Sådan...
DDS (Ver_09-02-01.01) - NTFSx86
Run by spil 2 at 19:05:27,34 on 04-03-2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1030.18.1023.498 [GMT 1:00]
AV: BullGuard Antivirus *On-access scanning enabled* (Updated)
FW: BullGuard Firewall *disabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe -k BullGuard
C:\WINDOWS\System32\svchost.exe -k BullGuardFw
C:\Programmer\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmer\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\Analog Devices\SoundMAX\SMTray.exe
C:\Programmer\HP\HP Software Update\HPWuSchd.exe
C:\Programmer\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\spil 2\Skrivebord\msnmsgr.exe
C:\Programmer\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Windows Live Toolbar\msn_sl.exe
C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\spil 2\Skrivebord\dds.pif
============== Pseudo HJT Report ===============
uStart Page =
hxxp://www.jubii.dk/uSearch Page =
uSearch Bar =
uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8mStart Page =
hxxp://home.sweetim.comuSearchAssistant =
hxxp://www.google.com/ieuSearchURL,(Default) =
hxxp://www.google.com/search?q=%smSearchAssistant =
uURLSearchHooks: SweetIM For Internet Explorer: {bc4ffe41-de9f-46fa-b455-aad49b9f9938} - c:\programmer\macrogaming\sweetimbarforie\toolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programmer\fælles filer\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SWEETIE Class: {1a0aadcd-3a72-4b5f-900f-e3bb5a838e2a} - c:\progra~1\macrog~1\sweeti~1\toolbar.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\programmer\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Hjælp til tilmelding til Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programmer\fælles filer\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\programmer\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmer\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmer\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: SweetIM For Internet Explorer: {bc4ffe41-de9f-46fa-b455-aad49b9f9938} - c:\programmer\macrogaming\sweetimbarforie\toolbar.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\programmer\windows live toolbar\msntb.dll
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [BullGuard] "c:\programmer\bullguard software\bullguard\bullguard.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\documents and settings\spil 2\skrivebord\msnmsgr.exe" /background
mRun: [Smapp] c:\programmer\analog devices\soundmax\SMTray.exe
mRun: [BullGuard] "c:\programmer\bullguard software\bullguard\bullguard.exe" -boot
mRun: [HP Software Update] "c:\programmer\hp\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\programmer\hp\hpcoretech\hpcmpmgr.exe"
mRun: [Adobe Reader Speed Launcher] "c:\programmer\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRunOnce: [Malwarebytes' Anti-Malware] c:\programmer\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menuen~1\progra~1\start\hpdigi~1.lnk - c:\programmer\hp\digital imaging\bin\hpqtra08.exe
IE: &Windows Live Search - c:\programmer\windows live toolbar\msntb.dll/search.htm
IE: E&ksporter til Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\programmer\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programmer\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\programmer\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
hxxp://www.apple.com/qtactivex/qtplugin.cabDPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} -
hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} -
hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -
hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194625047843DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} -
hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cabHandler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\programmer\hp\hpcoretech\comp\hpuiprot.dll
============= SERVICES / DRIVERS ===============
R1 VFILT;BullGuard Firewall Kernel Driver;c:\programmer\bullguard software\bullguard\fwengine\Filtnt.sys [2006-10-4 125216]
R2 BdFileSpy;BullGuard File Monitor Driver;c:\windows\system32\drivers\BdFileSpy.sys [2007-11-13 50896]
R2 BsFileScan;BullGuard File Scan Service;c:\windows\system32\svchost.exe -k BullGuard [2004-8-27 14336]
R2 BsFwall;BullGuard Firewall Service;c:\windows\system32\svchost.exe -k BullGuardFw [2004-8-27 14336]
R2 BsMailProxy;BullGuard Email Monitoring Service;c:\windows\system32\svchost.exe -k BullGuard [2004-8-27 14336]
R3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [2007-11-13 19020]
R3 Reconn;BullGuard Email Monitor;c:\programmer\bullguard software\bullguard\Reconn.sys [2007-5-28 16984]
S3 ADBLOCK.DLL;BullGuard Firewall Adware Plugin;c:\programmer\bullguard software\bullguard\fwengine\Adblock.dll [2006-10-4 33600]
S3 BGRaSvc;BGRaSvc;c:\programmer\bullguard software\bullguard\support\bgrasvc.exe [2008-3-19 79176]
S3 HTMLFILT.DLL;BullGuard Firewall HTML Plugin;c:\programmer\bullguard software\bullguard\fwengine\Htmlfilt.dll [2006-10-4 11552]
S3 HTTPFILT.DLL;BullGuard Firewall HTTP Plugin;c:\programmer\bullguard software\bullguard\fwengine\Httpfilt.dll [2006-10-4 13248]
S3 pohci13F;pohci13F;\??\c:\docume~1\spil2~1\lokale~1\temp\pohci13f.sys --> c:\docume~1\spil2~1\lokale~1\temp\pohci13F.sys [?]
S3 PROTECT.DLL;BullGuard Firewall Protection Plugin;c:\programmer\bullguard software\bullguard\fwengine\Protect.dll [2006-10-4 16960]
=============== Created Last 30 ================
2009-03-04 17:41 <DIR> --d----- c:\docume~1\spil2~1\applic~1\Malwarebytes
2009-03-04 17:40 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-04 17:40 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-04 17:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-04 17:40 <DIR> --d----- c:\programmer\Malwarebytes' Anti-Malware
2009-03-03 17:51 <DIR> --d----- c:\programmer\Spybot - Search & Destroy
2009-03-03 17:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-03-02 22:22 <DIR> --d----- c:\programmer\Common Files
2009-02-28 12:19 <DIR> --d----- c:\programmer\Play89
==================== Find3M ====================
2009-01-08 11:55 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-31 17:04 691,560 a------- c:\windows\system32\OGACheckControl.dll
2008-12-31 17:04 528,744 a------- c:\windows\system32\OGAVerify.exe
2008-12-31 17:04 502,120 a------- c:\windows\system32\OGAAddin.dll
2008-12-21 00:03 826,368 a------- c:\windows\system32\wininet.dll
2008-12-13 14:22 423,650 a------- c:\windows\system32\perfh006.dat
2008-12-13 14:22 75,956 a------- c:\windows\system32\perfc006.dat
2008-01-26 16:40 22,328 a------- c:\docume~1\spil2~1\applic~1\PnkBstrK.sys
2008-01-26 16:36 103,736 a------- c:\docume~1\spil2~1\applic~1\PnkBstrB.exe
============= FINISH: 19:06:13,59 ===============
Malwarebytes' Anti-Malware 1.34
Database version: 1817
Windows 5.1.2600 Service Pack 3
04-03-2009 18:58:33
mbam-log-2009-03-04 (18-58-33).txt
Skan type: Fuldstændig skanning (C:\|D:\|)
Objekter skannet: 125237
Tid tilbagelagt: 56 minute(s), 14 second(s)
Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 6
Inficerede Registeringsdatabase Værdier: 0
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 0
Inficerede Filer: 9
Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)
Inficerede Hukommelses Moduler:
(Ingen mistænkelige filer fundet)
Inficerede Registeringsdatabase Nøgler:
HKEY_CLASSES_ROOT\CLSID\{d263fa6d-84cc-48a8-9af6-c664362b7a5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d263fa6d-84cc-48a8-9af6-c664362b7a5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d263fa6d-84cc-48a8-9af6-c664362b7a5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Inficerede Registeringsdatabase Værdier:
(Ingen mistænkelige filer fundet)
Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)
Inficerede Mapper:
(Ingen mistænkelige filer fundet)
Inficerede Filer:
C:\WINDOWS\system32\winconfig.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A421C132-0EEE-48C6-9412-E1DAB1C4F330}\RP360\A0058463.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A421C132-0EEE-48C6-9412-E1DAB1C4F330}\RP360\A0058465.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A421C132-0EEE-48C6-9412-E1DAB1C4F330}\RP360\A0058466.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A421C132-0EEE-48C6-9412-E1DAB1C4F330}\RP361\A0058470.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A421C132-0EEE-48C6-9412-E1DAB1C4F330}\RP361\A0058478.dll (Adware.AskSBAR) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A421C132-0EEE-48C6-9412-E1DAB1C4F330}\RP388\A0060707.DLL (Adware.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A421C132-0EEE-48C6-9412-E1DAB1C4F330}\RP399\A0063158.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A421C132-0EEE-48C6-9412-E1DAB1C4F330}\RP399\A0063159.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.