windows\system32\drivers\103C_HP_CPC_EP148AA-B1V SR1719ND EL610_YC_0Pres_QCZB604_E61DKheRED1_48_IAMETHYST-M_SMSI_V1.0_B3.43_T060112_WXH2_L406_M447_J200_7AMD_8Athlon 64_92.19_#060411_N10EC8139_Z_G10025954_OTSSTcorp CD DVDW TS-H552D_DHWP2678.MRK
2009-11-21 17:16 . 2009-11-21 17:15    160    ----a-w-    c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84.000\Lokale indstillinger\Application Data\fusioncache.dat
2009-11-21 14:37 . 2009-09-12 22:00    --------    d-----w-    c:\documents and settings\yonases\Application Data\Skype
2009-11-21 09:46 . 2009-09-25 17:16    --------    d-----w-    c:\documents and settings\yonases\Application Data\skypePM
2009-11-21 00:13 . 2009-03-01 12:50    --------    d-----w-    c:\programmer\Windows Live
2009-11-19 13:14 . 2009-09-08 19:38    6414    ----a-w-    c:\documents and settings\yonases\Application Data\wklnhst.dat
2009-11-18 21:21 . 2006-12-04 16:36    14774    ----a-w-    c:\documents and settings\Compaq_Ejer\Application Data\wklnhst.dat
2009-11-17 14:26 . 2006-04-11 13:14    --------    d-----w-    c:\documents and settings\Compaq_Ejer\Application Data\Skype
2009-11-16 19:50 . 2008-12-06 13:11    --------    d-----w-    c:\documents and settings\Compaq_Ejer\Application Data\skypePM
2009-11-13 14:08 . 2009-09-08 16:57    --------    d-----w-    c:\programmer\GodsWar Online
2009-10-18 17:57 . 2007-01-16 13:08    37080    ----a-w-    c:\documents and settings\Compaq_Ejer\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
2009-10-17 22:19 . 2009-09-16 02:02    37080    ----a-w-    c:\documents and settings\yonases\Lokale indstillinger\Application Data\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JustVoip"="c:\programmer\JustVoip.com\JustVoip\JustVoip.exe" [2009-11-12 9052464]
"Skype"="c:\programmer\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"MsnMsgr"="c:\programmer\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"DAEMON Tools Lite"="c:\programmer\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-27 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2009-11-21 149280]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"ATIPTA"="c:\programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-14 344064]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HP Software Update"="c:\programmer\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

c:\documents and settings\Compaq_Ejer.DIT-B8449E21E84\Menuen Start\Programmer\Start\
OpenOffice.org 3.0.lnk - c:\programmer\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\All Users\Menuen Start\Programmer\Start\
BlueSoleil.lnk - c:\programmer\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-9-19 1048576]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmer\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"c:\\Programmer\\JustVoip.com\\JustVoip\\JustVoip.exe"=
"c:\\Programmer\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programmer\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programmer\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Programmer\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Programmer\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmer\\MSN Messenger\\livecall.exe"=
"c:\\Programmer\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1074:TCP"= 1074:TCP:qktuw

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [29-12-2009 00:46 114768]
R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\sasdifsv.sys [29-02-2008 16:03 8944]
R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [29-02-2008 16:03 51440]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29-12-2009 00:46 20560]
S3 SASENUM;SASENUM;c:\programmer\SUPERAntiSpyware\SASENUM.SYS [16-02-2006 16:51 4096]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24-12-2009 16:35 691696]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://google.dk/
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-12 00:09
Windows 5.1.2600 Service Pack 2 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 

scanning gennemført med succes
skjulte filer: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kjcbg]
"ServiceDll"="c:\windows\system32\edhqu.dll"
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(552)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\NTMARTA.DLL

- - - - - - - > 'explorer.exe'(2548)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
.
------------------------ Andre kørende processer ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programmer\Alwil Software\Avast4\aswUpdSv.exe
c:\windows\system32\Ati2evxx.exe
c:\programmer\Alwil Software\Avast4\ashServ.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\ALCXMNTR.EXE
c:\programmer\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\rundll32.exe
c:\programmer\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmer\Alwil Software\Avast4\ashWebSv.exe
c:\windows\SoftwareDistribution\Download\99e6b1a75eb488b4e51fd93d89174225\update\update.exe
.
**************************************************************************
.
Gennemført tid: 2010-01-12  00:25:04 - maskinen blev genstartet
ComboFix-quarantined-files.txt  2010-01-11 23:24
ComboFix2.txt  2010-01-10 23:40
ComboFix3.txt  2009-12-29 22:57
ComboFix4.txt  2008-03-25 22:34

Pre-Kørsel: 134.001.307.648 byte ledig
Post-Kørsel: 133.921.943.552 byte ledig

- - End Of File - - 703D12829F17D8BA255DBCC2C86BC4C8

Jubii :)

Der er hul igennem til windows update lige nu :) 105 odpateringer lige nu , men jeg tror der er flere efter genstart :)

Vi er nu ikke helt færdige. Der var en der ikke reagerede helt som forventet.

Højreklik på skrivebordet og vælg ny->tekstdokument og kopier det fremhævede ind og gem filen som CFScript.txt

Du skal sikre dig at den ikke kommer til at hedde CFScript.txt.txt

Killall::
Snapshot::
RootKit::
c:\windows\system32\edhqu.dll
File::
c:\windows\system32\edhqu.dll
Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kjcbg]


Da Combofix kan konflikte med dine sikkerhedsprogrammer er det vigtigt at du deaktiverer dem.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når Combofix er færdig, og efter det (muligvis) har genstartet, skulle der gerne åbnes en logfil combofix.txt som ligger her C:\Combofix.txt

Indholdet af denne fil må du gerne lægge herind.

---------

Vil du godt opdatere (to gange) og køre Malwarebytes igen. Læg også en log fra den herind.

Kan i lægge svar :)

Vedkommende har ikke problemer mere :)

i skal have mange tak for hjælpen hvertfald

DA jeg ikke har fået svar siden pril måned , tillader jeg mig at lukke spm, men kræver i jeres point alligevel så skal i bare lad mig vide det :)