Hijackthis logfile

Se lige om Malware finder noget.


Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen, du kan sende den ind til gennemsyn.



Hent og installér CCleaner http://www.ccleaner.com/  og en manual her. http://www.spywarefri.dk/manualer/ccleaner-manual.htm
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den, det er en værktøjs linie som du sikkert  ikke har brug for.
Lad programmer foretage en oprydning i rens og registrer, og lad den slette det den finder.

Din AVG 7.5 antispyvare kan du afinstallere fra tilføj eller fjern programmer, den bliver ikke opdateret mere, der er kommet en ny AVG8.0 i stedet.

Du mangler at opdatere med SP 3 og efterfølgende opdateringer.

Jeg har mistanke til disse to, du må ikke slette dem, der kommer måske en forbi som ved om de er farlige.
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

Prøv lige at fortælle hvorfor du mener at du har uindbudte gæster. HijackThis viser ikke noget suspekt, men den viser nu heller ikke så meget.

1. Download random's system information tool (RSIT) af random/random http://images.malwareremoval.com/random/RSIT.exe

2. Dobbeltklik på RSIT for at starte den.

3. Klik Continue i den første skærm.

4. Når den er færdig med at scanne, vil der åbne to logs. Post venligst indholdet af både log.txt (<< er åbnet) og info.txt (<< er minimeret til proceslinien).

Hej igen,

det tager lidt tid, men jeg mener at jeg har haft uindbudte gæster, da jeg har fået brev fra min bankforbindelse og pc har været langsom

jeg mener at

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
skulle bruges til et par EA-spil ....

Det er ok mente bare at de så mistænklige ud, vil godt se loggen fra malware når den er færdig med at skanne husk opdatering og lad den slette det den finder, der er ikke rigtig noget at i Hijack This.

De to er helt ok.

Hvis du har fået brev fra din bank, så kør dette removal tool fra Symantec  http://www.symantec.com/security_response/writeup.jsp?docid=2009-011316-0247-99

Gå ned til "Follow these steps to download and run the tool". Vigtigt: Fjern din internetforbindelse, luk ned for alle kørende programmer, og luk ned for systemgendannelsen på alle drev, inden du kører værktøjet.

Fortæl om det fandt og fjernede noget. Hvis værktøjet laver en log, så post den venligst her.

Kom med loggen fra RSIT efter du har kørt værktøjet og gnestartet,

Så har jeg scannet og ladet den slette det den fandt. Samtidig har jeg også slettet AVG 7.5 antispyware.
her kommer loggen:

Malwarebytes' Anti-Malware 1.33
Database version: 1691
Windows 5.1.2600 Service Pack 2

25-01-2009 16:16:10
mbam-log-2009-01-25 (16-16-10).txt

Skan type: Fuldstændig skanning (C:\|D:\|E:\|F:\|G:\|)
Objekter skannet: 270444
Tid tilbagelagt: 1 hour(s), 29 minute(s), 2 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 1
Inficerede Registeringsdatabase Nøgler: 13
Inficerede Registeringsdatabase Værdier: 1
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 1
Inficerede Filer: 12

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Moduler:
C:\WINDOWS\system32\AcroIEHelpe4.dll (Trojan.BHO) -> Delete on reboot.

Inficerede Registeringsdatabase Nøgler:
HKEY_CLASSES_ROOT\TypeLib\{d527bcfe-9d2e-45e4-b32f-1658feb581bf} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0ef464bb-a75c-4075-b7a6-6d48d05e7644} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{524b9634-8729-48a5-b451-e5bb7154f6e3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{91f524ea-cd52-4437-a9e4-6a3552dc44d3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b782ede4-ccb3-4e3e-981f-96c68116f38c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b782ede4-ccb3-4e3e-981f-96c68116f38c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b782ede4-ccb3-4e3e-981f-96c68116f38c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\linkreader.linkreaderbho (Spyware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\linkreader.linkreaderbho.1 (Spyware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{81ea3f36-357a-435a-8741-52c27ccc9f21} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Værdier:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{81ea3f36-357a-435a-8741-52c27ccc9f21} (Trojan.Vundo) -> Quarantined and deleted successfully.

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Inficerede Filer:
C:\WINDOWS\system32\AcroIEHelpe4.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\AcroIEHelpe.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AcroIEHelpe3.dll (Trojan.BHO) -> Quarantined and deleted successfully.
D:\Programmer\Nero\keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
G:\DC++ Downloads\Keys and keygens\Sony Vegas v7.0a Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
G:\Programmer\Ny mappe\Få ægte windows\Windows XP Keygen.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM17000c00.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM17000c00.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

her er loggen fra CCleaner:

ANALYSE FÆRDIG - (14.201 sek)
------------------------------------------------------------------------------------------
17,0MB bliver fjernet. (Cirka størrelse)
------------------------------------------------------------------------------------------

Detaljer om filer som slettes (Note: Ingen filer er blevet slettet endnu)
------------------------------------------------------------------------------------------
IE midlertidige Internet filer (959 filer) 16,7MB
C:\Documents and Settings\Christian\Cookies\christian@adtech[1].txt 258 bytes
C:\Documents and Settings\Christian\Cookies\christian@adtech[2].txt 258 bytes
C:\Documents and Settings\Christian\Cookies\christian@atdmt[2].txt 100 bytes
C:\Documents and Settings\Christian\Cookies\christian@delivery-ads.surftown[1].txt 119 bytes
C:\Documents and Settings\Christian\Cookies\christian@doubleclick[1].txt 121 bytes
C:\Documents and Settings\Christian\Cookies\christian@doubleclick[2].txt 122 bytes
C:\Documents and Settings\Christian\Cookies\christian@eas4.emediate[2].txt 210 bytes
C:\Documents and Settings\Christian\Cookies\christian@eksperten[1].txt 487 bytes
C:\Documents and Settings\Christian\Cookies\christian@eksperten[2].txt 482 bytes
C:\Documents and Settings\Christian\Cookies\christian@ekstrabladet[1].txt 372 bytes
C:\Documents and Settings\Christian\Cookies\christian@ekstrabladet[2].txt 371 bytes
C:\Documents and Settings\Christian\Cookies\christian@folketidende[1].txt 342 bytes
C:\Documents and Settings\Christian\Cookies\christian@google[1].txt 130 bytes
C:\Documents and Settings\Christian\Cookies\christian@google[2].txt 129 bytes
C:\Documents and Settings\Christian\Cookies\christian@google[3].txt 130 bytes
C:\Documents and Settings\Christian\Cookies\christian@google[4].txt 129 bytes
C:\Documents and Settings\Christian\Cookies\christian@hit.gemius[1].txt 221 bytes
C:\Documents and Settings\Christian\Cookies\christian@hit.gemius[2].txt 223 bytes
C:\Documents and Settings\Christian\Cookies\christian@messenger.msn[1].txt 96 bytes
C:\Documents and Settings\Christian\Cookies\christian@msn[2].txt 236 bytes
C:\Documents and Settings\Christian\Cookies\christian@nuggad[1].txt 140 bytes
C:\Documents and Settings\Christian\Cookies\christian@nuggad[3].txt 139 bytes
C:\Documents and Settings\Christian\Cookies\christian@od2[1].txt 102 bytes
C:\Documents and Settings\Christian\Cookies\christian@rad.msn[2].txt 690 bytes
C:\Documents and Settings\Christian\Cookies\christian@statistik-gallup[1].txt 124 bytes
C:\Documents and Settings\Christian\Cookies\christian@statistik-gallup[2].txt 125 bytes
C:\Documents and Settings\Christian\Cookies\christian@track.adform[2].txt 185 bytes
C:\Documents and Settings\Christian\Cookies\christian@track.adform[3].txt 187 bytes
C:\Documents and Settings\Christian\Cookies\christian@tradedoubler[2].txt 472 bytes
C:\Documents and Settings\Christian\Cookies\christian@www.folketidende[1].txt 96 bytes
C:\Documents and Settings\Christian\Cookies\christian@www.sj-nyheder[1].txt 102 bytes
Markeret til sletning: C:\Documents and Settings\Christian\Lokale indstillinger\Temporary Internet Files\Content.IE5\index.dat
Markeret til sletning: C:\Documents and Settings\Christian\Cookies\index.dat
Markeret til sletning: C:\Documents and Settings\Christian\Lokale indstillinger\Oversigt\History.IE5\index.dat
C:\WINDOWS\system32\wbem\Logs\wbemess.log 3,56KB
C:\WINDOWS\system32\wbem\Logs\wmiprov.log 134 bytes
C:\WINDOWS\0.log 0 bytes
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log 0,19MB
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp 51,05KB
C:\WINDOWS\Debug\UserMode\userenv.log 2,78KB
C:\Documents and Settings\Christian\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 405 bytes
------------------------------------------------------------------------------------------

Her er loggen fra :

Logfile of random's system information tool 1.05

Logfile of random's system information tool 1.05 (written by random/random)
Run by Christian at 2009-01-25 16:28:00
Microsoft Windows XP Professional Service Pack 2
System drive C: has 5 GB (25%) free of 18 GB
Total RAM: 1535 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:28:04, on 25-01-2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\Sygate\SPF\smc.exe
C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\programmer\sharkoon technologies gmbh\sharkoon station\majestic.exe
c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
c:\windows\system32\rundll32.exe
c:\programmer\eset\eset nod32 antivirus\egui.exe
c:\programmer\microsoft office\office12\groovemonitor.exe
c:\windows\system32\rundll32.exe
c:\programmer\java\jre6\bin\jusched.exe
c:\windows\system32\ctfmon.exe
c:\programmer\microsoft activesync\wcescomm.exe
c:\programmer\msn messenger\msnmsgr.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
c:\programmer\fælles filer\nero\lib\nmindexstoresvr.exe
C:\Programmer\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmer\Java\jre6\bin\jqs.exe
C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
D:\Programmer\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
C:\Programmer\MSN Messenger\usnsvc.exe
c:\programmer\internet explorer\iexplore.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
c:\windows\system32\notepad.exe
c:\programmer\ccleaner\ccleaner.exe
c:\documents and settings\christian\lokale indstillinger\temporary internet files\content.ie5\1il73rk8\rsit[1].exe
c:\programmer\trend micro\hijackthis\christian.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ekstrabladet.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmer\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Reader Link Helper - {B782EDE4-CCB3-4E3E-981F-96C68116F38C} - C:\WINDOWS\system32\AcroIEHelpe4.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmer\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SHARKOON STATION] C:\Programmer\SHARKOON Technologies GmbH\SHARKOON STATION\Majestic.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Programmer\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmer\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "c:\programmer\microsoft activesync\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmer\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] "D:\Programmer\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\programmer\fælles filer\nero\lib\nmindexstoresvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETVÆRKSTJENESTE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Screen Clipper and Launcher til OneNote 2007.lnk = C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Opret Foretrukken på den mobile enhed... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{76982E1D-3719-4985-A70E-B349EB131E34}: NameServer = 212.242.40.3,212.242.40.51
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmer\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - c:\programmer\superantispyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmer\Canon\CAL\CALMAIN.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmer\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmer\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmer\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - D:\Programmer\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programmer\Sygate\SPF\smc.exe

--
End of file - 8714 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\ErrorSmart Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Programmer\Fælles filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programmer\Java\jre6\bin\ssv.dll [2009-01-25 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B782EDE4-CCB3-4E3E-981F-96C68116F38C}]
Adobe PDF Reader Link Helper - C:\WINDOWS\system32\AcroIEHelpe4.dll [2009-01-25 79568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programmer\Java\jre6\bin\jp2ssv.dll [2009-01-25 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programmer\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-25 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SHARKOON STATION"=C:\Programmer\SHARKOON Technologies GmbH\SHARKOON STATION\Majestic.exe [2004-11-11 327680]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2003-05-14 188416]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-12-26 13680640]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-12-26 86016]
"egui"=C:\Programmer\ESET\ESET NOD32 Antivirus\egui.exe [2009-01-24 1447168]
"GrooveMonitor"=C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"SunJavaUpdateSched"=C:\Programmer\Java\jre6\bin\jusched.exe [2009-01-25 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-26 15360]
"H/PC Connection Agent"=c:\programmer\microsoft activesync\wcescomm.exe [2006-06-27 1211176]
"msnmsgr"=C:\Programmer\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"NVIDIA nTune"=D:\Programmer\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-07-03 81920]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=c:\programmer\fælles filer\nero\lib\nmindexstoresvr.exe [2008-02-28 1828136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
D:\Programmer\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Programmer\DAEMON Tools\daemon.exe [2006-11-12 157592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\Programmer\Microsoft ActiveSync\wcescomm.exe [2006-06-27 1211176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
G:\NYYYYYYYYY\MSN Messenger\msnmsgr.exe [2006-01-24 7094272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe [2007-12-02 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Programmer\Fælles filer\Nero\Lib\NeroCheck.exe [2008-02-28 570664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
c:\programmer\superantispyware\superantispyware.exe [2009-01-24 1830128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
D:\Programmer\Uniblue\RegistryBooster 2\RegistryBooster.exe [2007-05-16 1856544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"seclogon"=2

C:\Documents and Settings\Christian\Menuen Start\Programmer\Start
Screen Clipper and Launcher til OneNote 2007.lnk - C:\Programmer\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
c:\programmer\superantispyware\SASWINLO.DLL [2009-01-01 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-26 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Programmer\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Programmer\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\iifcDWnK

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Programmer\Messenger\msmsgs.exe"="C:\Programmer\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"G:\NYYYYYYYYY\MSN Messenger\msnmsgr.exe"="G:\NYYYYYYYYY\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger"
"C:\Programmer\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programmer\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Programmer\Microsoft Office\Office12\GROOVE.EXE"="C:\Programmer\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Programmer\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programmer\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\NY\DC++\DCPlusPlus.exe"="D:\NY\DC++\DCPlusPlus.exe:*:Enabled:DC++"
"C:\Programmer\Microsoft ActiveSync\rapimgr.exe"="C:\Programmer\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Programmer\Microsoft ActiveSync\wcescomm.exe"="C:\Programmer\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Programmer\Microsoft ActiveSync\WCESMgr.exe"="C:\Programmer\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"D:\Spil\The All-Seeing Eye\eye.exe"="D:\Spil\The All-Seeing Eye\eye.exe:*:Enabled:Yahoo! All-Seeing Eye"
"E:\Programmer\Gamespy\Aphex.exe"="E:\Programmer\Gamespy\Aphex.exe:*:Enabled:GameSpy Arcade"
"D:\Spil\MOHAA\moh_Breakthrough.exe"="D:\Spil\MOHAA\moh_Breakthrough.exe:*:Enabled:Medal of Honor Allied Assault(tm) Breakthrough"
"E:\Programmer\GameSpy Arcade\Aphex.exe"="E:\Programmer\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"D:\Spil\MOHAA\MOHAA.exe"="D:\Spil\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"C:\Programmer\Internet Explorer\IEXPLORE.EXE"="C:\Programmer\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Programmer\Windows Media Player\wmplayer.exe"="C:\Programmer\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"D:\Spil\Gamespy\Comrade.exe"="D:\Spil\Gamespy\Comrade.exe:*:Enabled:Comrade"
"D:\Spil\MOHAA\moh_spearhead.exe"="D:\Spil\MOHAA\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault(tm) Spearhead"
"D:\Spil\Quake 4\quake2.exe"="D:\Spil\Quake 4\quake2.exe:*:Enabled:quake2"
"D:\Programmer\BadBlue\PE\badblue.exe"="D:\Programmer\BadBlue\PE\badblue.exe:*:Enabled:P2P Web Server"
"D:\Programmer\StationRipper\StationRipperConsole.exe"="D:\Programmer\StationRipper\StationRipperConsole.exe:*:Enabled:StationRipperConsole"
"C:\Programmer\MSN Messenger\msnmsgr.exe"="C:\Programmer\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Programmer\MSN Messenger\livecall.exe"="C:\Programmer\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\Spil\MOHAA\moh_Breakthrough_server.exe"="D:\Spil\MOHAA\moh_Breakthrough_server.exe:*:Enabled:Medal of Honor Allied Assault(tm) Breakthrough"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"G:\Spil\call of Duty 4\iw3mp.exe"="G:\Spil\call of Duty 4\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"D:\Programmer\Phone\Phone\Skype.exe"="D:\Programmer\Phone\Phone\Skype.exe:*:Enabled:Skype"
"D:\Spil\MOHAA\MOHAA_server.exe"="D:\Spil\MOHAA\MOHAA_server.exe:*:Enabled:Medal of Honor Allied Assault(tm)"
"G:\Spil\Colin Macrae\DiRT.exe"="G:\Spil\Colin Macrae\DiRT.exe:*:Enabled:DiRT Executable"
"D:\Spil\Ny mappe\Unreal Tournament\System\UnrealTournament.exe"="D:\Spil\Ny mappe\Unreal Tournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament"
"D:\Programmer\Winamp\winamp.exe"="D:\Programmer\Winamp\winamp.exe:*:Enabled:Winamp"
"C:\Documents and Settings\Christian\Lokale indstillinger\Temp\usmt\migwiz.exe"="C:\Documents and Settings\Christian\Lokale indstillinger\Temp\usmt\migwiz.exe:*:Enabled:Guiden Overførsel af filer og indstillinger"
"G:\Programmer\DC++\DCPlusPlus.exe"="G:\Programmer\DC++\DCPlusPlus.exe:*:Enabled:DC++"
"C:\Documents and Settings\Christian\Lokale indstillinger\Temp\is-CPET6.tmp\is-0M0AB.tmp"="C:\Documents and Settings\Christian\Lokale indstillinger\Temp\is-CPET6.tmp\is-0M0AB.tmp:*:Enabled:Setup/Uninstall"
"D:\Programmer\totalcmd\TOTALCMD.EXE"="D:\Programmer\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"D:\Spil\TrackMania Nations ESWC\TrackMania Nations ESWC\TmNationsESWC.exe"="D:\Spil\TrackMania Nations ESWC\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"E:\Programmer\DC ++\DCPlusPlus.exe"="E:\Programmer\DC ++\DCPlusPlus.exe:*:Enabled:DC++"
"G:\Programmer\Sony Ericsson\Mobile2\ma3platform.exe"="G:\Programmer\Sony Ericsson\Mobile2\ma3platform.exe:*:Enabled:ma3platform"
"C:\Programmer\Support.com\bin\tgcmd.exe"="C:\Programmer\Support.com\bin\tgcmd.exe:*:Enabled:TDC Netsupport"
"D:\Spil\Far Cry 2\bin\FarCry2.exe"="D:\Spil\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"
"D:\Spil\Far Cry 2\bin\FC2Launcher.exe"="D:\Spil\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"D:\Spil\Far Cry 2\bin\FC2Editor.exe"="D:\Spil\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor"
"D:\Spil\Exodus\bin\efte.exe"="D:\Spil\Exodus\bin\efte.exe:*:Enabled:Exodus From Earth"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\Programmer\Microsoft ActiveSync\rapimgr.exe"="C:\Programmer\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Programmer\Microsoft ActiveSync\wcescomm.exe"="C:\Programmer\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Programmer\Microsoft ActiveSync\WCESMgr.exe"="C:\Programmer\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Programmer\MSN Messenger\msnmsgr.exe"="C:\Programmer\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Programmer\MSN Messenger\livecall.exe"="C:\Programmer\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{782fa856-a11a-11dd-96ce-0013d406ed08}]
shell\AutoRun\command - J:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-01-25 16:28:00 ----D---- C:\rsit
2009-01-25 16:20:29 ----A---- C:\WINDOWS\system32\AcroIEHelpe4.dll
2009-01-25 14:45:52 ----D---- C:\Documents and Settings\Christian\Application Data\Malwarebytes
2009-01-25 14:45:46 ----D---- C:\Programmer\Malwarebytes' Anti-Malware
2009-01-25 14:45:46 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-25 13:15:03 ----D---- C:\Documents and Settings\Christian\Application Data\InstallShield
2009-01-25 12:32:27 ----D---- C:\Programmer\Microsoft Visual Studio
2009-01-25 12:32:26 ----D---- C:\Programmer\Fælles filer\DESIGNER
2009-01-25 12:17:49 ----SHD---- C:\Config.Msi
2009-01-24 20:47:38 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-24 20:37:22 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2009-01-24 12:11:10 ----D---- C:\Programmer\Windows Live Safety Center
2009-01-24 11:45:05 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-24 11:45:05 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-24 11:45:05 ----A---- C:\WINDOWS\system32\java.exe
2009-01-24 11:45:05 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-24 11:38:21 ----D---- C:\WINDOWS\Sun
2009-01-24 11:14:43 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-22 18:23:45 ----D---- C:\Programmer\Fælles filer\ODBC
2009-01-22 18:17:08 ----D---- C:\tmp
2009-01-15 17:53:08 ----D---- C:\Documents and Settings\Christian\Application Data\Real
2009-01-14 20:57:08 ----D---- C:\WINDOWS\IIS Temporary Compressed Files
2009-01-13 22:44:11 ----D---- C:\WINDOWS\system32\dtw5d
2009-01-13 16:25:36 ----A---- C:\WINDOWS\system32\AcroIEHelpe4.txt
2009-01-04 21:47:24 ----D---- C:\Documents and Settings\Christian\Application Data\Nero
2009-01-04 21:46:41 ----A---- C:\WINDOWS\system32\msiexec.exe.log
2009-01-04 21:41:20 ----D---- C:\Programmer\Nero
2009-01-04 21:41:20 ----D---- C:\Programmer\Fælles filer\Nero
2009-01-04 21:41:20 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2009-01-04 20:03:13 ----A---- C:\WINDOWS\system32\wpcap.dll
2009-01-04 20:03:13 ----A---- C:\WINDOWS\system32\packet.dll
2009-01-04 20:03:09 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrszht.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrszhc.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrstr.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsth.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrssv.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrssl.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrssk.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsru.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsptb.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrspt.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrspl.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsno.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsnl.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsko.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsja.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsit.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrshu.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrshe.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsfr.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsfi.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsesm.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrses.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrseng.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsel.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsde.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsda.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrscs.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwrsar.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrszht.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrszhc.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrstr.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsth.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrssv.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrssl.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrssk.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsru.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsptb.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrspt.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrspl.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsno.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsnl.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsko.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsja.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsit.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrshu.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrshe.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsfr.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsfi.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsesm.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrses.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrseng.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsel.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsde.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsda.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrscs.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvrsar.dll

======List of files/folders modified in the last 1 months======

2009-01-25 16:27:50 ----D---- C:\WINDOWS\Temp
2009-01-25 16:22:04 ----D---- C:\WINDOWS\Prefetch
2009-01-25 16:22:01 ----D---- C:\WINDOWS\system32\inetsrv
2009-01-25 16:20:29 ----D---- C:\WINDOWS\system32
2009-01-25 16:19:36 ----RD---- C:\Programmer
2009-01-25 16:19:14 ----D---- C:\WINDOWS\system32\drivers
2009-01-25 16:18:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-25 16:16:09 ----D---- C:\WINDOWS
2009-01-25 14:45:58 ----D---- C:\WINDOWS\system32\UAs
2009-01-25 13:45:40 ----SHD---- C:\WINDOWS\Installer
2009-01-25 13:45:32 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-01-25 13:45:29 ----RSD---- C:\WINDOWS\assembly
2009-01-25 13:17:03 ----D---- C:\WINDOWS\system32\cks
2009-01-25 13:15:12 ----HD---- C:\Programmer\InstallShield Installation Information
2009-01-25 13:14:38 ----D---- C:\Programmer\Java
2009-01-25 13:13:56 ----SD---- C:\Documents and Settings\Christian\Application Data\Microsoft
2009-01-25 12:35:12 ----D---- C:\Programmer\Fælles filer\Microsoft Shared
2009-01-25 12:33:42 ----D---- C:\Programmer\MSBuild
2009-01-25 12:32:26 ----D---- C:\Programmer\Fælles filer
2009-01-25 12:32:17 ----D---- C:\WINDOWS\SHELLNEW
2009-01-25 12:30:27 ----RSD---- C:\WINDOWS\Fonts
2009-01-25 12:21:57 ----AC---- C:\WINDOWS\win.ini
2009-01-25 12:18:30 ----HD---- C:\WINDOWS\inf
2009-01-25 12:13:25 ----D---- C:\WINDOWS\Debug
2009-01-25 11:32:53 ----D---- C:\WINDOWS\Microsoft.NET
2009-01-25 11:18:08 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-25 11:13:49 ----D---- C:\Programmer\Microsoft Office
2009-01-24 20:48:51 ----D---- C:\Documents and Settings\Christian\Application Data\uTorrent
2009-01-24 20:47:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-24 20:47:12 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-24 20:40:08 ----D---- C:\Programmer\ESET
2009-01-24 20:29:10 ----ASH---- C:\boot.ini
2009-01-24 20:29:10 ----AC---- C:\WINDOWS\system.ini
2009-01-24 18:57:32 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-24 14:31:59 ----AC---- C:\WINDOWS\NeroDigital.ini
2009-01-24 11:16:41 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-01-24 11:15:21 ----D---- C:\Programmer\SUPERAntiSpyware
2009-01-24 11:10:39 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
2009-01-24 11:04:48 ----AC---- C:\WINDOWS\ErrRegDoc.txt
2009-01-24 11:03:18 ----D---- C:\Programmer\Fælles filer\Teleca Shared
2009-01-22 17:32:44 ----A---- C:\WINDOWS\system32\powrprof.dll
2009-01-22 17:32:44 ----A---- C:\WINDOWS\system32\nwpp.ini
2009-01-22 17:32:43 ----A---- C:\WINDOWS\system32\wininet.dll
2009-01-22 17:32:43 ----A---- C:\WINDOWS\system32\nwwlnt.ini
2009-01-22 17:32:43 ----A---- C:\WINDOWS\system32\nwklr.ini
2009-01-22 17:32:43 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-01-20 20:59:57 ----A---- C:\WINDOWS\system32\windmlp.ini
2009-01-20 20:59:57 ----A---- C:\WINDOWS\system32\ppdnp.ini
2009-01-20 20:59:57 ----A---- C:\WINDOWS\system32\kerdnp.ini
2009-01-14 20:56:54 ----D---- C:\WINDOWS\system32\spool
2009-01-13 22:44:00 ----D---- C:\WINDOWS\pchealth
2009-01-13 22:43:55 ----D---- C:\Programmer\Internet Explorer
2009-01-13 22:43:24 ----RHD---- C:\AHCache
2009-01-10 15:23:58 ----D---- C:\WINDOWS\nview
2009-01-10 15:21:25 ----D---- C:\WINDOWS\Help
2009-01-10 15:19:26 ----D---- C:\NVIDIA
2009-01-10 02:35:28 ----AC---- C:\WINDOWS\system32\MRT.exe
2009-01-04 21:41:15 ----D---- C:\WINDOWS\Cursors
2009-01-04 17:55:41 ----D---- C:\WINDOWS\system32\DirectX
2009-01-03 13:13:22 ----AC---- C:\WINDOWS\CoverDes.INI
2008-12-31 15:41:21 ----D---- C:\Programmer\Fælles filer\Adobe
2008-12-31 15:41:14 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-12-26 00:08:00 ----AC---- C:\WINDOWS\system32\nvudisp.exe
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nwiz.exe
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwssr.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwss.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwimg.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvwddi.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvvitvsr.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvvitvs.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvshell.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvmoblsr.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvmobls.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvmctray.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvmccssr.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvmccss.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvmccsrs.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvmccs.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nview.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvgamesr.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvgames.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvdspsch.exe
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvdispsr.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvdisps.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvcuda.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvcpluir.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvcplui.exe
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvcpl.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvcolor.exe
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvcodins.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvcod.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvappbar.exe
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nvapi.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2008-12-26 00:08:00 ----A---- C:\WINDOWS\system32\keystone.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2009-01-24 53256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-01-24 34312]
R1 intelppm;Driver til Intel-processor; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-26 39936]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 SASDIFSV;SASDIFSV; \??\c:\programmer\superantispyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Programmer\SUPERAntiSpyware\SASKUTIL.sys []
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-01-24 39944]
R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2004-06-30 14320]
R2 wg4n;SyGate for NT, wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2004-06-30 14320]
R2 wg5n;SyGate for NT, wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2004-06-30 14320]
R2 wg6n;SyGate for NT, wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2004-06-30 14320]
R3 hidusb;Microsoft HID-klassedriver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-09 9600]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys [2003-12-11 25630]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-12-11 70894]
R3 mouhid;HID-driver til mus; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-04 12160]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-12-26 6301344]
R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-12-03 47360]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 UALFDrv2;UALFDrv2; C:\WINDOWS\System32\DRIVERS\UALFDrv2.sys [2004-08-19 46280]
R3 usbaudio;USB-lyddriver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
R3 usbccgp;Overordnet Microsoft USB-standarddriver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Miniportdriver til Microsoft USB 2.0-udvidet værtscontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2-aktiveret hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Microsoft USB PRINTER-klasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbuhci;Microsoft USB-universel værtscontroller miniportdriver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-05-20 288896]
S3 a0o8knsw;a0o8knsw; C:\WINDOWS\system32\drivers\a0o8knsw.sys []
S3 Arp1394;1394 ARP-klientprotokol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-26 60800]
S3 asy0avxd;asy0avxd; C:\WINDOWS\system32\drivers\asy0avxd.sys []
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter; \??\C:\DOCUME~1\CHRIST~1\LOKALE~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-08-07 13352]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2008-08-07 21672]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-06-03 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-06-03 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-06-03 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-06-03 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-06-03 79488]
S3 Navcar;Navman In-car Navigator USB Driver Service; C:\WINDOWS\system32\DRIVERS\Navcar.sys [2006-09-18 30329]
S3 NIC1394;1394-netværksdriver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-26 61824]
S3 NPF;Netgroup Packet Filter; C:\WINDOWS\system32\drivers\npf.sys [2009-01-04 42512]
S3 SASENUM;SASENUM; \??\C:\Programmer\SUPERAntiSpyware\SASENUM.SYS []
S3 smbusp;Intel(R) SMBus 2.0 Driver; C:\WINDOWS\system32\DRIVERS\intelsmb.sys [2006-12-28 45184]
S3 usbscan;USB-scannerdriver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Driver til USB-lagerenhed; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-04-10 104576]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0-ikke-IFS-udbydermiljø; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-09 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;Eset Service; C:\Programmer\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-01-24 468224]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-26 15872]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programmer\Java\jre6\bin\jqs.exe [2009-01-25 152984]
R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2004-08-26 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2004-08-26 117248]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Programmer\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 nTuneService;nTune Service; D:\Programmer\NVIDIA Corporation\nTune\nTuneService.exe [2007-07-03 131072]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-12-26 163908]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-11-13 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2008-10-26 107832]
R2 SmcService;Sygate Personal Firewall Pro; C:\Programmer\Sygate\SPF\smc.exe [2004-06-30 2376928]
R2 SMTPSVC;Simple Mail Transport Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-26 15872]
R2 W3SVC;World Wide Web-udgivelse; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-26 15872]
R2 aawservice;Lavasoft Ad-Aware Service; C:\Programmer\Lavasoft\Ad-Aware\aawservice.exe [2008-06-05 611664]
R3 NMIndexingService;NMIndexingService; C:\Programmer\Fælles filer\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
R3 usnjsvc;Læsetjeneste til USN-poster for delemapper i Messenger; C:\Programmer\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S2 CCALib8;Canon Camera Access Library 8; C:\Programmer\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Programmer\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-01-24 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Programmer\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Programmer\Fælles filer\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Programmer\Fælles filer\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Programmer\Windows Media Player\WMPNetwk.exe [2006-11-15 914432]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-26 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

... Hmmm... hvad har du haft 'gang i' ? ->
D:\Programmer\Nero\keygen.exe (Trojan.Agent)
G:\Programmer\Ny mappe\Få ægte windows\Windows XP Keygen.exe (Malware.Tool) -> Quarantined and deleted successfully.

Der er meget skidt tilbage endnu. Vi kan godt rense det, men det kan tage lang tid. Mit bedste råd til dig, er at formatere den. Hvis du vil prøve at rense, så vær forberedt på at det kan tage så lang tid, at din tid var bedre brugt på at formattere, og få en helt frisk maskine.

Fortæl mig venligst hvad du vil.

det er nok mest fornuftigt at mredde de data som ikke kan undværes, og så lave en nyinstallation med formatering.

jeg vil helst rense hvis det er muligt !

jeg har kørt removal tool fra symantec:

den fandt 1 fil som blev slettet

Ok, vi prøver:

Du får en længere smøre:

Hent og dobbeltklik denne fil. Den pakker sig ud til C:\SDFix:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Genstart i fejlsikret. Hvis du ikke ved hvordan så kig her (Scroll ned til "Sådan får du adgang til fejlsikret tilstand") http://kimludvigsen.dk/tips-windows-fejlsikret.html


Gå så ind i mappen SDFix på C drevet. Dobbeltklik på filen RunThis.bat, for at starte værktøjet. Tryk "y" for at bekræfte, at du kører værktøjet på egen risiko. Så vil værktøjet gå i gang med at fjerne trojanservicen, og lave et par reparationer af registreringsdatabasen. På et tidspunkt vil det bede dig om at trykke en taste for at genstarte computeren. Det skal du gøre, hvorefter computeren vil genstarte efter 15 sekunder.

Genstarten vil tage lidt længere end sædvanligt, idet værktøjet skal have tid til at udføre sit arbejde. Når skrivebordet dukker op, vil værktøjet skrive "Finished". Tryk herefter en taste for at indlæse dine skrivebordsikoner igen.

Åben så SDFix-mappen, find filen Report.txt, og kopier indholdet af denne fil herind.

----------------------------------------------

Download Dr.Web CureIt til skrivebordet:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe



1. Dobbeltklik på Dr.Web-CureIt.exe filen, og lad den køre Express scanningen.


2. Dette vil scanne filer der i øjeblikket kører i hukommelsen. Hvis noget bliver fundet, skal du klikke på Yes/Ja-knappen, hvis den spørger.

Dette er kun en kort scanning.


3. Når den korte scanning er færdig, skal du klikke på Options > Change settings.

Vælg "Scan"-fanen, og fjern flueben ved "Heuristic analysis".


4. Gå tilbage til hovedvinduet, og marker de drev, du vil scanne.

Vælg alle drev. En rød prik viser hvilke drev der er blevet valgt.


5. Klik på den grønne pil til højre, og scanningen vil starte.

Klik på "Yes to all", hvis den spørger om du vil "Cure / Move" filen.


6. Når scanningen er færdig, skal du tjekke om du kan klikke på ikonet, ud for de filer der er listet:

Hvis ja, skal du klikke på det, og derefter klikke på ikonet lige nedenfor og vælg "Move incurable" som du kan se på billedet herunder:

http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif


7. Dette vil flytte den til % userprofile% (Din bruger C drevet) \ DoctorWeb \ quarantine-mappen, hvis den ikke kan helbredes.


8. I Dr.Web CureIt menuen øverst, skal du klikke på "filer", og vælge at gemme rapporten (report)

Gem rapporten til dit skrivebord. Rapporten vil blive kaldt DrWeb.csv


9. Luk Dr.Web CureIt programmet.


10. Genstart din computer! Hvis filerne er i brug, vil de blive flyttet / slettet under genstart.


11. Efter genstart, kopier venligst indholdet af DrWeb.csv ind i dit næste svar.

--------------------------------------------------------

Hent Combofix fra et af disse links, og gem den på dit skrivebord:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.

Til Windows Vista, skal du højreklikke på ComboFix, og klikke "Kør som administrator

Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

BEMÆRK at Combofix af nogle virusscannere bliver detekteret som inficeret. Dette har dog intet på sig.

Vigtigt: Luk ned for evt. sikkerhedsprogrammer inden du kører ComboFix. Alle dine USB drev skal være tilsluttet, når du kører ComboFix.

Resultat af Report.txt:

SDFix: Version 1.240
Run by Christian on 25-01-2009 at 18:30

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found




Folder C:\WINDOWS\system32\dtw5d - Removed


Removing Temp Files

ADS Check :



                                Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-25 18:42:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:45ad4852
"s2"=dword:1af7f593
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmer\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:32,6d,07,ed,3d,68,e7,45,5a,b1,6a,e1,35,06,9a,e3,6c,90,90,e0,43,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,89,28,19,82,86,06,97,8c,69,75,4c,2e,b7,10,ed,73,bf,..
"khjeh"=hex:18,45,eb,d6,5c,6a,0f,f1,09,45,d0,ca,0f,c1,61,77,8b,6f,cd,bc,e3,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:00,58,16,49,90,28,89,48,cb,6a,1d,5d,29,ff,63,3f,79,f2,68,e6,c0,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:b6,c9,64,45,b7,00,e5,82,73,6d,8e,fd,f2,63,9f,3b,4c,82,7f,82,84,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:b6,c9,64,45,b7,00,e5,82,73,6d,8e,fd,f2,63,9f,3b,4c,82,7f,82,84,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Programmer\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:32,6d,07,ed,3d,68,e7,45,5a,b1,6a,e1,35,06,9a,e3,6c,90,90,e0,43,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,89,28,19,82,86,06,97,8c,69,75,4c,2e,b7,10,ed,73,bf,..
"khjeh"=hex:18,45,eb,d6,5c,6a,0f,f1,09,45,d0,ca,0f,c1,61,77,8b,6f,cd,bc,e3,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:00,58,16,49,90,28,89,48,cb,6a,1d,5d,29,ff,63,3f,79,f2,68,e6,c0,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:b6,c9,64,45,b7,00,e5,82,73,6d,8e,fd,f2,63,9f,3b,4c,82,7f,82,84,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:b6,c9,64,45,b7,00,e5,82,73,6d,8e,fd,f2,63,9f,3b,4c,82,7f,82,84,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BDC52FDD-6899-8E58-C7F4-F35CFABDA937}]
"ablpbgjnpcegdnkmdpdnobmkemidkpgelb"=hex:64,62,6e,61,63,70,70,6a,6b,66,67,62,61,63,64,63,67,64,66,68,6c,..
"bblpbgjnpcegdnkmdpcondhclklldegieppj"=hex:61,62,69,6e,63,6c,6c,6e,64,6a,6d,66,63,64,6e,65,6c,65,69,67,66,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Programmer\\Messenger\\msmsgs.exe"="C:\\Programmer\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"G:\\NYYYYYYYYY\\MSN Messenger\\msnmsgr.exe"="G:\\NYYYYYYYYY\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger"
"C:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Programmer\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Programmer\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\\NY\\DC++\\DCPlusPlus.exe"="D:\\NY\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"C:\\Programmer\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Programmer\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Programmer\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Programmer\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Programmer\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Programmer\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"D:\\Spil\\The All-Seeing Eye\\eye.exe"="D:\\Spil\\The All-Seeing Eye\\eye.exe:*:Enabled:Yahoo! All-Seeing Eye"
"E:\\Programmer\\Gamespy\\Aphex.exe"="E:\\Programmer\\Gamespy\\Aphex.exe:*:Enabled:GameSpy Arcade"
"D:\\Spil\\MOHAA\\moh_Breakthrough.exe"="D:\\Spil\\MOHAA\\moh_Breakthrough.exe:*:Enabled:Medal of Honor Allied Assault(tm) Breakthrough"
"E:\\Programmer\\GameSpy Arcade\\Aphex.exe"="E:\\Programmer\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"D:\\Spil\\MOHAA\\MOHAA.exe"="D:\\Spil\\MOHAA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"C:\\Programmer\\Internet Explorer\\IEXPLORE.EXE"="C:\\Programmer\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Programmer\\Windows Media Player\\wmplayer.exe"="C:\\Programmer\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"D:\\Spil\\Gamespy\\Comrade.exe"="D:\\Spil\\Gamespy\\Comrade.exe:*:Enabled:Comrade"
"D:\\Spil\\MOHAA\\moh_spearhead.exe"="D:\\Spil\\MOHAA\\moh_spearhead.exe:*:Enabled:Medal of Honor Allied Assault(tm) Spearhead"
"D:\\Spil\\Quake 4\\quake2.exe"="D:\\Spil\\Quake 4\\quake2.exe:*:Enabled:quake2"
"D:\\Programmer\\BadBlue\\PE\\badblue.exe"="D:\\Programmer\\BadBlue\\PE\\badblue.exe:*:Enabled:P2P Web Server"
"D:\\Programmer\\StationRipper\\StationRipperConsole.exe"="D:\\Programmer\\StationRipper\\StationRipperConsole.exe:*:Enabled:StationRipperConsole"
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"="C:\\Programmer\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Programmer\\MSN Messenger\\livecall.exe"="C:\\Programmer\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\\Spil\\MOHAA\\moh_Breakthrough_server.exe"="D:\\Spil\\MOHAA\\moh_Breakthrough_server.exe:*:Enabled:Medal of Honor Allied Assault(tm) Breakthrough"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"G:\\Spil\\call of Duty 4\\iw3mp.exe"="G:\\Spil\\call of Duty 4\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"D:\\Programmer\\Phone\\Phone\\Skype.exe"="D:\\Programmer\\Phone\\Phone\\Skype.exe:*:Enabled:Skype"
"D:\\Spil\\MOHAA\\MOHAA_server.exe"="D:\\Spil\\MOHAA\\MOHAA_server.exe:*:Enabled:Medal of Honor Allied Assault(tm)"
"G:\\Spil\\Colin Macrae\\DiRT.exe"="G:\\Spil\\Colin Macrae\\DiRT.exe:*:Enabled:DiRT Executable"
"D:\\Spil\\Ny mappe\\Unreal Tournament\\System\\UnrealTournament.exe"="D:\\Spil\\Ny mappe\\Unreal Tournament\\System\\UnrealTournament.exe:*:Enabled:UnrealTournament"
"D:\\Programmer\\Winamp\\winamp.exe"="D:\\Programmer\\Winamp\\winamp.exe:*:Enabled:Winamp"
"C:\\Documents and Settings\\Christian\\Lokale indstillinger\\Temp\\usmt\\migwiz.exe"="C:\\Documents and Settings\\Christian\\Lokale indstillinger\\Temp\\usmt\\migwiz.exe:*:Enabled:Guiden Overf›rsel af filer og indstillinger"
"G:\\Programmer\\DC++\\DCPlusPlus.exe"="G:\\Programmer\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"C:\\Documents and Settings\\Christian\\Lokale indstillinger\\Temp\\is-CPET6.tmp\\is-0M0AB.tmp"="C:\\Documents and Settings\\Christian\\Lokale indstillinger\\Temp\\is-CPET6.tmp\\is-0M0AB.tmp:*:Enabled:Setup/Uninstall"
"D:\\Programmer\\totalcmd\\TOTALCMD.EXE"="D:\\Programmer\\totalcmd\\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"D:\\Spil\\TrackMania Nations ESWC\\TrackMania Nations ESWC\\TmNationsESWC.exe"="D:\\Spil\\TrackMania Nations ESWC\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"E:\\Programmer\\DC ++\\DCPlusPlus.exe"="E:\\Programmer\\DC ++\\DCPlusPlus.exe:*:Enabled:DC++"
"G:\\Programmer\\Sony Ericsson\\Mobile2\\ma3platform.exe"="G:\\Programmer\\Sony Ericsson\\Mobile2\\ma3platform.exe:*:Enabled:ma3platform"
"C:\\Programmer\\Support.com\\bin\\tgcmd.exe"="C:\\Programmer\\Support.com\\bin\\tgcmd.exe:*:Enabled:TDC Netsupport"
"D:\\Spil\\Far Cry 2\\bin\\FarCry2.exe"="D:\\Spil\\Far Cry 2\\bin\\FarCry2.exe:*:Enabled:Far Cry 2"
"D:\\Spil\\Far Cry 2\\bin\\FC2Launcher.exe"="D:\\Spil\\Far Cry 2\\bin\\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"D:\\Spil\\Far Cry 2\\bin\\FC2Editor.exe"="D:\\Spil\\Far Cry 2\\bin\\FC2Editor.exe:*:Enabled:Editor"
"D:\\Spil\\Exodus\\bin\\efte.exe"="D:\\Spil\\Exodus\\bin\\efte.exe:*:Enabled:Exodus From Earth"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"C:\\Programmer\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Programmer\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Programmer\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Programmer\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Programmer\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Programmer\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Programmer\\MSN Messenger\\msnmsgr.exe"="C:\\Programmer\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Programmer\\MSN Messenger\\livecall.exe"="C:\\Programmer\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :



Files with Hidden Attributes :

Wed 13 Oct 2004    1,694,208 ..SH. --- "C:\Programmer\Messenger\msmsgs.exe"
Sun  3 Jun 2007        4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 26 Apr 2007            0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 26 Oct 2008        4,934 ...HR --- "C:\Documents and Settings\Christian\Application Data\SecuROM\UserData\securom_v7_01.bak"
Fri  2 May 2008    3,493,888 A..H. --- "C:\Documents and Settings\Christian\Application Data\U3\temp\Launchpad Removal.exe"

Finished!

Dr.Web CureIt logfile:

data002\327882R2FWJFW\psexec.cfexe    D:\fLYTTET FRA SKRIVEBORD\Skrivebord\Spywarefri\ComboFix.exe\data002    Program.PsExec.171   
data002    D:\fLYTTET FRA SKRIVEBORD\Skrivebord\Spywarefri\ComboFix.exe    Archive contains infected objects   
ComboFix.exe    D:\fLYTTET FRA SKRIVEBORD\Skrivebord\Spywarefri    Archive contains infected objects    Moved.
ax_object[1].htm    D:\JCN 1\RECYCLER\S-1-5-21-1343024091-823518204-839522115-1003\Dg93.IE5\S5Q30H67    Trojan.CodeBaseExec    Incurable.Moved.
Nero-9.0.9.4d.exe    D:\Programmer\Nero    Trojan.Inject.3771    Deleted.
pak010.pk4\textures/common_floors/c_p4_floor_1_hit.tga    D:\Spil\Quake 4\q4base\pak010.pk4    Modification of Trojan.Kaskad.245   
pak010.pk4    D:\Spil\Quake 4\q4base    Archive contains infected objects    Moved.
A0019222.exe    D:\System Volume Information\_restore{76DCCF7A-2932-46CB-91C8-45354B5BE525}\RP215    Trojan.Inject.3771    Deleted.
ssrc.exe    C:\Programmer\Support.com\bin    Program.RemoteAdmin.origin    Moved.
Helper.wsf    C:\Programmer\TDC\TDCNetSupport\scripts    Modification of JS.First    Moved.
Process.exe    C:\SDFix\apps    Tool.Prockill    Moved.
avg80f_62a1257.exe\file.exe    F:\Programmer\Ny mappe\AVG Anti-Virus 8 Pro +new key\avg80f_62a1257.exe    Trojan.DownLoad.6115   
avg80f_62a1257.exe    F:\Programmer\Ny mappe\AVG Anti-Virus 8 Pro +new key    Archive contains infected objects    Moved.
Crysis.exe\MediaXCodec.exe    F:\Programmer\Ny mappe\Crysis Warhead SERIAL + CRACK - SGF\Crysis.exe    Trojan.DownLoad.14280   
Crysis.exe    F:\Programmer\Ny mappe\Crysis Warhead SERIAL + CRACK - SGF    Archive contains infected objects    Moved.
A0019224.exe\file.exe    F:\System Volume Information\_restore{76DCCF7A-2932-46CB-91C8-45354B5BE525}\RP215\A0019224.exe    Trojan.DownLoad.6115   
A0019224.exe    F:\System Volume Information\_restore{76DCCF7A-2932-46CB-91C8-45354B5BE525}\RP215    Archive contains infected objects    Moved.
vnc-3.3.7-x86_win32.exe\data005    G:\DC++ Downloads\RealVNC\vnc-3.3.7-x86_win32.exe    Program.RemoteAdmin   
vnc-3.3.7-x86_win32.exe    G:\DC++ Downloads\RealVNC    Archive contains infected objects    Moved.
UltraVNC-102-Setup.exe\data014    G:\NYYYYYYYYY\Dokumenter\My Completed Downloads\UltraVNC-102-Setup.exe    Program.RemoteAdmin.37   
UltraVNC-102-Setup.exe    G:\NYYYYYYYYY\Dokumenter\My Completed Downloads    Archive contains infected objects    Moved.
Driver Detective 6.2.5.0.exe\is202360.exe    G:\Programmer\Ny mappe\Driver Detective 6.2.5.0 + Crack Full Activate and Working\Driver Detective 6.2.5.0.exe    Win32.Parite.2   
Driver Detective 6.2.5.0.exe    G:\Programmer\Ny mappe\Driver Detective 6.2.5.0 + Crack Full Activate and Working    Archive contains infected objects    Moved.
vncviewer.exe    G:\Programmer\UltraVNC    Program.RemoteAdmin.37    Moved.
A0019226.exe\data005    G:\System Volume Information\_restore{76DCCF7A-2932-46CB-91C8-45354B5BE525}\RP215\A0019226.exe    Program.RemoteAdmin   
A0019226.exe    G:\System Volume Information\_restore{76DCCF7A-2932-46CB-91C8-45354B5BE525}\RP215    Archive contains infected objects    Moved.
A0019227.exe\data014    G:\System Volume Information\_restore{76DCCF7A-2932-46CB-91C8-45354B5BE525}\RP215\A0019227.exe    Program.RemoteAdmin.37   
A0019227.exe    G:\System Volume Information\_restore{76DCCF7A-2932-46CB-91C8-45354B5BE525}\RP215    Archive contains infected objects    Moved.
A0019228.exe\is202360.exe    G:\System Volume Information\_restore{76DCCF7A-2932-46CB-91C8-45354B5BE525}\RP215\A0019228.exe    Win32.Parite.2   
A0019228.exe    G:\System Volume Information\_restore{76DCCF7A-2932-46CB-91C8-45354B5BE525}\RP215    Archive contains infected objects    Moved.

Hej igen,

her er logfilen fra Combofix.

ComboFix 09-01-21.04 - Christian 2009-01-26 17:35:54.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1030.18.1535.1041 [GMT 1:00]
Kører fra: c:\documents and settings\christian\skrivebord\combofix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
* Dannede nyt systemgendannelsespunkt
* Resident AV is active


advarsel -DENNE MASKINE HAR IKKE GENOPRETTELSESKONSOL INSTALLERET !!
.

(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AcroIEHelpe4.dll
c:\windows\system32\cks
c:\windows\system32\cks\christian@ad.yieldmanager[1].txt
c:\windows\system32\cks\christian@ad.yieldmanager[2].txt
c:\windows\system32\cks\christian@ad.yieldmanager[3].txt
c:\windows\system32\cks\christian@aller.112.2o7[1].txt
c:\windows\system32\cks\christian@content.yieldmanager[1].txt
c:\windows\system32\cks\christian@doubleclick[1].txt
c:\windows\system32\cks\christian@doubleclick[2].txt
c:\windows\system32\cks\christian@doubleclick[3].txt
c:\windows\system32\cks\christian@msnservices.112.2o7[1].txt
c:\windows\system32\cks\christian@politiken.112.2o7[1].txt
c:\windows\system32\cks\christian@statistik-gallup[1].txt
c:\windows\system32\cks\christian@statistik-gallup[2].txt
c:\windows\system32\cks\christian@track.adform[1].txt
c:\windows\system32\cks\christian@track.adform[2].txt
c:\windows\system32\cks\christian@track.adform[3].txt
c:\windows\system32\drivers\npf.sys
c:\windows\system32\dtw5d
c:\windows\system32\dtw5d\netbanke_2009.01.25.102849_christian@politiken.112.2o7[1].txt
c:\windows\system32\dtw5d\netbanke_2009.01.26.011116_christian@track.adform[1].txt
c:\windows\system32\dtw5d\netbanke_2009.01.26.011121_christian@track.adform[3].txt
c:\windows\system32\fnbynuav.ini
c:\windows\system32\hkoeyimy.ini
c:\windows\system32\KnWDcfii.ini
c:\windows\system32\KnWDcfii.ini2
c:\windows\system32\korlg.ini
c:\windows\system32\ldshyr.old
c:\windows\system32\mmvqvodf.ini
c:\windows\system32\nwklr.ini
c:\windows\system32\nwpp.ini
c:\windows\system32\nwwlnt.ini
c:\windows\system32\packet.dll
c:\windows\system32\ppdnp.ini
c:\windows\system32\pporlg.ini
c:\windows\system32\srvblck.tmp
c:\windows\system32\UAs
c:\windows\system32\UAs\ad-aware_UAs001.dat
c:\windows\system32\UAs\AdobeUpdater_UAs001.dat
c:\windows\system32\UAs\AdobeUpdater_UAs002.dat
c:\windows\system32\UAs\aphex_UAs001.dat
c:\windows\system32\UAs\aphex_UAs002.dat
c:\windows\system32\UAs\ccleaner_UAs001.dat
c:\windows\system32\UAs\dfrhost_UAs001.dat
c:\windows\system32\UAs\driverscanner_UAs001.dat
c:\windows\system32\UAs\iexplore_UAs001.dat
c:\windows\system32\UAs\iexplore_UAs002.dat
c:\windows\system32\UAs\iexplore_UAs003.dat
c:\windows\system32\UAs\iexplore_UAs004.dat
c:\windows\system32\UAs\iexplore_UAs005.dat
c:\windows\system32\UAs\jre-6u11-windows-i586-p-s[1]_UAs001.dat
c:\windows\system32\UAs\jusched_UAs001.dat
c:\windows\system32\UAs\mbam_UAs001.dat
c:\windows\system32\UAs\mbam_UAs002.dat
c:\windows\system32\UAs\msiexec_UAs001.dat
c:\windows\system32\UAs\msiexec_UAs002.dat
c:\windows\system32\UAs\msnmsgr_UAs001.dat
c:\windows\system32\UAs\msnmsgr_UAs002.dat
c:\windows\system32\UAs\msnmsgr_UAs003.dat
c:\windows\system32\UAs\msnmsgr_UAs004.dat
c:\windows\system32\UAs\msnmsgr_UAs005.dat
c:\windows\system32\UAs\msnmsgr_UAs006.dat
c:\windows\system32\UAs\msnmsgr_UAs007.dat
c:\windows\system32\UAs\msnmsgr_UAs008.dat
c:\windows\system32\UAs\msnmsgr_UAs009.dat
c:\windows\system32\UAs\nero_UAs001.dat
c:\windows\system32\UAs\OSE_UAs001.dat
c:\windows\system32\UAs\OSE_UAs002.dat
c:\windows\system32\UAs\outlook_UAs001.dat
c:\windows\system32\UAs\rtg.5_UAs001.dat
c:\windows\system32\UAs\setupx_UAs001.dat
c:\windows\system32\UAs\setupx_UAs002.dat
c:\windows\system32\UAs\smc_UAs001.dat
c:\windows\system32\UAs\ssupdate_UAs001.dat
c:\windows\system32\UAs\ssupdate_UAs002.dat
c:\windows\system32\UAs\superantispyware_UAs001.dat
c:\windows\system32\UAs\superantispyware_UAs002.dat
c:\windows\system32\UAs\superantispyware_UAs003.dat
c:\windows\system32\UAs\UAs001.dat
c:\windows\system32\UAs\UAs002.dat
c:\windows\system32\UAs\UAs003.dat
c:\windows\system32\UAs\UAs004.dat
c:\windows\system32\UAs\UAs005.dat
c:\windows\system32\UAs\UAs006.dat
c:\windows\system32\UAs\UAs007.dat
c:\windows\system32\UAs\UAs008.dat
c:\windows\system32\UAs\winamp_UAs001.dat
c:\windows\system32\UAs\WINWORD_UAs001.dat
c:\windows\system32\UAs\wmplayer_UAs001.dat
c:\windows\system32\UAs\wmplayer_UAs002.dat
c:\windows\system32\UAs\youtubeget_UAs001.dat
c:\windows\system32\windmlp.ini
c:\windows\system32\worlg.ini
c:\windows\system32\wpcap.dll
D:\resycled

.
(((((((((((((((((((((((((((((((((((((((  Drivers/Tjenester  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


(((((((((((((((((((((((((((((  Filer skabt fra 2008-12-26 til 2009-01-26  )))))))))))))))))))))))))))))))))))
.

2009-01-26 17:40 . 2009-01-26 17:40    <DIR>    d--------    c:\windows\system32\UAs
2009-01-25 18:52 . 2009-01-25 19:32    <DIR>    d--------    c:\documents and settings\Christian\DoctorWeb
2009-01-25 18:27 . 2009-01-25 18:27    <DIR>    d--------    c:\windows\ERUNT
2009-01-25 18:21 . 2009-01-25 18:45    <DIR>    d--------    C:\SDFix
2009-01-25 16:28 . 2009-01-25 16:28    <DIR>    d--------    C:\rsit
2009-01-25 14:45 . 2009-01-25 14:45    <DIR>    d--------    c:\programmer\Malwarebytes' Anti-Malware
2009-01-25 14:45 . 2009-01-25 14:45    <DIR>    d--------    c:\documents and settings\Christian\Application Data\Malwarebytes
2009-01-25 14:45 . 2009-01-25 14:45    <DIR>    d--------    c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-25 14:45 . 2009-01-14 16:11    38,496    --a------    c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-25 14:45 . 2009-01-14 16:11    15,504    --a------    c:\windows\system32\drivers\mbam.sys
2009-01-25 13:15 . 2009-01-25 13:15    <DIR>    d--------    c:\documents and settings\Christian\Application Data\InstallShield
2009-01-24 20:37 . 2009-01-24 20:37    <DIR>    d--------    c:\documents and settings\All Users\Application Data\ESET
2009-01-24 20:31 . 2009-01-24 20:31    53,256    --a------    c:\windows\system32\drivers\easdrv.sys
2009-01-24 20:31 . 2009-01-24 20:31    39,944    --a------    c:\windows\system32\drivers\eamon.sys
2009-01-24 20:31 . 2009-01-24 20:31    34,312    --a------    c:\windows\system32\drivers\epfwtdir.sys
2009-01-24 12:11 . 2009-01-24 19:23    <DIR>    d--------    c:\programmer\Windows Live Safety Center
2009-01-24 11:45 . 2009-01-25 10:44    410,984    --a------    c:\windows\system32\deploytk.dll
2009-01-24 11:38 . 2009-01-24 11:38    <DIR>    d--------    c:\windows\Sun
2009-01-24 11:14 . 2009-01-24 11:14    <DIR>    d--------    c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-22 18:17 . 2009-01-22 18:17    <DIR>    d--------    C:\tmp
2009-01-22 18:17 . 2009-01-22 18:17    <DIR>    d--------    c:\documents and settings\All Users\Skabeloner
2009-01-14 20:57 . 2009-01-14 20:57    <DIR>    d--------    c:\windows\IIS Temporary Compressed Files
2009-01-12 19:46 . 2009-01-12 19:46    2,488    --a------    c:\windows\system32\NMMediaServer.cfg
2009-01-04 21:47 . 2009-01-04 21:47    <DIR>    d--------    c:\documents and settings\Christian\Application Data\Nero
2009-01-04 21:41 . 2009-01-04 21:41    <DIR>    d--------    c:\programmer\Nero
2009-01-04 21:41 . 2009-01-04 21:45    <DIR>    d--------    c:\programmer\Fælles filer\Nero
2009-01-04 21:41 . 2009-01-04 21:41    <DIR>    d--------    c:\documents and settings\All Users\Application Data\Nero
2009-01-04 20:03 . 2009-01-04 21:49    <DIR>    d-a------    c:\documents and settings\All Users\Application Data\TEMP

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-25 12:45    ---------    d-----w    c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-25 12:15    ---------    d--h--w    c:\programmer\InstallShield Installation Information
2009-01-25 12:14    ---------    d-----w    c:\programmer\Java
2009-01-25 11:33    ---------    d-----w    c:\programmer\MSBuild
2009-01-24 19:48    ---------    d-----w    c:\documents and settings\Christian\Application Data\uTorrent
2009-01-24 19:40    ---------    d-----w    c:\programmer\ESET
2009-01-24 10:16    ---------    d-----w    c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-24 10:15    ---------    d-----w    c:\programmer\SUPERAntiSpyware
2009-01-24 10:10    ---------    d-----w    c:\documents and settings\All Users\Application Data\DriverScanner
2009-01-24 10:03    ---------    d-----w    c:\programmer\Fælles filer\Teleca Shared
2008-12-31 14:41    ---------    d-----w    c:\programmer\Fælles filer\Adobe
2008-12-25 23:08    6,301,344    ----a-w    c:\windows\system32\drivers\nv4_mini.sys
2008-12-21 15:18    ---------    d-----w    c:\documents and settings\All Users\Application Data\Watermark Factory
2008-12-11 11:57    333,184    ----a-w    c:\windows\system32\drivers\srv.sys
2008-12-05 21:31    ---------    d-----w    c:\documents and settings\Christian\Application Data\ZoomBrowser EX
2008-11-28 20:28    ---------    d-----w    c:\documents and settings\Christian\Application Data\Winamp
2008-10-28 18:42    901,120    -c--a-w    c:\windows\TMUninst.exe
2008-10-26 15:17    22,328    -c--a-w    c:\documents and settings\Christian\Application Data\PnkBstrK.sys
2007-12-03 18:36    47,360    -c--a-w    c:\documents and settings\Christian\Application Data\pcouffin.sys
.

------- Sigcheck -------

2007-01-04 15:05  666624  702ce6fcf3c010ea120ac7e9b98faecf    c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll
2007-02-19 16:23  667136  ead008381cbf84f35b6defeb52348691    c:\windows\$hf_mig$\KB931768\SP2QFE\wininet.dll
2007-04-18 13:46  667136  e2239a1969ec56917ce7c943f88e48c1    c:\windows\$hf_mig$\KB933566\SP2QFE\wininet.dll
2007-06-26 15:43  667136  3e12bf374cbf64de85db67b7186936cd    c:\windows\$hf_mig$\KB937143\SP2QFE\wininet.dll
2007-08-22 13:57  667136  93a4a24f5f6f06b52cd3c273ae68810a    c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll
2007-10-11 07:00  667648  5b2fe66b97efac5dae5e60aad4eefc19    c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll
2008-03-01 13:35  827392  cd10c2876ce742d2d998cffafe976dbc    c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2008-04-23 05:21  827392  5a11ff73ab8b92316b23c96ef5ccc950    c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
2008-06-23 16:41  827904  b0f9a247e0dd203add954fe5a7278a9a    c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
2008-08-26 10:10  827904  aacad8c0fb31d641b9bb9d749f4fbcdd    c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
2008-10-16 20:33  827904  ff5680ae65242d96ff06e2435f0898a1    c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
2007-01-04 14:55  660480  2dbf645ac7b13baad4d50ab2bca192a9    c:\windows\$NtUninstallKB931768$\wininet.dll
2007-02-19 16:05  660480  5e445ba23b245c85fbea2fa7f23f3b5a    c:\windows\$NtUninstallKB933566$\wininet.dll
2007-04-18 13:32  660480  29256170c87c7ba71c70a82bc40ef0c6    c:\windows\$NtUninstallKB937143$\wininet.dll
2007-06-26 15:13  660480  7f16a1e859de8bd1a402184fce3c5255    c:\windows\$NtUninstallKB939653$\wininet.dll
2007-08-22 14:14  660480  6f80927d035fc660764113555adf8a98    c:\windows\$NtUninstallKB942615$\wininet.dll
2007-10-11 07:13  660992  5cdbfa020f09e828725b35191bf94aa7    c:\windows\ie7\wininet.dll
2007-08-13 18:54  818688  a4a0fc92358f39538a6494c42ef99fe9    c:\windows\ie7updates\KB947864-IE7\wininet.dll
2008-03-01 13:58  826368  2226f23358b9974122ba1511c5051716    c:\windows\ie7updates\KB950759-IE7\wininet.dll
2008-04-23 08:20  826368  a672bbfbebb4555886718d3b4c618cd2    c:\windows\ie7updates\KB953838-IE7\wininet.dll
2008-06-23 17:33  826368  89dc1aa493d9335800fc44dc4a9129ec    c:\windows\ie7updates\KB956390-IE7\wininet.dll
2008-08-26 09:27  826368  3f2a9a2ec2ab5a7f2ea19a42db087154    c:\windows\ie7updates\KB958215-IE7\wininet.dll
2008-04-14 17:05  667648  14b6321e0c8748c02b5b38ba03fd1b99    c:\windows\SoftwareDistribution\Download\99347e47d897dd2409ecd2a34a331d3a\wininet.dll
2009-01-22 17:32  846848  0da61f32f2353438972d74ec795dd004    c:\windows\system32\wininet.dll
2009-01-22 17:32  846848  0da61f32f2353438972d74ec795dd004    c:\windows\system32\dllcache\wininet.dll

2006-07-05 11:58  1001472  946a25601a3a58039a30cfa9578f3d61    c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
2007-04-16 17:11  1002496  d1d65b4cec0167c44da2ec51ec2c52ce    c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
2006-07-05 11:56  1000448  310acccb78f3e27300d08dc027fd0866    c:\windows\$NtUninstallKB935839$\kernel32.dll
2008-04-14 17:05  1006080  99ed0bf23810ec30271a5b1a00968791    c:\windows\SoftwareDistribution\Download\99347e47d897dd2409ecd2a34a331d3a\kernel32.dll
2009-01-22 17:32  1009152  91f7b9ca17feaad8ef59857e9a565833    c:\windows\system32\kernel32.dll
2009-01-22 17:32  1009152  91f7b9ca17feaad8ef59857e9a565833    c:\windows\system32\dllcache\kernel32.dll

2008-04-14 17:05  17408  71f270f3e6092ca48920fa3876ed86a2    c:\windows\SoftwareDistribution\Download\99347e47d897dd2409ecd2a34a331d3a\powrprof.dll
2009-01-22 17:32  21504  78598045d049343c87a1106a29027655    c:\windows\system32\powrprof.dll
2009-01-22 17:32  21504  78598045d049343c87a1106a29027655    c:\windows\system32\dllcache\powrprof.dll
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-26 15360]
"H/PC Connection Agent"="c:\programmer\microsoft activesync\wcescomm.exe" [2006-06-27 1211176]
"msnmsgr"="c:\programmer\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"NVIDIA nTune"="d:\programmer\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 81920]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmer\fælles filer\nero\lib\nmindexstoresvr.exe" [2008-02-28 1828136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SHARKOON STATION"="c:\programmer\SHARKOON Technologies GmbH\SHARKOON STATION\Majestic.exe" [2004-11-11 327680]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-05-14 188416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
"egui"="c:\programmer\ESET\ESET NOD32 Antivirus\egui.exe" [2009-01-24 1447168]
"GrooveMonitor"="c:\programmer\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\programmer\Java\jre6\bin\jusched.exe" [2009-01-25 136600]
"nwiz"="nwiz.exe" [2008-12-26 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-26 15360]

c:\documents and settings\Christian\Menuen Start\Programmer\Start\
Screen Clipper and Launcher til OneNote 2007.lnk - c:\programmer\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programmer\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-01 11:27 356352 c:\programmer\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 d:\programmer\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a--c--- 2006-11-12 11:48 157592 c:\programmer\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-06-27 17:39 1211176 c:\programmer\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2006-01-24 20:24 7094272 g:\nyyyyyyyyy\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 16:29 2221352 c:\programmer\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
-----c--- 2007-12-02 15:26 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-02-28 09:59 570664 c:\programmer\Fælles filer\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2009-01-24 11:15 1830128 c:\programmer\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
--a------ 2007-05-16 10:18 1856544 d:\programmer\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"seclogon"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programmer\\Messenger\\msmsgs.exe"=
"g:\\NYYYYYYYYY\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmer\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmer\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\NY\\DC++\\DCPlusPlus.exe"=
"c:\programmer\Microsoft ActiveSync\rapimgr.exe"= c:\programmer\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmer\Microsoft ActiveSync\wcescomm.exe"= c:\programmer\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmer\Microsoft ActiveSync\WCESMgr.exe"= c:\programmer\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"d:\\Spil\\The All-Seeing Eye\\eye.exe"=
"e:\\Programmer\\Gamespy\\Aphex.exe"=
"d:\\Spil\\MOHAA\\moh_Breakthrough.exe"=
"e:\\Programmer\\GameSpy Arcade\\Aphex.exe"=
"d:\\Spil\\MOHAA\\MOHAA.exe"=
"c:\\Programmer\\Windows Media Player\\wmplayer.exe"=
"d:\\Spil\\Gamespy\\Comrade.exe"=
"d:\\Spil\\MOHAA\\moh_spearhead.exe"=
"d:\\Spil\\Quake 4\\quake2.exe"=
"d:\\Programmer\\BadBlue\\PE\\badblue.exe"=
"d:\\Programmer\\StationRipper\\StationRipperConsole.exe"=
"c:\\Programmer\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmer\\MSN Messenger\\livecall.exe"=
"d:\\Spil\\MOHAA\\moh_Breakthrough_server.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"g:\\Spil\\call of Duty 4\\iw3mp.exe"=
"d:\\Programmer\\Phone\\Phone\\Skype.exe"=
"d:\\Spil\\MOHAA\\MOHAA_server.exe"=
"d:\\Spil\\Ny mappe\\Unreal Tournament\\System\\UnrealTournament.exe"=
"d:\\Programmer\\Winamp\\winamp.exe"=
"c:\\Programmer\\Support.com\\bin\\tgcmd.exe"=
"d:\\Spil\\Far Cry 2\\bin\\FarCry2.exe"=
"d:\\Spil\\Far Cry 2\\bin\\FC2Launcher.exe"=
"d:\\Spil\\Far Cry 2\\bin\\FC2Editor.exe"=
"d:\\Spil\\Exodus\\bin\\efte.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-01-24 34312]
R1 SASDIFSV;SASDIFSV;c:\programmer\SUPERAntiSpyware\sasdifsv.sys [2008-05-28 8944]
R1 SASKUTIL;SASKUTIL;c:\programmer\SUPERAntiSpyware\SASKUTIL.SYS [2008-05-28 55024]
R3 UALFDrv2;UALFDrv2;c:\windows\system32\drivers\UALFDrv2.sys [2007-03-27 46280]
R4 ekrn;Eset Service;c:\programmer\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-01-24 468224]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\CHRIST~1\LOKALE~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\CHRIST~1\LOKALE~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2007-11-05 13352]
S3 Navcar;Navman In-car Navigator USB Driver Service;c:\windows\system32\drivers\Navcar.sys [2008-06-21 30329]
S3 SASENUM;SASENUM;c:\programmer\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 7408]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{782fa856-a11a-11dd-96ce-0013d406ed08}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8BE50E34-6513-6818-29FD-9A979288F760}]
c:\windows\system32\winnt\csrss.exe s
.
Indhold af mappen 'Planlagte Opgaver'

2008-03-14 c:\windows\Tasks\ErrorSmart Scheduled Scan.job
- c:\programmer\ErrorSmart\ErrorSmart.exe []

2008-03-14 c:\windows\Tasks\ErrorSmart Scheduled Scan.job
- c:\programmer\ErrorSmart []
.
- - - - TOMME GENVEJE FJERNET - - - -

MSConfigStartUp-!AVG Anti-Spyware - c:\programmer\Grisoft\AVG Anti-Spyware 7.5\avgas.exe


.
------- Yderligere scanning -------
.
uStart Page = hxxp://ekstrabladet.dk/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {76982E1D-3719-4985-A70E-B349EB131E34} = 212.242.40.3,212.242.40.51
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-26 17:40:17
Windows 5.1.2600 Service Pack 2 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 


c:\windows\system32\UAs
c:\windows\system32\dtw5d
c:\windows\system32\cks

scanning gennemført med succes
skjulte filer: 3

**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------

[HKEY_USERS\S-1-5-21-1229272821-2139871995-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BDC52FDD-6899-8E58-C7F4-F35CFABDA937}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"ablpbgjnpcegdnkmdpdnobmkemidkpgelb"=hex:64,62,6e,61,63,70,70,6a,6b,66,67,62,
  61,63,64,63,67,64,66,68,6c,70,6e,69,66,6b,67,70,68,6c,63,70,6d,6a,65,70,62,\
"bblpbgjnpcegdnkmdpcondhclklldegieppj"=hex:61,62,69,6e,63,6c,6c,6e,64,6a,6d,66,
  63,64,6e,65,6c,65,69,67,66,62,64,64,6c,62,64,63,61,70,6c,62,61,62,00,70

[HKEY_USERS\S-1-5-21-1229272821-2139871995-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:69,ab,32,79,6c,78,d2,dc,79,e6,fd,d8,92,4c,dd,d2,8d,86,ee,18,b1,5c,19,
  bc,f5,c8,c9,84,95,b4,4d,e1,02,dd,c0,fb,2b,18,17,0d,0b,52,45,4d,d9,42,82,a7,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-1229272821-2139871995-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:f6,45,02,9c,e2,6e,10,95,68,f5,e4,62,f3,75,f7,13,fd,64,c5,0c,bb,
  5c,c4,c2,bf,4b,a2,27,65,6b,44,0e,bd,9d,ef,22,de,33,91,12,24,00,6d,84,6a,6a,\
"rkeysecu"=hex:be,2c,f2,23,f9,6c,9e,13,89,d8,44,ab,61,ad,f5,46
.
--------------------- DLLs startet under kørende Processer ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\programmer\superantispyware\SASWINLO.DLL
.
------------------------ Andre kørende processer ------------------------
.
c:\programmer\Sygate\SPF\Smc.exe
c:\programmer\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\programmer\Java\jre6\bin\jqs.exe
c:\programmer\Nero\Nero8\Nero BackItUp\NBService.exe
d:\programmer\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\mqtgsvc.exe
c:\programmer\Fælles filer\Nero\Lib\NMIndexingService.exe
c:\programmer\MSN Messenger\usnsvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Gennemført tid: 2009-01-26 17:42:22 - maskinen blev genstartet [Christian]
ComboFix-quarantined-files.txt  2009-01-26 16:42:19
ComboFix2.txt  2008-06-06 10:37:40

Pre-Kørsel: 4.919.975.936 byte ledig
Post-Kørsel: 4,887,232,512 byte ledig

384    --- E O F ---    2009-01-24 19:48:27

Der er nogle signatur check der ikke er i orden, så jeg vil foreslå at du kører en online scanning her http://housecall.trendmicro.com/uk/

Kør den venligst i fejlsikret med netværk, for at den kan arbejde optimalt.

Imens laver jeg et ComboFix fix til dig.

OK

Nåååå - ser man det -> \\DCPlusPlus.exe ???

Endnu en grund til [25/01-2009 17:00:58] !!!

Når du er færdig med onlinescanningen:

Kopiér indholdet mellem de stiplede linier ind i et notepad-vindue, og gem indholdet i samme mappe som Combofix ligger, med navnet CFScript.txt

--------------------------------------------

KILLALL::

Snapshot::

File::
c:\windows\Tasks\ErrorSmart Scheduled Scan.job
c:\windows\system32\winnt\csrss.exe s
c:\windows\TMUninst.exe

Folder::
c:\programmer\ErrorSmart

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8BE50E34-6513-6818-29FD-9A979288F760}]



--------------------------------------------

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen. (Se billede hvis du er i tvivl om fremgangsmåden)
http://www.malwarecheck.dk/billeder/CFScriptB-4_da.gif

Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.

Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt

Indholdet af denne fil må du gerne lægge herind til gennemsyn.

jeg kan ikke få den til at køre http://housecall.trendmicro.com/uk/

@Forevernewbie: Denne infektion tror jeg desværre ikke hosecall kan klare. Vi har haft rigtig meget bøvl med den. CF kan fixe infektionen, men vil kun gøre det, hvis brugeren har installeret Recovery Console. Fx således:

Sæt din XP-CD i drevet, klik så på Start->Kør og skriv følgende:
XX:\i386\winnt32.exe /cmdcons <Enter>
Husk at ændre XX til det bogstav det drev du har sat XP-CDén i har.

Ok, tak Ejvind. Den kendte jeg så ikke.

recovery console installeret

Ok, kør bare ComboFix med det script jeg lagde til dig.

Det gik ikke så godt. ComboFix kørte og genstartede pc i ring, så nu har jeg været nødt til at reinstallere xp

Hmmm...

Husk M$ ServicePack3 til XP -> http://www.microsoft.com/downloads/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&displaylang=da + efterfølgende MANGE opdateringer fra WindowsUpdate...

Hvis du bruger AVG så -> http://free.avg.com/download?prd=afe

Og pas nu på med disse P2P programmer:
Hvis du først begynder at 'lege' med P2P programmer - eller retterer relutater derfra - så er det lige vidt !!!
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=40284
http://www.spywarefri.dk/forum/topic.asp?TOPIC_ID=47308

Det er jeg ked af :-(. Desværre en af den slags infektioner der ikke lader sig fjerne, uden at smadre Windows

Det er netop derfor, at man skal installere recovery konsollen. Med den installeret kunne vi nemlig godt have genoprettet computeren.

Men under alle omstændigheder, så er du i hvert fald nu sikker på, at computeren er fuldstændig ren.

Tjaeh, hvis du var vendt tilbage fra en anden maskine, kunne vi have kopieret filerne ind fra Windows CD`en. Men det er fortid nu

Håber at den har formateret inden installationen, ellers!

Den er formatteret ..... og geninstalleret

Pointfordeling ??

og tak til alle for hjælpen.

Hmm, vi var jo ikke til meget hjælp :-(, så for min skyld må du godt tage pointene selv

Ja, enig med forevernewbie.

*Enig*

27/01-2009 06:55:41

ok så lukker jeg her.

Det kan jeg så ikke, smid et svar alle 3

http://expfaq.dk/luk_spm#luk_spm

.