check af logfil - highjack this

Til at starte med kan du fjerne BitComet, for det vil ekspertene bede dig om at gøre som det første.

Yffer Pyffer - der er flere 'snavs' elementer...

Så den er IKKE ok ...

---------------------------------------

Afinstaller

* BitComet
* FiksDinPC (Hvis den findes?)
* Salestart (Hvis den findes?)

via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------

Da du har haft gang i BitComet (!) så gennemfør proceduren herfra -> http://www.eksperten.dk/artikler/1123

Da det er min bror's, kan jeg desværre ikke kom til den igen før engang i weekenden (søndag eftermiddag). Så vi venter :-)

/dan

OK ...

Nu har jeg langt om længe fået kørt alle scanninger og her er så de ønskede log.

/dan

----------
Logfile of HijackThis v1.99.1
Scan saved at 13:14:54, on 20-01-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Programmer\DAEMON Tools\daemon.exe
C:\Programmer\Fælles filer\FiksDinPC\strpmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Kim Kirk\Skrivebord\sikkerhed\alternativ.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {6D3FF7C8-E4E3-4922-A3FC-52E9DC3C75C0} - (no file)
O2 - BHO: (no name) - {937B1F7D-D382-4AAB-BD9A-27170D5AB889} - C:\WINDOWS\system32\vtuurol.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Salestart] "C:\Programmer\Fælles filer\FiksDinPC\strpmon.exe" dm=http://fiksdinpc.com ad=http://fiksdinpc.com sd=http://prolog.fiksdinpc.com
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Registration Silent Hunter III.LNK = C:\Programmer\Ubisoft\SilentHunterIII\Support\Register\RegistrationReminder.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190537743906
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0749375-E5D7-4B14-B3EC-3F46DD942231}: NameServer = 192.168.12.100,194.239.134.83
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FLLESF~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: vtuurol - C:\WINDOWS\SYSTEM32\vtuurol.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman ZANDA - Unknown owner - C:\Programmer\TDCpakke\Npm\Bin\Zanda.exe (file missing)

----------

********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh
20-01-2008 13:22:22,76

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 13:22:23
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:0e3446d9
"s2"=dword:23e2677d
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmer\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:e1,20,47,a3,33,57,7c,da,6d,6a,d7,23,9c,51,e7,03,74,2c,8a,17,5c,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,0f,2f,86,0d,f4,63,7e,23,63,dc,3a,da,71,f5,b8,53,51,..
"khjeh"=hex:a0,f3,e8,ca,22,ca,01,9d,8b,5c,f5,17,45,5a,8c,53,57,68,7e,93,3b,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:54,3e,12,00,ad,36,ab,8a,12,7b,48,ef,e3,df,9e,8d,6a,f8,1e,09,5d,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:4b,cd,49,d1,6d,b2,78,9a,57,9b,e0,6d,12,77,cd,53,a8,09,bf,8e,6d,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:23,f9,54,8b,ac,fa,58,be,9d,a0,35,9d,02,67,74,d5,fb,ed,e6,8c,5d,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:17,e5,a3,68,34,85,43,22,14,a4,52,5c,36,a7,85,08,94,4a,c9,78,c8,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmer\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:e1,20,47,a3,33,57,7c,da,6d,6a,d7,23,9c,51,e7,03,74,2c,8a,17,5c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,0f,2f,86,0d,f4,63,7e,23,63,dc,3a,da,71,f5,b8,53,51,..
"khjeh"=hex:a0,f3,e8,ca,22,ca,01,9d,8b,5c,f5,17,45,5a,8c,53,57,68,7e,93,3b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:54,3e,12,00,ad,36,ab,8a,12,7b,48,ef,e3,df,9e,8d,6a,f8,1e,09,5d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:4b,cd,49,d1,6d,b2,78,9a,57,9b,e0,6d,12,77,cd,53,a8,09,bf,8e,6d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:23,f9,54,8b,ac,fa,58,be,9d,a0,35,9d,02,67,74,d5,fb,ed,e6,8c,5d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:17,e5,a3,68,34,85,43,22,14,a4,52,5c,36,a7,85,08,94,4a,c9,78,c8,..

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0

----------

ComboFix 08-01-20.1 - Kim Kirk 2008-01-20 13:26:05.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1030.18.580 [GMT 1:00]
Running from: C:\Documents and Settings\Kim Kirk\Skrivebord\sikkerhed\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\awtrqrs.dll
C:\WINDOWS\system32\axaxaqfm.ini
C:\WINDOWS\system32\bkmrrlvf.dll
C:\WINDOWS\system32\busvhnhg.ini
C:\WINDOWS\system32\cbxywtq.dll
C:\WINDOWS\system32\cdcoixfl.ini
C:\WINDOWS\system32\cktvsnxc.dll
C:\WINDOWS\system32\cwrhokpt.ini
C:\WINDOWS\system32\cxnsvtkc.ini
C:\WINDOWS\system32\cyajeulo.ini
C:\WINDOWS\system32\cyjallfc.dll
C:\WINDOWS\system32\dhmmetwv.ini
C:\WINDOWS\system32\dwghqhfw.ini
C:\WINDOWS\system32\ejkqpyia.dll
C:\WINDOWS\system32\eyqwhnny.ini
C:\WINDOWS\system32\fbbllpoi.ini
C:\WINDOWS\system32\fshdmdpq.dll
C:\WINDOWS\system32\gbaabbuc.ini
C:\WINDOWS\system32\gjllm.ini
C:\WINDOWS\system32\gjllm.ini2
C:\WINDOWS\system32\goeqpshl.dll
C:\WINDOWS\system32\hfudcpdo.ini
C:\WINDOWS\system32\hhvyvvxp.dll
C:\WINDOWS\system32\hwlewdcr.ini
C:\WINDOWS\system32\iamcwiyq.dll
C:\WINDOWS\system32\imdakqhe.ini
C:\WINDOWS\system32\iopllbbf.dll
C:\WINDOWS\system32\itqmcxob.dll
C:\WINDOWS\system32\ivdsdqdr.dll
C:\WINDOWS\system32\kexfwuxw.ini
C:\WINDOWS\system32\khgoypsu.dll
C:\WINDOWS\system32\ksrexlhk.dll
C:\WINDOWS\system32\lhlskxsu.dll
C:\WINDOWS\system32\lysmnouc.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mfqaxaxa.dll
C:\WINDOWS\system32\mfsvpjfx.dll
C:\WINDOWS\system32\mhpvswnx.dll
C:\WINDOWS\system32\nnpadlsj.ini
C:\WINDOWS\system32\nxwdcvae.dll
C:\WINDOWS\system32\odpcdufh.dll
C:\WINDOWS\system32\oeaapoxq.ini
C:\WINDOWS\system32\oqjskeav.dll
C:\WINDOWS\system32\oqyqdlvm.dll
C:\WINDOWS\system32\plrebjmk.dll
C:\WINDOWS\system32\poimuyvh.dll
C:\WINDOWS\system32\pxvvyvhh.ini
C:\WINDOWS\system32\qommjhe.dll
C:\WINDOWS\system32\qxopaaeo.dll
C:\WINDOWS\system32\rkmnawvs.dll
C:\WINDOWS\system32\rkohrwgx.ini
C:\WINDOWS\system32\rlpjdyee.dll
C:\WINDOWS\system32\rounqbdc.ini
C:\WINDOWS\system32\shbtugrt.dll
C:\WINDOWS\system32\sylixkqt.dll
C:\WINDOWS\system32\tfueqcxo.ini
C:\WINDOWS\system32\tqkxilys.ini
C:\WINDOWS\system32\trgutbhs.ini
C:\WINDOWS\system32\tuqtaadu.dll
C:\WINDOWS\system32\tytxbhgq.dll
C:\WINDOWS\system32\ubnhhdwy.dll
C:\WINDOWS\system32\udaatqut.ini
C:\WINDOWS\system32\vtuurol.dll
C:\WINDOWS\system32\vwtemmhd.dll
C:\WINDOWS\system32\wvwrtmvf.dll
C:\WINDOWS\system32\xfjpvsfm.ini
C:\WINDOWS\system32\xjgrvaii.dll
C:\WINDOWS\system32\xrcwlhle.dll
C:\WINDOWS\system32\xvbloojc.ini
C:\WINDOWS\system32\xxyaaya.dll
C:\WINDOWS\system32\yaywwvw.dll
C:\WINDOWS\system32\ynxxlohw.dll
C:\WINDOWS\system32\ywdhhnbu.ini

----- Unknown downloads made by BITS: ----
http://83.91.17.76:8530
.
(((((((((((((((((((((((((((((((((((((((  Drivers/Services  )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE


(((((((((((((((((((((((((  Files Created from 2007-12-20 to 2008-01-20  )))))))))))))))))))))))))))))))
.

2008-01-20 13:30 . 2008-01-20 13:30    268    --ah-----    C:\sqmdata03.sqm
2008-01-20 13:30 . 2008-01-20 13:30    244    --ah-----    C:\sqmnoopt03.sqm
2008-01-20 13:24 . 2000-08-31 08:00    51,200    --a------    C:\WINDOWS\NirCmd.exe
2008-01-20 12:28 . 2008-01-20 12:28    268    --ah-----    C:\sqmdata02.sqm
2008-01-20 12:28 . 2008-01-20 12:28    244    --ah-----    C:\sqmnoopt02.sqm
2008-01-20 12:26 . 2008-01-20 12:26    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-20 12:25 . 2008-01-20 12:43    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-01-20 12:25 .     <DIR>        C:\Programmer\Fælles filer\Wise Installation Wizard
2008-01-20 12:25 . 2008-01-20 12:25    <DIR>    d--------    C:\Documents and Settings\Kim Kirk\Application Data\SUPERAntiSpyware.com
2008-01-20 12:19 . 2008-01-20 12:19    <DIR>    d--------    C:\Programmer\CCleaner
2008-01-20 12:04 . 2008-01-20 12:04    268    --ah-----    C:\sqmdata01.sqm
2008-01-20 12:04 . 2008-01-20 12:04    244    --ah-----    C:\sqmnoopt01.sqm
2008-01-20 11:55 . 2008-01-20 11:55    268    --ah-----    C:\sqmdata00.sqm
2008-01-20 11:55 . 2008-01-20 11:55    244    --ah-----    C:\sqmnoopt00.sqm
2008-01-07 00:30 . 2008-01-07 00:31    245    --a------    C:\WINDOWS\PowerReg.dat
2008-01-07 00:28 . 2008-01-07 00:28    <DIR>    d--------    C:\Programmer\Microprose
2008-01-06 20:08 . 2008-01-06 20:08    <DIR>    d--------    C:\Documents and Settings\LocalService\Menuen Start
2008-01-06 20:08 . 2007-12-05 10:24    38,400    --a------    C:\WINDOWS\system32\drivers\ale_nf.sys
2008-01-06 19:29 . 2008-01-06 19:29    10    --a------    C:\WINDOWS\WININIT.INI
2008-01-06 17:50 . 2008-01-06 17:50    <DIR>    d--------    C:\Programmer\MSXML 6.0
2008-01-06 17:45 . 2008-01-06 19:47    <DIR>    d--------    C:\WINDOWS\system32\XPSViewer
2008-01-06 17:44 . 2008-01-06 17:44    <DIR>    d--------    C:\Programmer\Reference Assemblies
2008-01-06 17:43 . 2006-06-29 13:07    14,048    ---------    C:\WINDOWS\system32\spmsg2.dll
2008-01-06 16:51 . 2008-01-06 17:34    <DIR>    d--------    C:\WINDOWS\system32\URTTemp
2008-01-06 16:31 . 2008-01-06 16:31    <DIR>    d--------    C:\WINDOWS\system32\C
2008-01-06 15:57 . 2008-01-06 16:19    <DIR>    d--------    C:\Programmer\RegCleaner
2008-01-06 13:10 . 2008-01-06 13:10    <DIR>    d--------    C:\WINDOWS\system32\NtmsData
2008-01-03 13:30 . 2008-01-03 13:30    1,283,174    --a------    C:\Install
2007-12-30 02:12 . 2007-12-30 02:12    <DIR>    d--------    C:\Programmer\Empire Interactive
2007-12-22 20:06 . 2007-12-22 20:06    <DIR>    d--------    C:\WINDOWS\.jagex_cache_32

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-20 11:15    ---------    d-----w    C:\Programmer\BitComet
2008-01-20 11:02    ---------    d-----w    C:\Programmer\Azureus
2008-01-06 23:28    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2008-01-06 18:31    ---------    d-----w    C:\Programmer\ATI Technologies
2008-01-06 16:56    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-06 16:48    ---------    d-----w    C:\Programmer\MSBuild
2008-01-06 14:56    ---------    d-----w    C:\Programmer\Google
2008-01-03 17:50    ---------    d-----w    C:\Documents and Settings\Kim Kirk\Application Data\Azureus
2007-12-29 18:14    ---------    d-----w    C:\Programmer\Windows Live Safety Center
2007-12-14 12:05    ---------    d-----w    C:\Programmer\NoWayVirus
2007-12-14 12:05    ---------    d-----w    C:\Programmer\Fælles filer\NoWayVirus
2007-12-14 11:28    ---------    d-----w    C:\Documents and Settings\Kim Kirk\Application Data\fiksdinpc
2007-12-14 11:26    ---------    d-----w    C:\Programmer\Fælles filer\FiksDinPC
2007-12-14 11:26    ---------    d-----r    C:\Documents and Settings\All Users\Application Data\fiksdinpc
2007-12-06 12:50    ---------    d-----w    C:\Programmer\Ubisoft
2007-12-06 12:11    ---------    d-----w    C:\Programmer\GameShadow
2007-12-05 05:26    2,782,208    ----a-w    C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-05 03:05    368,640    ----a-w    C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-05 03:04    269,312    ----a-w    C:\WINDOWS\system32\ati2dvag.dll
2007-12-05 02:56    147,456    ----a-w    C:\WINDOWS\system32\atipdlxx.dll
2007-12-05 02:55    43,520    ----a-w    C:\WINDOWS\system32\ati2edxx.dll
2007-12-05 02:55    26,112    ----a-w    C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-05 02:55    122,880    ----a-w    C:\WINDOWS\system32\Oemdspif.dll
2007-12-05 02:55    122,880    ----a-w    C:\WINDOWS\system32\ati2evxx.dll
2007-12-05 02:54    307,200    ----a-w    C:\WINDOWS\system32\atiiiexx.dll
2007-12-05 02:53    53,248    ----a-w    C:\WINDOWS\system32\ATIDDC.DLL
2007-12-05 02:53    495,616    ----a-w    C:\WINDOWS\system32\ati2evxx.exe
2007-12-05 02:48    9,535,488    ----a-w    C:\WINDOWS\system32\atioglx2.dll
2007-12-05 02:44    3,175,584    ----a-w    C:\WINDOWS\system32\ati3duag.dll
2007-12-05 02:33    1,640,192    ----a-w    C:\WINDOWS\system32\ativvaxx.dll
2007-12-05 02:19    5,435,392    ----a-w    C:\WINDOWS\system32\atioglxx.dll
2007-12-05 02:19    385,024    ----a-w    C:\WINDOWS\system32\atikvmag.dll
2007-12-05 02:17    17,408    ----a-w    C:\WINDOWS\system32\atitvo32.dll
2007-12-05 02:16    49,152    ----a-w    C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-05 02:14    180,224    ----a-w    C:\WINDOWS\system32\atiok3x2.dll
2007-12-05 02:11    499,712    ----a-w    C:\WINDOWS\system32\ati2cqag.dll
2007-11-28 15:10    ---------    d-----w    C:\Documents and Settings\Kim Kirk\Application Data\Ahead
2007-11-27 16:09    ---------    d-----w    C:\Documents and Settings\Kim Kirk\Application Data\Sports Interactive
2007-11-27 16:07    ---------    d-----w    C:\Programmer\Sports Interactive
2007-11-25 11:13    ---------    d-----w    C:\Programmer\DAEMON Tools
2007-11-24 11:57    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Ahead
2007-11-24 11:56    ---------    d-----w    C:\Programmer\Fælles filer\Ahead
2007-11-24 11:54    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\Nero
2007-11-13 08:17    107,888    ----a-w    C:\WINDOWS\system32\CmdLineExt.dll
2007-10-29 22:44    1,291,776    ----a-w    C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28    222,720    ----a-w    C:\WINDOWS\system32\wmasf.dll
2007-10-24 00:47    96,760    ----a-w    C:\WINDOWS\system32\dfshim.dll
2007-10-24 00:47    84,480    ----a-w    C:\WINDOWS\system32\mscories.dll
2007-10-24 00:47    282,112    ----a-w    C:\WINDOWS\system32\mscoree.dll
2007-10-24 00:47    158,720    ----a-w    C:\WINDOWS\system32\mscorier.dll
2003-04-22 09:24    16,606    ----a-w    C:\Documents and Settings\Kim Kirk\hpomdl01.dat
2003-04-09 12:13    577,536    ----a-w    C:\Documents and Settings\Kim Kirk\Setup.exe
2003-03-09 20:30    274,432    ----a-w    C:\Documents and Settings\Kim Kirk\hpzglu07.exe
2003-03-09 20:30    237,568    ----a-w    C:\Documents and Settings\Kim Kirk\hpzc3212.dll
2003-03-09 20:30    184,320    ----a-w    C:\Documents and Settings\Kim Kirk\hpzscr07.dll
2003-03-09 20:30    16,352    ----a-w    C:\Documents and Settings\Kim Kirk\HPZUCI12.DLL
2002-09-09 17:48    458,752    ----a-w    C:\Documents and Settings\Kim Kirk\tls704d.dll
2002-09-09 17:48    22,608    ----a-w    C:\Documents and Settings\Kim Kirk\usbprint.sys
2002-09-09 17:48    12,288    ----a-w    C:\Documents and Settings\Kim Kirk\usbmon.dll
2002-09-09 17:47    70,656    ----a-w    C:\Documents and Settings\Kim Kirk\msvcirt.dll
2002-09-09 17:47    254,005    ----a-w    C:\Documents and Settings\Kim Kirk\msvcrt.dll
2002-09-09 17:47    212,992    ----a-w    C:\Documents and Settings\Kim Kirk\hpzpnp07.dll
2002-09-09 17:46    49,212    ----a-w    C:\Documents and Settings\Kim Kirk\hpzjvp01.dll
2002-09-09 17:46    417,849    ----a-w    C:\Documents and Settings\Kim Kirk\hpzjpp01.dll
2002-09-09 17:46    28,722    ----a-w    C:\Documents and Settings\Kim Kirk\hpzjlog.dll
2002-09-09 17:46    249,913    ----a-w    C:\Documents and Settings\Kim Kirk\hpzjut01.dll
2002-09-06 09:54    995,383    ----a-w    C:\Documents and Settings\Kim Kirk\MFC42.DLL
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-27 13:00 15360]
"MsnMsgr"="C:\Programmer\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe" [ ]
"swg"="C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-06 15:56 68856]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-04-23 15:46 1318128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 15:48 16208384 C:\WINDOWS\RTHDCPL.exe]
"SunJavaUpdateSched"="C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"GrooveMonitor"="C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"Adobe Photo Downloader"="C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 10:09 63712]
"Adobe Reader Speed Launcher"="C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [2007-02-10 14:40 20480]
"tsnpstd3"="C:\WINDOWS\tsnpstd3.exe" [2007-03-10 13:43 270336]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-19 08:07 827392]
"DAEMON Tools"="C:\Programmer\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"NeroFilterCheck"="C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-27 13:00 15360]

C:\Documents and Settings\Kim Kirk\Menuen Start\Programmer\Start\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]
Registration Silent Hunter III.LNK - C:\Programmer\Ubisoft\SilentHunterIII\Support\Register\RegistrationReminder.exe [2003-11-06 16:42:02 864256]

C:\Documents and Settings\All Users\Menuen Start\Programmer\Start\
hpoddt01.exe.lnk - C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12 28672]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 12:50]
S3 naecd;naecd;C:\DOCUME~1\KIMKIR~1\LOKALE~1\Temp\naecd.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 13:34:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Programmer\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll
.
Completion time: 2008-01-20 13:35:58 - machine was rebooted
ComboFix-quarantined-files.txt  2008-01-20 12:35:55
.
2008-01-07 10:03:54    --- E O F --- 


----------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/20/2008 at 01:07 PM

Application Version : 3.7.1018

Core Rules Database Version : 3222
Trace Rules Database Version: 1233

Scan type      : Complete Scan
Total Scan Time : 00:21:43

Memory items scanned      : 214
Memory threats detected  : 1
Registry items scanned    : 6558
Registry threats detected : 5
File items scanned        : 33776
File threats detected    : 89

Trojan.WinFixer
    C:\WINDOWS\SYSTEM32\MLLJG.DLL
    C:\WINDOWS\SYSTEM32\MLLJG.DLL
    HKLM\Software\Classes\CLSID\{6D3FF7C8-E4E3-4922-A3FC-52E9DC3C75C0}
    HKCR\CLSID\{6D3FF7C8-E4E3-4922-A3FC-52E9DC3C75C0}
    HKCR\CLSID\{6D3FF7C8-E4E3-4922-A3FC-52E9DC3C75C0}\InprocServer32
    HKCR\CLSID\{6D3FF7C8-E4E3-4922-A3FC-52E9DC3C75C0}\InprocServer32#ThreadingModel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D3FF7C8-E4E3-4922-A3FC-52E9DC3C75C0}

Adware.Tracking Cookie
    C:\Documents and Settings\Kim Kirk\Cookies\kim kirk@adlegend[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim kirk@atdmt[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim kirk@doubleclick[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim kirk@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim kirk@perf.overture[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim kirk@questionmarket[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim kirk@windowsmedia[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@2o7[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@3.adbrite[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@a.websponsors[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@ad.bolddk[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@ad.yieldmanager[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@ad.yieldmanager[3].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@ad.zanox[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@ad1.emediate[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@adbrite[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@adfair[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@adinterax[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@adopt.euroclick[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@ads.estart[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@ads.labpixies[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@ads.pointroll[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@adtech[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@adultadworld[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@adultfriendfinder[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@advertising[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@bizadverts[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@bs.serving-sys[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@burstnet[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@casalemedia[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@clicktorrent[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@e2.emediate[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@eadultgames[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@eas.apm.emediate[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@eas4.emediate[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@edsa.122.2o7[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@ehg-ati.hitbox[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@ehg-deltatre.hitbox[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@ehg-fifa.hitbox[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@eyewonder[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@fastclick[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@greencredit.112.2o7[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@hitbox[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@indextools[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@linksynergy[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@livesexlist[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@mediametrics.mpsa[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@mediaplex[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@microsoftwlmessengermkt.112.2o7[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@niiinasexkilling.spaces.live[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@ok.112.2o7[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@partygaming.122.2o7[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@partypoker[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@reduxads.valuead[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@revsci[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@sales.liveperson[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@sales.liveperson[3].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@saxobfdk.122.2o7[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@server.iad.liveperson[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@serving-sys[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@serving-sys[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@serving-sys[4].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@spylog[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@statcounter[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@statcounter[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@stats2.reliablestats[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@statsgod[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@tdc.112.2o7[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@tele2as.112.2o7[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@toplist[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@track.adform[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@trackmon.itor[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@tradedoubler[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@tribalfusion[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@usenext[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@www.admedia365[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@www.banners.unlugar[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@www.googleadservices[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@www.googleadservices[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@www.jackpotmadness[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@www.mediarevenue[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@www.sexaben[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@www.sexyhot4u[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@www.ticketsnow2[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@www.zanox-affiliate[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@yadro[1].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@zbox.zanox[2].txt
    C:\Documents and Settings\Kim Kirk\Cookies\kim_kirk@zedo[1].txt
----------

*SUK* Det er du næsten selv ud om ved at 'lege' med

C:\Programmer\BitComet
C:\Programmer\Azureus
(Og hvad dertil følger af 'unoder' ...)

http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284

Afinstall (Hvis de er der) følgende:
* BitComet
* Azureus
* FiksDinPC
* FixCamera
* NoWayVirus
via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

---------------------------------------

Download dette fix til rodbiblioteket på din computer (som regel c:\):
http://www.atribune.org/ccount/click.php?id=4

Dobbeltklik på VundoFix.exe for at køre det. Klik på "Scan for Vundo"-knappen. Når programmet er færdig med at scanne, skal du klikke på "Remove Vundo"-knappen

Du vil så blive spurgt om du er sikker på, at du vil fjerne filerne. Her skal du klikke på "Yes". Herefter bliver dit skrivebord blankt, og fixet vil forsøge at fjerne Vundo. Når den er færdig, vil værktøjet have lov til at genstarte computeren. Det skal du acceptere.

Genstart herefter computeren, og lav en ny log med HJT, som du lægger herind. Læg også indholdet af denne fil herind: C:\vundofix.txt

Bemærk: Det er muligt at Vundofix ved første scanning finder en fil, som den ikke kan fjerne i første omgang. Så vil Vundofixet genstarte, og fortsætte efter genstarten. HVis dette sker, skal du bare følge instruktionerne ovenfor efter genstarten (startende med "Klik på Scan for Vundo-knappen")

(Der er mere endnu - det bliver i næste omgang efter ovenstående...)

'lege' med???
Har ikke gjort andet end det du skrev, samt fulgte vejledningen fra fromsej....

Ingen af de nævnte programmer er installeret og mapperne findes ikke, heller ikke i fejlsikret.

Har fået et andet problem efter jeg har kørt 'rense' programmerne:
Kan godt hente windows opdateringer, men de vil ikke installeres !!!!

Har dog manuelt opdateret til IE7. (´muligvis en fejl) :-)

/dan

Ny HJT log:
----------
Logfile of HijackThis v1.99.1
Scan saved at 20:31:50, on 20-01-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmer\TDCpakke\Npm\Bin\Elogsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\TDCpakke\Npm\Bin\Zanda.exe
C:\Programmer\TDCpakke\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\TDCpakke\Npm\bin\NVCSCHED.EXE
C:\Programmer\TDCpakke\Npm\bin\NJEEVES.EXE
C:\Programmer\TDCpakke\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\TDCpakke\Npm\bin\ZLH.EXE
C:\Programmer\TDCpakke\Nvc\BIN\NIP.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\TDCpakke\Nvc\bin\cclaw.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\UltimateZip 2.7\uzqkst.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
D:\check pc\alternativ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kim Kirk\Skrivebord\sikkerhed\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programmer\TDCpakke\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [NPCTray] C:\Programmer\TDCpakke\npc\bin\npc_tray.exe /LOAD
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Registration Silent Hunter III.LNK = C:\Programmer\Ubisoft\SilentHunterIII\Support\Register\RegistrationReminder.exe
O4 - Startup: UltimateZip Quick Start.lnk = C:\Programmer\UltimateZip 2.7\uzqkst.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190537743906
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0749375-E5D7-4B14-B3EC-3F46DD942231}: NameServer = 192.168.12.100,194.239.134.83
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FLLESF~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programmer\TDCpakke\Npm\Bin\Elogsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Programmer\TDCpakke\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Programmer\TDCpakke\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programmer\TDCpakke\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programmer\TDCpakke\Npm\bin\NVCSCHED.EXE
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Programmer\TDCpakke\npm\bin\nvoy.exe
----------

VundoFix fandt ikke noget.
----------
Beginning removal...

VundoFix V6.7.7

Checking Java version...

Sun Java not detected
Scan started at 20:09:56 20-01-2008

Listing files found while scanning....

No infected files were found.


Beginning removal...
----------

ComboFix har 'fixet' nogle (=mange!) elementer !!!

Efterfølgende oprydning ->

-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Sæt en prik i "Input Script Manually" og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet mellem ~~~ skrift ind:

~~~~~~~~~~~~~~~~~~
Files to delete:
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\SYSTEM32\vtuurol.dll

Folders to delete:
C:\Programmer\FiksDinPC
C:\Programmer\Fælles filer\FiksDinPC
C:\Documents and Settings\Kim Kirk\Application Data\fiksdinpc
C:\Programmer\BitComet\
C:\Programmer\Azureus
C:\Documents and Settings\Kim Kirk\Application Data\BitComet
C:\Documents and Settings\Kim Kirk\Application Data\Azureus
C:\Programmer\NoWayVirus
C:\Programmer\Fælles filer\NoWayVirus

~~~~~~~~~~~~~~~~~~

-- Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmer\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmer\Fælles filer\Ahead\Lib\NeroCheck.exe
O4 - Startup: Registration Silent Hunter III.LNK = C:\Programmer\Ubisoft\SilentHunterIII\Support\Register\RegistrationReminder.exe
O23 - Service: NBService - Nero AG - C:\Programmer\Nero\Nero 7\Nero BackItUp\NBService.exe

Genstart computeren, og lav en ny log med Hijackthis, som du lægger herind sammen med loggen fra Avenger.

------------------------------

Tag en omgang med CCleaner (som du allerede har!) - specielt punktet [Problemer/regiter]...

------------------------------

Problemet med WindowsUpdate tager vi i næste omgang...

Hermed logs, og CCleaner er udført:

/dan


----------

Logfile of HijackThis v1.99.1
Scan saved at 19:23:56, on 21-01-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmer\TDCpakke\Npm\Bin\Elogsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\TDCpakke\Npm\Bin\Zanda.exe
C:\Programmer\TDCpakke\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmer\TDCpakke\Npm\bin\NVCSCHED.EXE
C:\Programmer\TDCpakke\Npm\bin\NJEEVES.EXE
C:\Programmer\TDCpakke\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmer\TDCpakke\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\TDCpakke\Nvc\BIN\NIP.EXE
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe
C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmer\TDCpakke\Nvc\bin\cclaw.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
C:\Programmer\Fælles filer\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\UltimateZip 2.7\uzqkst.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Kim Kirk\Skrivebord\sikkerhed\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Programmer\TDCpakke\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [NPCTray] C:\Programmer\TDCpakke\npc\bin\npc_tray.exe /LOAD
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmer\Fælles filer\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: UltimateZip Quick Start.lnk = C:\Programmer\UltimateZip 2.7\uzqkst.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190537743906
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0749375-E5D7-4B14-B3EC-3F46DD942231}: NameServer = 192.168.12.100,194.239.134.83
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FLLESF~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Programmer\TDCpakke\Npm\Bin\Elogsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Programmer\TDCpakke\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Programmer\TDCpakke\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Programmer\TDCpakke\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Programmer\TDCpakke\Npm\bin\NVCSCHED.EXE
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Programmer\TDCpakke\npm\bin\nvoy.exe

----------

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ekqgatxp

*******************

Script file located at: \??\C:\WINDOWS\ghgpnxom.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\FixCamera.exe deleted successfully.


File C:\WINDOWS\SYSTEM32\vtuurol.dll not found!
Deletion of file C:\WINDOWS\SYSTEM32\vtuurol.dll failed!

Could not process line:
C:\WINDOWS\SYSTEM32\vtuurol.dll
Status: 0xc0000034



Folder C:\Programmer\FiksDinPC not found!
Deletion of folder C:\Programmer\FiksDinPC failed!

Could not process line:
C:\Programmer\FiksDinPC
Status: 0xc0000034

Folder C:\Programmer\Fælles filer\FiksDinPC deleted successfully.
Folder C:\Documents and Settings\Kim Kirk\Application Data\fiksdinpc deleted successfully.


Folder C:\Programmer\BitComet not found!
Deletion of folder C:\Programmer\BitComet failed!

Could not process line:
C:\Programmer\BitComet
Status: 0xc0000034



Folder C:\Programmer\Azureus not found!
Deletion of folder C:\Programmer\Azureus failed!

Could not process line:
C:\Programmer\Azureus
Status: 0xc0000034



Folder C:\Documents and Settings\Kim Kirk\Application Data\BitComet not found!
Deletion of folder C:\Documents and Settings\Kim Kirk\Application Data\BitComet failed!

Could not process line:
C:\Documents and Settings\Kim Kirk\Application Data\BitComet
Status: 0xc0000034

Folder C:\Documents and Settings\Kim Kirk\Application Data\Azureus deleted successfully.


Folder C:\Programmer\NoWayVirus not found!
Deletion of folder C:\Programmer\NoWayVirus failed!

Could not process line:
C:\Programmer\NoWayVirus
Status: 0xc0000034

Folder C:\Programmer\Fælles filer\NoWayVirus deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

----------

Bingo Banko - som du kan *S*

Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...

PS: Pas på med disse P2P programmer !!!

Det var et [svar]...

Tak for hjælpen, 30 points kan da ikke være nok?
Hvad med windows update?

/dan

Nå ja *S*

Her er muligheden ->

Hent Dial-a-fix på dette link, og gem det på skrivebordet.
http://djlizard.net/Dial-a-fix-2006-09-19.exe

1. Dobbeltklik det blå tandhjul.
2. Klik på knappen "Flush Softwaredistribution"
3. Sæt flueben i "Fix Windows update"
4. Klik på knappen GO i nederste venstre hjørne.
5. Lad den køre færdig.
6. Genstart maskinen.

Forklaring på fixet her:  http://wiki.djlizard.net/Dial-a-fix

*S*
Det hjalp desværre ikke. :-(

Er det kun 1 opdatering eller er det mange?

Lige en hurtig; prøv nogle af de andre kombinationer i nævnte [Dial-a-fix] ...

Det var alle, men hvis man nu bare har tålmodighed så går det hele nemmere...
Alt er bare iorden, den er også blevet hurtigere til at starte op osv.

Hævede lige til 60 points.

/dan