CIO Tech Eksperten IT-JOB IT-Kurser Events Podcast Søg

Log ind eller opret profil

Du kan også logge ind via nedenstående tjenester

jensbeck Nybegynder

30. december 2008 - 22:49 Der er 17 kommentarer og
1 løsning

hjælp til min datters pc

jeg har selv prøvet men kommer ingen vejne ville være glad hvis i vil hjælpe mig med den

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:44:43, on 30-12-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Packard Bell\SrvCDEject.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\windows\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
c:\windows\rthdcpl.exe
c:\program files\realtek\card reader software\driveicon\driveicon.exe
c:\program files\java\jre1.6.0_07\bin\jusched.exe
c:\progra~1\gotoso~1\vadere~1\vaderetro_oe.exe
c:\program files\sonic\digitalmedia le v7\mydvd le\detectorapp.exe
c:\progra~1\mywebs~1\bar\2.bin\mwsoemon.exe
c:\progra~1\mywebs~1\bar\2.bin\m3srchmn.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\progra~1\alwils~1\avast4\ashdisp.exe
c:\apps\smp\smpsys.exe
c:\program files\macrogaming\sweetim\sweetim.exe
c:\windows\system32\ctfmon.exe
c:\program files\ivt corporation\bluesoleil\bluesoleil.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
c:\program files\mozilla firefox\firefox.exe
c:\program files\hjtrenamed.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=DK&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thevoice.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: MSN Search - {24A1E1CC-4393-941E-B765-2264A695D4E3} - C:\WINDOWS\system32\browsearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {B782EDE4-CCB3-4E3E-981F-96C68116F38C} - C:\WINDOWS\system32\AcroIEHelpe.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {e8c00283-cd34-4a87-bfd6-72fa6d48d4ea} - C:\WINDOWS\system32\kofemube.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DriveIcons] "C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Base frag grid bows] C:\Documents and Settings\All Users\Application Data\Cast ping base frag\DRAW ANTI.exe
O4 - HKLM\..\Run: [piporumato] Rundll32.exe "C:\WINDOWS\system32\lobofenu.dll",s
O4 - HKLM\..\Run: [CPMfb9a7415] Rundll32.exe "c:\windows\system32\helokubo.dll",a
O4 - HKLM\..\Run: [f8a94789] rundll32.exe "C:\WINDOWS\system32\zobubabe.dll",b
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SmpcSys] c:\apps\smp\smpsys.exe
O4 - HKCU\..\Run: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [slide.exe] c:\program files\slide\slide.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [My Web Search Community Tools] "C:\Program Files\MyWebSearch\bar\2.bin\m3IMPipe.exe"
O4 - HKCU\..\Run: [boob bird] C:\DOCUME~1\Patricia\APPLIC~1\TITLEM~1\manager regs.exe
O4 - HKCU\..\Run: [Intel Physical Address Extention 1.1] C:\WINDOWS\wmiapsrv.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [piporumato] Rundll32.exe "C:\WINDOWS\system32\lobofenu.dll",s (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm451YYDK
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/WebfettiInitialSetup1.0.1.0.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://petz1994denmark.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DA-DK/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\romarete.dll c:\windows\system32\helokubo.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\helokubo.dll
O22 - SharedTaskScheduler: COM+ Service - {3229DFCD-3EAF-4712-ED45-4876FEDC170C} - C:\WINDOWS\system32\winload.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\helokubo.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SrvCDEject - Unknown owner - C:\Program Files\Packard Bell\SrvCDEject.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

--
End of file - 15036 bytes

som i nok kan se har hun meget skidt liggende

Synes godt om

Computer Hjælp (Gratis) Mester

30. december 2008 - 23:33 #1

YFFER PYFFER !!!

Jeg ser på den!!!

Synes godt om

Computer Hjælp (Gratis) Mester

30. december 2008 - 23:35 #2

Afinstaller
* SweetIM
* MyWebSearch
via
[Start][Indstilninger][Kontrolpanel][Tilføj/fjern programmer]

Genstart for at fuldføre afinstalationen...

---------------------------------------

Hent og instalér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.
Lad programmet foretage en oprydning...

--------

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

Synes godt om

nissen2630 Novice

31. december 2008 - 02:25 #3

Karise..Du er fandme en kanon gut at have her .. Godt nytår til dig

Synes godt om

Computer Hjælp (Gratis) Mester

31. december 2008 - 10:36 #4

... men jeg ska' se/læse omtalte Log's !!!

Synes godt om

jensbeck Nybegynder

31. december 2008 - 15:42 #5

her er de
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:40:41, on 31-12-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\windows\ehome\ehtray.exe
c:\windows\rthdcpl.exe
c:\program files\realtek\card reader software\driveicon\driveicon.exe
c:\program files\java\jre1.6.0_07\bin\jusched.exe
c:\progra~1\gotoso~1\vadere~1\vaderetro_oe.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\sonic\digitalmedia le v7\mydvd le\detectorapp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Packard Bell\SrvCDEject.exe
c:\program files\itunes\ituneshelper.exe
c:\windows\system32\rundll32.exe
c:\progra~1\alwils~1\avast4\ashdisp.exe
c:\apps\smp\smpsys.exe
c:\program files\windows live\messenger\msnmsgr.exe
c:\program files\macrogaming\sweetim\sweetim.exe
c:\program files\slide\slide.exe
c:\windows\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
c:\program files\ivt corporation\bluesoleil\bluesoleil.exe
C:\WINDOWS\system32\dllhost.exe
c:\program files\openoffice.org 3\program\soffice.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\openoffice.org 3\program\soffice.bin
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\hjtrenamed.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=DK&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thevoice.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {B782EDE4-CCB3-4E3E-981F-96C68116F38C} - C:\Program Files\IVT Corporation\BlueSoleil\AcroIEHelpe.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DriveIcons] "C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SmpcSys] c:\apps\smp\smpsys.exe
O4 - HKCU\..\Run: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [slide.exe] c:\program files\slide\slide.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [boob bird] C:\DOCUME~1\Patricia\APPLIC~1\TITLEM~1\manager regs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-19\..\Run: [piporumato] Rundll32.exe "C:\WINDOWS\system32\lobofenu.dll",s (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-21-811614888-4282135990-586138951-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://petz1994denmark.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DA-DK/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SrvCDEject - Unknown owner - C:\Program Files\Packard Bell\SrvCDEject.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

--
End of file - 12699 bytes

Malwarebytes' Anti-Malware 1.31
Database version: 1582
Windows 5.1.2600 Service Pack 3

31-12-2008 15:36:24
mbam-log-2008-12-31 (15-36-24).txt

Skan type: Fuldstændig skanning (C:\|)
Objekter skannet: 185419
Tid tilbagelagt: 53 minute(s), 54 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 5
Inficerede Registeringsdatabase Nøgler: 57
Inficerede Registeringsdatabase Værdier: 9
Inficerede Registeringsdatabase Filer: 6
Inficerede Mapper: 29
Inficerede Filer: 103

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
C:\WINDOWS\system32\zobubabe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kofemube.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\romarete.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\lobofenu.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\helokubo.dll (Trojan.Vundo.H) -> Delete on reboot.

Inficerede Registeringsdatabase Nøgler:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e8c00283-cd34-4a87-bfd6-72fa6d48d4ea} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{e8c00283-cd34-4a87-bfd6-72fa6d48d4ea} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{3229dfcd-3eaf-4712-ed45-4876fedc170c} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e8c00283-cd34-4a87-bfd6-72fa6d48d4ea} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\linkreader.linkreaderbho (Spyware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{d527bcfe-9d2e-45e4-b32f-1658feb581bf} (Spyware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0ef464bb-a75c-4075-b7a6-6d48d05e7644} (Spyware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{524b9634-8729-48a5-b451-e5bb7154f6e3} (Spyware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{91f524ea-cd52-4437-a9e4-6a3552dc44d3} (Spyware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b782ede4-ccb3-4e3e-981f-96c68116f38c} (Spyware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b782ede4-ccb3-4e3e-981f-96c68116f38c} (Spyware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b782ede4-ccb3-4e3e-981f-96c68116f38c} (Spyware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\linkreader.linkreaderbho.1 (Spyware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{24a1e1cc-4393-941e-b765-2264a695d4e3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{24a1e1cc-4393-941e-b765-2264a695d4e3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24a1e1cc-4393-941e-b765-2264a695d4e3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bd4f7a6d-0107-4bdf-b72b-021b717b06ce} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SoftLand Ltd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f8a94789 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\piporumato (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmfb9a7415 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{3229dfcd-3eaf-4712-ed45-4876fedc170c} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Intel Physical Address Extention 1.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Base frag grid bows (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Filer:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\romarete.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\romarete.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\romarete.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\helokubo.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\helokubo.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Inficerede Mapper:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.
C:\Program Files\VirusRemover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Application (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Registry (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Registry\FirstBackup (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Registry\FullBackup (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Server (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Data (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Data\Server (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Update (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\BASE (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\DELETED (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\SAVED (Rogue.XPAntivirus) -> Quarantined and deleted successfully.

Inficerede Filer:
C:\WINDOWS\system32\bovayebe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ebeyavob.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ferazolu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ulozaref.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jokigaza.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\azagikoj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lonepuha.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ahupenol.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\meyeyezi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\izeyeyem.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\niwekoja.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ajokewin.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tiyebuki.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ikubeyit.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yuvoyovo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ovoyovuy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zobubabe.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ebabuboz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zuvagotu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\utogavuz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lobofenu.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\helokubo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kofemube.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\winload.dll (Trojan.Zlob.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\romarete.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\AcroIEHelpe.dll (Spyware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\browsearch.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP501\A0134615.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP501\A0134616.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP501\A0134617.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP506\A0135984.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP506\A0135986.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP506\A0135987.dll (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP506\A0135988.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP506\A0135990.dll (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP506\A0135991.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP506\A0136015.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP506\A0136016.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP510\A0136180.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP512\A0136337.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP512\A0136350.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP512\A0136351.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP512\A0136353.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP512\A0136354.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP512\A0136355.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP512\A0136356.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP512\A0136357.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP512\A0136358.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP512\A0136359.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP512\A0136361.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP512\A0136362.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP512\A0136365.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP512\A0136368.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP512\A0136370.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP512\A0136373.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP512\A0136374.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP512\A0136375.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP512\A0136380.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP512\A0136381.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP512\A0136407.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP512\A0136408.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5FED904E-6E1E-4B49-8681-D5C017BB5784}\RP512\A0136367.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bebugelu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dapapifu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dolusibi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fapiruda.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fokekome.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\guromome.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kewowumi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kirasahi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mipuyopu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nogilini.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sekivate.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tojafemu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vuberija.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\webaviye.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zenutufe.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\n (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr\History\allowed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr\History\notallow (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\00D6F914.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\0167C457.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\License.ini (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Registry\FirstBackup\20080823014547.Reg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080819185623484.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Cast ping base frag\DRAW ANTI.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mscert.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\browserui.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mshtmllib.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netd.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pxcrt.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mt_32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\main\browserui.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\main\mt_32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Patricia\Application Data\Mozilla\Firefox\Profiles\main\winload.dll (Trojan.Agent) -> Quarantined and deleted successfully.

tusind tak fordi du gider ^^

Synes godt om

Computer Hjælp (Gratis) Mester

31. december 2008 - 15:50 #6

Der er stadig mere 'snavs' - StandBy ...

Synes godt om

Computer Hjælp (Gratis) Mester

31. december 2008 - 15:52 #7

Afinstaller
* SweetIM

---------

-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.
Sammen med en frisk log fra HiJackThis ...

Synes godt om

Computer Hjælp (Gratis) Mester

31. december 2008 - 15:52 #8

[Malwarebytes' Anti-Malware] fik da en del at se til *S* ...

Synes godt om

jensbeck Nybegynder

31. december 2008 - 16:15 #9

jeg kan ikke finde SweetIM ?
i listen i tilføj/fjern programmer

Synes godt om

jensbeck Nybegynder

31. december 2008 - 16:36 #10

her er de

ComboFix 08-12-30.02 - Patricia 2008-12-31 16:16:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.489 [GMT 1:00]
Kører fra: c:\documents and settings\patricia\desktop\combofix.exe
* Dannede nyt systemgendannelsespunkt
.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Patricia\Application Data\020000009ec7da9dC.manifest
c:\documents and settings\Patricia\Application Data\020000009ec7da9dO.manifest
c:\documents and settings\Patricia\Application Data\020000009ec7da9dP.manifest
c:\documents and settings\Patricia\Application Data\020000009ec7da9dR.manifest
c:\documents and settings\Patricia\Application Data\020000009ec7da9dS.manifest
c:\documents and settings\Patricia\Application Data\FunWebProducts
c:\documents and settings\Patricia\Application Data\FunWebProducts\Data\Patricia\avatar.dat
c:\documents and settings\Patricia\Application Data\FunWebProducts\Data\Patricia\outfit.dat
c:\documents and settings\Patricia\Application Data\FunWebProducts\Data\Patricia\register.dat
c:\documents and settings\Patricia\Application Data\FunWebProducts\Data\Patricia\zbucks.dat
c:\program files\Uninstall Fun Web Products.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\Survey.mpq
c:\windows\system32\emeyaroh.ini
c:\windows\system32\ibowawiv.ini
c:\windows\system32\onivasev.ini
c:\windows\system32\powazese.dll
c:\windows\system32\sulejere.dll
c:\windows\system32\ulejizuf.ini
c:\windows\system32\uzununoh.ini
c:\windows\system32\yomezeta.dll
C:\xcrashdump.dat

----- BITS: Mulige inficerede internetsteder -----

hxxp://77.74.48.105
.
((((((((((((((((((((((((((((( Filer skabt fra 2008-11-28 til 2008-12-31 )))))))))))))))))))))))))))))))))))
.

2008-12-31 16:08 . 2008-12-31 16:08 79,568 --a------ c:\windows\system32\AcroIEHelpe.dll
2008-12-31 14:34 . 2008-12-31 14:34 <DIR> d-------- c:\documents and settings\Patricia\Application Data\Malwarebytes
2008-12-31 14:33 . 2008-12-31 14:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-31 14:33 . 2008-12-31 14:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-31 14:33 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-31 14:33 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-31 14:30 . 2008-12-31 15:39 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-31 14:07 . 2008-12-31 14:07 95,744 --ah----- c:\windows\system32\BIT7A.tmp
2008-12-31 14:07 . 2008-12-31 14:07 86,016 --ah----- c:\windows\system32\BIT7B.tmp
2008-12-31 14:06 . 2008-12-31 14:07 61,440 --ah----- c:\windows\system32\BIT78.tmp
2008-12-30 22:37 . 2008-12-30 22:37 <DIR> d-------- c:\windows\system32\mods
2008-12-30 22:14 . 2008-12-30 22:14 <DIR> d-------- c:\program files\GameSpy
2008-12-30 21:18 . 2008-12-30 21:19 <DIR> d-------- c:\documents and settings\Patricia\Application Data\PE Explorer
2008-12-30 21:09 . 2008-12-30 21:09 253,952 --a------ c:\windows\hppunin.exe
2008-12-30 18:24 . 2008-12-30 18:24 <DIR> d-------- c:\program files\Alwil Software
2008-12-30 01:36 . 2008-12-30 01:38 <DIR> d-------- c:\windows\system32\WTF
2008-12-30 01:35 . 2008-12-30 01:38 <DIR> d-------- c:\windows\system32\WDB
2008-12-30 01:35 . 2008-12-30 01:36 <DIR> d-------- c:\windows\system32\Logs
2008-12-30 01:35 . 2008-12-30 01:35 40,708 --a------ c:\windows\system32\Scan.dll
2008-12-27 23:56 . 2008-12-27 23:56 51,108 --ah----- c:\windows\system32\mlfcache.dat
2008-12-27 00:14 . 2008-12-31 16:16 <DIR> d-------- c:\windows\system32\UAs
2008-12-27 00:14 . 2008-12-31 16:16 <DIR> d-------- c:\windows\system32\dtw5d
2008-12-27 00:14 . 2008-12-30 02:19 <DIR> d-------- c:\windows\system32\cks
2008-12-27 00:14 . 2008-12-27 00:14 136 --a------ c:\windows\system32\srvblck.tmp
2008-12-26 23:12 . 2008-12-30 02:19 997,888 --a------ c:\windows\system32\nwklr.ini
2008-12-26 23:12 . 2008-12-30 02:19 997,888 --a------ c:\windows\system32\dllcache\kernel32.dll
2008-12-26 23:12 . 2008-04-14 01:11 989,696 --a------ c:\windows\system32\korlg.ini
2008-12-26 23:12 . 2008-12-30 02:19 846,848 --a------ c:\windows\system32\nwwlnt.ini
2008-12-26 23:12 . 2008-10-16 21:38 826,368 --a------ c:\windows\system32\worlg.ini
2008-12-26 23:12 . 2008-12-30 02:19 37,888 --a------ c:\windows\system32\ldshyr.old
2008-12-26 23:12 . 2008-12-30 02:19 21,504 --a------ c:\windows\system32\nwpp.ini
2008-12-26 23:12 . 2008-12-30 02:19 21,504 --a------ c:\windows\system32\dllcache\powrprof.dll
2008-12-26 23:12 . 2008-04-14 01:12 17,408 --a------ c:\windows\system32\pporlg.ini
2008-12-26 23:00 . 2008-12-26 23:00 <DIR> d-------- c:\program files\TitleMoreDart
2008-12-15 20:03 . 2008-12-27 00:15 5,632 --a------ c:\windows\system32\ptco.dll
2008-12-15 20:02 . 2008-12-31 15:21 330 --a------ c:\windows\system32\fdeploy.ocx
2008-12-01 16:21 . 2008-12-30 05:23 <DIR> d-------- c:\documents and settings\Patricia\Application Data\FrostWire
2008-12-01 16:20 . 2008-12-30 17:32 <DIR> d-------- c:\program files\FrostWire
2008-12-01 16:20 . 2008-12-01 21:32 <DIR> d-------- c:\program files\AskBarDis
2008-11-27 22:31 . 2008-11-27 22:31 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2008-11-27 20:39 . 2008-11-27 20:39 <DIR> d-------- c:\program files\Microsoft
2008-11-27 20:36 . 2008-11-27 20:36 <DIR> d-------- c:\program files\Common Files\Windows Live
2008-11-20 19:25 . 2007-07-06 18:39 401,720 --a------ c:\program files\HJTrenamed.exe
2008-11-19 17:43 . 2008-11-19 17:43 <DIR> d-------- c:\program files\CCleaner
2008-11-15 19:41 . 2008-11-15 19:45 <DIR> d-------- c:\windows\NV43085092.TMP
2008-11-15 19:40 . 2008-11-15 19:40 <DIR> d-------- C:\NVIDIA
2008-11-15 19:39 . 2008-11-15 19:39 <DIR> d-------- c:\program files\SystemRequirementsLab
2008-11-15 19:35 . 2008-11-15 19:35 <DIR> d-------- c:\windows\system32\scripting
2008-11-15 19:35 . 2008-11-15 19:35 <DIR> d-------- c:\windows\system32\en
2008-11-15 19:35 . 2008-11-15 19:35 <DIR> d-------- c:\windows\system32\bits
2008-11-15 19:35 . 2008-11-15 19:35 <DIR> d-------- c:\windows\l2schemas
2008-11-15 19:33 . 2008-11-15 19:36 <DIR> d-------- c:\windows\ServicePackFiles
2008-11-12 15:35 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-01 13:46 . 2008-12-30 19:17 3 --a------ c:\windows\switch.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-31 14:40 12,701 ----a-w c:\program files\hijackthis.log
2008-12-30 21:34 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-30 21:27 --------- d-----w c:\program files\GameSpy Arcade
2008-12-30 21:27 --------- d-----w c:\program files\EA GAMES
2008-12-30 18:55 --------- d-----w c:\program files\Circle Developement
2008-12-30 18:39 --------- d-----w c:\documents and settings\Patricia\Application Data\TitleMoreDart
2008-12-30 18:37 --------- d-----w c:\documents and settings\All Users\Application Data\services
2008-12-30 18:37 --------- d-----w c:\documents and settings\All Users\Application Data\Cast ping base frag
2008-12-30 01:19 846,848 ----a-w c:\windows\system32\wininet.dll
2008-12-30 01:19 846,848 ----a-w c:\windows\system32\dllcache\wininet.dll
2008-12-30 01:19 21,504 ----a-w c:\windows\system32\powrprof.dll
2008-12-30 00:03 --------- d-----w c:\program files\Messenger Plus! Live
2008-12-18 14:23 --------- d-----w c:\program files\World of Warcraft
2008-12-01 15:20 --------- d-----w c:\program files\LimeWire
2008-12-01 15:19 --------- d-----w c:\documents and settings\Patricia\Application Data\LimeWire
2008-11-30 02:01 --------- d-----w c:\program files\Windows Live
2008-11-27 21:31 --------- d-----w c:\program files\Windows Live Toolbar
2008-11-27 21:27 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-17 01:08 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
2008-10-02 09:07 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-27 21:17 63,259 --sha-w c:\windows\system32\zenosape.dll.tmp
2008-09-27 21:17 63,259 --sha-w c:\windows\system32\viwagotu.dll.tmp
2008-09-27 21:17 63,259 --sha-w c:\windows\system32\loguteyu.dll.tmp
2008-09-25 19:23 63,146 --sha-w c:\windows\system32\yisikape.dll.tmp
2008-09-25 19:23 63,146 --sha-w c:\windows\system32\budamata.dll.tmp
2008-09-25 19:23 63,146 --sha-w c:\windows\system32\banurabe.dll.tmp
2008-09-23 14:04 63,099 --sha-w c:\windows\system32\kerodaru.dll.tmp
2008-09-23 14:04 63,099 --sha-w c:\windows\system32\jehibowi.dll.tmp
2008-09-23 14:04 63,099 --sha-w c:\windows\system32\gigijomo.dll.tmp
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 17:15 1,106,944 ------w c:\windows\system32\dllcache\msxml3.dll
2008-12-31 14:40 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-31 14:40 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-31 14:40 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-31 14:40 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-31 14:40 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-08 22:08 279944 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-08 279944]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-08 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\apps\smp\smpsys.exe" [2005-12-08 975360]
"MsnMsgr"="c:\program files\windows live\messenger\msnmsgr.exe" [2007-10-18 5724184]
"SweetIM"="c:\program files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 73840]
"slide.exe"="c:\program files\slide\slide.exe" [2007-06-08 37760]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"boob bird"="c:\docume~1\Patricia\APPLIC~1\TITLEM~1\manager regs.exe" [2008-12-26 655360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DriveIcons"="c:\program files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe" [2005-12-09 656896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\quicktime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2006-04-28 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Patricia\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-04 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Hurtigstart.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-05-17 661776]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\usnsvc.exe"=
"c:\\WINDOWS\\ehome\\ehrecvr.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Documents and Settings\\Patricia\\Application Data\\TitleMoreDart\\ownsinsidehope.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19115:TCP"= 19115:TCP:BND
"11823:TCP"= 11823:TCP:BND

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-30 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-12-30 20560]
R2 SrvCDEject;SrvCDEject;c:\program files\Packard Bell\SrvCDEject.exe [2006-10-31 613376]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27c12b2c-1f21-11dc-864c-001617e87294}]
\Shell\Auto\command - F:\autorun.bat
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.bat
\Shell\explore\Command - F:\autorun.bat

*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Intel Physical Address Extention 1.1]
c:\windows\wmiapsrv.exe
.
Indhold af mappen 'Planlagte Opgaver'

2008-12-31 c:\windows\Tasks\A81F51769184FF92.job
- c:\docume~1\patricia\applic~1\titlem~1\ownsinsidehope.exe [2008-12-26 23:00]

2008-12-31 c:\windows\Tasks\Søg efter opdateringer til Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - TOMME GENVEJE FJERNET - - - -

Notify-WgaLogon - (no file)

.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.thevoice.dk/
uInternet Settings,ProxyOverride = *.local
IE: &Search
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

c:\windows\Downloaded Program Files\sysreqlab3.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
c:\windows\Downloaded Program Files\SysReqLab3.osd
FF - ProfilePath - c:\documents and settings\Patricia\Application Data\Mozilla\Firefox\Profiles\acmda3dy.default\
FF - component: c:\program files\mozilla firefox\extensions\info@google.com\components\FFLocal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-31 16:20:16
Windows 5.1.2600 Service Pack 3 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
Gennemført tid: 2008-12-31 16:21:16
ComboFix-quarantined-files.txt 2008-12-31 15:20:51

Pre-Kørsel: 244.660.346.880 bytes free
Post-Kørsel: 244,728,799,232 byte ledig

290 --- E O F --- 2008-12-13 19:38:50

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:35:46, on 31-12-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
c:\windows\ehome\ehtray.exe
c:\windows\rthdcpl.exe
c:\program files\realtek\card reader software\driveicon\driveicon.exe
c:\program files\java\jre1.6.0_07\bin\jusched.exe
c:\progra~1\gotoso~1\vadere~1\vaderetro_oe.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\itunes\ituneshelper.exe
c:\progra~1\alwils~1\avast4\ashdisp.exe
c:\apps\smp\smpsys.exe
c:\program files\slide\slide.exe
c:\windows\system32\ctfmon.exe
c:\program files\openoffice.org 3\program\soffice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
c:\program files\openoffice.org 3\program\soffice.bin
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Packard Bell\SrvCDEject.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\explorer.exe
c:\program files\mozilla firefox\firefox.exe
c:\program files\hjtrenamed.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thevoice.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [DriveIcons] "C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SmpcSys] c:\apps\smp\smpsys.exe
O4 - HKCU\..\Run: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [slide.exe] c:\program files\slide\slide.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [boob bird] C:\DOCUME~1\Patricia\APPLIC~1\TITLEM~1\manager regs.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://petz1994denmark.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DA-DK/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SrvCDEject - Unknown owner - C:\Program Files\Packard Bell\SrvCDEject.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

--
End of file - 11545 bytes

Synes godt om

Computer Hjælp (Gratis) Mester

31. december 2008 - 16:39 #11

... den 'napper' vi manuelt senere...

----------

.. - så skal vi lige have fjernet resterne af Lop infektionen -

Joooo - der er (stadig) noget infektion

Hent NoLop exe til skrivebordet:
http://www.spywareedge.net/nolop/NoLop.exe
http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item16

Kør den, tryk på - Search and Destroy - knappen. Så vil den scanne efter lop infektioner, og planlagte lop job´s. Hvis den finder noget, bliver du bedt om at trykke på Reboot-knappen, det gør du.

Efter genstart ligger der en en fil: C:\NoLop.txt

Kopier indholdet af den herind sammen med en frisk HiJackThis log...

Synes godt om

Computer Hjælp (Gratis) Mester

31. december 2008 - 16:40 #12

(Vender tilbage næste år *S*)

Synes godt om

jensbeck Nybegynder

31. december 2008 - 17:17 #13

her er de og rigtigt godt nytår

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:26, on 31-12-2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Packard Bell\SrvCDEject.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\ehome\ehtray.exe
c:\windows\rthdcpl.exe
c:\program files\realtek\card reader software\driveicon\driveicon.exe
C:\WINDOWS\eHome\ehmsas.exe
c:\program files\java\jre1.6.0_07\bin\jusched.exe
c:\progra~1\gotoso~1\vadere~1\vaderetro_oe.exe
c:\program files\sonic\digitalmedia le v7\mydvd le\detectorapp.exe
c:\program files\itunes\ituneshelper.exe
c:\windows\system32\rundll32.exe
c:\progra~1\alwils~1\avast4\ashdisp.exe
c:\apps\smp\smpsys.exe
c:\program files\macrogaming\sweetim\sweetim.exe
c:\program files\slide\slide.exe
c:\windows\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
c:\program files\ivt corporation\bluesoleil\bluesoleil.exe
c:\program files\openoffice.org 3\program\soffice.exe
c:\program files\openoffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\hjtrenamed.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {B782EDE4-CCB3-4E3E-981F-96C68116F38C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [DriveIcons] "C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SmpcSys] c:\apps\smp\smpsys.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [slide.exe] c:\program files\slide\slide.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [boob bird] C:\DOCUME~1\Patricia\APPLIC~1\TITLEM~1\manager regs.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://petz1994denmark.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DA-DK/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SrvCDEject - Unknown owner - C:\Program Files\Packard Bell\SrvCDEject.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

--
End of file - 11706 bytes

NoLop! Log by Skate_Punk_21

Fix running from: C:\Program Files\Mozilla Firefox
[31-12-2008]
[17:12:02]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\A81F51769184FF92.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\Administrator\Application Data\Identities
C:\Documents and Settings\Administrator\Application Data\Macromedia
C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Age Of Empires 3 Ypack Trial
C:\Documents and Settings\All Users\Application Data\Apple
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Blizzard
C:\Documents and Settings\All Users\Application Data\Bluetooth
C:\Documents and Settings\All Users\Application Data\Cast Ping Base Frag
C:\Documents and Settings\All Users\Application Data\Cyberlink
C:\Documents and Settings\All Users\Application Data\Flexnet
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Installshield
C:\Documents and Settings\All Users\Application Data\Malwarebytes
C:\Documents and Settings\All Users\Application Data\Messenger Plus!
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Sbsi
C:\Documents and Settings\All Users\Application Data\Services -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Skype
C:\Documents and Settings\All Users\Application Data\Smartsound Software Inc
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Ulead Systems
C:\Documents and Settings\All Users\Application Data\Vaderetro
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Winzip
C:\Documents and Settings\All Users\Application Data\Wlinstaller
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Macromedia
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Patricia\Application Data\Acreon
C:\Documents and Settings\Patricia\Application Data\Adobe
C:\Documents and Settings\Patricia\Application Data\Adobeum
C:\Documents and Settings\Patricia\Application Data\Apple Computer
C:\Documents and Settings\Patricia\Application Data\Arto
C:\Documents and Settings\Patricia\Application Data\Cyberlink
C:\Documents and Settings\Patricia\Application Data\Frostwire
C:\Documents and Settings\Patricia\Application Data\Getrighttogo
C:\Documents and Settings\Patricia\Application Data\Google
C:\Documents and Settings\Patricia\Application Data\Identities
C:\Documents and Settings\Patricia\Application Data\Installshield
C:\Documents and Settings\Patricia\Application Data\Leadertech
C:\Documents and Settings\Patricia\Application Data\Limewire
C:\Documents and Settings\Patricia\Application Data\Macromedia
C:\Documents and Settings\Patricia\Application Data\Malwarebytes
C:\Documents and Settings\Patricia\Application Data\Microsoft
C:\Documents and Settings\Patricia\Application Data\Mozilla
C:\Documents and Settings\Patricia\Application Data\Msninstaller
C:\Documents and Settings\Patricia\Application Data\Openoffice.org
C:\Documents and Settings\Patricia\Application Data\Openoffice.org2
C:\Documents and Settings\Patricia\Application Data\Pe Explorer
C:\Documents and Settings\Patricia\Application Data\Skype
C:\Documents and Settings\Patricia\Application Data\Skypepm
C:\Documents and Settings\Patricia\Application Data\Slide
C:\Documents and Settings\Patricia\Application Data\Sonic
C:\Documents and Settings\Patricia\Application Data\Sun
C:\Documents and Settings\Patricia\Application Data\Symantec
C:\Documents and Settings\Patricia\Application Data\Teamspeak2
C:\Documents and Settings\Patricia\Application Data\Titlemoredart
C:\Documents and Settings\Patricia\Application Data\Ulead Systems
C:\Documents and Settings\Patricia\Application Data\Vaderetro
C:\Documents and Settings\Patricia\Application Data\Ventrilo
C:\Documents and Settings\Patricia\Application Data\Winrar -- EMPTY Directory

Synes godt om

Computer Hjælp (Gratis) Mester

01. januar 2009 - 13:46 #14

Afinstalér
* AskBarDis
* Messenger Plus! Live

* Limewire
* Frostwire
Gi' [Patricia] et 'rap' over fingeren med hensyn til brug af P2P programmer ->
http://www.spywarefri.dk/artikler2.htm#p2p
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284

DERFOR er der kommet en hel del 'snavs' på systemet!!!

---------

-- Hent Avenger her:
http://swandog46.geekstogo.com/avenger2/avenger.zip

-- Pak Avenger-programmet ud og dobbeltklik på avenger.exe

-- Der dukker et vindue op, hvor du skal kopiere indholdet mellem ~~~ skrift ind:

~~~~~~~~~~~~~~~~~~
Files to delete:
c:\windows\system32\zenosape.dll.tmp
c:\windows\system32\viwagotu.dll.tmp
c:\windows\system32\loguteyu.dll.tmp
c:\windows\system32\yisikape.dll.tmp
c:\windows\system32\budamata.dll.tmp
c:\windows\system32\banurabe.dll.tmp
c:\windows\system32\kerodaru.dll.tmp
c:\windows\system32\jehibowi.dll.tmp
c:\windows\system32\gigijomo.dll.tmp
c:\windows\Tasks\A81F51769184FF92.job

Folders to delete:
c:\program files\AskBarDis
c:\program files\FrostWire
c:\documents and settings\Patricia\Application Data\FrostWire
c:\program files\LimeWire
c:\documents and settings\Patricia\Application Data\LimeWire
c:\program files\Messenger Plus! Live
C:\Documents and Settings\All Users\Application Data\Messenger Plus!
c:\documents and settings\Patricia\Application Data\TitleMoreDart
c:\documents and settings\All Users\Application Data\Cast ping base frag
c:\docume~1\Patricia\APPLIC~1\TITLEM~1\
C:\Program Files\Macrogaming\SweetIM\
C:\Programmer\Symantec\
C:\Programmer\Norton AntiVirus\
C:\Programmer\Fælles filer\Symantec Shared\
C:\Documents and Settings\All Users\Application Data\Symantec\
C:\Documents and Settings\Patricia\Application Data\Symantec\

~~~~~~~~~~~~~~~~~~

-- Klik på EXECUTE - og la' PC'en selv genstarte.

-- Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar.

-- Kør Hijackthis, vælg "Do a system scan only", sæt flueben ved linierne listet her, luk alle vinduer undtaget Hijackthis, klik på fix checked.

O2 - BHO: (no name) - {B782EDE4-CCB3-4E3E-981F-96C68116F38C} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

O4 - HKCU\..\Run: [boob bird] C:\DOCUME~1\Patricia\APPLIC~1\TITLEM~1\manager regs.exe

O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Genstart computeren, og lav en ny log med Hijackthis, som du lægger herind sammen med loggen fra Avenger.

---------

Ta' en oprydning med nævnte CCleaner...

---------

Hvordan kører PC'en så nu ?

Synes godt om

jensbeck Nybegynder

01. januar 2009 - 19:21 #15

her er de ;-)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:19:17, on 01-01-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
c:\windows\ehome\ehtray.exe
c:\windows\rthdcpl.exe
c:\program files\realtek\card reader software\driveicon\driveicon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\java\jre1.6.0_07\bin\jusched.exe
c:\progra~1\gotoso~1\vadere~1\vaderetro_oe.exe
c:\program files\sonic\digitalmedia le v7\mydvd le\detectorapp.exe
c:\windows\system32\rundll32.exe
c:\progra~1\alwils~1\avast4\ashdisp.exe
c:\apps\smp\smpsys.exe
c:\program files\slide\slide.exe
c:\windows\system32\ctfmon.exe
c:\program files\ivt corporation\bluesoleil\bluesoleil.exe
c:\program files\openoffice.org 3\program\soffice.exe
c:\program files\openoffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Packard Bell\SrvCDEject.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
c:\program files\hjtrenamed.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [DriveIcons] "C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SmpcSys] c:\apps\smp\smpsys.exe
O4 - HKCU\..\Run: [slide.exe] c:\program files\slide\slide.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\dan.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://petz1994denmark.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DA-DK/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SrvCDEject - Unknown owner - C:\Program Files\Packard Bell\SrvCDEject.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

--
End of file - 10700 bytes

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\windows\system32\zenosape.dll.tmp" deleted successfully.
File "c:\windows\system32\viwagotu.dll.tmp" deleted successfully.
File "c:\windows\system32\loguteyu.dll.tmp" deleted successfully.
File "c:\windows\system32\yisikape.dll.tmp" deleted successfully.
File "c:\windows\system32\budamata.dll.tmp" deleted successfully.
File "c:\windows\system32\banurabe.dll.tmp" deleted successfully.
File "c:\windows\system32\kerodaru.dll.tmp" deleted successfully.
File "c:\windows\system32\jehibowi.dll.tmp" deleted successfully.
File "c:\windows\system32\gigijomo.dll.tmp" deleted successfully.

Error: file "c:\windows\Tasks\A81F51769184FF92.job" not found!
Deletion of file "c:\windows\Tasks\A81F51769184FF92.job" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: folder "c:\program files\AskBarDis" not found!
Deletion of folder "c:\program files\AskBarDis" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: folder "c:\program files\FrostWire" not found!
Deletion of folder "c:\program files\FrostWire" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Folder "c:\documents and settings\Patricia\Application Data\FrostWire" deleted successfully.
Folder "c:\program files\LimeWire" deleted successfully.
Folder "c:\documents and settings\Patricia\Application Data\LimeWire" deleted successfully.
Folder "c:\program files\Messenger Plus! Live" deleted successfully.

Error: folder "C:\Documents and Settings\All Users\Application Data\Messenger Plus!" not found!
Deletion of folder "C:\Documents and Settings\All Users\Application Data\Messenger Plus!" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Folder "c:\documents and settings\Patricia\Application Data\TitleMoreDart" deleted successfully.
Folder "c:\documents and settings\All Users\Application Data\Cast ping base frag" deleted successfully.

Error: folder "c:\docume~1\Patricia\APPLIC~1\TITLEM~1" not found!
Deletion of folder "c:\docume~1\Patricia\APPLIC~1\TITLEM~1" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Folder "C:\Program Files\Macrogaming\SweetIM" deleted successfully.

Error: could not open folder "C:\Programmer\Symantec"
Deletion of folder "C:\Programmer\Symantec" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Error: could not open folder "C:\Programmer\Norton AntiVirus"
Deletion of folder "C:\Programmer\Norton AntiVirus" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Error: could not open folder "C:\Programmer\Fælles filer\Symantec Shared"
Deletion of folder "C:\Programmer\Fælles filer\Symantec Shared" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

Folder "C:\Documents and Settings\All Users\Application Data\Symantec" deleted successfully.
Folder "C:\Documents and Settings\Patricia\Application Data\Symantec" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

jeg har givet hende et rap over fingerne ^^
den kører meget bedre

Synes godt om

Computer Hjælp (Gratis) Mester

01. januar 2009 - 19:54 #16

BINGO BANKO !!!

Der er ikke mere 'snavs' ifølge din Log...

Du er velkommen en anden gang...

Efter sådan en tur er det altid en god ide og rydde op i systemgendannelsesfilerne.
Deaktiver systemgendannelse -> http://www.spywareinfo.dk/#/tip-og-tricks/deaktiver_systemgendannelse.htm
Genstart din computer - aktiver systemgendannelse. Dette gøres samme sted, hvor du deaktiverede, denne gang skal du blot aktivere.
Det vil også være en god idé manuelt at oprette et nyt punkt, som du kan navngive, og vende tilbage til, hvis du skulle få problemer af nogen art.

Et par artikler om sikker surfing finder du her:
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=14414

Safe Surfing...

--------------

PS: Check lige efter om alle elementer er med fra WindowsUpdate http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=da
samt
at [avast! Antivirus] er opdateret...

--------------

Samt evt en omgang Diskfragmentering til sidst...

Synes godt om

jensbeck Nybegynder

01. januar 2009 - 20:16 #17

tusind tak for hjælpen

Synes godt om

ejvindh Ekspert

10. januar 2009 - 21:42 #18

Nu kom jeg lige til denne tråd gennem google, men jeg er altså ikke enig i, at der ikke er mere skidt i logfilerne.

Disse systemfiler er med 99.9 % sikkerhed inficeret med en password-stjæler:

2008-12-30 01:19 846,848 ----a-w c:\windows\system32\wininet.dll
2008-12-30 01:19 846,848 ----a-w c:\windows\system32\dllcache\wininet.dll
2008-12-30 01:19 21,504 ----a-w c:\windows\system32\powrprof.dll

Synes godt om

Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Følg dette spørgsmål

Opret Preview

Se alle it-kurser fra Computerworld Kurser

IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Se alle it-kurser

Flere spørgsmål fra Virus kategorien

Titel	Indlæg	Oprettet	Seneste aktivitet
Findes der mon et Antivirus program, som ikke, konstant, reklamerer, for at købe ? Af Ikke-ekspert i Virus	21	22/06/202419:22	23/06/202412:54
Anbefaling af antivirusprogram med firewall Af OnePlusFan i Virus	23	07/05/202421:02	13/05/202419:48
trusler Af gerhardpet i Virus	4	26/01/202410:02	27/01/202408:32
Kan ikke fjerne virus Af mik28 i Virus	16	09/01/202416:37	10/01/202419:59
virusscanning Af JetteD i Virus	2	10/11/202312:55	10/11/202316:36

Se alle spørgsmål i kategorien Opret spørgsmål

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester

Alle kategorier på Eksperten

Seneste artiklerRSS