CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede spider006 Nybegynder
17. februar 2008 - 18:37 Der er 6 kommentarer og
1 løsning

er der en som vil se på denne log

hej er der en som vil se på denne, for maskinen køre som l*o*r*t  og der popper en masse op hele tiden

Logfile of HijackThis v1.99.1
Scan saved at 18:34:29, on 17-02-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\benjamin2\Skrivebord\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Programmer\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123073983396
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - C:\Programmer\Fælles filer\A&W\MidRadio.ocx
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
Avatar billede Computer Hjælp (Gratis) Mester
17. februar 2008 - 18:45 #1
Sådan kan det let gå når man leger med reslutaterne fra BEARSHARE mm. !!!

Afinstaller
* BearShare
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284
via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------

... Nu er det ikke alle (u)ønskede elementer som viser sig med en HiJackThis Log; så gennemfør proceduren herfra -> http://www.eksperten.dk/artikler/1123
Avatar billede spider006 Nybegynder
17. februar 2008 - 20:39 #2
sådan  nu smider jeg de mange logs.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/17/2008 at 08:19 PM

Application Version : 3.7.1018

Core Rules Database Version : 3404
Trace Rules Database Version: 1396

Scan type      : Complete Scan
Total Scan Time : 01:05:21

Memory items scanned      : 166
Memory threats detected  : 0
Registry items scanned    : 4922
Registry threats detected : 1
File items scanned        : 42526
File threats detected    : 247

Trojan.Smitfraud Variant/IE Anti-Spyware
    HKLM\Software\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E}

Adware.Tracking Cookie
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@1588.stats.misstrends[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@247realmedia[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@2adultflashgames[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@2o7[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@3.adbrite[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@3d-sexgames[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@4.adbrite[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@599.stats.misstrends[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@acvs.mediaonenetwork[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@ad.adtegrity[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@ad.firstadsolution[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@ad.zanox[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@ad1.emediate[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@adbrite[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@adfair[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@adlegend[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@admin.teenrevenue[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@adopt.euroclick[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@adrevolver[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@ads.adgoto[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@ads.gamesbannernet[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@ads.habbogroup[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@ads.habbohotel[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@ads.newgrounds[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@ads.pointroll[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@ads.stileproject[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@ads2.jubii[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@adserver.banneradministration[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@adserver.filefront[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@adultadworld[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@adultcomix[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@adultmatchheat[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@apmebf[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@atwola[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@banner.gratis-ting[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@banners.battleon[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@banners2.battleon[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@bluestreak[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@bs.serving-sys[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@burstnet[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@clickaider[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@counter.hitslink[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@counter11.sextracker[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@counter3.sextracker[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@counter4.sextracker[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@counter6.sextracker[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@cs.sexcounter[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@cz5.clickzs[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@drivecleaner[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@e2.emediate[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@eas.apm.emediate[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@eas4.emediate[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@edcgruppen.112.2o7[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@edge.ru4[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@ehg-globalgamingleague.hitbox[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@ehg-youtube.hitbox[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@eliteasianvids[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@elitepvpers[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@fishadultgames[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@free.wegcash[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@freefind[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@freepornlessons[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@gayhentaixxx[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@go.drivecleaner[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@go.drivecleaner[3].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@go.drivecleaner[4].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@gratis-porno[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@h.starware[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@hentaicounter[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@hitbox[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@image.masterstats[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@imrworldwide[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@linkto.mediafire[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@maxxx[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@media.sensis.com[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@mediafire[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@mediaonenetwork[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@mediaplex[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@msnportal.112.2o7[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@myhornycartoons[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@mysexgames[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@online.adservicemedia[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@overture[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@partners.webmasterplan[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@partygaming.122.2o7[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@partypoker[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@pornbilly[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@pornofilm[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@pornoinside[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@pornorotten[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@precisionclick[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@pro-market[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@promo.adultemart[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@pulz.banneradministration[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@questionmarket[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@rb4.worldsex[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@revenue[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@revsci[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@search.adultfriendfinder[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@secure.sextronix[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@server.cpmstar[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@server.iad.liveperson[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@server.iad.liveperson[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@server.iad.liveperson[4].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@server.iad.liveperson[5].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@serving-sys[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@sexcartoons6[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@sexdebut[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@sexkanaler[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@sexland[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@sexshop365.co[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@sexshop365.co[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@sextracker[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@sexyavenue[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@sexyfuckgames[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@sexygames[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@smartadserver[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@stat.onestat[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@statcounter[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@stats.drivecleaner[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@stilemedia[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@tacoda[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@tdstats[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@teenhut[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@teenpigen[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@toplist[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@tracking.pulse360[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@tradedoubler[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@tribalfusion[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@tripod[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@try.starware[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.3d-sexgames[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.adult-flash-games[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.adultcrowd[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.betalingsporno[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.burstnet[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.comprabanner[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.elitepvpers[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.gayhentaixxx[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.hentaisex[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.hentaixxxgames[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.holypornzone[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.maxxx[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.mediafire[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.mycartoonsexgames[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.naughtymaturesex[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.netxmedia[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.nudeteens[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.onlyfreepornvideos[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.pornofilm[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.pornorotten[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.sex-huset[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.sex-sex-sex[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.sexcartoons6[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.sexlinien[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.sexmaxx[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.sexogsamfund[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.sexshop365.co[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.sexspil[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.sextrem[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.sextronix[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.showmesexy[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.smartadserver[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.stilemedia[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.teenhut[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.teenmovies[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.teenpigen[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.totalporno[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.xxxgamespro[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.xxxgames[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.zanox-affiliate[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www2.mystats[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www2.mystats[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www3.addfreestats[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www7.addfreestats[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@xiti[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@xxx-find[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@xxxcounter[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@xxxvideo[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@yourmedia[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@zbox.zanox[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@ad.yieldmanager[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@ad1.emediate[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@adfair[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@adlegend[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@ads2.jubii[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@adtech[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@atdmt[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@banner.gratis-ting[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@bs.serving-sys[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@e2.emediate[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@eas.apm.emediate[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@eas4.emediate[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@findwhat[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@ilead.itrack[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@imrworldwide[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@questionmarket[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@server.cpmstar[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@serving-sys[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@sexnoveller[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@specificclick[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@toplist[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@track.adform[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@tribalfusion[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@www.jubiisexbio[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@www.sexnoveller[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@www.teenhut[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@yadro[1].txt
    C:\Documents and Settings\ja\Cookies\ja@3animalsex[2].txt
    C:\Documents and Settings\ja\Cookies\ja@analanimalsex[1].txt
    C:\Documents and Settings\ja\Cookies\ja@animal-sex[1].txt
    C:\Documents and Settings\ja\Cookies\ja@dyresex[1].txt
    C:\Documents and Settings\ja\Cookies\ja@eas.apm.emediate[2].txt
    C:\Documents and Settings\ja\Cookies\ja@mysexgames[2].txt
    C:\Documents and Settings\ja\Cookies\ja@pornhub[1].txt
    C:\Documents and Settings\ja\Cookies\ja@www.pornhub[1].txt
    C:\Documents and Settings\ja\Cookies\ja@www.pornhub[2].txt
    C:\Documents and Settings\ja\Cookies\ja@www.xxxlookups[2].txt
    C:\Documents and Settings\ja\Cookies\ja@www.xxxpower[1].txt
    C:\Documents and Settings\ja\Cookies\ja@xxxpower[2].txt
    C:\Documents and Settings\ja\Cookies\ja@yadro[2].txt
    C:\Documents and Settings\patrick\Cookies\patrick@2o7[2].txt
    C:\Documents and Settings\patrick\Cookies\patrick@adfair[2].txt
    C:\Documents and Settings\patrick\Cookies\patrick@ads.shizmoo[1].txt
    C:\Documents and Settings\patrick\Cookies\patrick@ads.tibaco[1].txt
    C:\Documents and Settings\patrick\Cookies\patrick@adserver.adremedy[1].txt
    C:\Documents and Settings\patrick\Cookies\patrick@banner.gratis-ting[2].txt
    C:\Documents and Settings\patrick\Cookies\patrick@eas.apm.emediate[1].txt
    C:\Documents and Settings\patrick\Cookies\patrick@ehg-chrysler.hitbox[2].txt
    C:\Documents and Settings\patrick\Cookies\patrick@focalex[1].txt
    C:\Documents and Settings\patrick\Cookies\patrick@msnportal.112.2o7[1].txt
    C:\Documents and Settings\patrick\Cookies\patrick@server.cpmstar[2].txt
    C:\Documents and Settings\patrick\Cookies\patrick@tradedoubler[1].txt
    C:\Documents and Settings\patrick\Cookies\patrick@www3.addfreestats[1].txt

Browser Hijacker.Favorites
    C:\DOCUMENTS AND SETTINGS\JA\FORETRUKNE\ONLINE SECURITY TEST.URL

Trojan.Media-Codec/V5
    C:\PROGRAMMER\NETPROJECT\SBMDL.DLL
    C:\PROGRAMMER\NETPROJECT\SBMNTR.EXE
    C:\PROGRAMMER\NETPROJECT\SBSM.EXE
    C:\PROGRAMMER\NETPROJECT\SCIT.EXE
    C:\PROGRAMMER\NETPROJECT\SCM.EXE
    C:\PROGRAMMER\NETPROJECT\WAUN.EXE
    C:\WINDOWS\Prefetch\SBMNTR.EXE-05E4ED70.pf
    C:\WINDOWS\Prefetch\SBSM.EXE-286736D7.pf
    C:\WINDOWS\Prefetch\SCIT.EXE-24204EE5.pf
    C:\WINDOWS\Prefetch\SCM.EXE-17C5E3A4.pf
    C:\WINDOWS\Prefetch\WAUN.EXE-31CAFAEC.pf
--------------------------------------------------------------------------------------

ComboFix 08-02-17.2 - benjamin2 2008-02-17 20:27:43.1 - NTFSx86
Running from: C:\Documents and Settings\benjamin2\Skrivebord\clean\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((  Files Created from 2008-01-17 to 2008-02-17  )))))))))))))))))))))))))))))))
.

2008-02-17 19:05 . 2008-02-17 19:13    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-02-17 19:05 . 2008-02-17 19:05    <DIR>    d--------    C:\Documents and Settings\benjamin2\Application Data\SUPERAntiSpyware.com
2008-02-17 19:05 . 2008-02-17 19:05    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-17 19:00 . 2008-02-17 19:00    <DIR>    d--------    C:\Programmer\CCleaner
2008-02-17 17:45 . 2008-02-17 17:45    <DIR>    d--------    C:\Programmer\Spybot - Search & Destroy
2008-02-17 17:44 . 2008-02-17 17:43    691,545    --a------    C:\WINDOWS\unins000.exe
2008-02-17 17:44 . 2008-02-17 17:44    3,451    --a------    C:\WINDOWS\unins000.dat
2008-02-17 17:36 . 2008-02-17 17:42    <DIR>    d--------    C:\Documents and Settings\benjamin2\Application Data\Spybot - Search & Destroy
2008-02-16 19:02 . 2008-02-16 19:03    <DIR>    d--------    C:\Documents and Settings\benjamin2\Application Data\wsInspector
2008-02-16 18:58 . 2008-02-16 19:01    <DIR>    d--------    C:\Programmer\Startup Inspector for Windows
2008-02-16 15:41 . 2008-02-16 15:41    <DIR>    d--------    C:\Programmer\Lavasoft
2008-02-16 15:41 . 2008-02-16 18:41    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-12 16:43 . 2008-02-16 15:46    <DIR>    d-a------    C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-12 16:42 . 2008-02-16 20:08    <DIR>    d--------    C:\Programmer\NetProject
2008-02-12 14:16 . 2008-02-12 14:16    <DIR>    d--------    C:\Programmer\Abyss Web Server
2008-02-11 20:45 . 2008-02-11 20:45    <DIR>    d--------    C:\Programmer\SCAR 2.03
2008-02-10 17:23 . 2008-02-11 21:20    671    --a------    C:\WINDOWS\system32\newaddies.xtc
2008-02-10 04:40 . 2008-02-10 04:40    268    --ah-----    C:\sqmdata10.sqm
2008-02-10 04:40 . 2008-02-10 04:40    244    --ah-----    C:\sqmnoopt10.sqm
2008-02-05 16:17 . 2008-02-05 16:17    268    --ah-----    C:\sqmdata09.sqm
2008-02-05 16:17 . 2008-02-05 16:17    244    --ah-----    C:\sqmnoopt09.sqm
2008-01-31 12:28 . 2008-02-12 16:43    <DIR>    d--------    C:\Documents and Settings\ja\Skrivebord
2008-01-31 12:28 . 2005-08-03 12:47    <DIR>    d--h-----    C:\Documents and Settings\ja\Skabeloner
2008-01-31 12:28 . 2005-08-03 13:41    <DIR>    d--h-----    C:\Documents and Settings\ja\Printere
2008-01-31 12:28 . 2008-02-12 16:43    <DIR>    dr-------    C:\Documents and Settings\ja\Menuen Start
2008-01-31 12:28 . 2005-08-03 13:41    <DIR>    d--h-----    C:\Documents and Settings\ja\Lokale indstillinger
2008-01-31 12:28 . 2008-02-12 16:42    <DIR>    dr-------    C:\Documents and Settings\ja\Foretrukne
2008-01-31 12:28 . 2008-02-05 16:38    <DIR>    dr-------    C:\Documents and Settings\ja\Dokumenter
2008-01-31 12:28 . 2005-08-03 13:41    <DIR>    d--h-----    C:\Documents and Settings\ja\Andre computere
2008-01-26 10:12 . 2008-01-26 10:12    <DIR>    d--------    C:\My Downloads
2008-01-26 10:12 . 2008-01-27 14:41    <DIR>    d--------    C:\Documents and Settings\benjamin2\Application Data\BearShare
2008-01-25 18:18 . 2006-11-12 11:39    483,328    --a------    C:\WINDOWS\system32\actskn45.ocx
2008-01-25 18:17 . 2008-02-17 18:52    <DIR>    d--------    C:\Programmer\BearShare Applications
2008-01-17 20:56 . 2008-01-17 20:56    <DIR>    d--------    C:\Documents and Settings\Bruger\Phone Browser
2008-01-17 18:44 . 2008-01-17 18:44    268    --ah-----    C:\sqmdata08.sqm
2008-01-17 18:44 . 2008-01-17 18:44    244    --ah-----    C:\sqmnoopt08.sqm
2008-01-17 18:43 . 2008-01-17 18:43    <DIR>    d--------    C:\Documents and Settings\benjamin.PRIVAT\Application Data\flatball
2008-01-17 16:03 . 2008-01-17 16:03    268    --ah-----    C:\sqmdata07.sqm
2008-01-17 16:03 . 2008-01-17 16:03    244    --ah-----    C:\sqmnoopt07.sqm
2008-01-17 15:29 . 2008-01-26 03:38    98,304    --a------    C:\WINDOWS\system32CmdLineExt.dll
2008-01-17 12:55 . 2008-01-17 14:13    <DIR>    d--h-----    C:\Documents and Settings\benjamin.PRIVAT\Application Data\ijjigame
2008-01-17 12:54 . 2008-01-17 12:54    <DIR>    d--------    C:\Programmer\NHN USA
2008-01-17 12:54 . 2007-09-27 12:08    692,224    --a------    C:\WINDOWS\system32\ijjiSetup.exe
2008-01-17 12:54 . 2007-06-21 18:59    58,776    --a------    C:\WINDOWS\system32\ijjiPlugin2.dll
2008-01-17 12:49 . 2008-01-17 12:49    <DIR>    d--------    C:\ijji

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 18:05    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-02-16 17:41    12,632    ----a-w    C:\WINDOWS\system32\lsdelete.exe
2008-02-12 13:12    ---------    d-----w    C:\Programmer\Steam
2008-02-11 20:01    ---------    d-----w    C:\Documents and Settings\benjamin.PRIVAT\Application Data\Skype
2008-01-21 13:27    ---------    d-----w    C:\Programmer\Cheat Engine
2008-01-17 11:54    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2008-01-16 15:43    ---------    d-----w    C:\Documents and Settings\benjamin2\Application Data\AdobeUM
2008-01-08 13:30    ---------    d-----w    C:\Documents and Settings\benjamin.PRIVAT\Application Data\InterVideo
2008-01-07 14:33    ---------    d-----w    C:\Programmer\Xentare
2008-01-07 14:23    ---------    d-----w    C:\Programmer\DXWnd
2008-01-07 12:52    ---------    d-----w    C:\Documents and Settings\benjamin.PRIVAT\Application Data\Nexon
2008-01-07 12:45    ---------    d-----w    C:\Programmer\ATI Technologies
2008-01-07 12:11    ---------    d-----w    C:\Documents and Settings\benjamin.PRIVAT\Application Data\AdobeUM
2007-12-28 18:54    ---------    d-----w    C:\Documents and Settings\benjamin.PRIVAT\Application Data\Nokia Multimedia Player
2007-12-26 16:30    1,970,176    ----a-w    C:\WINDOWS\system32\d3dx9.dll
2007-12-18 09:51    179,584    ----a-w    C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-14 17:50    43,520    ----a-w    C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-07 02:13    824,832    ----a-w    C:\WINDOWS\system32\wininet.dll
2007-12-05 13:17    593,920    ------w    C:\WINDOWS\system32\ati2sgag.exe
2007-12-05 03:05    368,640    ----a-w    C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-05 03:04    269,312    ----a-w    C:\WINDOWS\system32\ati2dvag.dll
2007-12-05 02:56    147,456    ----a-w    C:\WINDOWS\system32\atipdlxx.dll
2007-12-05 02:55    43,520    ----a-w    C:\WINDOWS\system32\ati2edxx.dll
2007-12-05 02:55    26,112    ----a-w    C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-05 02:55    122,880    ----a-w    C:\WINDOWS\system32\Oemdspif.dll
2007-12-05 02:55    122,880    ----a-w    C:\WINDOWS\system32\ati2evxx.dll
2007-12-05 02:54    307,200    ----a-w    C:\WINDOWS\system32\atiiiexx.dll
2007-12-05 02:53    53,248    ----a-w    C:\WINDOWS\system32\ATIDDC.DLL
2007-12-05 02:53    495,616    ----a-w    C:\WINDOWS\system32\ati2evxx.exe
2007-12-05 02:48    9,535,488    ----a-w    C:\WINDOWS\system32\atioglx2.dll
2007-12-05 02:44    3,175,584    ----a-w    C:\WINDOWS\system32\ati3duag.dll
2007-12-05 02:33    1,640,192    ----a-w    C:\WINDOWS\system32\ativvaxx.dll
2007-12-05 02:19    5,435,392    ----a-w    C:\WINDOWS\system32\atioglxx.dll
2007-12-05 02:19    385,024    ----a-w    C:\WINDOWS\system32\atikvmag.dll
2007-12-05 02:17    17,408    ----a-w    C:\WINDOWS\system32\atitvo32.dll
2007-12-05 02:14    180,224    ----a-w    C:\WINDOWS\system32\atiok3x2.dll
2007-12-05 02:11    499,712    ----a-w    C:\WINDOWS\system32\ati2cqag.dll
2007-12-04 18:41    550,912    ----a-w    C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04    837,496    ----a-w    C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54    95,608    ----a-w    C:\WINDOWS\system32\AvastSS.scr
2007-07-20 08:42    21,755,157    ----a-w    C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_20_10_41_15_full.dmp.zip
2007-07-20 06:01    21,658,667    ----a-w    C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_19_22_18_03_full.dmp.zip
2007-07-19 15:42    21,620,434    ----a-w    C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_18_22_46_25_full.dmp.zip
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-26 16:53 15360]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-04-23 15:46 1318128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"StartCCC"="C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-26 16:53 15360]
"Nokia.PCSync"="C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58 1744896]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Hurtigstart.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Hurtigstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Bluetooth Manager.lnk]
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^InterVideo WinCinema Manager.lnk]
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-11-03 20:10 344064 C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BallanceSetup.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContraVirus]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveCleaner 2006 Free]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAVTrial]
--a------ 2004-08-19 04:10 32768 C:\Programmer\CA\eTrust Antivirus\eAVTrial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantTray]
--a------ 2004-09-02 09:37 770048 C:\Programmer\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-03-23 12:20 227328 C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ptipbmf]
--a------ 2005-08-03 14:30 118784 C:\WINDOWS\system32\ptipbmf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Monitor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReJf5vH]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RiskIISetup.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 15:17 159744 C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2003-05-30 08:42 585728 C:\Programmer\Analog Devices\SoundMAX\Smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2003-05-29 15:28 790528 C:\Programmer\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-11-30 13:59 1266936 C:\Programmer\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 13:03 36975 C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfAccuracy]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TacticalOpsSetup.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkAndWrite]
--a------ 2007-06-30 00:23 2664448 C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\udc6cw]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Updater Servc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8D8BB7AA-34B8-4058-85C7-5F750A62BE2D}]
C:\WINDOWS\system32\msiexec.exe  /fup {8D8BB7AA-34B8-4058-85C7-5F750A62BE2D} /q
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 20:31:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ImagePath"="\??\C:\Documents and Settings\benjamin.PRIVAT\Skrivebord\Ziztey's Hack Pack - V. 50 - REV 1139\Ziztey's Hack Pack - 02-03-08
[EXTRACT]\Moonlight Engine\IlvMoney1129.sys"

.
Completion time: 2008-02-17 20:31:47
.
2008-02-16 18:00:30    --- E O F --- 
--------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 20:26:30, on 17-02-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\benjamin2\Skrivebord\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eksperten.dk/spm/819927
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123073983396
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - C:\Programmer\Fælles filer\A&W\MidRadio.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
--------------------------------------------------------------------------------------

********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh
17-02-2008 20:36:56,35

NOTICE!! Rootchk is not being updated anymore, and is thus gradually getting outdated.
Last update was made 28-12-07

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 20:37:04
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
IPC error: 2 Den angivne fil blev ikke fundet.

scanning hidden services & system hive ...
IPC error: 2 Den angivne fil blev ikke fundet.

scanning hidden registry entries ...

scanning hidden files ...
IPC error: 2 Den angivne fil blev ikke fundet.

hidden processes: 0
hidden services: 0
hidden files: 0
--------------------------------------------------------------------------------------

det var alle
Avatar billede spider006 Nybegynder
17. februar 2008 - 20:40 #3
vil lige sige at det ikke er min egen maskine men en jeg skulle se på for en kammi
Avatar billede Computer Hjælp (Gratis) Mester
17. februar 2008 - 22:40 #4
Manuelt SLET mapperne ->
C:\Programmer\BearShare Applications
C:\Documents and Settings\benjamin2\Application Data\BearShare

Registreringsdatabase oprydning ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.

Hvordan er status på PC'en så nu ?
Avatar billede spider006 Nybegynder
18. februar 2008 - 21:38 #5
den ser ud til at køre uden problemer nu.  tak for hjælpen    smider du lige et svar
Avatar billede Computer Hjælp (Gratis) Mester
18. februar 2008 - 22:11 #6
Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...
Avatar billede spider006 Nybegynder
18. februar 2008 - 22:27 #7
Jeg har pakket maskinen sammen og afleveret den igen.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
pop up black friday Af Malm i Virus 10 I går 20:49 I dag 10:46
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I dag 14:10 Outlook henter ikke mails Af TTA i Office & Kontorpakker
I dag 13:58 vise billeder i kartotek med store ikoner inklusive optagelsesdato Af Malm i Billedbehandling
I dag 13:35 Adobe Elements 2019, Organizer Crasher Af mort1 i Billedbehandling
I går 20:49 pop up black friday Af Malm i Virus
I går 18:31 Hvor finder jeg en netværksdriver? Af jcr18 i Wifi
White papers
Flere white papers »


Premium
Teaser billede
Vil købe tele-løsninger til det offentlige for 370 millioner kroner
Læs mere »
Efterspørgslen på AI-regnekraft er enorm - og det smitter af på priserne: "Vi kan sælge næsten alt, hvad vi får ind"
Nyt værtøj fra Microsoft: Snart kan du reparere nedbrudte Windows-enheder på distancen
Politiet skriver kontrakt på 75 millioner kroner med dansk it-firma: Medarbejdere skal flytte ind hos politiet
Se alle »
Computerworld
Teaser billede
Microsofts nye pc er ekstrem billig – men kan blive ekstrem sikker og fleksibel
Læs mere »
Test: Prøv kun disse B&O-hovedtelefoner, hvis du har råd
Kæmpe datalæk på hospital: 750.000 patienters fortrolige data lækket
Test: Audi Q6 er en super fed SUV - men gør dig selv en tjeneste og kast flere penge efter den
Se alle »
CIO
Teaser billede
Konsulenthus vil rulle Microsoft 365 Copilot ud til 200.000 ansatte
Læs mere »
Kæmpe-opgave for Danske Bank har banet vej for fuldautomatiseret migrering til cloud: Nu udbredes metoden i hele AWS
Microsofts store årlige event: De tre vigtigste nøglebudskaber fra Satya Nadella om Microsofts fremtid
Stor sag mod Microsoft kan være på vej: Beskyldes for at låse Azure-kunder fast med ulovlige metoder
Se alle »
Job & Karriere
Teaser billede
Microsoft klar med ny direktion for den danske forretning: Her er de nye direktører
Læs mere »
Efter skelsættende møde med sportscoach: Stor dansk it-arbejdsplads indfører fredags-fri og isbade i arbejdstiden
Linus Torvalds giver russiske Linux-udviklere sparket: Vil ikke have noget med dem at gøre
Topchef Sara Green mener, at der er brug for et radikalt nyt syn på it-ledelse - særligt én ny trend hader hun som pesten
Se alle »
White paper
Teaser billede
SAP: Skab værdi og minimér omkostninger med effektiv dokumenthåndtering
Læs mere »
Managed Detection & Response: Forsvar din virksomhed mod cybertrusler døgnet rundt
Governance, Risk & Compliance: Knyt stærke bånd mellem forretning og sikkerhed
Styrk compliance, sikkerhed og overblik med ét hug
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »