Så er jeg kommet igennem....:-)
Dr. Web:
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 159034
Infected objects found: 3
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 14
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 3
Objects renamed: 14
Objects moved: 0
Objects ignored: 0
Scan speed: 476 Kb/s
Scan time: 01:08:27
Ewido:
---------------------------------------------------------
ewido anti-malware - Scanningsrapport
---------------------------------------------------------
+ Oprettet den: 00:14:51, 17-01-2006
+ Rapport-Checksum: E6F6958F
+ Scanningsresultat:
HKLM\SOFTWARE\Classes\MediaAccX.Installer -> Spyware.WinAd : Renset med backup
HKLM\SOFTWARE\Classes\MediaAccX.Installer\CLSID -> Spyware.WinAd : Renset med backup
HKLM\SOFTWARE\Classes\TypeLib\{8C752C5E-3C10-4076-AF0A-FFC69FA20D1C} -> Spyware.ISTBar : Renset med backup
HKLM\SOFTWARE\PowerScan -> Spyware.PowerScan : Renset med backup
HKLM\SOFTWARE\VGroup -> Spyware.SAHA : Renset med backup
HKLM\SOFTWARE\VGroup\SAHAgent -> Spyware.SAHA : Renset med backup
HKU\S-1-5-21-790525478-776561741-725345543-1004\Software\Premium Web Service -> Dialer.Generic : Renset med backup
HKU\S-1-5-21-790525478-776561741-725345543-1004\Software\Premium Web Service\Content Browser -> Dialer.Generic : Renset med backup
HKU\S-1-5-21-790525478-776561741-725345543-1004\Software\Premium Web Service\Content Browser\Settings -> Dialer.Generic : Renset med backup
C:\Documents and Settings\All Users\Menuen Start\Programmer\Block Checker -> Spyware.BlockChecker : Renset med backup
C:\Documents and Settings\All Users\Menuen Start\Programmer\Block Checker\Block Checker -> Spyware.BlockChecker : Renset med backup
C:\Documents and Settings\All Users\Menuen Start\Programmer\Block Checker\Block Checker\Block Checker.lnk -> Spyware.BlockChecker : Renset med backup
C:\Documents and Settings\Trine\Application Data\Microsoft\Internet Explorer\Quick Launch\Block Checker.lnk -> Spyware.BlockChecker : Renset med backup
C:\Documents and Settings\Trine\Cookies\trine@2o7[1].txt -> Spyware.Cookie.2o7 : Renset med backup
C:\Documents and Settings\Trine\Cookies\trine@adtech[2].txt -> Spyware.Cookie.Adtech : Renset med backup
C:\Documents and Settings\Trine\Cookies\trine@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Renset med backup
C:\Documents and Settings\Trine\Cookies\trine@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Renset med backup
C:\Documents and Settings\Trine\Cookies\trine@e-2dj6wfkyshazcho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Renset med backup
C:\Documents and Settings\Trine\Cookies\trine@e-2dj6wjk4omdjsfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Renset med backup
C:\Documents and Settings\Trine\Cookies\trine@e-2dj6wjkyqpazokp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Renset med backup
C:\Documents and Settings\Trine\Cookies\trine@e-2dj6wjliqlczmlq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Renset med backup
C:\Documents and Settings\Trine\Cookies\trine@e-2dj6wjlygidpmgo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Renset med backup
C:\Documents and Settings\Trine\Cookies\trine@e-2dj6wjmygkazkeo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Renset med backup
C:\Documents and Settings\Trine\Cookies\trine@e-2dj6wjmyshcpodp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Renset med backup
C:\Documents and Settings\Trine\Cookies\trine@e-2dj6wjny-1kcjgk.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Renset med backup
C:\Documents and Settings\Trine\Cookies\trine@e-2dj6wjnyooczcfp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Renset med backup
C:\Documents and Settings\Trine\Cookies\trine@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Renset med backup
C:\Documents and Settings\Trine\Cookies\trine@fastclick[1].txt -> Spyware.Cookie.Fastclick : Renset med backup
C:\Documents and Settings\Trine\Cookies\trine@media.fastclick[1].txt -> Spyware.Cookie.Fastclick : Renset med backup
C:\Documents and Settings\Trine\Cookies\trine@microsofteup.112.2o7[1].txt -> Spyware.Cookie.2o7 : Renset med backup
C:\Documents and Settings\Trine\Cookies\trine@qksrv[2].txt -> Spyware.Cookie.Qksrv : Renset med backup
C:\Documents and Settings\Trine\Cookies\trine@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Renset med backup
C:\Documents and Settings\Trine\Cookies\trine@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Renset med backup
C:\Documents and Settings\Trine\Cookies\trine@statcounter[2].txt -> Spyware.Cookie.Statcounter : Renset med backup
C:\Documents and Settings\Trine\Cookies\trine@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Renset med backup
C:\Documents and Settings\Trine\Cookies\trine@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Renset med backup
C:\Documents and Settings\Trine\Dokumenter\Gl. Harddisk\Dokumenter\Jack Og Dorthe\014-1.exe -> Heuristic.Win32.Dialer : Renset med backup
C:\Documents and Settings\Trine\Dokumenter\Gl. Harddisk\Dokumenter\Jack Og Dorthe\014-2.exe -> Heuristic.Win32.Dialer : Renset med backup
C:\Documents and Settings\Trine\Dokumenter\Gl. Harddisk\Dokumenter\Jack Og Dorthe\014-3.exe -> Heuristic.Win32.Dialer : Renset med backup
C:\Documents and Settings\Trine\Dokumenter\Gl. Harddisk\Dokumenter\Jack Og Dorthe\101201.exe -> Heuristic.Win32.Dialer : Renset med backup
C:\Documents and Settings\Trine\Dokumenter\Gl. Harddisk\Dokumenter\Jack Og Dorthe\2012_test.exe -> Heuristic.Win32.Dialer : Renset med backup
C:\Documents and Settings\Trine\Dokumenter\Gl. Harddisk\Dokumenter\Jack Og Dorthe\862-1.exe -> Heuristic.Win32.Dialer : Renset med backup
C:\Documents and Settings\Trine\Dokumenter\Gl. Harddisk\Dokumenter\Jack Og Dorthe\862.exe -> Heuristic.Win32.Dialer : Renset med backup
C:\Documents and Settings\Trine\Dokumenter\Gl. Harddisk\Dokumenter\Jack Og Dorthe\benny_test.exe -> Heuristic.Win32.Dialer : Renset med backup
C:\Documents and Settings\Trine\Dokumenter\Gl. Harddisk\Dokumenter\Jack Og Dorthe\inside-softcore.exe -> Heuristic.Win32.Dialer : Renset med backup
C:\Documents and Settings\Trine\Dokumenter\Gl. Harddisk\Dokumenter\Jack Og Dorthe\maaikkevirke.exe -> Heuristic.Win32.Dialer : Renset med backup
C:\Documents and Settings\Trine\Dokumenter\Gl. Harddisk\Dokumenter\Jack Og Dorthe\nielstest.exe -> Heuristic.Win32.Dialer : Renset med backup
C:\Documents and Settings\Trine\Dokumenter\Gl. Harddisk\Dokumenter\Jack Og Dorthe\scharfporno.exe -> Heuristic.Win32.Dialer : Renset med backup
C:\Documents and Settings\Trine\Dokumenter\Gl. Harddisk\Dokumenter\Jack Og Dorthe\secure_access_ver114[1].exe -> Heuristic.Win32.Dialer : Renset med backup
C:\Documents and Settings\Trine\Dokumenter\Gl. Harddisk\Dokumenter\Jack Og Dorthe\skalvirke.exe -> Heuristic.Win32.Dialer : Renset med backup
C:\Documents and Settings\Trine\Dokumenter\Gl. Harddisk\Dokumenter\Jack Og Dorthe\test57.exe -> Heuristic.Win32.Dialer : Renset med backup
C:\Documents and Settings\Trine\Dokumenter\Gl. Harddisk\Dokumenter\Jack Og Dorthe\test_fst.exe -> Heuristic.Win32.Dialer : Renset med backup
C:\Documents and Settings\Trine\Dokumenter\Gl. Harddisk\Dokumenter\Jack Og Dorthe\test_ny.exe -> Heuristic.Win32.Dialer : Renset med backup
C:\Documents and Settings\Trine\Dokumenter\Gl. Harddisk\Dokumenter\Jack Og Dorthe\vipzugang.exe -> Heuristic.Win32.Dialer : Renset med backup
C:\Documents and Settings\Trine\Skrivebord\block-checker-xp.#xe/2 -> Spyware.Chiem : Fejl under renselse
C:\Programmer\Block Checker -> Spyware.BlockChecker : Renset med backup
C:\Programmer\Block Checker\Block Checker.#xe -> Spyware.BlockChecker : Renset med backup
C:\Programmer\Block Checker\setup.log -> Spyware.BlockChecker : Renset med backup
C:\Programmer\Block Checker\setup_finish.#xe -> Spyware.BlockChecker : Renset med backup
C:\Programmer\Block Checker\uninstall.exe -> Spyware.BlockChecker : Renset med backup
C:\Programmer\Orange Audio\MP3 - WAV Converter Decoder\ezab.#xe -> Adware.eZula : Renset med backup
C:\Programmer\Orange Audio\MP3 - WAV Converter Decoder\SaveInstCm.#xe/Save.exe -> Adware.SaveNow : Fejl under renselse
C:\Programmer\Orange Audio\MP3 - WAV Converter Decoder\SaveInstCm.#xe/SaveUninst.exe -> Adware.SaveNow : Fejl under renselse
C:\Programmer\Orange Audio\MP3 - WAV Converter Decoder\SaveInstCm.#xe/Save.exe -> Adware.SaveNow : Fejl under renselse
C:\Programmer\Orange Audio\MP3 - WAV Converter Decoder\SaveInstCm.#xe/SaveUninst.exe -> Adware.SaveNow : Fejl under renselse
C:\Programmer\Orange Audio\MP3 - WAV Converter Decoder\SaveInstCm.#xe/Sync.exe -> Adware.SaveNow : Fejl under renselse
C:\Programmer\Orange Audio\MP3 - WAV Converter Decoder\SaveInstCm.#xe/Uninst.exe -> Adware.SaveNow : Fejl under renselse
C:\Programmer\Orange Audio\MP3 - WAV Converter Decoder\SaveInstCm.#xe/Sync.exe -> Adware.SaveNow : Fejl under renselse
C:\Programmer\Orange Audio\MP3 - WAV Converter Decoder\SaveInstCm.#xe/Uninst.exe -> Adware.SaveNow : Fejl under renselse
C:\Programmer\Power Scan -> Spyware.PowerScan : Renset med backup
C:\WINDOWS\NDNuninstall4_85.#xe -> Spyware.NewDotNet : Renset med backup
C:\WINDOWS\NDNuninstall6_30.#xe -> Spyware.NewDotNet : Renset med backup
::Rapport slut
Hijack:
Logfile of HijackThis v1.99.1
Scan saved at 00:17:50, on 17-01-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\Programmer\Creative\Shared Files\CAMTRAY.EXE
C:\Programmer\QuickTime\qttask.exe
C:\Programmer\iTunes\iTunesHelper.exe
C:\Programmer\IMT Labs Messenger Plugin\Cloud.exe
C:\Programmer\Winamp\winampa.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmer\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmer\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearchIndexer.exe
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\iPod\bin\iPodService.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Trine\Lokale indstillinger\Temporary Internet Files\Content.IE5\AOK8Q6ZD\hjt[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBRR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBRR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.dk/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.dk/R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBRR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
http://www.msn.dk/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: System Process - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - C:\WINDOWS\system32\navshext1.dll (file missing)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmer\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programmer\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmer\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CloudPlugin] "C:\Programmer\IMT Labs Messenger Plugin\Cloud.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [PlaxoUpdate] C:\WINDOWS\Plaxo\2.1.0.80\InstallStub.exe -a
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Programmer\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmer\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search -
res://C:\Programmer\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Open in new background tab -
res://C:\Programmer\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?8da12ccbabb44f79fb75b4fc91e3c5
O8 - Extra context menu item: Open in new foreground tab -
res://C:\Programmer\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?8da12ccbabb44f79fb75b4fc91e3c5
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) -
http://downol.dr.dk/download/netradio/Rawflow.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -
http://www.cult3d.com/download/cult.cabO16 - DPF: {53B3ABEA-4445-44D9-A01E-088144CAABD9} (FileSharingCtrl Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/da/filesharingctrl.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124913667718O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cabO16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) -
http://www.securityport.dk/scan/Msie/bitdefender.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoftware.com/activescan/as5/asinst.cabO16 - DPF: {A590956F-AE99-4419-BB39-3C721276C625} (Util Class) -
https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0504.exeO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cabO16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) -
http://f012.mail.jubii.dk/app/uploader/FileUploader.cabO16 - DPF: {F9408298-9658-482C-8B02-93F09A80225F} (Util Class) -
https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-0104.exeO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmer\ewido anti-malware\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SpywareCleanerService - Unknown owner - C:\Programmer\Spyware Cleaner\SCService.exe (file missing)
O23 - Service: Cryptainer service (ssoftservice) - Cypherix - A Business Division of Secure-Soft (India) Pvt Ltd - C:\WINDOWS\SYSTEM32\ssoftsrv.exe