CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg

Log ind eller opret profil

Du kan også logge ind via nedenstående tjenester

frigg Nybegynder

26. august 2007 - 12:32 Der er 11 kommentarer og
1 løsning

Hvad belaster min computer?

Min maskine kører langsommere og langsommere, og en masse uønskede sider dukker op når jeg er på nettet.

Er der noger der vi tjekke?

Logfile of HijackThis v1.99.1
Scan saved at 12:27:14, on 26-08-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\ctfmon.exe
c:\windows\system32\dwdsregt.exe
C:\WINDOWS\system32\pwinnmdt.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\BitLord\BitLord.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Lars-Ole Jensen\Local Settings\Temporary Internet Files\Content.IE5\5KHGWHM6\alternativ[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://heroes.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {F0DAF03B-F859-4CBF-80D6-28B30E28C068} - C:\WINDOWS\system32\ddcyy.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\SBPCI5122K\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Phase One Media Reader] C:\PROGRA~1\CAPTUR~1\100EOS1D\DCIMImp.exe /noscan /CheckAutoStart
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [hcenter] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [{70-03-38-82-ZN}] c:\windows\system32\dwdsregt.exe OLI001
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\pwinnmdt.exe OLI001
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\oyilvxae.dll",forkonce
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Lars-Ole Jensen\Local Settings\Temp\bundle.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\pwinnmdt.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Opret Foretrukken på mobil enhed - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Opret Foretrukken på mobil enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111158512703
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163331771375
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.kortal.dk/ecwplugins/ncs.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://opdatering.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {EDBE48BE-0150-4BD9-9B01-48559B6EE90A} (CWindowsConnectNow Object) - http://support.dlink.com/references/dgl-4300/dgl4300_ref_activex.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D53013C-DF70-4512-8971-B5A198063D9E}: NameServer = 129.142.6.64,129.142.6.65
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddcdcyx - C:\WINDOWS\SYSTEM32\ddcdcyx.dll
O20 - Winlogon Notify: ddcyy - C:\WINDOWS\system32\ddcyy.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Synes godt om

fromsej Praktikant

26. august 2007 - 12:58 #1

Der er lidt af hvert af gode sager.
Afinstaller MSN+ i Tilføj/Fjern programmer, jeg nægter at røre ved noget der støtter Lop/C2Media spywareproducenten.
Genstart, følg så hele vejledningen i denne artikel:
http://www.eksperten.dk/artikler/1123

Synes godt om

fromsej Praktikant

26. august 2007 - 13:01 #2

Den primære årsag til dine problemer finder du her:
BitLord
Drop det skide fildeling, det er den suverænt største smittespreder overhovedet på nettet!!!

Synes godt om

frigg Nybegynder

26. august 2007 - 15:24 #3

Jeg aner ikke hvad Lop/C2Media er, men har fjernet MSN+, da det er flere år siden jeg har brugt det.

Har derudover talt med min niece om, hvad man bruger min computer til, når hun er på besøg her.

Nye Logs:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/26/2007 at 02:41 PM

Application Version : 3.7.1018

Core Rules Database Version : 3292
Trace Rules Database Version: 1303

Scan type : Quick Scan
Total Scan Time : 00:04:47

Memory items scanned : 566
Memory threats detected : 0
Registry items scanned : 926
Registry threats detected : 2
File items scanned : 2694
File threats detected : 0

Adware.Vundo Variant
HKCR\CLSID\{F4002052-AB29-4B33-8C8D-0E99084564EC}
HKCR\CLSID\{F4002052-AB29-4B33-8C8D-0E99084564EC}\InprocServer32

Logfile of HijackThis v1.99.1
Scan saved at 14:57:48, on 26-08-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lars-Ole Jensen\Desktop\Eksperten hjælpefiler\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://heroes.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\SBPCI5122K\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Phase One Media Reader] C:\PROGRA~1\CAPTUR~1\100EOS1D\DCIMImp.exe /noscan /CheckAutoStart
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [hcenter] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Opret Foretrukken på mobil enhed - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Opret Foretrukken på mobil enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111158512703
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163331771375
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.kortal.dk/ecwplugins/ncs.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://opdatering.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {EDBE48BE-0150-4BD9-9B01-48559B6EE90A} (CWindowsConnectNow Object) - http://support.dlink.com/references/dgl-4300/dgl4300_ref_activex.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D53013C-DF70-4512-8971-B5A198063D9E}: NameServer = 129.142.6.64,129.142.6.65
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

********************************* ROOTCHK-(22-08-07)-LOG, by ejvindh
26-08-2007 15:00:33,53

Driver Core (visible) is present. Run COMBOFIX by sUBs or SDFIX by AndyManchesta.

********************************* ROOTCHK-LOG-end

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-26 15:00:33
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:5a,16,31,47,de,f7,20,93,8f,92,57,ed,43,a2,ff,e2,52,ce,37,92,f0,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,8c,cc,80,1d,3d,63,19,a0,ac,3e,c1,f6,90,9e,b6,05,82,..
"khjeh"=hex:67,d1,4d,72,b1,86,48,3a,fa,96,32,9a,39,69,62,5c,22,6c,06,ba,a8,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:19,5c,83,f1,0a,ab,2c,2f,7a,5d,3c,c6,77,ba,fc,19,48,94,53,3d,c2,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:5a,16,31,47,de,f7,20,93,8f,92,57,ed,43,a2,ff,e2,52,ce,37,92,f0,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,8c,cc,80,1d,3d,63,19,a0,ac,3e,c1,f6,90,9e,b6,05,82,..
"khjeh"=hex:67,d1,4d,72,b1,86,48,3a,fa,96,32,9a,39,69,62,5c,22,6c,06,ba,a8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:19,5c,83,f1,0a,ab,2c,2f,7a,5d,3c,c6,77,ba,fc,19,48,94,53,3d,c2,..

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden files: 0

ComboFix 07-08-25.2 - "Lars-Ole Jensen" 2007-08-26 15:04:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2448 [GMT 2:00]
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\temp\tn3
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_CORE
-------\core

((((((((((((((((((((((((( Files Created from 2007-07-26 to 2007-08-26 )))))))))))))))))))))))))))))))

2007-08-26 15:08 <DIR> d-------- C:\Temp\tn3
2007-08-26 15:02 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-26 13:56 681,335 ---hs---- C:\WINDOWS\system32\yycdd.ini2
2007-08-26 13:34 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-08-26 13:34 <DIR> d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-26 13:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-26 13:26 <DIR> d-------- C:\Program Files\CCleaner
2007-08-26 12:00 <DIR> d-------- C:\WINDOWS\system32\New Folder
2007-08-26 10:05 9,728 --a------ C:\WINDOWS\system32\rcpdu.dll
2007-08-26 10:05 9,216 --a------ C:\WINDOWS\system32\yatool.dll
2007-08-26 10:05 8,704 --a------ C:\WINDOWS\system32\dcphnet.dll
2007-08-26 10:05 8,192 --a------ C:\WINDOWS\system32\iphelp.dll
2007-08-26 10:05 8,192 --a------ C:\WINDOWS\system32\cbrowse.dll
2007-08-26 10:05 7,680 --a------ C:\WINDOWS\system32\protect.dll
2007-08-26 10:05 7,680 --a------ C:\WINDOWS\system32\gdid32.dll
2007-08-26 10:05 6,144 --a------ C:\WINDOWS\system32\netd.dll
2007-08-26 10:05 5,632 --a------ C:\WINDOWS\system32\ftpsystem.dll
2007-08-26 10:05 5,120 --a------ C:\WINDOWS\system32\rsh.dll
2007-08-26 10:05 4,608 --a------ C:\WINDOWS\system32\psx.dll
2007-08-26 10:05 4,096 --a------ C:\WINDOWS\system32\mscert.dll
2007-08-26 10:05 3,072 --a------ C:\WINDOWS\system32\pxcrt.dll
2007-08-26 10:04 665,519 ---hs---- C:\WINDOWS\system32\yycdd.bak1
2007-08-26 09:58 <DIR> d-------- C:\WINDOWS\Web Download
2007-08-25 01:40 <DIR> d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\Nero
2007-08-25 01:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-08-25 01:09 <DIR> d-------- C:\Program Files\Bonjour
2007-08-25 00:59 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-08-20 16:55 <DIR> d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\NeroDCTemplates
2007-08-11 11:19 <DIR> d-------- C:\Program Files\CPU-Z
2007-08-11 10:28 <DIR> d-------- C:\Program Files\Ashampoo
2007-08-10 04:20 <DIR> d-------- C:\Program Files\Common Files\MainConcept
2007-08-10 04:13 <DIR> d-------- C:\DOCUME~1\LARS-O~1\.SimpleCenter
2007-08-10 04:04 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-08-10 04:01 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-08-10 04:01 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-08-10 04:01 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-08-10 04:01 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-08-10 04:01 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-08-10 02:41 <DIR> d-------- C:\Program Files\SimpleCenter
2007-08-10 02:41 <DIR> d-------- C:\Program Files\Common Files\i4j_jres

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-26 15:12 --------- d-------- C:\Program Files\Steam
2007-08-26 13:34 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-26 13:16 --------- d-------- C:\Program Files\eMule
2007-08-25 01:46 --------- d-------- C:\Program Files\Capture One PRO
2007-08-25 01:40 --------- d-------- C:\Program Files\Nero
2007-08-25 01:38 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-25 01:36 --------- d-------- C:\Program Files\EPSON
2007-08-25 01:34 --------- d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\EPSON
2007-08-25 01:34 --------- d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\EPSON
2007-08-22 10:08 --------- d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\ArcSoft
2007-08-22 10:08 --------- d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\ArcSoft
2007-08-18 13:17 --------- d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\Nokia Multimedia Player
2007-08-18 13:17 --------- d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\Nokia Multimedia Player
2007-08-10 16:33 --------- d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\Nokia
2007-08-10 16:33 --------- d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\Nokia
2007-08-10 04:04 --------- d-------- C:\Program Files\Common Files\PCSuite
2007-08-10 04:04 --------- d-------- C:\Program Files\Common Files\Nokia
2007-08-10 04:01 --------- d-------- C:\Program Files\Nokia
2007-08-10 04:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
2007-08-10 03:51 --------- d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\PC Suite
2007-08-10 03:51 --------- d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\PC Suite
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-23 18:14 --------- d-------- C:\Program Files\JAM Software
2007-07-23 18:14 --------- d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\JAM Software
2007-07-23 18:14 --------- d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\JAM Software
2007-07-21 13:40 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-07-21 13:32 86016 --------- C:\WINDOWS\system32\OpenAL32.dll
2007-07-21 13:32 409600 --------- C:\WINDOWS\system32\wrap_oal.dll
2007-07-21 13:32 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative
2007-07-13 23:04 --------- d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\DataCast
2007-07-13 23:04 --------- d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\DataCast
2007-07-13 19:33 65024 --------- C:\WINDOWS\IFinst26.exe
2007-07-13 19:33 --------- d-------- C:\Program Files\Lame MP3 Codec
2007-07-13 19:32 --------- d-------- C:\Program Files\XviD
2007-07-13 19:31 --------- d-------- C:\Program Files\Samsung
2007-07-13 19:31 --------- d-------- C:\Program Files\MarkAny
2007-07-13 19:30 --------- d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\InstallShield
2007-07-13 19:30 --------- d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\InstallShield
2007-07-08 11:16 43520 --------- C:\WINDOWS\system32\CmdLineExt03.dll
2007-07-03 09:33 --------- d-------- C:\Program Files\SpywareGuard
2007-06-26 08:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 15:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 12:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-08 08:11 831048 --a------ C:\WINDOWS\system32\WudfUpdate_01005.dll
2005-05-04 13:41:28 56 --sh--r C:\WINDOWS\system32\61A7C07A86.sys
2005-05-04 13:41:28 2,306 --sh--w C:\WINDOWS\system32\KGyGaAvL.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Speed racer"="C:\Program Files\Creative\SBPCI5122K\PlayCenter\CTSRReg.exe" [1999-11-16 03:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-04-15 15:36]
"Phase One Media Reader"="C:\PROGRA~1\CAPTUR~1\100EOS1D\DCIMImp.exe" [2007-04-25 14:17]
"nwiz"="nwiz.exe" [2005-04-01 16:16 C:\WINDOWS\system32\nwiz.exe]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 12:50]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 05:03]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-05-23 04:55]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-07 21:56]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-04-08 13:45]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
"hcenter"="C:\Program Files\Support.com\bin\tgcmd.exe" []
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-25 17:37 C:\WINDOWS\RTHDCPL.EXE]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-08-16 11:08]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-04-01 16:16]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 16:44 C:\WINDOWS\KHALMNPR.Exe]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 16:32]
"MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 20:36]
"P17Helper"="SPIRun.dll" [2006-07-03 06:43 C:\WINDOWS\system32\SPIRun.dll]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 01:12]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
"sclauncher"="C:\Program Files\SimpleCenter\bin\win\sclauncher.exe" [2007-01-30 11:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-06-28 02:40]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2005-03-29 17:39]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 15:10]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55]
"MtdAcqu"="C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32]
"Nero PhotoShow Media Manager"="C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-08-26 14:48]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\DOCUME~1\LARS-O~1\STARTM~1\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\Updreg.exe

R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys
R0 SI3132;SiI-3132 SATALink Controller;C:\WINDOWS\system32\DRIVERS\SI3132.sys
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys
R2 P1C1394;Phase One 1394 Camera Driver;C:\WINDOWS\system32\Drivers\p1c1394.sys
R2 STEC3;STEC3;\??\C:\WINDOWS\system32\STEC3.sys
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
R3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys
R3 P17xfi;Sound Blaster X-Fi Xtreme Audio;C:\WINDOWS\system32\drivers\P17xfi.sys
R3 p17xfilt;p17xfilt;C:\WINDOWS\system32\drivers\p17xfilt.sys
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
S3 cmudax;C-Media Azalia Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys
S3 efipsk;efipsk;\??\C:\DOCUME~1\LARS-O~1\LOCALS~1\Temp\efipsk.sys
S3 EraserUtilDrv10615;EraserUtilDrv10615;\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10615.sys
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver;C:\WINDOWS\system32\Drivers\L8042mou.sys
S3 W8100XP;Marvell Libertas 802.11b/g SoftAP Driver for Windows XP ;C:\WINDOWS\system32\DRIVERS\mrv8ka51.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a87ddccd-9871-11d9-9a9b-806d6172696f}]
AutoRun\command- G:\AUTORUN.EXE

*Newly Created Service* - SASDIFSV

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-26 15:12:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-26 15:14:36 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-26 15:14

--- E O F ---

Synes godt om

fromsej Praktikant

26. august 2007 - 18:37 #4

Hent Ccleaner her:
http://www.filehippo.com/download_ccleaner/
Installer Ccleaner, husk at fjerne fluebenet udfor installation af Yahoo toolbar.
Start programmet, fjern fluebenet i cookies.
Klik på kør Cleaner og lad den fjerne hvad den finder.
Klik så på Problemer ovre i venstre side (den blå terning), klik på Skan efter problemer, når den er færdig, klik på Udbedre valgte problemer, lav evt. en backup af registreringsdatabasen, klik så på udbedre alle valgte problemer.
Klik på OK, klik på Luk når den er færdig.
Genstart.
---------------------------------------
Kør Hijackthis, scan, sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.
[black]
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
[/black]
---------------------------------------
Kopiér indholdet mellem de bølgede linier ind i et notepad-vindue, og gem indholdet i samme mappe, som Combofix ligger med navnet CFScript.txt. Når du gemmer, skal du sikre, at der under "filtyper" står "alle filer".

~~~~~~~~~~~~~~~~~~~~~~~~~~

File::
C:\WINDOWS\system32\yycdd.ini2
C:\WINDOWS\system32\rcpdu.dll
C:\WINDOWS\system32\yatool.dll
C:\WINDOWS\system32\dcphnet.dll
C:\WINDOWS\system32\iphelp.dll
C:\WINDOWS\system32\cbrowse.dll
C:\WINDOWS\system32\protect.dll
C:\WINDOWS\system32\gdid32.dll
C:\WINDOWS\system32\netd.dll
C:\WINDOWS\system32\ftpsystem.dll
C:\WINDOWS\system32\rsh.dll
C:\WINDOWS\system32\psx.dll
C:\WINDOWS\system32\mscert.dll
C:\WINDOWS\system32\pxcrt.dll
C:\WINDOWS\system32\yycdd.bak1
C:\WINDOWS\IFinst26.exe

Folder::
C:\Program Files\eMule
C:\Program Files\BitLord

~~~~~~~~~~~~~~~~~~~~~~~~~~
Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen. - http://www.fromsej.saknet.dk/billeder/cfscript.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
---------------------------------------
Vi skal se en frisk hijackthislog, samt den nye combofixlog.

Synes godt om

frigg Nybegynder

28. august 2007 - 01:02 #5

Logfile of HijackThis v1.99.1
Scan saved at 00:47:43, on 28-08-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\hphmon05.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Lars-Ole Jensen\Desktop\Eksperten hjælpefiler\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://heroes.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\SBPCI5122K\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Phase One Media Reader] C:\PROGRA~1\CAPTUR~1\100EOS1D\DCIMImp.exe /noscan /CheckAutoStart
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Opret Foretrukken på mobil enhed - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Opret Foretrukken på mobil enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.certifikat.tdc.dk/csp/authenticode/PrimeInkCSP-1204.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111158512703
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163331771375
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://www.kortal.dk/ecwplugins/ncs.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D216644A-C6DB-49D9-BBCF-D38FE7991BF2} (Util Class) - https://opdatering.tdc.dk/csp/authenticode/tdccsp-0506.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {EDBE48BE-0150-4BD9-9B01-48559B6EE90A} (CWindowsConnectNow Object) - http://support.dlink.com/references/dgl-4300/dgl4300_ref_activex.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D53013C-DF70-4512-8971-B5A198063D9E}: NameServer = 129.142.6.64,129.142.6.65
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

ComboFix 07-08-25.2 - "xxx" 2007-08-28 0:52:04.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2517 [GMT 2:00]

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\temp\tn3

((((((((((((((((((((((((( Files Created from 2007-07-27 to 2007-08-27 )))))))))))))))))))))))))))))))

2007-08-26 15:02 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-26 13:56 681,335 ---hs---- C:\WINDOWS\system32\yycdd.ini2
2007-08-26 13:34 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-08-26 13:34 <DIR> d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-26 13:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-26 13:26 <DIR> d-------- C:\Program Files\CCleaner
2007-08-26 12:00 <DIR> d-------- C:\WINDOWS\system32\New Folder
2007-08-26 10:05 9,728 --a------ C:\WINDOWS\system32\rcpdu.dll
2007-08-26 10:05 9,216 --a------ C:\WINDOWS\system32\yatool.dll
2007-08-26 10:05 8,704 --a------ C:\WINDOWS\system32\dcphnet.dll
2007-08-26 10:05 8,192 --a------ C:\WINDOWS\system32\iphelp.dll
2007-08-26 10:05 8,192 --a------ C:\WINDOWS\system32\cbrowse.dll
2007-08-26 10:05 7,680 --a------ C:\WINDOWS\system32\protect.dll
2007-08-26 10:05 7,680 --a------ C:\WINDOWS\system32\gdid32.dll
2007-08-26 10:05 6,144 --a------ C:\WINDOWS\system32\netd.dll
2007-08-26 10:05 5,632 --a------ C:\WINDOWS\system32\ftpsystem.dll
2007-08-26 10:05 5,120 --a------ C:\WINDOWS\system32\rsh.dll
2007-08-26 10:05 4,608 --a------ C:\WINDOWS\system32\psx.dll
2007-08-26 10:05 4,096 --a------ C:\WINDOWS\system32\mscert.dll
2007-08-26 10:05 3,072 --a------ C:\WINDOWS\system32\pxcrt.dll
2007-08-26 10:04 665,519 ---hs---- C:\WINDOWS\system32\yycdd.bak1
2007-08-26 09:58 <DIR> d-------- C:\WINDOWS\Web Download
2007-08-25 01:40 <DIR> d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\Nero
2007-08-25 01:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-08-25 01:09 <DIR> d-------- C:\Program Files\Bonjour
2007-08-25 00:59 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-08-20 16:55 <DIR> d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\NeroDCTemplates
2007-08-11 11:19 <DIR> d-------- C:\Program Files\CPU-Z
2007-08-11 10:28 <DIR> d-------- C:\Program Files\Ashampoo
2007-08-10 04:20 <DIR> d-------- C:\Program Files\Common Files\MainConcept
2007-08-10 04:13 <DIR> d-------- C:\DOCUME~1\LARS-O~1\.SimpleCenter
2007-08-10 04:04 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2007-08-10 04:01 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-08-10 04:01 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-08-10 04:01 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-08-10 04:01 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-08-10 04:01 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-08-10 02:41 <DIR> d-------- C:\Program Files\SimpleCenter
2007-08-10 02:41 <DIR> d-------- C:\Program Files\Common Files\i4j_jres

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-28 00:38 --------- d-------- C:\Program Files\Steam
2007-08-26 13:34 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-26 13:16 --------- d-------- C:\Program Files\eMule
2007-08-25 01:46 --------- d-------- C:\Program Files\Capture One PRO
2007-08-25 01:40 --------- d-------- C:\Program Files\Nero
2007-08-25 01:38 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-25 01:36 --------- d-------- C:\Program Files\EPSON
2007-08-25 01:34 --------- d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\EPSON
2007-08-25 01:34 --------- d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\EPSON
2007-08-22 10:08 --------- d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\ArcSoft
2007-08-22 10:08 --------- d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\ArcSoft
2007-08-18 13:17 --------- d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\Nokia Multimedia Player
2007-08-18 13:17 --------- d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\Nokia Multimedia Player
2007-08-10 16:33 --------- d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\Nokia
2007-08-10 16:33 --------- d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\Nokia
2007-08-10 04:04 --------- d-------- C:\Program Files\Common Files\PCSuite
2007-08-10 04:04 --------- d-------- C:\Program Files\Common Files\Nokia
2007-08-10 04:01 --------- d-------- C:\Program Files\Nokia
2007-08-10 04:00 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
2007-08-10 03:51 --------- d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\PC Suite
2007-08-10 03:51 --------- d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\PC Suite
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-23 18:14 --------- d-------- C:\Program Files\JAM Software
2007-07-23 18:14 --------- d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\JAM Software
2007-07-23 18:14 --------- d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\JAM Software
2007-07-21 13:40 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-07-21 13:32 86016 --------- C:\WINDOWS\system32\OpenAL32.dll
2007-07-21 13:32 409600 --------- C:\WINDOWS\system32\wrap_oal.dll
2007-07-21 13:32 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative
2007-07-13 23:04 --------- d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\DataCast
2007-07-13 23:04 --------- d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\DataCast
2007-07-13 19:33 65024 --------- C:\WINDOWS\IFinst26.exe
2007-07-13 19:33 --------- d-------- C:\Program Files\Lame MP3 Codec
2007-07-13 19:32 --------- d-------- C:\Program Files\XviD
2007-07-13 19:31 --------- d-------- C:\Program Files\Samsung
2007-07-13 19:31 --------- d-------- C:\Program Files\MarkAny
2007-07-13 19:30 --------- d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\InstallShield
2007-07-13 19:30 --------- d-------- C:\DOCUME~1\LARS-O~1\APPLIC~1\InstallShield
2007-07-08 11:16 43520 --------- C:\WINDOWS\system32\CmdLineExt03.dll
2007-07-03 09:33 --------- d-------- C:\Program Files\SpywareGuard
2007-06-26 08:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 15:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-13 12:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-08 08:11 831048 --a------ C:\WINDOWS\system32\WudfUpdate_01005.dll
2005-05-04 13:41:28 56 --sh--r C:\WINDOWS\system32\61A7C07A86.sys
2005-05-04 13:41:28 2,306 --sh--w C:\WINDOWS\system32\KGyGaAvL.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Speed racer"="C:\Program Files\Creative\SBPCI5122K\PlayCenter\CTSRReg.exe" [1999-11-16 03:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-04-15 15:36]
"Phase One Media Reader"="C:\PROGRA~1\CAPTUR~1\100EOS1D\DCIMImp.exe" [2007-04-25 14:17]
"nwiz"="nwiz.exe" [2005-04-01 16:16 C:\WINDOWS\system32\nwiz.exe]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 12:50]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 05:03]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-05-23 04:55]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-07 21:56]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-04-08 13:45]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-25 17:37 C:\WINDOWS\RTHDCPL.EXE]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-08-16 11:08]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-04-01 16:16]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 16:44 C:\WINDOWS\KHALMNPR.Exe]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 16:32]
"MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-30 20:36]
"P17Helper"="SPIRun.dll" [2006-07-03 06:43 C:\WINDOWS\system32\SPIRun.dll]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 01:12]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
"sclauncher"="C:\Program Files\SimpleCenter\bin\win\sclauncher.exe" [2007-01-30 11:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-06-28 02:40]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2005-03-29 17:39]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 15:10]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-08-26 14:48]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\DOCUME~1\LARS-O~1\STARTM~1\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\Updreg.exe

R0 iteraid;ITERAID_Service_Install;C:\WINDOWS\system32\DRIVERS\iteraid.sys
R0 SI3132;SiI-3132 SATALink Controller;C:\WINDOWS\system32\DRIVERS\SI3132.sys
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys
R2 P1C1394;Phase One 1394 Camera Driver;C:\WINDOWS\system32\Drivers\p1c1394.sys
R2 STEC3;STEC3;\??\C:\WINDOWS\system32\STEC3.sys
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter;C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
R3 P0630VID;Creative WebCam Live!;C:\WINDOWS\system32\DRIVERS\P0630Vid.sys
R3 P17xfi;Sound Blaster X-Fi Xtreme Audio;C:\WINDOWS\system32\drivers\P17xfi.sys
R3 p17xfilt;p17xfilt;C:\WINDOWS\system32\drivers\p17xfilt.sys
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
S3 cmudax;C-Media Azalia Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys
S3 efipsk;efipsk;\??\C:\DOCUME~1\LARS-O~1\LOCALS~1\Temp\efipsk.sys
S3 EraserUtilDrv10615;EraserUtilDrv10615;\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10615.sys
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver;C:\WINDOWS\system32\Drivers\L8042mou.sys
S3 W8100XP;Marvell Libertas 802.11b/g SoftAP Driver for Windows XP ;C:\WINDOWS\system32\DRIVERS\mrv8ka51.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a87ddccd-9871-11d9-9a9b-806d6172696f}]
AutoRun\command- G:\AUTORUN.EXE

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-28 00:55:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-28 0:56:05
C:\ComboFix-quarantined-files.txt ... 2007-08-28 00:56
C:\ComboFix2.txt ... 2007-08-26 15:14

--- E O F ---

Synes godt om

fromsej Praktikant

28. august 2007 - 16:51 #6

-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Sæt en prik i "Input Script Manually" og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere HELE indholdet markeret mellem ~~ ind:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Files to delete:
C:\WINDOWS\system32\yycdd.ini2
C:\WINDOWS\system32\rcpdu.dll
C:\WINDOWS\system32\yatool.dll
C:\WINDOWS\system32\dcphnet.dll
C:\WINDOWS\system32\iphelp.dll
C:\WINDOWS\system32\cbrowse.dll
C:\WINDOWS\system32\protect.dll
C:\WINDOWS\system32\gdid32.dll
C:\WINDOWS\system32\netd.dll
C:\WINDOWS\system32\ftpsystem.dll
C:\WINDOWS\system32\rsh.dll
C:\WINDOWS\system32\psx.dll
C:\WINDOWS\system32\mscert.dll
C:\WINDOWS\system32\pxcrt.dll
C:\WINDOWS\system32\yycdd.bak1
C:\WINDOWS\IFinst26.exe

Folders to delete:
C:\Program Files\eMule
C:\Program Files\BitLord

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-- Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

Synes godt om

frigg Nybegynder

29. august 2007 - 02:23 #7

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vyjreavg

*******************

Script file located at: \??\C:\ycehjgto.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\yycdd.ini2 deleted successfully.
File C:\WINDOWS\system32\rcpdu.dll deleted successfully.
File C:\WINDOWS\system32\yatool.dll deleted successfully.
File C:\WINDOWS\system32\dcphnet.dll deleted successfully.
File C:\WINDOWS\system32\iphelp.dll deleted successfully.
File C:\WINDOWS\system32\cbrowse.dll deleted successfully.
File C:\WINDOWS\system32\protect.dll deleted successfully.
File C:\WINDOWS\system32\gdid32.dll deleted successfully.
File C:\WINDOWS\system32\netd.dll deleted successfully.
File C:\WINDOWS\system32\ftpsystem.dll deleted successfully.
File C:\WINDOWS\system32\rsh.dll deleted successfully.
File C:\WINDOWS\system32\psx.dll deleted successfully.
File C:\WINDOWS\system32\mscert.dll deleted successfully.
File C:\WINDOWS\system32\pxcrt.dll deleted successfully.
File C:\WINDOWS\system32\yycdd.bak1 deleted successfully.
File C:\WINDOWS\IFinst26.exe deleted successfully.
Folder C:\Program Files\eMule deleted successfully.
Folder C:\Program Files\BitLord deleted successfully.

Completed script processing.

*******************

Synes godt om

fromsej Praktikant

29. august 2007 - 19:11 #8

Det ser godt ud, har det hjulpet?

Synes godt om

frigg Nybegynder

30. august 2007 - 02:01 #9

Ja tak, det har hjulpet meget. Tak for hjælpen.

Synes godt om

frigg Nybegynder

30. august 2007 - 02:07 #10

Laver du et svar, så jeg kan give dig point?

Synes godt om

fromsej Praktikant

30. august 2007 - 13:27 #11

Det kommer her. :-)

Synes godt om

fromsej Praktikant

30. august 2007 - 19:13 #12

Tak for point. :-)

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
pop up black friday Af Malm i Virus	10	22/11/202420:49	23/11/202410:46
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus	21	22/06/202419:22	23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus	23	07/05/202421:02	13/05/202419:48
trusler Af gerhardpet i Virus	4	26/01/202410:02	27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus	16	09/01/202416:37	10/01/202419:59

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS

12:00

Ugen i tech: El-kolos kan fragte syv personer over 620 kilometer / Sony er klar med ny kamera-konge: Alpha 1 mk II

22/11

Test: Den snusfornuftige Volkswagen ID.3 blevet til lidt af el-bisse

22/11

Vil købe tele-løsninger til det offentlige for 370 millioner kroner

22/11

Nørgaard: Det er de neuro-divergente originalers tid

22/11

Sker helt åbenlyst: Ansatte i den kinesiske stat sælger borgernes personlige data på hemmelige internet-fora

22/11

Efterspørgslen på AI-regnekraft er enorm - og det smitter af på priserne: "Vi kan sælge næsten alt, hvad vi får ind"

22/11

Derfor bliver den amerikanske tvangs-opdeling af Google nok ikke til noget

22/11

Nyt værtøj fra Microsoft: Snart kan du reparere nedbrudte Windows-enheder på distancen

22/11

Vi har fundet 10 ledige it-stillinger, som du kan søge netop nu

22/11

Politiet skriver kontrakt på 75 millioner kroner med dansk it-firma: Medarbejdere skal flytte ind hos politiet

22/11

Kombit gør klar til at købe it-konsulenter for 140 millioner kroner - her er planen

Vis flere artikler

IT-JOB

SporingsGruppen ApS

Backend-udvikler

KMD A/S

Kundevendt .NET-udvikler med fokus på Microsoft Tech Stack

PensionDanmark

MS Dynamics-udvikler

Udviklings- og Forenklingsstyrelsen

Karrieremulighed inden for cybersikkerhed

Sydbank

Senior Data Specialist til Data & Business Enablement

Vis flere jobs

Seneste spørgsmål Seneste aktivitet

I går 18:09	Billedoverførsel Af Laurids i iOS, iPhone & iPad
I går 13:30	Hvordan ændres UniFi Dream Machine UDM til switch mode Af Kasper4450 i Internetforbindelser
I går 13:01	Film går i stå midt i afspilningen Af ole falsted i Musik & videoafspillere
I går 11:40	Fjerne mappe i stifinder Af Peter Olsen i Andet software
I går 11:27	renteberegning Af Pil i Excel