CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg
Cookie ikon
Avatar billede elisen Nybegynder
15. april 2008 - 17:41 Der er 16 kommentarer

Logs fra min com

Hey. Jeg har fulgt dette link http://www.eksperten.dk/artikler/1123 og har nu de tre logfiler.. jeg håber en der har forstand på det vil hjælpe mig her ;)..

HIJACK:
Logfile of HijackThis v1.99.1
Scan saved at 17:05:34, on 15-04-2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ASUSTPE.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\tsnpstd3.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
D:\super\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Users\Casper\Desktop\rent\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NI.UGESK_0001_N122M0303] "c:\users\casper\appdata\roaming\setup_dk[1].exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Casper\AppData\Local\Temp\geBSmmJa.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Casper\AppData\Local\Temp\qoMeEXNF.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Casper\AppData\Local\Temp\xkwnlsip.dll",run
O4 - HKCU\..\Run: [60ecbcc2] rundll32.exe "C:\Users\Casper\AppData\Local\Temp\odxcjrqe.dll",b
O4 - HKCU\..\Run: [BM63df8f5e] Rundll32.exe "C:\Users\Casper\AppData\Local\Temp\wowwvimh.dll",s
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\super\SUPERAntiSpyware.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe (file missing)
O9 - Extra button: Ladbrokes Poker - {DD34854E-E65B-4940-AEEB-0041BCADDBA5} - C:\Microgaming\Poker\LadbrokesMPP\MPPoker.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O15 - Trusted Zone: *.cdon.com
O15 - Trusted Zone: *.cdon.dk
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.20.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldda-dk.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashcasino.ladbrokes.com/instant-play-dk/FlashAX.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\super\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)



COMBOFIX:
ComboFix 08-04-14.2 - Casper 2008-04-15 17:07:50.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium  6.0.6000.0.1252.1.1030.18.1242 [GMT 2:00]
Running from: C:\Users\Casper\Desktop\rent\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\Downloaded Program Files\setup.inf

.
(((((((((((((((((((((((((  Files Created from 2008-03-15 to 2008-04-15  )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 15:01    ---------    d-----w    C:\Program Files\Steam
2008-04-15 14:59    45,056    ----a-w    C:\Windows\System32\acovcnt.exe
2008-04-15 14:26    ---------    d-----w    C:\ProgramData\SUPERAntiSpyware.com
2008-04-15 14:25    ---------    d-----w    C:\Users\Casper\AppData\Roaming\SUPERAntiSpyware.com
2008-04-15 14:24    ---------    d-----w    C:\Program Files\Common Files\Wise Installation Wizard
2008-04-15 14:20    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2008-04-15 14:20    ---------    d-----w    C:\Users\Casper\AppData\Roaming\Microsoft Games
2008-04-15 14:20    ---------    d-----w    C:\ProgramData\Microsoft Games
2008-04-15 12:26    ---------    d-----w    C:\Program Files\SikkerPCVaerktoj
2008-04-15 12:25    ---------    d-----w    C:\Program Files\Common Files\SikkerPCVaerktoj
2008-04-15 12:23    261,664    ----a-w    C:\Users\Casper\AppData\Roaming\setup_dk[1].exe
2008-04-15 10:23    ---------    d-----w    C:\Program Files\Canon
2008-04-15 08:53    ---------    d-----w    C:\Program Files\VirusForsvar
2008-04-15 08:13    ---------    d-----w    C:\Program Files\Alwil Software
2008-04-15 06:37    ---------    d-----w    C:\Program Files\Common Files\VirusForsvar
2008-04-11 07:18    ---------    d-----w    C:\ProgramData\Microsoft Help
2008-04-11 07:18    ---------    d-----w    C:\Program Files\Windows Mail
2008-04-07 20:35    ---------    d-----w    C:\Program Files\Common Files\Symantec Shared
2008-04-07 20:33    ---------    d-----w    C:\ProgramData\Symantec
2008-04-07 20:33    ---------    d-----w    C:\Program Files\Symantec
2008-04-06 15:04    ---------    d-----w    C:\Program Files\TVAnts
2008-04-03 10:50    ---------    d-----w    C:\Program Files\EarMaster Pro 5
2008-04-03 09:53    ---------    d-----w    C:\Program Files\Common Files\Steam
2008-04-02 18:16    ---------    d-----w    C:\ProgramData\FLEXnet
2008-04-02 18:01    ---------    d-----w    C:\Program Files\Common Files\Control Panels
2008-04-02 18:00    ---------    d-----w    C:\Program Files\Common Files\Adobe
2008-04-02 17:57    ---------    d-----w    C:\Program Files\Bonjour
2008-04-02 17:43    ---------    d-----w    C:\Program Files\Common Files\Macrovision Shared
2008-04-02 17:26    ---------    d-----w    C:\Program Files\MagicDisc
2008-04-02 17:22    ---------    d-----w    C:\Program Files\MagicISO
2008-03-29 23:26    ---------    d-----w    C:\Users\Casper\AppData\Roaming\Microgaming
2008-03-29 18:43    ---------    d-----w    C:\Users\Casper\AppData\Roaming\dvdcss
2008-03-29 18:37    ---------    d-----w    C:\Users\Casper\AppData\Roaming\vlc
2008-03-29 18:36    ---------    d-----w    C:\Program Files\VideoLAN
2008-03-29 17:45    1,146,232    ----a-w    C:\Windows\System32\aswBoot.exe
2008-03-29 17:35    20,560    ----a-w    C:\Windows\system32\drivers\aswFsBlk.sys
2008-03-29 17:32    50,768    ----a-w    C:\Windows\system32\drivers\aswMonFlt.sys
2008-03-29 17:31    75,856    ----a-w    C:\Windows\system32\drivers\aswSP.sys
2008-03-29 17:29    23,152    ----a-w    C:\Windows\system32\drivers\aswRdr.sys
2008-03-29 17:27    42,912    ----a-w    C:\Windows\system32\drivers\aswTdi.sys
2008-03-29 17:23    95,608    ----a-w    C:\Windows\System32\AvastSS.scr
2008-03-24 20:09    ---------    d-----w    C:\Users\Casper\AppData\Roaming\EarMaster
2008-03-24 06:54    5,120    ----a-w    C:\Users\Casper\keygen.exe
2008-03-19 19:28    ---------    d-----w    C:\ProgramData\EarMaster
2008-03-19 14:01    ---------    d-----w    C:\Program Files\Common Files\Microsoft Games
2008-03-19 13:50    ---------    d-----w    C:\Program Files\Microsoft Games
2008-03-16 01:43    ---------    d-----w    C:\Users\Casper\AppData\Roaming\ImgBurn
2008-03-16 01:24    ---------    d-----w    C:\Program Files\ImgBurn
2008-03-16 00:21    ---------    d-----w    C:\Users\Casper\AppData\Roaming\Leadertech
2008-03-14 15:27    ---------    d-----w    C:\Program Files\DVD Decrypter
2008-03-12 20:19    ---------    d-----w    C:\Program Files\SopCast
2008-03-10 22:13    ---------    d-----w    C:\Program Files\Infogrames Interactive
2008-03-08 13:57    ---------    d-----w    C:\Program Files\GameSpy Arcade
2008-03-08 13:57    ---------    d-----w    C:\Program Files\directx
2008-03-05 21:01    ---------    d-----w    C:\Program Files\Windows Live
2008-03-03 18:30    ---------    d-----w    C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-03 18:29    ---------    d-----w    C:\Program Files\Windows Live Toolbar
2008-03-03 18:29    ---------    d-----w    C:\Program Files\Windows Live Favorites
2008-03-03 18:26    ---------    dcsh--w    C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-03 18:17    ---------    d-----w    C:\ProgramData\WLInstaller
2008-02-29 06:51    19,000    ----a-w    C:\Windows\System32\kd1394.dll
2008-02-29 06:39    40,960    ----a-w    C:\Windows\System32\srclient.dll
2008-02-29 06:39    371,712    ----a-w    C:\Windows\System32\srcore.dll
2008-02-29 06:38    313,856    ----a-w    C:\Windows\System32\rstrui.exe
2008-02-29 06:38    16,384    ----a-w    C:\Windows\System32\srdelayed.exe
2008-02-29 06:35    6,656    ----a-w    C:\Windows\System32\kbd106n.dll
2008-02-29 06:34    7,168    ----a-w    C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16    2,027,008    ----a-w    C:\Windows\System32\win32k.sys
2008-02-21 04:43    826,368    ----a-w    C:\Windows\System32\wininet.dll
2008-02-21 04:43    56,320    ----a-w    C:\Windows\System32\iesetup.dll
2008-02-21 04:43    52,736    ----a-w    C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43    296,448    ----a-w    C:\Windows\System32\gdi32.dll
2008-02-21 04:43    26,624    ----a-w    C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10    620,088    ----a-w    C:\Windows\System32\ci.dll
2008-02-18 15:29    96,256    ----a-w    C:\Windows\system32\drivers\mcdbus.sys
2008-02-14 23:19    944,184    ----a-w    C:\Windows\System32\winload.exe
2008-02-14 13:51    194,560    ----a-w    C:\Windows\System32\WebClnt.dll
2008-02-14 13:46    3,504,696    ----a-w    C:\Windows\System32\ntkrnlpa.exe
2008-02-14 13:46    3,470,392    ----a-w    C:\Windows\System32\ntoskrnl.exe
2008-02-14 13:45    537,600    ----a-w    C:\Windows\AppPatch\AcLayers.dll
2008-02-14 13:45    449,536    ----a-w    C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 13:45    4,247,552    ----a-w    C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 13:45    24,064    ----a-w    C:\Windows\System32\netcfg.exe
2008-02-14 13:45    22,016    ----a-w    C:\Windows\System32\netiougc.exe
2008-02-14 13:45    2,560    ----a-w    C:\Windows\AppPatch\AcRes.dll
2008-02-14 13:45    2,144,256    ----a-w    C:\Windows\AppPatch\AcGenral.dll
2008-02-14 13:45    173,056    ----a-w    C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 13:45    167,424    ----a-w    C:\Windows\System32\tcpipcfg.dll
2008-02-14 13:45    1,686,528    ----a-w    C:\Windows\System32\gameux.dll
2008-02-12 12:45    48    ----a-w    C:\Users\Casper\readme.bat
2008-02-01 10:17    586,752    ----a-w    C:\Windows\WLXPGSS.SCR
2008-01-30 15:10    274,432    ----a-w    C:\Windows\System32\libcurl.dll
2008-01-29 00:56    12,632    ----a-w    C:\Windows\System32\lsdelete.exe
2007-10-13 18:23    774,144    ----a-w    C:\Program Files\RngInterstitial.dll
2007-10-05 14:19    174    --sha-w    C:\Program Files\desktop.ini
1993-01-03 23:01    47,616    ----a-w    C:\Users\Casper\SETUP.EXE
2007-11-05 14:52    16,384    --sha-w    C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-11-05 14:52    32,768    --sha-w    C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-11-05 14:52    16,384    --sha-w    C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 12:23 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-26 20:50 149040]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-28 11:30 1271032]
"SUPERAntiSpyware"="D:\super\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-10 23:46 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 11:07 4390912 C:\Windows\RtHDVCpl.exe]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 17:27 61440]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 23:27 815104]
"ASUSTPE"="C:\Windows\system32\ASUSTPE.exe" [2006-12-13 00:06 106496]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2007-09-11 00:26 37232]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2007-09-11 00:26 33136]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 07:28 36352]
"tsnpstd3"="C:\Windows\tsnpstd3.exe" [2006-06-19 14:21 114688]
"snpstd3"="C:\Windows\vsnpstd3.exe" [2005-09-05 16:55 339968]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"NI.UGESK_0001_N122M0303"="c:\users\casper\appdata\roaming\setup_dk[1].exe" [2008-04-15 14:23 261664]

C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2008-03-16 02:27:21 225280]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\super\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\super\SASWINLO.dll 2007-04-19 12:41 294912 D:\super\SASWINLO.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-03-26 20:42 1057328 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-26 21:12 161328 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntivirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8CB7948B-C898-475F-8B10-ACA021AA9D17}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{79D21528-DDE4-47FD-861C-95BAB7AED7E1}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{ABB928F9-56B4-49AE-88BD-FB94E5F5BAE8}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{ACC3C181-0903-45FE-BB63-E381386C4346}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{651E6909-C418-4171-B599-0697033B59F5}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{7CAD0981-89B0-4768-AE60-ED7086B6581E}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{06A69023-D49D-4272-9A07-1DBB8E4BF745}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{6584CCF1-EC99-463A-84A8-811795C9858B}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{44AC6835-E663-4C0D-AACD-7E8F66624762}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"TCP Query User{7CE6D45C-1455-44B1-B67F-2CC0D8152AEB}C:\\program files\\bittornado\\btdownloadgui.exe"= UDP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"UDP Query User{12A42B48-74F8-487C-ACFE-6838D5FD95A3}C:\\program files\\bittornado\\btdownloadgui.exe"= TCP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"TCP Query User{00929506-BD87-482F-AE2B-639E2FBBBC37}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{101A4021-DFC7-4412-8F1A-CBB081B1B9B4}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{1F74998F-AD54-48C2-A91B-C2A24FD08E1D}C:\\users\\casper\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:C:\users\casper\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"UDP Query User{41D208B8-6F5E-4D74-9F2F-D73294BFCF59}C:\\users\\casper\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:C:\users\casper\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"TCP Query User{975161D9-CD3C-4600-BA56-F419C197FA5F}D:\\programmer\\sopcast\\sopcast.exe"= UDP:D:\programmer\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{F78F0B90-CC0E-4F2F-BB56-D3D5918D458D}D:\\programmer\\sopcast\\sopcast.exe"= TCP:D:\programmer\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{F9F37391-0BBD-48AC-A880-E8A0092E439D}D:\\programmer\\sopcast\\adv\\sopadver.exe"= UDP:D:\programmer\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{961AE817-9E5C-4F94-BD6B-B1D0AAF92DD9}D:\\programmer\\sopcast\\adv\\sopadver.exe"= TCP:D:\programmer\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{8F4ECCAB-48DC-40BE-A230-717D4E814EFF}D:\\programmer\\sopcast\\sopvod.exe"= UDP:D:\programmer\sopcast\sopvod.exe:sopvod
"UDP Query User{52184E51-3F18-40FA-994E-367D298377DE}D:\\programmer\\sopcast\\sopvod.exe"= TCP:D:\programmer\sopcast\sopvod.exe:sopvod
"TCP Query User{857B86FD-3A8B-43FA-BEF2-8482C3D15BFE}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{0C282E61-A31A-4AB8-98A3-47C669CC3669}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts
"{F77160CA-ED1A-4A52-8AC1-817A62B2A31C}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{341A9A56-977B-4661-BDD3-FC653930BF44}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{A05CA216-27F9-4A4A-BD79-C4695696B14F}"= UDP:C:\Program Files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{B4CCE82D-9B61-4236-86C2-50EEDA9B4407}"= TCP:C:\Program Files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{A381AA2A-F3FA-4BC8-95E4-EB73F1468CAF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{02621B8D-3D05-44A2-87B9-1B1D2DA93BAA}"= UDP:D:\Spil\Zoo Tycoon II\zt.exe:Zoo Tycoon 2 Executable
"{6C7750BA-7233-40F3-A0C9-2E1CCE5E521B}"= TCP:D:\Spil\Zoo Tycoon II\zt.exe:Zoo Tycoon 2 Executable
"{68C9CF10-D239-4096-AAA7-F303241E5876}"= UDP:D:\Spil\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
"{CED85565-F61F-43BA-9CB1-BEC6AB2F97EF}"= TCP:D:\Spil\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
"TCP Query User{2C154FCA-03A9-49C6-B687-81DBE94E94C0}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{FE9E75A4-06C6-40A5-B904-7EDD2F7FDDC7}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{39338896-6477-4043-B674-13038587DA90}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{1792091B-D148-47C8-AB6F-161CF62A53D5}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 ps6akt6c;Cycling Manager 2007 Synchronization Driver (ps6akt6c);C:\Windows\system32\drivers\ps6akt6c.sys [2007-06-08 19:28]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2007-02-07 12:44]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-19 06:34]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-06 17:04]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-01-11 03:18]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2007-02-13 06:41]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-03 10:24]
S4 pr2akt6c;Cycling Manager 2007 Drivers Auto Removal (pr2akt6c);C:\Windows\system32\pr2akt6c.exe svc []

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C0D0400F-D8F0-DCD2-B56C-B60C9D8B83AB}]
C:\Windows\system32\autocxk.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-03-03 18:29:40 C:\Windows\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 17:21:34
Windows 6.0.6000  NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 52

**************************************************************************
.
Completion time: 2008-04-15 17:22:55
ComboFix-quarantined-files.txt  2008-04-15 15:22:41

      Systemet kan ikke finde meddelelsesteksten for meddelelsesnummer 0x2379 i meddelelsesfilen for Application.
      Systemet kan ikke finde meddelelsesteksten for meddelelsesnummer 0x2379 i meddelelsesfilen for Application.
.
2008-04-13 19:15:19    --- E O F --- 



SUPERantispyware:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/15/2008 at 04:56 PM

Application Version : 4.0.1154

Core Rules Database Version : 3438
Trace Rules Database Version: 1430

Scan type      : Complete Scan
Total Scan Time : 00:24:05

Memory items scanned      : 235
Memory threats detected  : 0
Registry items scanned    : 6737
Registry threats detected : 11
File items scanned        : 21928
File threats detected    : 40

Malware.LocusSoftware Inc/PCPrivacyTool
    HKLM\Software\Purchased Products
    HKLM\Software\Purchased Products\System Error Repair
    HKLM\Software\Purchased Products\System Error Repair#domain
    HKLM\Software\Purchased Products\System Error Repair#pname
    HKLM\Software\Purchased Products\System Error Repair#cname

Rogue.TrustedAntiVirus
    HKCR\TypeLib\{D761645B-6B20-4698-AEE8-729981152A82}
    HKCR\TypeLib\{D761645B-6B20-4698-AEE8-729981152A82}\1.0
    HKCR\TypeLib\{D761645B-6B20-4698-AEE8-729981152A82}\1.0\0
    HKCR\TypeLib\{D761645B-6B20-4698-AEE8-729981152A82}\1.0\0\win32
    HKCR\TypeLib\{D761645B-6B20-4698-AEE8-729981152A82}\1.0\FLAGS
    HKCR\TypeLib\{D761645B-6B20-4698-AEE8-729981152A82}\1.0\HELPDIR

Malware.LocusSoftware Inc/Gen
    C:\PROGRAM FILES\SIKKERPCVAERKTOJ\UCOOKW.EXE

Rogue.NoWayVirus-PTask
    C:\PROGRAM FILES\VIRUSFORSVAR\PTASK.EXE

Trojan.Unclassified/AffiliateBundle
    C:\USERS\CASPER\APPDATA\LOCAL\TEMP\GEBSMMJA.DLL

Rogue.WinPCDoctor-Installer
    C:\USERS\CASPER\APPDATA\LOCAL\TEMP\PRODUCTPATH\SYSREP.EXE

Adware.Vundo-Variant/Small-A
    C:\USERS\CASPER\APPDATA\LOCAL\TEMP\ODXCJRQE.DLL
    C:\USERS\CASPER\APPDATA\LOCAL\TEMP\XKWNLSIP.DLL

Adware.Vundo-Variant
    C:\USERS\CASPER\APPDATA\LOCAL\TEMP\QOMEEXNF.DLL

Trojan.Vundo-Variant/F
    C:\USERS\CASPER\APPDATA\LOCAL\TEMP\WOWWVIMH.DLL

Adware.Tracking Cookie
    C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\casper@atdmt[2].txt
    C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\casper@track.adform[1].txt
    C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\casper@toplist[1].txt
    C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@adultadworld[1].txt
    C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@statcounter[1].txt
    C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@pacificpoker[1].txt
    C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@banner.fynskemedier[2].txt
    C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@servedby.adxpower[2].txt
    C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@edsa.122.2o7[1].txt
    C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@adnetserver[1].txt
    C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@eas4.emediate[1].txt
    C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@tracking.notabenestats[1].txt
    C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@linksynergy[1].txt
    C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@ads.vlaze[2].txt
    C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@stats.1stmarketingtraffic[1].txt
    C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@casalemedia[1].txt
    C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@partygaming.122.2o7[1].txt
    C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@ad.yieldmanager[1].txt
    C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@atdmt[2].txt
    C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@trafficmp[1].txt
    C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@zedo[2].txt
    C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@track.adform[1].txt
    C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@adtech[1].txt
    C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@partypoker[2].txt
    C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@adrevolver[2].txt
    C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@media.adrevolver[3].txt
    C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@media.adrevolver[1].txt
    C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@advertising[1].txt
    C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@doubleclick[1].txt
    C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@e2.emediate[1].txt
    C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@ad1.emediate[2].txt
    C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@mediaplex[1].txt
Avatar billede Computer Hjælp (Gratis) Mester
15. april 2008 - 21:52 #1
Jeg ser på den...

(Hvorfor en den lagt under SKÆRME ???)
Avatar billede Computer Hjælp (Gratis) Mester
15. april 2008 - 21:56 #2
Du bør (=skal) lige læse denne guide -> http://expfaq.dk/behandling_af_svar#behandling_af_svar

(Så vil jeg _måske_ vende tilbage til din skrækkelige log *S*?)
Avatar billede elisen Nybegynder
16. april 2008 - 19:54 #3
hey.. Grunden til at jeg ligger den under Skærme er, at det er den eneste der virker :S.. Alle de andre siger bare det ikke kan lade sig gøre...
Avatar billede Computer Hjælp (Gratis) Mester
16. april 2008 - 21:09 #4
"... det ikke kan lade sig gøre..." ??????

(Så er du den eneste i hele E's verden der har det problem - eller bare ikke ka' finde ud af det ? *S*)
Avatar billede elisen Nybegynder
17. april 2008 - 16:55 #5
ja, det kan godt være.. du kan jo bare lade være med at svare på spørgsmålet hvis det er en så stort problem.. I øverigt kunne problemet vel også godt ligge i skærmen? Det ved jeg ikke, efter som jeg ikke har forstand på det
Avatar billede Computer Hjælp (Gratis) Mester
17. april 2008 - 18:07 #6
Alle spm. noget med SKÆRM ? -> http://www.eksperten.dk/list.phtml?spm_creator=elisen&status_1=on&status_2=on&status_3=on&status_4=on ?

Husk at vende tilbage til dine tidl. spm. ->
http://www.eksperten.dk/list.phtml?sort=&order=DESC&status_1=on&status_2=on&spm_creator=elisen&spm_part=&spm_answer=&find=&engine=exp
Ellers 'gider' folk ikke vende tilbage til dig igen ...
Avatar billede Computer Hjælp (Gratis) Mester
17. april 2008 - 18:11 #7
Du har tilsyneladende både
* Symantec/Norton
* !Avast
som antivirus program. Det er ikke smart; de vil forstyrre hinanden.
Afinstaler den ene (Foreslår Symantec/Norton = UD!)
Avatar billede Computer Hjælp (Gratis) Mester
17. april 2008 - 18:17 #8
-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Der dukker et vindue op, hvor du skal kopiere indholdet mellem ~~~ skrift ind:

~~~~~~~~~~~~~~~~~~
Files to delete:
C:\Users\Casper\AppData\Local\Temp\geBSmmJa.dll
C:\Users\Casper\AppData\Local\Temp\qoMeEXNF.dll
C:\Users\Casper\AppData\Local\Temp\xkwnlsip.dll
C:\Users\Casper\AppData\Local\Temp\odxcjrqe.dll
C:\Users\Casper\AppData\Local\Temp\wowwvimh.dll

Folders to delete:
c:\users\casper\appdata\roaming\
~~~~~~~~~~~~~~~~~~

-- Klik på EXECUTE - og la' PC'en selv genstarte.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NI.UGESK_0001_N122M0303] "c:\users\casper\appdata\roaming\setup_dk[1].exe"

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Casper\AppData\Local\Temp\geBSmmJa.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Casper\AppData\Local\Temp\qoMeEXNF.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Casper\AppData\Local\Temp\xkwnlsip.dll",run
O4 - HKCU\..\Run: [60ecbcc2] rundll32.exe "C:\Users\Casper\AppData\Local\Temp\odxcjrqe.dll",b
O4 - HKCU\..\Run: [BM63df8f5e] Rundll32.exe "C:\Users\Casper\AppData\Local\Temp\wowwvimh.dll",s

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe (file missing)
O9 - Extra button: Ladbrokes Poker - {DD34854E-E65B-4940-AEEB-0041BCADDBA5} - C:\Microgaming\Poker\LadbrokesMPP\MPPoker.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

Genstart computeren, og lav en ny log med Hijackthis, som du lægger herind sammen med loggen fra Avenger.

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

-----------

NB: Der er vist mere 'snavs'/oprydning; men det tager vi i næste omgang...
Avatar billede elisen Nybegynder
17. april 2008 - 21:27 #9
Avengers:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error:  file "C:\Users\Casper\AppData\Local\Temp\geBSmmJa.dll" not found!
Deletion of file "C:\Users\Casper\AppData\Local\Temp\geBSmmJa.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\Users\Casper\AppData\Local\Temp\qoMeEXNF.dll" not found!
Deletion of file "C:\Users\Casper\AppData\Local\Temp\qoMeEXNF.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\Users\Casper\AppData\Local\Temp\xkwnlsip.dll" not found!
Deletion of file "C:\Users\Casper\AppData\Local\Temp\xkwnlsip.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\Users\Casper\AppData\Local\Temp\odxcjrqe.dll" not found!
Deletion of file "C:\Users\Casper\AppData\Local\Temp\odxcjrqe.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\Users\Casper\AppData\Local\Temp\wowwvimh.dll" not found!
Deletion of file "C:\Users\Casper\AppData\Local\Temp\wowwvimh.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

Folder "c:\users\casper\appdata\roaming" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.



Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:25:37, on 17-04-2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ASUSTPE.exe
C:\Windows\ASScrPro.exe
C:\Windows\tsnpstd3.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
D:\super\SUPERAntiSpyware.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Casper\Desktop\rent\hij\HiJackThis.exe
C:\Windows\system32\wbem\unsecapp.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NI.UGESK_0001_N122M0303] "c:\users\casper\appdata\roaming\setup_dk[1].exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\super\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: *.cdon.com
O15 - Trusted Zone: *.cdon.dk
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.20.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldda-dk.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashcasino.ladbrokes.com/instant-play-dk/FlashAX.cab
O20 - Winlogon Notify: !SASWinLogon - D:\super\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe

--
End of file - 8569 bytes
Avatar billede Computer Hjælp (Gratis) Mester
17. april 2008 - 22:03 #10
Sådan kan/vil det let gå når man 'leger' med sådan noget som dette ->
C:\Users\Casper\keygen.exe
*SUK*

------------------

Jeg satser på at det bare er rester fra en (næsten) fjernet Symantec/Norton; derfor ryder jeg lige op efter det ...

-- Brug Avenger igen:

-- Der dukker et vindue op, hvor du skal kopiere indholdet mellem ~~~ skrift ind:

~~~~~~~~~~~~~~~~~~
Files to delete:
C:\Users\Casper\AppData\Roaming\setup_dk[1].exe
C:\Users\Casper\keygen.exe
C:\Users\Casper\SETUP.EXE
C:\Windows\System32\acovcnt.exe
C:\Users\Casper\readme.bat

Folders to delete:
C:\Program Files\VirusForsvar
C:\PROGRAM FILES\SIKKERPCVAERKTOJ\
C:\Program Files\Symantec\
C:\ProgramData\Symantec
C:\Program Files\Common Files\Symantec Shared
C:\Program Files\Norton AntiVirus\
~~~~~~~~~~~~~~~~~~

-- Klik på EXECUTE - og la' PC'en selv genstarte.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O4 - HKLM\..\Run: [NI.UGESK_0001_N122M0303] "c:\users\casper\appdata\roaming\setup_dk[1].exe"
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

Genstart computeren, og lav en ny log med Hijackthis, som du lægger herind sammen med loggen fra Avenger.

Registreringsdatabase oprydning ->
RegCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm (Specielt punktet [Register]...)
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller NEJ til den.

Hvordan kører PC'en så nu ?
Avatar billede elisen Nybegynder
17. april 2008 - 22:36 #11
Avenger:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error:  file "C:\Users\Casper\AppData\Roaming\setup_dk[1].exe" not found!
Deletion of file "C:\Users\Casper\AppData\Roaming\setup_dk[1].exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "C:\Users\Casper\keygen.exe" deleted successfully.
File "C:\Users\Casper\SETUP.EXE" deleted successfully.
File "C:\Windows\System32\acovcnt.exe" deleted successfully.
File "C:\Users\Casper\readme.bat" deleted successfully.
Folder "C:\Program Files\VirusForsvar" deleted successfully.
Folder "C:\PROGRAM FILES\SIKKERPCVAERKTOJ" deleted successfully.

Error:  folder "C:\Program Files\Symantec" not found!
Deletion of folder "C:\Program Files\Symantec" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

Folder "C:\ProgramData\Symantec" deleted successfully.
Folder "C:\Program Files\Common Files\Symantec Shared" deleted successfully.

Error:  folder "C:\Program Files\Norton AntiVirus" not found!
Deletion of folder "C:\Program Files\Norton AntiVirus" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Completed script processing.

*******************

Finished!  Terminate.


Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:33:04, on 17-04-2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ASUSTPE.exe
C:\Windows\ASScrPro.exe
C:\Windows\tsnpstd3.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
D:\super\SUPERAntiSpyware.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Casper\Desktop\rent\hij\HiJackThis.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NI.UGESK_0001_N122M0303] "c:\users\casper\appdata\roaming\setup_dk[1].exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\super\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: *.cdon.com
O15 - Trusted Zone: *.cdon.dk
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.20.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldda-dk.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashcasino.ladbrokes.com/instant-play-dk/FlashAX.cab
O20 - Winlogon Notify: !SASWinLogon - D:\super\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe

--
End of file - 8634 bytes


Min computer er faktisk ik gået i hak et stykke tid.. et andet problem der virkelig er træls er, at min computer bliver utrolig varm.. Min ven der har en computer magen til bliver ikke nær så varm.. Er det noget man kan lave om på??
Avatar billede Computer Hjælp (Gratis) Mester
17. april 2008 - 22:52 #12
Det undrer mig bare hvorfor denne kommer igen ->
O4 - HKLM\..\Run: [NI.UGESK_0001_N122M0303] "c:\users\casper\appdata\roaming\setup_dk[1].exe"
Ved du _selv_ hvad det er ?
Avatar billede elisen Nybegynder
17. april 2008 - 23:20 #13
nej, jeg har ingen idé om hvad det er :s
Avatar billede Computer Hjælp (Gratis) Mester
18. april 2008 - 08:34 #14
Den skal tihvertifald ædes !!!

Start op i fejlsikret tilstand http://www.spywareinfo.dk/#/htm/fejlsikret_tilstand.htm

For at kunne se alle filer og mapper, så følg denne vejledning:
http://www.spywareinfo.dk/tip-og-tricks/mappeindstillinger.htm

Kravl ned til
c:\users\casper\appdata\roaming\
og SLET DEN MAPPE helt...

Genstart normalt.

'FIX' linien i HiJackThis (hvis dn stadig er der?) som tidl. beskrevet.

Genstart normalt.

Check i HiJackThis om/at den er væk ?
Avatar billede elisen Nybegynder
21. april 2008 - 19:43 #15
Er du sikker på jeg skal slette denne mappe?? der er både Photoshop, InDesign, Messenger osv. i den mappe.. eller, det er måske ikke programmet der ligger der, men bare mapper?
Avatar billede Computer Hjælp (Gratis) Mester
27. april 2008 - 01:03 #16
Så er jeg tilbage igen ...
Tihvertifald selve filen \setup_dk[1].exe !!!

(Status nu?)
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
Se alle it-kurser fra Computerworld Kurser
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.
Se alle it-kurser

Flere spørgsmål fra Skærme kategorien

Titel Indlæg Oprettet Seneste aktivitet
Skærmbaggrund med ramme og billede Af nu_igen i Skærme 19 18/07/202417:16 21/07/202406:43
Valg af skærm til bærbar pc Af pfh i Skærme 1 18/06/202417:20 18/06/202417:33
Asus Display port NO SIGNAL Af Lars8960 i Skærme 14 16/06/202410:39 04/07/202403:35
Fjerne skygger i tekst under ikoner på skrivebord-hvordan? Af Uvanga i Skærme 3 04/06/202409:50 04/06/202414:38
Koble 2 skærme til bærbar Af Jensinho i Skærme 7 14/05/202409:58 15/05/202410:46
Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Opret Log ind

Du kan også logge ind via nedenstående tjenester



Alle kategorier på Eksperten
Seneste spørgsmål Seneste aktivitet
I går 21:08 Hvor kan man se Alan Turings mekaniske apparat til at løse Enignas koder Af KurtG i Andet hardware
I går 18:46 Kan det passe ;-) Af fjorbak i Routere & Switches
I går 15:27 Billeder kan ikke åbnes Jpeg.modd Af KristinaS i Billedbehandling
I går 13:44 eM Client Af valby i E-mail programmer
I går 13:33 Facebook gruppe Af Btimmer i Sociale medier
White papers
Flere white papers »


Premium
Teaser billede
Det er blevet kaldt ”det største it-nedbrud i historien” og omkostningerne kan nemt løbe op i syv milliarder kroner: Men hvem skal betale for Crowdstrikes fejl?
Læs mere »
Europas største software-leverandør stryger frem på cloud-fronten – men 97 procent af overskuddet er forduftet
Frustrerede synshaller og billister: Motorstyrelsens it-system plages af store driftsforstyrrelser
Fire år gamle Wiz takker nej til Alphabets historiske opkøbstilbud på 160 milliarder kroner: Satser i stedet på børsnotering
Se alle »
Computerworld
Teaser billede
Microsoft-nedbrud spreder sig: It-systemer i lufthavne verden over er ramt
Læs mere »
Test: Denne mikro-pc er smartere end de stærkeste desktop-maskiner - men flopper alligevel
Elon Musk dropper CrowdStrike efter kæmpe nedbrud
Hundredevis af flyafgange ramt af stort Microsoft-nedbrud
Se alle »
CIO
Teaser billede
Microsoft er på sagen: I gang med at løse kæmpe nedbrud efter katastrofal Crowdstrike-fejl
Læs mere »
Så mange Microsoft-enheder blev ramt af gigantisk Crowdstrike-koks
Peter Lüth udlever CTO-drømmen: Bygger et system fra bunden og tjener kassen på det
Sådan forbereder energiselskabet OK sig på cyberangreb: "Prisen for ikke at gøre noget kan være forfærdeligt høj"
Se alle »
Job & Karriere
Teaser billede
Efter 12 år er NNIT's hovedkvarter i Søborg nu ryddet og tomt - alle arbejder hjemme: "Det er med et vist vemod"
Læs mere »
Norlys skal splittes op i fem selskaber: Nu bliver flere ansatte og ledere fyret
Dansk top-profil trækker sig fra Microsoft: Skal være direktør i TDC Erhverv
KMD-direktør forlader selskabet: Det skal hun nu
Se alle »
White paper
Teaser billede
Rapport kortlægger de 13 bedste muligheder for at sætte turbo på din cloud computing
Læs mere »
Guide: Sådan udvikler du en moderne netværksstrategi
Optimering af Source-to-Pay: Identificér oplagte gevinster og skær omkostninger
Sådan gør du: Elektronisk dokumentudveksling i praksis
Se alle »

Events
Flere events »
White papers
Flere white papers »
IT-Kurser
Se alle vores it-kurser »