Avatar billede Pistoleer Praktikant
25. december 2007 - 00:31 Der er 10 kommentarer og
1 løsning

Hjælp! Er jeg angrebet? HiJackThis fil til gennemsyn

Hej eksperter

Under julemiddagen får jeg af min kærestes onkel af vide, at jeg sender alle mulige mails til ham. Og da han siger det kommer jeg til at tænke på, at når jeg sender en mail i Outlook så står der i statuslinien 'sender 4 af 4' selvom jeg kun skal sende en mail.

Derudover er mit explorer pludselig på engelsk selvom det plejer at være dansk og jeg mindes ikke at have opdateret det eller lignende.

Så jeg håber der sidder en klog sjæl derude der kan hjælpe mig. Jeg har kørt HJT og her er loggen:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:32:24, on 25-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\HP_Administrator\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mostwantedbits.org/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IE Privacy Keeper - Last IE Window Detector - {1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPKbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - :C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: avast! Antivirus.lnk = C:\Program Files\Alwil Software\Avast4\ashAvast.exe
O4 - Startup: Sygate Personal Firewall.lnk = C:\Program Files\Sygate\SPF\Smc.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {D799B0E4-BEDE-41d2-AEE0-1E3A1C4EF918} - C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe (HKCU)
O9 - Extra 'Tools' menuitem: IE Privacy Keeper - {D799B0E4-BEDE-41d2-AEE0-1E3A1C4EF918} - C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe (HKCU)
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://kpssemsrv03.udd.sembsc.dk/qp2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191957133718
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://kpssemsrv02.udd.sembsc.dk/dwa7W.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\HP_Administrator\Desktop\skrivebord\index.htm

--
End of file - 7568 bytes
Avatar billede Pistoleer Praktikant
25. december 2007 - 09:37 #1
Hej igen

Jeg gik selv igang igår, da jeg fandt et spørgsmål der indeholdt dette link og jeg må indrømme at jeg tilhører en af de godtroende der har troet på en gratis mobil:

http://www.eksperten.dk/artikler/1123

Så her er der 4 logfiler:

HIJACKTHIS:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:19:24, on 25-12-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Administrator\Desktop\AV jul 2007\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eksperten.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: IE Privacy Keeper - Last IE Window Detector - {1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPKbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - :C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: avast! Antivirus.lnk = C:\Program Files\Alwil Software\Avast4\ashAvast.exe
O4 - Startup: Sygate Personal Firewall.lnk = C:\Program Files\Sygate\SPF\Smc.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Send til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end til OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {D799B0E4-BEDE-41d2-AEE0-1E3A1C4EF918} - C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe (HKCU)
O9 - Extra 'Tools' menuitem: IE Privacy Keeper - {D799B0E4-BEDE-41d2-AEE0-1E3A1C4EF918} - C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe (HKCU)
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://kpssemsrv03.udd.sembsc.dk/qp2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191957133718
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://kpssemsrv02.udd.sembsc.dk/dwa7W.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\HP_Administrator\Desktop\skrivebord\index.htm

--
End of file - 7794 bytes


COMBOFIX:

ComboFix 07-12-21.4 - HP_Administrator 2007-12-25  9:23:26.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.467 [GMT 1:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\AV jul 2007\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\pskill.exe
D:\Autorun.inf

.
(((((((((((((((((((((((((  Files Created from 2007-11-25 to 2007-12-25  )))))))))))))))))))))))))))))))
.

2007-12-25 00:48 . 2007-12-25 00:48    <DIR>    d--------    C:\Program Files\CCleaner
2007-12-25 00:43 . 2007-12-25 00:43    <DIR>    d--------    C:\Program Files\Windows Defender
2007-12-25 00:41 . 2007-12-25 00:41    <DIR>    d--------    C:\Program Files\Microsoft Silverlight
2007-12-20 17:03 . 2007-12-20 17:03    268    --ah-----    C:\sqmdata05.sqm
2007-12-20 17:03 . 2007-12-20 17:03    244    --ah-----    C:\sqmnoopt05.sqm
2007-12-20 04:57 . 2007-12-20 04:57    268    --ah-----    C:\sqmdata04.sqm
2007-12-20 04:57 . 2007-12-20 04:57    244    --ah-----    C:\sqmnoopt04.sqm
2007-12-17 20:36 . 2007-12-17 20:36    <DIR>    d--------    C:\Program Files\FM Modifier 2.2
2007-12-16 10:49 . 2007-12-16 11:10    <DIR>    d--------    C:\Documents and Settings\HP_Administrator\Application Data\DVD Profiler
2007-12-16 10:48 . 2007-12-16 10:48    <DIR>    d--------    C:\Program Files\DVD Profiler
2007-12-10 22:17 . 2007-12-10 22:17    <DIR>    d--------    C:\Program Files\Mozilla Thunderbird
2007-12-10 22:17 . 2007-12-10 22:17    <DIR>    d--------    C:\Documents and Settings\HP_Administrator\Application Data\Thunderbird
2007-12-10 22:17 . 2007-12-10 22:17    <DIR>    d--------    C:\Documents and Settings\HP_Administrator\Application Data\Talkback
2007-12-10 22:17 . 2007-12-10 22:17    0    --a------    C:\WINDOWS\nsreg.dat
2007-12-10 22:00 . 2007-12-10 21:44    55,778    --a------    C:\200611090030_cms6dognvestsjaelland.jpg
2007-12-10 22:00 . 2007-12-10 22:00    18,432    --ahs----    C:\Thumbs.db
2007-12-10 22:00 . 2007-12-10 22:00    8,192    --ahs----    C:\WINDOWS\Thumbs.db
2007-12-10 21:35 . 2007-12-03 15:35    293,956    --a------    C:\20020515RealMadridRaul2wp.jpg
2007-12-10 21:35 . 2007-06-18 20:13    221,203    --a------    C:\APTOPIX_SPAIN_SOCCE_258634f.jpg
2007-12-10 21:35 . 2007-12-10 21:20    17,366    --a------    C:\LogoRealMadrid1.jpg

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-25 00:31    ---------    d-----w    C:\Documents and Settings\HP_Administrator\Application Data\uTorrent
2007-12-25 00:12    ---------    d-----w    C:\Program Files\SUPERAntiSpyware
2007-12-25 00:03    ---------    d-----w    C:\Program Files\Common Files\Wise Installation Wizard
2007-12-25 00:03    ---------    d-----w    C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2007-12-20 20:21    ---------    d-----w    C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2007-12-16 00:17    ---------    d-----w    C:\Program Files\MagicISO
2007-12-09 19:00    ---------    d-----w    C:\Documents and Settings\HP_Administrator\Application Data\dvdcss
2007-11-18 10:28    ---------    d-----w    C:\Program Files\HAM
2007-11-14 20:33    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-14 20:28    102,800    ----a-w    C:\WINDOWS\system32\drivers\tmcomm.sys
2007-11-14 18:10    ---------    d-----w    C:\Program Files\Hattrick Coach Professional
2007-11-07 17:45    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2007-11-07 17:38    ---------    d-----w    C:\Documents and Settings\HP_Administrator\Application Data\Songbird1
2007-11-03 21:10    ---------    d-----w    C:\Documents and Settings\HP_Administrator\Application Data\TVU Networks
2007-11-03 21:09    ---------    d-----w    C:\Program Files\TVUPlayer
2007-10-30 17:37    ---------    d-----w    C:\Documents and Settings\HP_Administrator\Application Data\Hoyle Card Games
2007-10-30 17:35    ---------    d-----w    C:\Documents and Settings\HP_Administrator\Application Data\Hoyle FaceCreator
2007-10-30 17:32    107,888    ----a-w    C:\WINDOWS\system32\CmdLineExt.dll
2007-10-30 17:32    ---------    d--h--r    C:\Documents and Settings\HP_Administrator\Application Data\SecuROM
2005-05-12 05:36    12,288    -c--a-w    C:\WINDOWS\Fonts\RandFont.dll
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-04-23 15:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-10 13:00 C:\WINDOWS\system32\rundll32.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 14:32 C:\WINDOWS\KHALMNPR.Exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 23:17]
"nwiz"="nwiz.exe" [2007-04-19 12:26 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-10 13:00 C:\WINDOWS\system32\rundll32.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 15:08 C:\WINDOWS\RTHDCPL.exe]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
avast! Antivirus.lnk - C:\Program Files\Alwil Software\Avast4\ashAvast.exe [2006-07-06 07:22:29]
Sygate Personal Firewall.lnk - C:\Program Files\Sygate\SPF\Smc.exe [2004-10-15 18:40:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= C:\Documents and Settings\HP_Administrator\Desktop\skrivebord\index.htm
FriendlyName=

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MA111 Configuration Utility.lnk]
backup=C:\WINDOWS\pss\MA111 Configuration Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Smart Wizard Wireless Settings.lnk]
backup=C:\WINDOWS\pss\Smart Wizard Wireless Settings.lnkCommon Startup
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 01:12    483328    --a--c---    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-09-25 19:11    94208    --a------    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
2005-10-27 11:00    299008    ---------    C:\Program Files\Creative\Shared Files\CamTray.exe
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Messaging]
            C:\Program Files\Logitech\Easy Messaging\MobilePhoneSuite.exe --nogui
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\feedreader.exe]
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 00:47    31016    --a------    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 06:12    49152    --a--c---    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-08-15 19:15    271672    --a------    C:\Program Files\iTunes\iTunesHelper.exe
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2006-01-17 12:03    53248    --a--c---    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2006-01-17 12:03    135168    --a--c---    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
            C:\Program Files\MySpace\IM\MySpaceIM.exe
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2005-09-25 19:11    155648    --a------    C:\WINDOWS\system32\NeroCheck.exe
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
            RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
            C:\Program Files\QuickTime\qttask.exe -atboottime
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2004-12-14 02:23    663552    --a--c---    C:\Windows\Creator\Remind_XP.exe
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIDEBAR]
            C:\Program Files\Desktop Sidebar\dsidebar.exe
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
            C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
            C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-08-27 10:14    36975    --a--c---    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVCHOSTS]
2007-01-10 14:11    241664    ---hs----    C:\Program Files\Common Files\Microsoft  Shared\DAO\PCD\SVCHOST.EXE
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
            C:\Program Files\Common Files\Real\Update_OB\realsched.exe  -osboot
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TopDesk]
            C:\Nye programmer\TopDesk\topdesk.exe
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
            C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_0
           
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
            C:\Program Files\Winamp\winampa.exe

R0 dontgo;Promise Removable Disk Control Driver;C:\WINDOWS\system32\DRIVERS\DontGo.sys [2004-06-30 05:25]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 16:11]
R2 gearsec;gearsec;C:\WINDOWS\system32\gearsec.exe [2003-12-02 08:49]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-10-03 21:57]
S2 MSF32;MSF32;L:\DC++\MySecretFolder\MSF32.SYS []
S3 V0330VID;WebCam Vista;C:\WINDOWS\system32\DRIVERS\V0330Vid.sys [2006-09-12 18:00]
S3 vdiskbus;Virtual Disk Bus;C:\WINDOWS\system32\DRIVERS\vdiskbus.sys []
S3 wg121;NETGEAR WG121 802.11g Wireless USB2.0 Adapter;C:\WINDOWS\system32\DRIVERS\wg121nd5.sys []
S3 WLAN_USB;Wireless LAN USB Driver;C:\WINDOWS\system32\DRIVERS\MA111nd5.sys [2002-12-23 18:36]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27ee2912-7ede-11dc-ac97-0015f2a41a5a}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4acc2e92-0369-11db-8bb1-806d6172696f}]
\Shell\AutoRun\command - \DC++\Downloads\USB-Toolbox.v2.2.Multilanguage.WinAll-LAXiTY\USBToolBox\USBToolBox\ToolBox.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-21 16:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-12-22 10:48:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-13 11:32:18 C:\WINDOWS\Tasks\Internettjenester.job"
- C:\Program Files\Hewlett-Packard\SDP\HPSdpApp.exeb/remind /LaunchPoint reminder /App C:\Program Files\Hewlett-Packard\Internet Services\StartIS.aml
"2007-12-25 08:18:55 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-25 09:29:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-25  9:29:56


ROOTLOG:

********************************* ROOTCHK-(5-12-07)-LOG, by ejvindh
25-12-2007  9:20:29,21

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-25 09:20:32
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg41]

scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0


SUPERANTISPYWARE LOG:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/25/2007 at 02:17 AM

Application Version : 3.7.1018

Core Rules Database Version : 3366
Trace Rules Database Version: 1365

Scan type      : Complete Scan
Total Scan Time : 01:05:12

Memory items scanned      : 179
Memory threats detected  : 0
Registry items scanned    : 8292
Registry threats detected : 0
File items scanned        : 58804
File threats detected    : 81

Adware.Tracking Cookie
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad1.emediate[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.pointroll[2].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@qxl.adservinginternational[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg.hitbox[2].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@clicktorrent[2].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bs.serving-sys[2].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.bolddk[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bluestreak[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@click.tdc-online[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@clickaider[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@4.adbrite[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[2].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@eas.apm.emediate[2].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@888[2].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@seasnve.112.2o7[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adfair[2].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediafire[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads2.jubii[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ncom.banneradministration[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@torrent-finder[2].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@philips.112.2o7[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adserver.banneradministration[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cgi-bin[2].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ipoint.targetpoint[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adtech[2].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@indextools[2].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@magasindn.112.2o7[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.dk-kogebogen[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.gamershell[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.zanox[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-adidas.hitbox[2].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.yieldmanager[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.adbrite[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@hitbox[2].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@partypoker[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@edsa.122.2o7[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@kickapps[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@nabosex[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@qxl.banneradministration[2].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@eas4.emediate[2].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@community.finditquick[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@2o7[2].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.estart[2].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@advertising[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@linkto.mediafire[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media.adrevolver[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-youtube.hitbox[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adbrite[2].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-deltatre.hitbox[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cassava[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@eboks.112.2o7[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@statcounter[2].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tipsbladet.banneradministration[2].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@track.adform[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@rocku.adbureau[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@questionmarket[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@partygaming.122.2o7[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.nabosex[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@statse.webtrendslive[2].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@specificclick[2].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@stat.onestat[2].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@premiumtv.122.2o7[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@server.iad.liveperson[2].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@serving-sys[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tradedoubler[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediaplex[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@saxopolagroup.122.2o7[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tribalfusion[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@overture[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@zedo[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sexnoveller[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@usenext[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@videoegg.adbureau[2].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@server.cpmstar[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@stat.postdanmark[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@zbox.zanox[2].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.sexnoveller[2].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.mediafire[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@m1_track_2007_11[1].txt
    C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@statsmanager[1].txt


Så endnu engang håber jeg at der sidder en venlig sjæl derude, der kan hjælpe mig

Med venlig hilsen

Thomas
25. december 2007 - 12:09 #2
"...en gratis mobil..." - der er intet i livet der er gratis *S* . Så skulle det da lige være bistand her på Eksperten...

ComboFix har allerede fixet nogle elementer...

Oplever du problemer ?

PS: Du lever livet farligt -> "uTorrent"
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284
Avatar billede reinelt Nybegynder
25. december 2007 - 12:35 #3
MSIE: Unable to get Internet Explorer version! er denne melding blevet rettet
i forbindelse med rensningen?
Avatar billede Pistoleer Praktikant
25. december 2007 - 13:43 #4
att karise larry:
Mht uTorrent, så er jeg klar over det. Bruger det faktisk heller ikke mere, men har været for sløv til at pille det af listen med programmer der starter automatisk. Det burde det være nu.

Jeg har ikke rigtig brugt min mail siden jeg blev gjort klar over problemet, så det ved jeg umiddelbart ikke. Det eneste synlige problem er explorer.

att reinelt:
Nej det er ikke blevet rettet.
Avatar billede reinelt Nybegynder
25. december 2007 - 16:39 #5
så er det jo derfor onklen får engelske mails sansynligvis genindstallering af explorer påkrævet.
25. december 2007 - 18:47 #6
1) Det ser da ud til at generelt være en US version af XP ( C:\Program Files\... ) såååå.... Sååå at du skulle have købt og instaleret en US version engang - hmmm...

2) Kig i alle dine JOBs -> er det nogle du kender ?

3) Hent Dial-a-fix på dette link, og gem det på skrivebordet.
http://djlizard.net/Dial-a-fix-2006-09-19.exe
Kør programmet, klik på "Tools" knappen (billede af en hammer), marker følgende punkt, og klik på "GO"
Repair/reintstall IE
Fortæl bagefter om det har hjulpet.

4) Slet følgende:
C:\Documents and Settings\HP_Administrator\Application Data\uTorrent
C:\Program Files\uTorrent

5) Registreringsdatabase ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.
Avatar billede Pistoleer Praktikant
26. december 2007 - 12:37 #7
Vedr 1:

Den nuværende version er XP er Windows XP Media Center Edition som fulgte med da jeg købte computeren forrige sommer, så intet hmmm her!

Ang resten af punkterne, så kigger jeg på det senere. Lige nu står den på endnu en julefrokost

Fortsat god jul,

Thomas
26. december 2007 - 13:10 #8
Ad 1) Jeg misforstod nok et eller andet der *S* - fint nok...
03. januar 2008 - 21:17 #9
Lang julefrokost ??? *S*
Avatar billede Pistoleer Praktikant
24. juli 2008 - 20:20 #10
Karise Larry:

Ja, det var en lang julefrokost, men dog ikke så lang...

Jeg investerede i en ny computer istedet og der er ingen problemer.

Det eneste problem er dog, at jeg ikke har fået lukket dette spørgsmål, så smid lige et svar, så er den klaret.

Tak for hjælpen
25. juli 2008 - 00:23 #11
Ping...
(Det var et [svar]...)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester