CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede spider006 Nybegynder
17. februar 2008 - 18:37 Der er 6 kommentarer og
1 løsning

er der en som vil se på denne log

hej er der en som vil se på denne, for maskinen køre som l*o*r*t  og der popper en masse op hele tiden

Logfile of HijackThis v1.99.1
Scan saved at 18:34:29, on 17-02-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\benjamin2\Skrivebord\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Programmer\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123073983396
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - C:\Programmer\Fælles filer\A&W\MidRadio.ocx
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
Avatar billede Computer Hjælp (Gratis) Mester
17. februar 2008 - 18:45 #1
Sådan kan det let gå når man leger med reslutaterne fra BEARSHARE mm. !!!

Afinstaller
* BearShare
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284
via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------

... Nu er det ikke alle (u)ønskede elementer som viser sig med en HiJackThis Log; så gennemfør proceduren herfra -> http://www.eksperten.dk/artikler/1123
Avatar billede spider006 Nybegynder
17. februar 2008 - 20:39 #2
sådan  nu smider jeg de mange logs.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/17/2008 at 08:19 PM

Application Version : 3.7.1018

Core Rules Database Version : 3404
Trace Rules Database Version: 1396

Scan type      : Complete Scan
Total Scan Time : 01:05:21

Memory items scanned      : 166
Memory threats detected  : 0
Registry items scanned    : 4922
Registry threats detected : 1
File items scanned        : 42526
File threats detected    : 247

Trojan.Smitfraud Variant/IE Anti-Spyware
    HKLM\Software\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E}

Adware.Tracking Cookie
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@1588.stats.misstrends[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@247realmedia[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@2adultflashgames[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@2o7[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@3.adbrite[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@3d-sexgames[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@4.adbrite[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@599.stats.misstrends[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@acvs.mediaonenetwork[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@ad.adtegrity[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@ad.firstadsolution[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@ad.zanox[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@ad1.emediate[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@adbrite[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@adfair[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@adlegend[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@admin.teenrevenue[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@adopt.euroclick[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@adrevolver[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@ads.adgoto[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@ads.gamesbannernet[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@ads.habbogroup[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@ads.habbohotel[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@ads.newgrounds[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@ads.pointroll[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@ads.stileproject[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@ads2.jubii[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@adserver.banneradministration[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@adserver.filefront[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@adultadworld[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@adultcomix[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@adultmatchheat[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@apmebf[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@atwola[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@banner.gratis-ting[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@banners.battleon[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@banners2.battleon[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@bluestreak[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@bs.serving-sys[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@burstnet[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@clickaider[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@counter.hitslink[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@counter11.sextracker[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@counter3.sextracker[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@counter4.sextracker[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@counter6.sextracker[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@cs.sexcounter[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@cz5.clickzs[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@drivecleaner[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@e2.emediate[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@eas.apm.emediate[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@eas4.emediate[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@edcgruppen.112.2o7[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@edge.ru4[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@ehg-globalgamingleague.hitbox[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@ehg-youtube.hitbox[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@eliteasianvids[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@elitepvpers[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@fishadultgames[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@free.wegcash[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@freefind[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@freepornlessons[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@gayhentaixxx[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@go.drivecleaner[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@go.drivecleaner[3].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@go.drivecleaner[4].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@gratis-porno[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@h.starware[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@hentaicounter[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@hitbox[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@image.masterstats[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@imrworldwide[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@linkto.mediafire[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@maxxx[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@media.sensis.com[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@mediafire[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@mediaonenetwork[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@mediaplex[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@msnportal.112.2o7[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@myhornycartoons[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@mysexgames[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@online.adservicemedia[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@overture[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@partners.webmasterplan[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@partygaming.122.2o7[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@partypoker[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@pornbilly[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@pornofilm[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@pornoinside[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@pornorotten[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@precisionclick[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@pro-market[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@promo.adultemart[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@pulz.banneradministration[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@questionmarket[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@rb4.worldsex[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@revenue[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@revsci[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@search.adultfriendfinder[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@secure.sextronix[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@server.cpmstar[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@server.iad.liveperson[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@server.iad.liveperson[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@server.iad.liveperson[4].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@server.iad.liveperson[5].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@serving-sys[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@sexcartoons6[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@sexdebut[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@sexkanaler[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@sexland[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@sexshop365.co[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@sexshop365.co[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@sextracker[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@sexyavenue[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@sexyfuckgames[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@sexygames[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@smartadserver[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@stat.onestat[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@statcounter[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@stats.drivecleaner[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@stilemedia[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@tacoda[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@tdstats[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@teenhut[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@teenpigen[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@toplist[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@tracking.pulse360[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@tradedoubler[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@tribalfusion[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@tripod[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@try.starware[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.3d-sexgames[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.adult-flash-games[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.adultcrowd[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.betalingsporno[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.burstnet[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.comprabanner[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.elitepvpers[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.gayhentaixxx[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.hentaisex[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.hentaixxxgames[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.holypornzone[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.maxxx[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.mediafire[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.mycartoonsexgames[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.naughtymaturesex[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.netxmedia[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.nudeteens[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.onlyfreepornvideos[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.pornofilm[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.pornorotten[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.sex-huset[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.sex-sex-sex[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.sexcartoons6[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.sexlinien[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.sexmaxx[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.sexogsamfund[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.sexshop365.co[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.sexspil[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.sextrem[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.sextronix[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.showmesexy[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.smartadserver[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.stilemedia[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.teenhut[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.teenmovies[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.teenpigen[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.totalporno[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.xxxgamespro[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.xxxgames[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www.zanox-affiliate[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www2.mystats[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www2.mystats[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www3.addfreestats[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@www7.addfreestats[2].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@xiti[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@xxx-find[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@xxxcounter[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@xxxvideo[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@yourmedia[1].txt
    C:\Documents and Settings\benjamin.PRIVAT\Cookies\benjamin@zbox.zanox[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@ad.yieldmanager[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@ad1.emediate[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@adfair[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@adlegend[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@ads2.jubii[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@adtech[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@atdmt[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@banner.gratis-ting[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@bs.serving-sys[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@e2.emediate[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@eas.apm.emediate[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@eas4.emediate[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@findwhat[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@ilead.itrack[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@imrworldwide[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@questionmarket[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@server.cpmstar[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@serving-sys[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@sexnoveller[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@specificclick[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@toplist[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@track.adform[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@tribalfusion[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@www.jubiisexbio[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@www.sexnoveller[1].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@www.teenhut[2].txt
    C:\Documents and Settings\Bruger\Cookies\bruger@yadro[1].txt
    C:\Documents and Settings\ja\Cookies\ja@3animalsex[2].txt
    C:\Documents and Settings\ja\Cookies\ja@analanimalsex[1].txt
    C:\Documents and Settings\ja\Cookies\ja@animal-sex[1].txt
    C:\Documents and Settings\ja\Cookies\ja@dyresex[1].txt
    C:\Documents and Settings\ja\Cookies\ja@eas.apm.emediate[2].txt
    C:\Documents and Settings\ja\Cookies\ja@mysexgames[2].txt
    C:\Documents and Settings\ja\Cookies\ja@pornhub[1].txt
    C:\Documents and Settings\ja\Cookies\ja@www.pornhub[1].txt
    C:\Documents and Settings\ja\Cookies\ja@www.pornhub[2].txt
    C:\Documents and Settings\ja\Cookies\ja@www.xxxlookups[2].txt
    C:\Documents and Settings\ja\Cookies\ja@www.xxxpower[1].txt
    C:\Documents and Settings\ja\Cookies\ja@xxxpower[2].txt
    C:\Documents and Settings\ja\Cookies\ja@yadro[2].txt
    C:\Documents and Settings\patrick\Cookies\patrick@2o7[2].txt
    C:\Documents and Settings\patrick\Cookies\patrick@adfair[2].txt
    C:\Documents and Settings\patrick\Cookies\patrick@ads.shizmoo[1].txt
    C:\Documents and Settings\patrick\Cookies\patrick@ads.tibaco[1].txt
    C:\Documents and Settings\patrick\Cookies\patrick@adserver.adremedy[1].txt
    C:\Documents and Settings\patrick\Cookies\patrick@banner.gratis-ting[2].txt
    C:\Documents and Settings\patrick\Cookies\patrick@eas.apm.emediate[1].txt
    C:\Documents and Settings\patrick\Cookies\patrick@ehg-chrysler.hitbox[2].txt
    C:\Documents and Settings\patrick\Cookies\patrick@focalex[1].txt
    C:\Documents and Settings\patrick\Cookies\patrick@msnportal.112.2o7[1].txt
    C:\Documents and Settings\patrick\Cookies\patrick@server.cpmstar[2].txt
    C:\Documents and Settings\patrick\Cookies\patrick@tradedoubler[1].txt
    C:\Documents and Settings\patrick\Cookies\patrick@www3.addfreestats[1].txt

Browser Hijacker.Favorites
    C:\DOCUMENTS AND SETTINGS\JA\FORETRUKNE\ONLINE SECURITY TEST.URL

Trojan.Media-Codec/V5
    C:\PROGRAMMER\NETPROJECT\SBMDL.DLL
    C:\PROGRAMMER\NETPROJECT\SBMNTR.EXE
    C:\PROGRAMMER\NETPROJECT\SBSM.EXE
    C:\PROGRAMMER\NETPROJECT\SCIT.EXE
    C:\PROGRAMMER\NETPROJECT\SCM.EXE
    C:\PROGRAMMER\NETPROJECT\WAUN.EXE
    C:\WINDOWS\Prefetch\SBMNTR.EXE-05E4ED70.pf
    C:\WINDOWS\Prefetch\SBSM.EXE-286736D7.pf
    C:\WINDOWS\Prefetch\SCIT.EXE-24204EE5.pf
    C:\WINDOWS\Prefetch\SCM.EXE-17C5E3A4.pf
    C:\WINDOWS\Prefetch\WAUN.EXE-31CAFAEC.pf
--------------------------------------------------------------------------------------

ComboFix 08-02-17.2 - benjamin2 2008-02-17 20:27:43.1 - NTFSx86
Running from: C:\Documents and Settings\benjamin2\Skrivebord\clean\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((  Files Created from 2008-01-17 to 2008-02-17  )))))))))))))))))))))))))))))))
.

2008-02-17 19:05 . 2008-02-17 19:13    <DIR>    d--------    C:\Programmer\SUPERAntiSpyware
2008-02-17 19:05 . 2008-02-17 19:05    <DIR>    d--------    C:\Documents and Settings\benjamin2\Application Data\SUPERAntiSpyware.com
2008-02-17 19:05 . 2008-02-17 19:05    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-17 19:00 . 2008-02-17 19:00    <DIR>    d--------    C:\Programmer\CCleaner
2008-02-17 17:45 . 2008-02-17 17:45    <DIR>    d--------    C:\Programmer\Spybot - Search & Destroy
2008-02-17 17:44 . 2008-02-17 17:43    691,545    --a------    C:\WINDOWS\unins000.exe
2008-02-17 17:44 . 2008-02-17 17:44    3,451    --a------    C:\WINDOWS\unins000.dat
2008-02-17 17:36 . 2008-02-17 17:42    <DIR>    d--------    C:\Documents and Settings\benjamin2\Application Data\Spybot - Search & Destroy
2008-02-16 19:02 . 2008-02-16 19:03    <DIR>    d--------    C:\Documents and Settings\benjamin2\Application Data\wsInspector
2008-02-16 18:58 . 2008-02-16 19:01    <DIR>    d--------    C:\Programmer\Startup Inspector for Windows
2008-02-16 15:41 . 2008-02-16 15:41    <DIR>    d--------    C:\Programmer\Lavasoft
2008-02-16 15:41 . 2008-02-16 18:41    <DIR>    d--------    C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-12 16:43 . 2008-02-16 15:46    <DIR>    d-a------    C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-12 16:42 . 2008-02-16 20:08    <DIR>    d--------    C:\Programmer\NetProject
2008-02-12 14:16 . 2008-02-12 14:16    <DIR>    d--------    C:\Programmer\Abyss Web Server
2008-02-11 20:45 . 2008-02-11 20:45    <DIR>    d--------    C:\Programmer\SCAR 2.03
2008-02-10 17:23 . 2008-02-11 21:20    671    --a------    C:\WINDOWS\system32\newaddies.xtc
2008-02-10 04:40 . 2008-02-10 04:40    268    --ah-----    C:\sqmdata10.sqm
2008-02-10 04:40 . 2008-02-10 04:40    244    --ah-----    C:\sqmnoopt10.sqm
2008-02-05 16:17 . 2008-02-05 16:17    268    --ah-----    C:\sqmdata09.sqm
2008-02-05 16:17 . 2008-02-05 16:17    244    --ah-----    C:\sqmnoopt09.sqm
2008-01-31 12:28 . 2008-02-12 16:43    <DIR>    d--------    C:\Documents and Settings\ja\Skrivebord
2008-01-31 12:28 . 2005-08-03 12:47    <DIR>    d--h-----    C:\Documents and Settings\ja\Skabeloner
2008-01-31 12:28 . 2005-08-03 13:41    <DIR>    d--h-----    C:\Documents and Settings\ja\Printere
2008-01-31 12:28 . 2008-02-12 16:43    <DIR>    dr-------    C:\Documents and Settings\ja\Menuen Start
2008-01-31 12:28 . 2005-08-03 13:41    <DIR>    d--h-----    C:\Documents and Settings\ja\Lokale indstillinger
2008-01-31 12:28 . 2008-02-12 16:42    <DIR>    dr-------    C:\Documents and Settings\ja\Foretrukne
2008-01-31 12:28 . 2008-02-05 16:38    <DIR>    dr-------    C:\Documents and Settings\ja\Dokumenter
2008-01-31 12:28 . 2005-08-03 13:41    <DIR>    d--h-----    C:\Documents and Settings\ja\Andre computere
2008-01-26 10:12 . 2008-01-26 10:12    <DIR>    d--------    C:\My Downloads
2008-01-26 10:12 . 2008-01-27 14:41    <DIR>    d--------    C:\Documents and Settings\benjamin2\Application Data\BearShare
2008-01-25 18:18 . 2006-11-12 11:39    483,328    --a------    C:\WINDOWS\system32\actskn45.ocx
2008-01-25 18:17 . 2008-02-17 18:52    <DIR>    d--------    C:\Programmer\BearShare Applications
2008-01-17 20:56 . 2008-01-17 20:56    <DIR>    d--------    C:\Documents and Settings\Bruger\Phone Browser
2008-01-17 18:44 . 2008-01-17 18:44    268    --ah-----    C:\sqmdata08.sqm
2008-01-17 18:44 . 2008-01-17 18:44    244    --ah-----    C:\sqmnoopt08.sqm
2008-01-17 18:43 . 2008-01-17 18:43    <DIR>    d--------    C:\Documents and Settings\benjamin.PRIVAT\Application Data\flatball
2008-01-17 16:03 . 2008-01-17 16:03    268    --ah-----    C:\sqmdata07.sqm
2008-01-17 16:03 . 2008-01-17 16:03    244    --ah-----    C:\sqmnoopt07.sqm
2008-01-17 15:29 . 2008-01-26 03:38    98,304    --a------    C:\WINDOWS\system32CmdLineExt.dll
2008-01-17 12:55 . 2008-01-17 14:13    <DIR>    d--h-----    C:\Documents and Settings\benjamin.PRIVAT\Application Data\ijjigame
2008-01-17 12:54 . 2008-01-17 12:54    <DIR>    d--------    C:\Programmer\NHN USA
2008-01-17 12:54 . 2007-09-27 12:08    692,224    --a------    C:\WINDOWS\system32\ijjiSetup.exe
2008-01-17 12:54 . 2007-06-21 18:59    58,776    --a------    C:\WINDOWS\system32\ijjiPlugin2.dll
2008-01-17 12:49 . 2008-01-17 12:49    <DIR>    d--------    C:\ijji

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 18:05    ---------    d-----w    C:\Programmer\Fælles filer\Wise Installation Wizard
2008-02-16 17:41    12,632    ----a-w    C:\WINDOWS\system32\lsdelete.exe
2008-02-12 13:12    ---------    d-----w    C:\Programmer\Steam
2008-02-11 20:01    ---------    d-----w    C:\Documents and Settings\benjamin.PRIVAT\Application Data\Skype
2008-01-21 13:27    ---------    d-----w    C:\Programmer\Cheat Engine
2008-01-17 11:54    ---------    d--h--w    C:\Programmer\InstallShield Installation Information
2008-01-16 15:43    ---------    d-----w    C:\Documents and Settings\benjamin2\Application Data\AdobeUM
2008-01-08 13:30    ---------    d-----w    C:\Documents and Settings\benjamin.PRIVAT\Application Data\InterVideo
2008-01-07 14:33    ---------    d-----w    C:\Programmer\Xentare
2008-01-07 14:23    ---------    d-----w    C:\Programmer\DXWnd
2008-01-07 12:52    ---------    d-----w    C:\Documents and Settings\benjamin.PRIVAT\Application Data\Nexon
2008-01-07 12:45    ---------    d-----w    C:\Programmer\ATI Technologies
2008-01-07 12:11    ---------    d-----w    C:\Documents and Settings\benjamin.PRIVAT\Application Data\AdobeUM
2007-12-28 18:54    ---------    d-----w    C:\Documents and Settings\benjamin.PRIVAT\Application Data\Nokia Multimedia Player
2007-12-26 16:30    1,970,176    ----a-w    C:\WINDOWS\system32\d3dx9.dll
2007-12-18 09:51    179,584    ----a-w    C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-14 17:50    43,520    ----a-w    C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-07 02:13    824,832    ----a-w    C:\WINDOWS\system32\wininet.dll
2007-12-05 13:17    593,920    ------w    C:\WINDOWS\system32\ati2sgag.exe
2007-12-05 03:05    368,640    ----a-w    C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-05 03:04    269,312    ----a-w    C:\WINDOWS\system32\ati2dvag.dll
2007-12-05 02:56    147,456    ----a-w    C:\WINDOWS\system32\atipdlxx.dll
2007-12-05 02:55    43,520    ----a-w    C:\WINDOWS\system32\ati2edxx.dll
2007-12-05 02:55    26,112    ----a-w    C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-05 02:55    122,880    ----a-w    C:\WINDOWS\system32\Oemdspif.dll
2007-12-05 02:55    122,880    ----a-w    C:\WINDOWS\system32\ati2evxx.dll
2007-12-05 02:54    307,200    ----a-w    C:\WINDOWS\system32\atiiiexx.dll
2007-12-05 02:53    53,248    ----a-w    C:\WINDOWS\system32\ATIDDC.DLL
2007-12-05 02:53    495,616    ----a-w    C:\WINDOWS\system32\ati2evxx.exe
2007-12-05 02:48    9,535,488    ----a-w    C:\WINDOWS\system32\atioglx2.dll
2007-12-05 02:44    3,175,584    ----a-w    C:\WINDOWS\system32\ati3duag.dll
2007-12-05 02:33    1,640,192    ----a-w    C:\WINDOWS\system32\ativvaxx.dll
2007-12-05 02:19    5,435,392    ----a-w    C:\WINDOWS\system32\atioglxx.dll
2007-12-05 02:19    385,024    ----a-w    C:\WINDOWS\system32\atikvmag.dll
2007-12-05 02:17    17,408    ----a-w    C:\WINDOWS\system32\atitvo32.dll
2007-12-05 02:14    180,224    ----a-w    C:\WINDOWS\system32\atiok3x2.dll
2007-12-05 02:11    499,712    ----a-w    C:\WINDOWS\system32\ati2cqag.dll
2007-12-04 18:41    550,912    ----a-w    C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04    837,496    ----a-w    C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54    95,608    ----a-w    C:\WINDOWS\system32\AvastSS.scr
2007-07-20 08:42    21,755,157    ----a-w    C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_20_10_41_15_full.dmp.zip
2007-07-20 06:01    21,658,667    ----a-w    C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_19_22_18_03_full.dmp.zip
2007-07-19 15:42    21,620,434    ----a-w    C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_07_18_22_46_25_full.dmp.zip
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Programmer\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-26 16:53 15360]
"SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-04-23 15:46 1318128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"StartCCC"="C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-26 16:53 15360]
"Nokia.PCSync"="C:\Programmer\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58 1744896]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmer\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Programmer\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Adobe Reader Hurtigstart.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Hurtigstart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^Bluetooth Manager.lnk]
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menuen Start^Programmer^Start^InterVideo WinCinema Manager.lnk]
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-11-03 20:10 344064 C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BallanceSetup.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContraVirus]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveCleaner 2006 Free]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAVTrial]
--a------ 2004-08-19 04:10 32768 C:\Programmer\CA\eTrust Antivirus\eAVTrial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantTray]
--a------ 2004-09-02 09:37 770048 C:\Programmer\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-03-23 12:20 227328 C:\Programmer\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ptipbmf]
--a------ 2005-08-03 14:30 118784 C:\WINDOWS\system32\ptipbmf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Realtime Monitor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReJf5vH]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RiskIISetup.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 15:17 159744 C:\Programmer\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2003-05-30 08:42 585728 C:\Programmer\Analog Devices\SoundMAX\Smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2003-05-29 15:28 790528 C:\Programmer\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-11-30 13:59 1266936 C:\Programmer\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 13:03 36975 C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfAccuracy]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TacticalOpsSetup.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkAndWrite]
--a------ 2007-06-30 00:23 2664448 C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\udc6cw]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Updater Servc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8D8BB7AA-34B8-4058-85C7-5F750A62BE2D}]
C:\WINDOWS\system32\msiexec.exe  /fup {8D8BB7AA-34B8-4058-85C7-5F750A62BE2D} /q
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 20:31:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ImagePath"="\??\C:\Documents and Settings\benjamin.PRIVAT\Skrivebord\Ziztey's Hack Pack - V. 50 - REV 1139\Ziztey's Hack Pack - 02-03-08
[EXTRACT]\Moonlight Engine\IlvMoney1129.sys"

.
Completion time: 2008-02-17 20:31:47
.
2008-02-16 18:00:30    --- E O F --- 
--------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 20:26:30, on 17-02-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmer\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmer\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\benjamin2\Skrivebord\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eksperten.dk/spm/819927
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmer\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmer\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Programmer\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123073983396
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FLLESF~1\Skype\SKYPE4~1.DLL
O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - C:\Programmer\Fælles filer\A&W\MidRadio.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmer\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmer\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmer\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmer\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
--------------------------------------------------------------------------------------

********************************* ROOTCHK-(28-12-07)-LOG, by ejvindh
17-02-2008 20:36:56,35

NOTICE!! Rootchk is not being updated anymore, and is thus gradually getting outdated.
Last update was made 28-12-07

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 20:37:04
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
IPC error: 2 Den angivne fil blev ikke fundet.

scanning hidden services & system hive ...
IPC error: 2 Den angivne fil blev ikke fundet.

scanning hidden registry entries ...

scanning hidden files ...
IPC error: 2 Den angivne fil blev ikke fundet.

hidden processes: 0
hidden services: 0
hidden files: 0
--------------------------------------------------------------------------------------

det var alle
Avatar billede spider006 Nybegynder
17. februar 2008 - 20:40 #3
vil lige sige at det ikke er min egen maskine men en jeg skulle se på for en kammi
Avatar billede Computer Hjælp (Gratis) Mester
17. februar 2008 - 22:40 #4
Manuelt SLET mapperne ->
C:\Programmer\BearShare Applications
C:\Documents and Settings\benjamin2\Application Data\BearShare

Registreringsdatabase oprydning ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.

Hvordan er status på PC'en så nu ?
Avatar billede spider006 Nybegynder
18. februar 2008 - 21:38 #5
den ser ud til at køre uden problemer nu.  tak for hjælpen    smider du lige et svar
Avatar billede Computer Hjælp (Gratis) Mester
18. februar 2008 - 22:11 #6
Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Du bør rense temp med denne fil, det tager kun få sek.
http://www.spywareinfo.dk/download/cleantempxp2k.bat

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...
Avatar billede spider006 Nybegynder
18. februar 2008 - 22:27 #7
Jeg har pakket maskinen sammen og afleveret den igen.
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel Indlæg Oprettet Seneste aktivitet
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus 21 22/06/202419:22 23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus 23 07/05/202421:02 13/05/202419:48
trusler Af gerhardpet i Virus 4 26/01/202410:02 27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus 16 09/01/202416:37 10/01/202419:59
virusscanning Af JetteD i Virus 2 10/11/202312:55 10/11/202316:36
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 20:17 vlc viser kegle-icon Af casablanca i Andet software
I går 14:01 Oprette / gemme et par fotos i en mappe - Samsung Galaxy A 14 5G ? Af Ikke-ekspert i Mobiltelefoner
I går 11:14 Bærbar til Sims 3? Af idamarie i PC
I går 10:49 Adobe til excel Af densortehingst i Andet software
I går 09:26 Chrome Af fjorbak i Andet netværk
White papers
Flere white papers »


Premium
Teaser billede
”Det største it-nedbrud i historien” lammede store dele af verden: Nu giver CrowdStrike sine kunder en kop kaffe som undskyldning
Læs mere »
Top-CIO Rasmus Lundgaard Pedersen balancerer hele tiden mellem to poler
5.000 flyafgange i verden blev aflyst som følge af Crowdstrike-nedbrud: Vil Københavns Lufthavn søge erstatning?
Hackere udnytter CrowdStrike-nedbruddet: Spreder malware ved hjælp af falske løsninger
Se alle »
Computerworld
Teaser billede
Microsoft-nedbrud spreder sig: It-systemer i lufthavne verden over er ramt
Læs mere »
Test: Denne mikro-pc er smartere end de stærkeste desktop-maskiner - men flopper alligevel
Elon Musk dropper CrowdStrike efter kæmpe nedbrud
Hundredevis af flyafgange ramt af stort Microsoft-nedbrud
Se alle »
CIO
Teaser billede
Microsoft er på sagen: I gang med at løse kæmpe nedbrud efter katastrofal Crowdstrike-fejl
Læs mere »
Så mange Microsoft-enheder blev ramt af gigantisk Crowdstrike-koks
Telenor skrotter ældre it-system: Nyt system er en hyldevare
Derfor står Danske Bank foran en kæmpe AWS-transformation: Ellers skulle vi bygge en ny infrastruktur for at følge med
Se alle »
Job & Karriere
Teaser billede
Efter 12 år er NNIT's hovedkvarter i Søborg nu ryddet og tomt - alle arbejder hjemme: "Det er med et vist vemod"
Læs mere »
Norlys skal splittes op i fem selskaber: Nu bliver flere ansatte og ledere fyret
Dansk top-profil trækker sig fra Microsoft: Skal være direktør i TDC Erhverv
KMD-direktør forlader selskabet: Det skal hun nu
Se alle »
White paper
Teaser billede
Optimering af Source-to-Pay: Identificér oplagte gevinster og skær omkostninger
Læs mere »
Samlet platform sikrer sammenhæng, kontrol og sikkerhed i hybrid cloud
Sådan gør du: Elektronisk dokumentudveksling i praksis
Opdag fordelene ved cloud-baseret backup og recovery
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »