Hijack af IE startpage

Generelt - skal vi gætte:
Win98, W2000, XP, Vista, ... , ... ?

Hent og instalér CCleaner http://www.ccleaner.com/ + http://www.spywarefri.dk/manualer/ccleaner-manual.htm
Under installationen får du tilbudt [Yahoo Toolbar]. Du kan sige ja eller *NEJ* til den.
Lad programmet foretage en oprydning...

--------

Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe
Eller herfra ->
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).
Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.
Kopier indholdet herind sammen med en frisk log fra HiJackThis...

...og her er omtalte HiJackThis ->
http://www.spywareinfo.dk/index.htm#/manualer/hijackthis.htm

Bemærk at HiJackThis.exe programmet skal gemmes i en dertil oprettet mappe og IKKE køres direkte fra nettet...

PS: Brug denne version af HJT -> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

(Jooo - jeg har 'virus' på hjernen...)

Mht.: Vista - HøjreMusseTast på *.EXE filen - Kør som Administrator...

------------------

jeg har lige installeret CC cleaner, og har både cleanet registry og udført run cleaner. Problemet er stadig ikke løst. Nu har jeg lige instalert Malwarebytes og igang med fuld system scan. HiJackThis har jeg også prøvet, og om lidt viser jeg dig log fra HiJackThis. Lige nu håber jeg at problemet bliver løst med Malwarebytes.

Fra HijackThis har jeg følgende fra log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:15:46, on 30-03-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Users\JIANXI~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Users\Jian Xiong Wu\Desktop\HiJackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ????￥??¨¤?á5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ????￥??¨¤?á5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O15 - Trusted Zone: *.danskebank.dk
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3743E8B0-BE34-4652-9F11-7C4EB22F39B9} (HtmlCtl2 Class) - http://online6.edqm.eu/ep602/NetisUtils/install/safeview.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldda-dk.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel? PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Intel? PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 11430 bytes

Her kommer log fra Malwarebytes efter fuld system scan. Jeg sletter den trymedia, fordi jeg ikke kender dens oprindelse.


Malwarebytes' Anti-Malware 1.35
Database version: 1921
Windows 6.0.6001 Service Pack 1

30-03-2009 23:57:17
mbam-log-2009-03-30 (23-57-17).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 206642
Time elapsed: 1 hour(s), 7 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Jeg har prøvet at genstarte min computer, men stadig er problemet ikke løst. Håber at du har nogen andre gode ideer. På forhånd tak.

Under alle omstændigheder så har du (rester efter)
* Symantec/Norton
parralelt med
* avast! Antivirus

Kør dette oprydnings program ->
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

Manuelt slet følgende mapper (hvis de stadig er der?)
C:\Programmer\Symantec\
C:\Programmer\Norton AntiVirus\
C:\Programmer\Fælles filer\Symantec Shared\
C:\Documents and Settings\All Users\Application Data\Symantec\
C:\Documents and Settings\[Bruger]\Application Data\Symantec\

Ta' en oprydning med CCleaner...

Check med en frisk log fra HiJackThis at alt Symantec/Norton er væk ...

Generelt: Du ved vel selv hvad dette er -> C:\Program Files\Thunder Network\ ??

-- Hent Combofix fra et af disse links, og gem den på dit skrivebord:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

-- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne.
Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt
Indholdet af denne fil må du gerne lægge herind.

Hej Karise,

Nu har jeg fjernet Norton resterne totalt med det remove program du linket til. Efter fjernelse har jeg cleanet med CC cleaner. Med HijackThis kunne jeg ikke finde rester af Norton hellere.
C:\Program Files\Thunder Network\ er en P2P deling program, så den kender jeg godt.

Nu henter jeg combofix, og kører den igennem. Du siger bare til, hvis du vil se log fra hijackthis igen.

Her er resultat efter scanning med Combofix:

ComboFix 09-03-31.01 - Jian Xiong Wu 2009-03-31 21:42:42.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.1.1033.18.2037.1123 [GMT 2:00]
Kører fra: c:\tddownload\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 081218-0] *On-access scanning enabled* (Updated)
.

(((((((((((((((((((((((((((((  Filer skabt fra 2009-02-28 til 2009-03-31  )))))))))))))))))))))))))))))))))))
.

2009-03-31 08:35 . 2009-03-31 08:35    <DIR>    d--------    c:\users\All Users\NortonInstaller
2009-03-31 08:35 . 2009-03-31 08:35    <DIR>    d--------    c:\programdata\NortonInstaller
2009-03-30 22:46 . 2009-03-30 22:46    <DIR>    d--------    c:\users\Jian Xiong Wu\AppData\Roaming\Malwarebytes
2009-03-30 22:46 . 2009-03-30 22:46    <DIR>    d--------    c:\users\All Users\Malwarebytes
2009-03-30 22:46 . 2009-03-30 22:46    <DIR>    d--------    c:\programdata\Malwarebytes
2009-03-30 22:46 . 2009-03-30 22:46    <DIR>    d--------    c:\program files\Malwarebytes' Anti-Malware
2009-03-30 22:46 . 2009-03-26 16:49    38,496    --a------    c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-30 22:46 . 2009-03-26 16:49    15,504    --a------    c:\windows\System32\drivers\mbam.sys
2009-03-30 22:32 . 2009-03-30 22:32    <DIR>    d--------    c:\program files\CCleaner
2009-03-30 18:47 . 2009-03-30 18:47    <DIR>    d--------    c:\program files\Trend Micro
2009-03-27 12:36 . 2009-03-27 12:36    <DIR>    d--------    c:\users\Jian Xiong Wu\AppData\Roaming\CyberLink
2009-03-27 12:35 . 2009-03-27 12:36    <DIR>    d--------    c:\users\All Users\CyberLink
2009-03-27 12:35 . 2009-03-27 12:36    <DIR>    d--------    c:\programdata\CyberLink
2009-03-25 22:43 . 2009-03-25 22:43    <DIR>    d--------    c:\program files\Microsoft Works
2009-03-25 22:37 . 2009-03-25 22:37    <DIR>    d--------    c:\program files\Microsoft Visual Studio 8
2009-03-25 22:34 . 2009-03-25 22:34    <DIR>    dr-h-----    C:\MSOCache
2009-03-23 09:11 . 2009-03-23 22:56    <DIR>    d-a------    c:\users\All Users\TEMP
2009-03-23 09:11 . 2009-03-23 22:56    <DIR>    d-a------    c:\programdata\TEMP
2009-03-21 17:08 . 2009-03-31 19:38    <DIR>    d--------    c:\users\Jian Xiong Wu\Tracing
2009-03-21 17:07 . 2009-03-21 17:07    <DIR>    d--------    c:\program files\Microsoft Sync Framework
2009-03-21 17:02 . 2009-03-21 17:02    <DIR>    d--------    c:\program files\Windows Live SkyDrive
2009-03-21 16:59 . 2009-03-21 16:59    <DIR>    d--------    c:\program files\Common Files\Windows Live
2009-03-20 00:00 . 2009-03-20 00:00    <DIR>    d--------    c:\program files\Common Files\DivX Shared
2009-03-11 09:16 . 2009-02-09 05:10    2,033,152    --a------    c:\windows\System32\win32k.sys
2009-03-11 09:16 . 2008-11-27 06:43    268,288    --a------    c:\windows\System32\schannel.dll
2009-03-08 12:30 . 2009-03-08 12:30    <DIR>    d--------    c:\users\Public\Roaming
2009-03-08 12:30 . 2009-03-08 12:30    <DIR>    d--------    c:\users\Jian Xiong Wu\Roaming
2009-03-08 12:30 . 2009-03-08 12:30    <DIR>    d--------    c:\users\Jian Xiong Wu\AppData\Roaming\Intel
2009-03-08 12:30 . 2009-03-08 12:30    <DIR>    d--------    c:\users\Default\Roaming
2009-03-08 12:30 . 2009-03-08 12:30    <DIR>    d--------    c:\users\All Users\Roaming
2009-03-08 12:30 . 2009-03-08 12:30    <DIR>    d--------    c:\programdata\Roaming
2009-03-08 12:27 . 2009-03-08 12:27    <DIR>    d--------    c:\users\All Users\Intel
2009-03-08 12:27 . 2009-03-08 12:27    <DIR>    d--------    c:\programdata\Intel
2009-03-08 12:27 . 2009-03-08 12:27    <DIR>    d--------    c:\program files\Common Files\Intel
2009-03-08 12:27 . 2009-03-08 12:27    <DIR>    d--------    c:\program files\Cisco
2009-03-08 12:23 . 2008-12-16 05:29    8,147,456    --a------    c:\windows\System32\wmploc.DLL
2009-03-08 12:23 . 2008-12-16 07:31    7,680    --a------    c:\windows\System32\spwmp.dll
2009-03-08 12:23 . 2008-12-16 07:31    4,096    --a------    c:\windows\System32\msdxm.ocx
2009-03-08 12:23 . 2008-12-16 07:31    4,096    --a------    c:\windows\System32\dxmasf.dll
2009-03-08 00:03 . 2009-03-08 00:03    <DIR>    d--------    c:\users\Jian Xiong Wu\AppData\Roaming\Media Player Classic
2009-03-08 00:03 . 2009-03-08 00:03    <DIR>    d--------    c:\program files\Real Alternative
2009-03-07 23:57 . 2009-03-07 23:58    <DIR>    d--------    c:\users\Jian Xiong Wu\AppData\Roaming\dvdcss
2009-03-07 23:56 . 2009-03-07 23:56    <DIR>    d--------    c:\program files\VideoLAN
2009-03-05 23:34 . 2009-03-31 08:38    <DIR>    dr-------    c:\program files\.
2009-03-05 23:25 . 2009-03-05 23:27    <DIR>    d--------    c:\users\Jian Xiong Wu\AppData\Roaming\Maxthon
2009-03-05 23:21 . 2009-03-05 23:22    <DIR>    d--------    c:\users\Jian Xiong Wu\AppData\Roaming\MxBoost
2009-03-05 23:21 . 2009-03-05 23:23    <DIR>    d--------    c:\users\Jian Xiong Wu\AppData\Roaming\Maxthon2
2009-02-19 22:10 . 2009-02-19 22:10    <DIR>    d--------    c:\program files\Bonjour
2009-02-15 22:37 . 2008-12-05 06:32    428,544    --a------    c:\windows\System32\EncDec.dll
2009-02-15 22:37 . 2008-12-05 06:32    293,376    --a------    c:\windows\System32\psisdecd.dll
2009-02-15 22:37 . 2008-12-05 06:31    217,088    --a------    c:\windows\System32\psisrndr.ax
2009-02-15 22:37 . 2008-12-05 06:31    80,896    --a------    c:\windows\System32\MSNP.ax
2009-02-15 22:36 . 2008-12-05 06:31    177,664    --a------    c:\windows\System32\mpg2splt.ax
2009-02-11 10:40 . 2009-01-15 05:36    1,383,424    --a------    c:\windows\System32\mshtml.tlb
2009-02-11 10:40 . 2009-01-15 08:11    827,392    --a------    c:\windows\System32\wininet.dll
2009-02-10 21:49 . 2009-03-31 21:27    <DIR>    d--------    C:\TDDOWNLOAD
2009-02-06 20:48 . 2009-02-06 20:48    308,104    --a------    c:\windows\WLXPGSS.SCR
2009-02-06 19:52 . 2009-02-06 19:52    49,504    --a------    c:\windows\System32\sirenacm.dll
2009-02-03 22:51 . 2009-02-03 22:51    <DIR>    d--------    c:\users\All Users\Hewlett-Packard
2009-02-03 22:51 . 2009-02-03 22:51    <DIR>    d--------    c:\programdata\Hewlett-Packard

.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-31 06:37    ---------    d-----w    c:\program files\Common Files\Symantec Shared
2009-03-26 19:20    ---------    d-----w    c:\programdata\Microsoft Help
2009-03-25 20:43    ---------    d-----w    c:\program files\MSBuild
2009-03-25 20:40    ---------    d-----w    c:\program files\Microsoft.NET
2009-03-25 19:58    ---------    d-----w    c:\program files\Microsoft Small Business
2009-03-25 19:51    ---------    d-----w    c:\program files\Microsoft
2009-03-21 15:08    ---------    d-----w    c:\program files\Windows Live
2009-03-21 15:07    ---------    d-----w    c:\program files\Windows Live Toolbar
2009-03-19 22:00    ---------    d-----w    c:\program files\DivX
2009-03-12 07:06    ---------    d-----w    c:\program files\Windows Mail
2009-03-08 10:27    ---------    d-----w    c:\program files\Intel
2009-03-08 08:30    ---------    d-----w    c:\program files\QvodPlayer
2009-03-08 08:29    129    ----a-w    C:\DelUS.bat
2009-02-27 07:55    ---------    d-----w    c:\program files\Microsoft Silverlight
2009-02-25 22:58    ---------    d-----w    c:\programdata\Thunder Network
2009-02-05 21:06    51,792    ----a-w    c:\windows\system32\drivers\aswMonFlt.sys
2009-01-31 10:36    ---------    d-----w    c:\program files\Microsoft SQL Server
2009-01-27 01:34    90,112    ----a-w    c:\windows\System32\dpl100.dll
2009-01-27 01:34    823,296    ----a-w    c:\windows\System32\divx_xx0c.dll
2009-01-27 01:34    823,296    ----a-w    c:\windows\System32\divx_xx07.dll
2009-01-27 01:34    815,104    ----a-w    c:\windows\System32\divx_xx0a.dll
2009-01-27 01:34    802,816    ----a-w    c:\windows\System32\divx_xx11.dll
2009-01-27 01:34    684,032    ----a-w    c:\windows\System32\DivX.dll
2008-12-12 10:18    87,336    ----a-w    c:\windows\System32\dns-sd.exe
2008-12-12 10:11    61,440    ----a-w    c:\windows\System32\dnssd.dll
2008-06-16 19:10    174    --sha-w    c:\program files\desktop.ini
2008-01-21 09:10    131,320    ----a-w    c:\users\Jian Xiong Wu\dhtnodes.dat
2009-02-21 13:43    36,864    ----a-w    c:\program files\mozilla firefox\components\NsThunderLoader.dll
2009-02-21 13:43    53,248    ----a-w    c:\program files\mozilla firefox\components\ThunderComponent.dll
2008-06-11 07:50    16,384    --sha-w    c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-06-11 07:50    32,768    --sha-w    c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-06-11 07:50    16,384    --sha-w    c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

(((((((((((((((((((((((((((((  SnapShot@2009-03-31_21.32.46,34  )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-31 12:59:44    2,048    --sha-w    c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-03-31 19:37:16    2,048    --sha-w    c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-03-31 12:59:44    2,048    --sha-w    c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-03-31 19:37:16    2,048    --sha-w    c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-03-31 19:32:12    262,144    --sha-w    c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-31 19:39:46    262,144    --sha-w    c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-31 19:39:46    262,144    ---ha-w    c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-03-31 19:32:06    262,144    --sha-w    c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-31 19:45:27    262,144    --sha-w    c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-31 19:45:27    262,144    ---ha-w    c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-03-31 17:03:42    16,384    --sha-w    c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-31 19:39:25    16,384    --sha-w    c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-31 17:03:42    32,768    --sha-w    c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-31 19:39:25    32,768    --sha-w    c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-31 17:03:42    16,384    --sha-w    c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-31 19:39:25    16,384    --sha-w    c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-26 05:26:34    373,824    ----a-w    c:\windows\System32\FNTCACHE.DAT
+ 2009-03-31 19:37:54    373,328    ----a-w    c:\windows\System32\FNTCACHE.DAT
- 2009-03-31 13:04:40    119,616    ----a-w    c:\windows\System32\perfc009.dat
+ 2009-03-31 19:43:59    119,616    ----a-w    c:\windows\System32\perfc009.dat
- 2009-03-31 13:04:40    636,790    ----a-w    c:\windows\System32\perfh009.dat
+ 2009-03-31 19:43:59    636,790    ----a-w    c:\windows\System32\perfh009.dat
- 2009-03-31 13:01:48    17,912    ----a-w    c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3820551311-3380988936-101704058-1003_UserData.bin
+ 2009-03-31 19:40:03    17,912    ----a-w    c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3820551311-3380988936-101704058-1003_UserData.bin
- 2009-03-31 13:01:48    83,882    ----a-w    c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-31 19:40:03    83,890    ----a-w    c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-03-31 13:01:46    76,912    ----a-w    c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-03-31 19:39:59    76,912    ----a-w    c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 857648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-08 54832]
"PLFSet"="c:\windows\PLFSet.dll" [2007-03-10 45056]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-28 185896]
"Google IME Autoupdater"="c:\program files\Google\Google Pinyin\GooglePinyinDaemon.exe" [2008-10-17 308720]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-03-16 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-16 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 14:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 11:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Thunder]
--a------ 2009-02-21 15:44 50640 c:\program files\Thunder Network\Thunder\Thunder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F728952E-482F-4570-83E8-D9C75662E2A5}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{07D606A1-5BC6-4C5D-95F1-A53C743034FC}"= UDP:c:\program files\Funshion Online\Funshion\Funshion.exe:Funshion
"{8F1DFFD5-D28F-418B-81A9-0F7C73E788B1}"= TCP:c:\program files\Funshion Online\Funshion\Funshion.exe:Funshion
"TCP Query User{F1956E6A-FDD4-441F-BB99-12DE50D7133A}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{8D8125FF-1E7C-4CDD-ACA9-F424BBA92985}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{F55D1C51-8F21-4E90-9F1E-38FCB21A996B}c:\\program files\\qvodplayer\\qvodterminal.exe"= UDP:c:\program files\qvodplayer\qvodterminal.exe:QvodTerminal
"UDP Query User{DE4C7A1C-60CC-4CA8-AEA0-56A0B558FAED}c:\\program files\\qvodplayer\\qvodterminal.exe"= TCP:c:\program files\qvodplayer\qvodterminal.exe:QvodTerminal
"TCP Query User{396628AB-9149-4A96-A249-E88A0931BC6F}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{FE4D876D-99EF-4024-88DD-A3C731D3522A}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{0098539B-F10E-4C9E-AC82-5CD522092688}c:\\program files\\qvodplayer\\qvodterminal.exe"= UDP:c:\program files\qvodplayer\qvodterminal.exe:QvodTerminal
"UDP Query User{3069252C-A757-4C11-B051-BADBB7BFAB25}c:\\program files\\qvodplayer\\qvodterminal.exe"= TCP:c:\program files\qvodplayer\qvodterminal.exe:QvodTerminal
"{A0D41914-9CAB-4867-95C3-CB829F9FA827}"= UDP:c:\program files\VoipStunt.com\VoipStunt\VoipStunt.exe:VoipStunt
"{4ECF7234-E409-438D-818A-BA202EEB74AE}"= TCP:c:\program files\VoipStunt.com\VoipStunt\VoipStunt.exe:VoipStunt
"TCP Query User{E9C41E6D-50DA-4045-9BBF-C6469BCFC68C}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{AD7DD7AA-5421-471C-8983-0F448A845AA7}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{C54397EC-0C08-409C-9E5A-611587BF983B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{3BC748F8-E378-48E5-9580-6F85D3E914F6}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{EEF52D3F-A673-4DC9-8312-5D559AF546ED}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1C5E5A2D-56E6-455B-AFF5-065AA12481D6}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E6CEDB93-60A8-4477-9CA4-B66694A94999}"= UDP:c:\program files\thunder network\thunder\Program\Thunder5.exe:Thunder
"{315993DD-05CF-41AF-8C9D-86E5871672D1}"= TCP:c:\program files\thunder network\thunder\Program\Thunder5.exe:Thunder
"{153DC54E-67E5-4099-BFFB-397AC7A1DB4C}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{E861B0E7-2C5A-4213-A7BA-837A63600CA2}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{61EE92EC-51CB-402C-B6C1-898241A9AA21}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{F5197C3C-D942-4996-8C67-0E9EFF3BD1AA}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{4B1F5088-E535-4D60-8847-76DF66A7E393}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{958B9024-E379-4E39-8598-7F77A59A5189}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B3F95407-0534-410F-B6EE-1EB88EA0751D}"= UDP:c:\users\Jian Xiong Wu\AppData\Local\Temp\7zSE197.tmp\SymNRT.exe:Norton Removal Tool
"{06FE33F7-D928-4E5A-91AC-F85223F52E43}"= TCP:c:\users\Jian Xiong Wu\AppData\Local\Temp\7zSE197.tmp\SymNRT.exe:Norton Removal Tool

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-05-25 114768]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2007-09-26 07:35:05 13560]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-05-25 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2008-05-25 51792]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2007-02-09 179712]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [2008-11-17 3668480]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\System32\drivers\usbaapl.sys [2008-11-07 32000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ      BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b8a7d57-e591-11dd-910a-001b24585b23}]
\shell\AutoRun\command - F:\LaunchU3.exe -a
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.hotmail.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://da.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: ?????? - c:\program files\Thunder Network\Thunder\Program\geturl.htm
IE: ?????????? - c:\program files\Thunder Network\Thunder\Program\getallurl.htm
IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - c:\program files\Thunder Network\Thunder\Thunder.exe
Trusted Zone: danskebank.dk
DPF: {3743E8B0-BE34-4652-9F11-7C4EB22F39B9} - hxxp://online6.edqm.eu/ep602/NetisUtils/install/safeview.cab
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
FF - ProfilePath - c:\users\Jian Xiong Wu\AppData\Roaming\Mozilla\Firefox\Profiles\yes3aaqd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-31 21:45:37
Windows 6.0.6001 Service Pack 1 NTFS

scanner skjulte processer ... 

scanner skjulte autostarter ...

scanner skjulte filer ... 


c:\users\JIANXI~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

scanning gennemført med succes
skjulte filer: 1

**************************************************************************
.
Gennemført tid: 2009-03-31 21:47:36
ComboFix-quarantined-files.txt  2009-03-31 19:47:32
ComboFix2.txt  2009-03-31 19:34:21

Pre-Kørsel: 21.341.106.176 bytes free
Post-Kørsel: 21,306,580,992 bytes free

270    --- E O F ---    2009-03-31 06:26:06

Det ser ud til at startside problemet blev løst i forbindelse med at jeg skiftede sprog indstilling fra kinesisk til Dansk. Der der noget fra log filen fra combofix som står på kinesisk. For at få filen til at blive på dansk måtte jeg skifte sproget for non-unicode program over til dansk fra kinesisk. Da det blev skiftede til dansk, blev startside problemet løst øjeblikkelig. Da jeg derefter uploadede log filen, ændre jeg sproget tilbage til kinesisk, og startside problemet bliver løst. Du skal have tak for din hjælp, hvis du skriver et svar, lukker jeg tråden.

Se det var da en spøjs detalje ?

[Ping]...
(Det var et [svar]...)