Spywarefri Forum | MSN-ormen...HJÆLP SAP

1 af 2

MSN-ormen…HJÆLP SAP

[ Ignorer ] DMadsen
21.09.2006 00:20:38 Antal indlæg: 15	Hejsa.. Jeg har fulgt din vejledning og er langt om længe kommet til at skulle sende alle logfilerne ind til jer. Jeg håber det her er rigtigt, for vil meget gerne af med den her orm.. Mine logfiler er her: SUPERAntiSpyware Scan Log Generated 09/20/2006 at 12:19 PM Core Rules Database Version : 3088 Trace Rules Database Version: 1117 Memory threats detected : 5 Registry threats detected : 274 File threats detected : 178 Adware.Adservs C:\WINDOWS\RGL0DGUGTWFKC2VU\ASAPPSRV.DLL C:\WINDOWS\RGL0DGUGTWFKC2VU\ASAPPSRV.DLL C:\WINDOWS\system32\atmtd.dll C:\WINDOWS\system32\atmtd.dll._ C:\WINDOWS\RGl0dGUgTWFkc2Vu\__delete_on_reboot__asappsrv.dll Trojan.Defender1 C:\DFNDRFF_E7.EXE C:\DFNDRFF_E7.EXE C:\DFNDRFF_E8.EXE C:\DFNDRFF_E8.EXE [defender] c:\\dfndrff_e8.exe c:\\dfndrff_e8.exe C:\WINDOWS\Prefetch\DFNDRFF_E7.EXE-0E0729EE.pf C:\WINDOWS\Prefetch\DFNDRFF_E8.EXE-2BC46452.pf Trojan.WinSysBan C:\KYBRDFF_E7.EXE C:\KYBRDFF_E7.EXE C:\WINDOWS\Prefetch\KYBRDFF_E7.EXE-015E454E.pf Trojan.GimmySmilies C:\NWNMFF_E7.EXE C:\NWNMFF_E7.EXE C:\WINDOWS\Prefetch\NWNMFF_E7.EXE-00D340C0.pf Adware.UCMore/The Search Accelerator HKLM\Software\Classes\CLSID\{44BE0690-5429-47F0-85BB-3FFD8020233E} HKCR\CLSID\{44BE0690-5429-47F0-85BB-3FFD8020233E} HKCR\CLSID\{44BE0690-5429-47F0-85BB-3FFD8020233E} HKCR\CLSID\{44BE0690-5429-47F0-85BB-3FFD8020233E}\Implemented Categories HKCR\CLSID\{44BE0690-5429-47F0-85BB-3FFD8020233E}\Implemented Categories\{00021492-0000-0000-C000-000000000046} HKCR\CLSID\{44BE0690-5429-47F0-85BB-3FFD8020233E}\InprocServer32 HKCR\CLSID\{44BE0690-5429-47F0-85BB-3FFD8020233E}\InprocServer32#ThreadingModel C:\Programmer\TheSearchAccelerator\UCMTSAIE.dll HKLM\Software\Microsoft\Internet Explorer\Toolbar#{44BE0690-5429-47f0-85BB-3FFD8020233E} HKU\S-1-5-21-1439632340-1600326224-1983576-1005\Software\Microsoft\Internet Explorer\Toolbar#{44BE0690-5429-47f0-85BB-3FFD8020233E} HKU\S-1-5-21-1439632340-1600326224-1983576-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{44BE0690-5429-47F0-85BB-3FFD8020233E} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator#DisplayVersion HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator#HelpLink HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator#Publisher HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator#URLInfoAbout HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator#Contact HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator#Comments HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator#DisplayIcon HKU\S-1-5-21-1439632340-1600326224-1983576-1005\Software\Effective-i HKLM\Software\Effective-i HKLM\Software\Effective-i\TheSearchAccelerator HKLM\Software\Effective-i\TheSearchAccelerator#status HKLM\Software\Effective-i\TheSearchAccelerator#ComId HKLM\Software\Effective-i\TheSearchAccelerator#NumberOfIconsLimit HKLM\Software\Effective-i\TheSearchAccelerator#Path HKLM\Software\Effective-i\TheSearchAccelerator#SponsorUserID HKLM\Software\Effective-i\TheSearchAccelerator#Version HKLM\Software\Effective-i\TheSearchAccelerator#Write us link HKLM\Software\Effective-i\TheSearchAccelerator#RSSPath HKLM\Software\Effective-i\TheSearchAccelerator#Server HKLM\Software\Effective-i\TheSearchAccelerator#Server2 HKLM\Software\Effective-i\TheSearchAccelerator#SponsorServer HKLM\Software\Effective-i\TheSearchAccelerator#ImportFavorite HKLM\Software\Effective-i\TheSearchAccelerator#LastAutoOpenPane HKLM\Software\Effective-i\TheSearchAccelerator#SponsorId HKLM\Software\Effective-i\TheSearchAccelerator#UserID HKLM\Software\Effective-i\TheSearchAccelerator#FirstLogin HKLM\Software\Effective-i\TheSearchAccelerator#ShowRelevancyTooltip HKLM\Software\Effective-i\TheSearchAccelerator#ResultsInNewWin HKLM\Software\Effective-i\TheSearchAccelerator#LoginCache HKLM\Software\Effective-i\TheSearchAccelerator#NewLogin HKLM\Software\Effective-i\TheSearchAccelerator#LastClick HKLM\Software\Effective-i\TheSearchAccelerator#LastBidClick HKLM\Software\Effective-i\TheSearchAccelerator\IE5 HKLM\Software\Effective-i\TheSearchAccelerator\IE5#AutoArrange HKLM\Software\Effective-i\TheSearchAccelerator\IE5#ClearCache HKU\S-1-5-21-1439632340-1600326224-1983576-1005\Software\Maxthon\Plugin\toolbar\{44BE0690-5429-47f0-85BB-3FFD8020233E} C:\Programmer\TheSearchAccelerator\INSTALL.LOG C:\Programmer\TheSearchAccelerator\UNWISE.EXE C:\Programmer\TheSearchAccelerator\toolbar.cfg C:\Programmer\TheSearchAccelerator\logo.ico C:\Programmer\TheSearchAccelerator\TBlogin.users.ucmore.com.4.5.40.0 C:\Programmer\TheSearchAccelerator\__delete_on_reboot__U_C_M_T_S_A_I_E_.#d_l_l_ C:\Programmer\TheSearchAccelerator C:\Documents and Settings\Ditte Madsen\Menuen Start\Programmer\UCmore - The Search Accelerator\UCmore - The Search Accelerator.lnk C:\Documents and Settings\Ditte Madsen\Menuen Start\Programmer\UCmore - The Search Accelerator\UCmore Tour.lnk C:\Documents and Settings\Ditte Madsen\Menuen Start\Programmer\UCmore - The Search Accelerator\How To Uninstall.lnk C:\Documents and Settings\Ditte Madsen\Menuen Start\Programmer\UCmore - The Search Accelerator Browser Hijacker.Deskbar HKLM\Software\Classes\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96} HKCR\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96} HKCR\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96} HKCR\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96}\Implemented Categories HKCR\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} HKCR\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} HKCR\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96}\InprocServer32 HKCR\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96}\InprocServer32#ThreadingModel HKCR\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96}\ProgID HKCR\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96}\Programmable HKCR\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96}\TypeLib HKCR\CLSID\{A8B28872-3324-4CD2-8AA3-7D555C872D96}\VersionIndependentProgID C:\Programmer\Deskbar\deskbar.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8B28872-3324-4CD2-8AA3-7D555C872D96} HKCR\DBTB00001.DBTB00001 HKCR\DBTB00001.DBTB00001\CLSID HKCR\DBTB00001.DBTB00001\CurVer HKCR\DBTB00001.DBTB00001.1 HKCR\DBTB00001.DBTB00001.1\CLSID HKCR\DBTB00001.DeskBar HKCR\DBTB00001.DeskBar\CLSID HKCR\DBTB00001.DeskBar\CurVer HKCR\DBTB00001.DeskBar.1 HKCR\DBTB00001.DeskBar.1\CLSID HKCR\DBTB00001.deskbarBHO HKCR\DBTB00001.deskbarBHO\CLSID HKCR\DBTB00001.deskbarBHO\CurVer HKCR\DBTB00001.deskbarBHO.1 HKCR\DBTB00001.deskbarBHO.1\CLSID HKCR\DBTB00001.DeskbarEnabler HKCR\DBTB00001.DeskbarEnabler\CLSID HKCR\DBTB00001.DeskbarEnabler.1 HKCR\DBTB00001.DeskbarEnabler.1\CLSID HKCR\CLSID\{D7CC80D4-376C-4586-B023-4F35C2CEB28E} HKCR\CLSID\{D7CC80D4-376C-4586-B023-4F35C2CEB28E}\Implemented Categories HKCR\CLSID\{D7CC80D4-376C-4586-B023-4F35C2CEB28E}\Implemented Categories\{00021492-0000-0000-C000-000000000046} HKCR\CLSID\{D7CC80D4-376C-4586-B023-4F35C2CEB28E}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} HKCR\CLSID\{D7CC80D4-376C-4586-B023-4F35C2CEB28E}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} HKCR\CLSID\{D7CC80D4-376C-4586-B023-4F35C2CEB28E}\InprocServer32 HKCR\CLSID\{D7CC80D4-376C-4586-B023-4F35C2CEB28E}\InprocServer32#ThreadingModel HKCR\CLSID\{D7CC80D4-376C-4586-B023-4F35C2CEB28E}\ProgID HKCR\CLSID\{D7CC80D4-376C-4586-B023-4F35C2CEB28E}\Programmable HKCR\CLSID\{D7CC80D4-376C-4586-B023-4F35C2CEB28E}\TypeLib HKCR\CLSID\{D7CC80D4-376C-4586-B023-4F35C2CEB28E}\VersionIndependentProgID HKCR\CLSID\{D8C2D4B4-EEAF-4EC4-B1F8-9B6ED15D5A38} HKCR\CLSID\{D8C2D4B4-EEAF-4EC4-B1F8-9B6ED15D5A38}\InprocServer32 HKCR\CLSID\{D8C2D4B4-EEAF-4EC4-B1F8-9B6ED15D5A38}\InprocServer32#ThreadingModel HKCR\CLSID\{D8C2D4B4-EEAF-4EC4-B1F8-9B6ED15D5A38}\ProgID HKCR\CLSID\{D8C2D4B4-EEAF-4EC4-B1F8-9B6ED15D5A38}\VersionIndependentProgID HKCR\TypeLib\{A4C8F181-6CDB-4DCC-9FC9-BB9933C81E1F} HKCR\TypeLib\{A4C8F181-6CDB-4DCC-9FC9-BB9933C81E1F}\1.0 HKCR\TypeLib\{A4C8F181-6CDB-4DCC-9FC9-BB9933C81E1F}\1.0\0 HKCR\TypeLib\{A4C8F181-6CDB-4DCC-9FC9-BB9933C81E1F}\1.0\0\win32 HKCR\TypeLib\{A4C8F181-6CDB-4DCC-9FC9-BB9933C81E1F}\1.0\FLAGS HKCR\TypeLib\{A4C8F181-6CDB-4DCC-9FC9-BB9933C81E1F}\1.0\HELPDIR HKCR\Interface\{8F15B157-40D9-4B20-8D3B-B1F8B475B58D} HKCR\Interface\{8F15B157-40D9-4B20-8D3B-B1F8B475B58D}\ProxyStubClsid HKCR\Interface\{8F15B157-40D9-4B20-8D3B-B1F8B475B58D}\ProxyStubClsid32 HKCR\Interface\{8F15B157-40D9-4B20-8D3B-B1F8B475B58D}\TypeLib HKCR\Interface\{8F15B157-40D9-4B20-8D3B-B1F8B475B58D}\TypeLib#Version HKCR\Interface\{A0881AA1-68BE-41AC-9C0D-4C8A69C6C72C} HKCR\Interface\{A0881AA1-68BE-41AC-9C0D-4C8A69C6C72C}\ProxyStubClsid HKCR\Interface\{A0881AA1-68BE-41AC-9C0D-4C8A69C6C72C}\ProxyStubClsid32 HKCR\Interface\{A0881AA1-68BE-41AC-9C0D-4C8A69C6C72C}\TypeLib HKCR\Interface\{A0881AA1-68BE-41AC-9C0D-4C8A69C6C72C}\TypeLib#Version HKCR\Interface\{E827FFD9-95D1-4B49-BEB3-5D49E688C108} HKCR\Interface\{E827FFD9-95D1-4B49-BEB3-5D49E688C108}\ProxyStubClsid HKCR\Interface\{E827FFD9-95D1-4B49-BEB3-5D49E688C108}\ProxyStubClsid32 HKCR\Interface\{E827FFD9-95D1-4B49-BEB3-5D49E688C108}\TypeLib HKCR\Interface\{E827FFD9-95D1-4B49-BEB3-5D49E688C108}\TypeLib#Version HKU\S-1-5-21-1439632340-1600326224-1983576-1005\Software\DBTB00001 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DBTB00001.DBTB00001Deskbar HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DBTB00001.DBTB00001Deskbar#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DBTB00001.DBTB00001Deskbar#UninstallString C:\Documents and Settings\Lasse\Lokale indstillinger\Temporary Internet Files\Content.IE5\C5G9IP8J\deskbar[1].exe C:\deskbar7.exe C:\deskbar8.exe C:\WINDOWS\Prefetch\DESKBAR8.EXE-14635CAD.pf Trojan.IEObject/Win HKLM\Software\Classes\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}#AppID HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}\Control HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}\InprocServer32 HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}\InprocServer32#ThreadingModel HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}\MiscStatus HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}\MiscStatus\1 HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}\ProgID HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}\ToolboxBitmap32 HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}\TypeLib HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}\Version HKCR\CLSID\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}\VersionIndependentProgID C:\WINDOWS\IEObject.dll Adware.ToolBar888 HKLM\Software\Classes\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A} HKCR\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A} HKCR\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A} HKCR\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}\InprocServer32 HKCR\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}\InprocServer32#ThreadingModel HKCR\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}\ProgID HKCR\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}\Programmable HKCR\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}\TypeLib HKCR\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}\VersionIndependentProgID C:\Programmer\ToolBar888\MyToolBar.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A} HKLM\Software\Microsoft\Internet Explorer\Toolbar#{CBCC61FA-0221-4ccc-B409-CEE865CACA3A} HKCR\MyToolBar.MyToolBarObj.1 HKCR\MyToolBar.MyToolBarObj.1\CLSID HKCR\MyToolBar.MyToolBarObj HKCR\MyToolBar.MyToolBarObj\CLSID HKCR\MyToolBar.MyToolBarObj\CurVer HKCR\TypeLib\{CD2A09D7-EE7E-4c25-993C-C2678ECFAD01} HKU\S-1-5-21-1439632340-1600326224-1983576-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{CBCC61FA-0221-4CCC-B409-CEE865CACA3A} C:\Programmer\Toolbar888\MyToolBa0.#ll C:\Programmer\Toolbar888\Activate.exe C:\Programmer\Toolbar888\Uninst.exe C:\Programmer\Toolbar888 HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208} HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0 HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\0 HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\0\win32 HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\FLAGS HKCR\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}\1.0\HELPDIR HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B} HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\ProxyStubClsid32 HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib HKCR\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}\TypeLib#Version HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToolBar888 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToolBar888#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToolBar888#UninstallString HKLM\Software\Classes\MyToolBar.MyToolBarObj HKLM\Software\Classes\MyToolBar.MyToolBarObj\CLSID HKLM\Software\Classes\MyToolBar.MyToolBarObj\CurVer HKLM\Software\Classes\MyToolBar.MyToolBarObj.1 HKLM\Software\Classes\MyToolBar.MyToolBarObj.1\CLSID HKU\S-1-5-21-1439632340-1600326224-1983576-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CBCC61FA-0221-4CCC-B409-CEE865CACA3A} Adware.Tracking Cookie C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@postclicktracking[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte .[2].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@globalstat[2].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@1068257222[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@mediaplex[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte .[2].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte .[2].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte .[2].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@cgi-bin[2].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@atdmt[2].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte .[2].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@1069495604[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte .[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@advertising[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@denmark[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@superstats[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@1070999353[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@ebookers[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte .[4].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@888[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte .[4].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@hotbar[2].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@den[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte .[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte .[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@1070926688[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@adtech[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte .[2].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte .[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@hitbox[2].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte .[2].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte .[2].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@cassava[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte .[2].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte .[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@partypoker[2].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@revsci[2].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@bluestreak[2].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@roi[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@overture[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte .[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte .[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte .[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte .[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte .[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte .[2].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@kmpads[2].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@interclick[2].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte .[2].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@realmedia[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@statcounter[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte .[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@zedo[2].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@admarketplace[2].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@cpvfeed[2].txt C:\WINDOWS\Temp\Cookies\ditte madsen@mediaplex[1].txt C:\WINDOWS\Temp\Cookies\ditte .[1].txt C:\WINDOWS\Temp\Cookies\ditte madsen@cpvfeed[2].txt C:\WINDOWS\Temp\Cookies\ditte madsen@winantivirus[2].txt C:\WINDOWS\Temp\Cookies\ditte .[2].txt C:\WINDOWS\Temp\Cookies\ditte madsen@indexstats[2].txt C:\WINDOWS\Temp\Cookies\ditte .[2].txt C:\WINDOWS\Temp\Cookies\ditte madsen@doubleclick[1].txt C:\WINDOWS\Temp\Cookies\ditte .[2].txt C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\Cookies\ditte .[2].txt C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\Cookies\ditte .[1].txt C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\Cookies\ditte .[1].txt C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\Cookies\ditte .[1].txt C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\Cookies\ditte .[1].txt C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\Cookies\ditte .[2].txt C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\Cookies\ditte madsen@tradedoubler[2].txt C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\Cookies\ditte .[1].txt C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\Cookies\ditte madsen@interclick[2].txt C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\Cookies\ditte madsen@partypoker[2].txt C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\Cookies\ditte .[1].txt C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\Cookies\ditte madsen@bluestreak[2].txt C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\Cookies\ditte madsen@mediaplex[1].txt C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\Cookies\ditte madsen@indexstats[2].txt C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\Cookies\ditte madsen@atdmt[2].txt C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\Cookies\ditte madsen@apmebf[1].txt C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\Cookies\ditte madsen@cpvfeed[2].txt C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\Cookies\ditte .[1].txt C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\Cookies\ditte madsen@winantivirus[1].txt C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\Cookies\ditte .[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte .[2].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte .[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@adfair[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@hotbar[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@revsci[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte .[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte .[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte .[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte .[3].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte .[3].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte .[1].txt C:\Documents and Settings\Ditte Madsen\Cookies\ditte .[2].txt C:\Documents and Settings\Lasse\Cookies\lasse@statcounter[1].txt C:\Documents and Settings\Lasse\Cookies\lasse@belnk[1].txt C:\Documents and Settings\Lasse\Cookies\lasse@dist.belnk[2].txt C:\Documents and Settings\Lasse\Cookies\lasse@ilead.itrack[1].txt C:\Documents and Settings\Lasse\Cookies\lasse@advertising[1].txt C:\Documents and Settings\Lasse\Cookies\lasse@tradedoubler[1].txt C:\Documents and Settings\Lasse\Cookies\lasse@track.adform[2].txt C:\Documents and Settings\Lasse\Cookies\lasse@track.adform[4].txt C:\Documents and Settings\Lasse\Cookies\lasse@track.adform[3].txt C:\Documents and Settings\Lasse\Cookies\lasse@ad.yieldmanager[2].txt C:\Documents and Settings\Lasse\Cookies\lasse@doubleclick[1].txt C:\Documents and Settings\Lasse\Cookies\lasse@bluestreak[1].txt C:\Documents and Settings\Lasse\Cookies\lasse@partypoker[1].txt C:\Documents and Settings\Lasse\Cookies\lasse@www.globaladvertisingservices[2].txt C:\Documents and Settings\Lasse\Cookies\lasse@adserver.banneradministration[2].txt C:\Documents and Settings\Lasse\Cookies\lasse@ad1.emediate[2].txt Adware.WhenU HKCR\AppId\ACM.DLL HKCR\AppId\ACM.DLL#AppID C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP110\A0009993.exe Adware.SurfSideKick C:\Documents and Settings\Ditte Madsen\Application Data\Sskcwrd.dll Trojan.NetMon/DNSChange HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#Contact HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#DisplayVersion HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#NoModify HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#NoRemove HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#NoRepair HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A394E835-C8D6-4B4B-884B-D2709059F3BE}#UninstallString C:\Programmer\Network Monitor Trojan.cmdService HKLM\SYSTEM\CurrentControlSet\Services\cmdService HKLM\SYSTEM\CurrentControlSet\Services\cmdService#Type HKLM\SYSTEM\CurrentControlSet\Services\cmdService#Start HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ErrorControl HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ImagePath HKLM\SYSTEM\CurrentControlSet\Services\cmdService#DisplayName HKLM\SYSTEM\CurrentControlSet\Services\cmdService#ObjectName HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Security HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Security#Security HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#0 HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#Count HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#NextInstance HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#Contact HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#DisplayVersion HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#NoModify HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#NoRemove HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#NoRepair HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877C2CD-F137-4144-BDB2-0A811492F920}#UninstallString HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#DeviceDesc HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000\Control HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000\Control#ActiveService Trojan.SmartLoad HKLM\Software\Microsoft\drsmartload2 HKLM\Software\Microsoft\drsmartload2#Installed C:\WINDOWS\drsmartload2.dat C:\drsmartload.exe Browser Hijacker.Internet Explorer Settings Hijack HKU\S-1-5-21-1439632340-1600326224-1983576-1005\Software\Microsoft\Internet Explorer\Main#Search Page [ http://searchbar.findthewebsiteyouneed.com ] HKLM\Software\Microsoft\Internet Explorer\Main#Search Page [ http://searchbar.findthewebsiteyouneed.com ] HKU\S-1-5-21-1439632340-1600326224-1983576-1005\Software\Microsoft\Internet Explorer\Main#Default_Search_URL [ http://searchbar.findthewebsiteyouneed.com ] HKU\S-1-5-21-1439632340-1600326224-1983576-1005\Software\Microsoft\Internet Explorer\Main#Search Bar [ http://searchbar.findthewebsiteyouneed.com ] HKU\S-1-5-21-1439632340-1600326224-1983576-1005\Software\Microsoft\Internet Explorer\Search\SearchAssistant Explorer\Main#Default_Search_URL [ http://searchbar.findthewebsiteyouneed.com ] Dialer.VacPro HKCR\Progetto1.int_ver34 HKCR\Progetto1.int_ver34\Clsid HKCR\CLSID\{A1426AC5-8CE5-4A00-B71E-011D35709AC6} HKCR\CLSID\{A1426AC5-8CE5-4A00-B71E-011D35709AC6}\Control HKCR\CLSID\{A1426AC5-8CE5-4A00-B71E-011D35709AC6}\Implemented Categories HKCR\CLSID\{A1426AC5-8CE5-4A00-B71E-011D35709AC6}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352} HKCR\CLSID\{A1426AC5-8CE5-4A00-B71E-011D35709AC6}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352} HKCR\CLSID\{A1426AC5-8CE5-4A00-B71E-011D35709AC6}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} HKCR\CLSID\{A1426AC5-8CE5-4A00-B71E-011D35709AC6}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502} HKCR\CLSID\{A1426AC5-8CE5-4A00-B71E-011D35709AC6}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} HKCR\CLSID\{A1426AC5-8CE5-4A00-B71E-011D35709AC6}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} HKCR\CLSID\{A1426AC5-8CE5-4A00-B71E-011D35709AC6}\InprocServer32 HKCR\CLSID\{A1426AC5-8CE5-4A00-B71E-011D35709AC6}\InprocServer32#ThreadingModel HKCR\CLSID\{A1426AC5-8CE5-4A00-B71E-011D35709AC6}\MiscStatus HKCR\CLSID\{A1426AC5-8CE5-4A00-B71E-011D35709AC6}\MiscStatus\1 HKCR\CLSID\{A1426AC5-8CE5-4A00-B71E-011D35709AC6}\ProgID HKCR\CLSID\{A1426AC5-8CE5-4A00-B71E-011D35709AC6}\ToolboxBitmap32 HKCR\CLSID\{A1426AC5-8CE5-4A00-B71E-011D35709AC6}\TypeLib HKCR\CLSID\{A1426AC5-8CE5-4A00-B71E-011D35709AC6}\VERSION HKCR\TypeLib\{4CAB2947-C1D1-4233-AA2E-FE05362A5945} HKCR\TypeLib\{4CAB2947-C1D1-4233-AA2E-FE05362A5945}\2.0 HKCR\TypeLib\{4CAB2947-C1D1-4233-AA2E-FE05362A5945}\2.0\0 HKCR\TypeLib\{4CAB2947-C1D1-4233-AA2E-FE05362A5945}\2.0\0\win32 HKCR\TypeLib\{4CAB2947-C1D1-4233-AA2E-FE05362A5945}\2.0\FLAGS HKCR\TypeLib\{4CAB2947-C1D1-4233-AA2E-FE05362A5945}\2.0\HELPDIR HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/int_ver34.ocx HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/int_ver34.ocx#.Owner HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/int_ver34.ocx#{A1426AC5-8CE5-4A00-B71E-011D35709AC6} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\int_ver34.ocx [ ] C:\WINDOWS\Downloaded Program Files\int_ver34.INF Trojan.DollarRevenue C:\WINDOWS\newname.dat C:\WINDOWS\keyboard1.dat C:\WINDOWS\system32\drsmartload11350.#xe C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\CFBBU4PH\313133352D2D2D[1].exe Trojan.ErrorSafe HKCR\ESSPChck.ESSPChck HKCR\ESSPChck.ESSPChck\CLSID HKCR\ESSPChck.ESSPChck\CurVer HKCR\ESSPChck.ESSPChck.1 HKCR\ESSPChck.ESSPChck.1\CLSID HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d} HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\Implemented Categories HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\InprocServer32 HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\InprocServer32#ThreadingModel HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\ProgID HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\Programmable HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\TypeLib HKCR\clsid\{647b8364-79e0-48e2-a4ca-233abada0c2d}\VersionIndependentProgID HKCR\typelib\{1b197c22-561f-455f-8511-35b1a45c5c9f} HKCR\typelib\{1b197c22-561f-455f-8511-35b1a45c5c9f}\1.0 HKCR\typelib\{1b197c22-561f-455f-8511-35b1a45c5c9f}\1.0\0 HKCR\typelib\{1b197c22-561f-455f-8511-35b1a45c5c9f}\1.0\0\win32 HKCR\typelib\{1b197c22-561f-455f-8511-35b1a45c5c9f}\1.0\FLAGS HKCR\typelib\{1b197c22-561f-455f-8511-35b1a45c5c9f}\1.0\HELPDIR C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP170\A0017035.exe C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP170\A0017036.exe C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP170\A0017037.exe Trojan.Freeprod C:\WINDOWS\system32\alfa.exe C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\0HYN45MF\alfa[1].exe C:\Documents and Settings\Ditte Madsen\Skrivebord\alfa.exe C:\Documents and Settings\Ditte Madsen\alfa.exe C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP170\A0017062.exe C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP172\A0017135.exe C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP173\A0017182.exe Trojan.Unknown Origin C:\WINDOWS\teller2.chk C:\WINDOWS\RGl0dGUgTWFkc2Vu\l35Xx3o0nqI4wZpR.vbs C:\WINDOWS\uninstall_nmon.vbs C:\Documents and Settings\Ditte Madsen\DoctorWeb\Quarantine\cmdinst.exe C:\Documents and Settings\Ditte Madsen\DoctorWeb\Quarantine\installer[1].exe C:\Documents and Settings\Ditte Madsen\DoctorWeb\Quarantine\installer[10.exe Adware.Director C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP170\A0017025.exe C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP170\A0017067.exe C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP172\A0017140.exe C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP173\A0017186.exe ewido anti-spyware - Scan Report ————————————————————————————- + Created at: 13:11:11 20-09-2006 + Scan result: C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP175\A0017317.exe -> Adware.Agent : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP175\A0017316.dll -> Adware.CommAd : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP110\A0009990.#ll -> Adware.SaveNow : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP110\A0009990.#xe -> Adware.SaveNow : No action taken. C:\Programmer\Deskbar\__delete_on_reboot__d_e_s_k_b_a_r_.#d_l_l_ -> Adware.Softomate : No action taken. C:\Programmer\Deskbar\deskbar0.#ll -> Adware.Softomate : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP170\A0017060.#ll -> Adware.Softomate : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP173\A0017220.#ll -> Adware.Softomate : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP174\A0017260.#ll -> Adware.Softomate : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP174\A0017261.#ll -> Adware.Softomate : No action taken. C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\i28____0.#mp -> Adware.SurfSide : No action taken. C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\u48____0.#mp -> Adware.SurfSide : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP170\A0017010.#ll -> Adware.SurfSide : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP170\A0017010.#xe -> Adware.SurfSide : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP170\A0017011.#ll -> Adware.SurfSide : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP170\A0017012.#ll -> Adware.SurfSide : No action taken. C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\GB1VQ6Z9\ucmoreiex[1].#xe/IUCMORE.DLL -> Adware.Ucmore : No action taken. C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\GB1VQ6Z9\ucmoreiex[1].#xe/UCMTSAIE.DLL -> Adware.Ucmore : No action taken. C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\GB1VQ6Z9\ucmoreiex[1].#xe/empty_00000001 -> Adware.Ucmore : No action taken. C:\Documents and Settings\Lasse\Lokale indstillinger\Temporary Internet Files\Content.IE5\C5G9IP8J\ucmoreiex[10.#xe/IUCMORE.DLL -> Adware.Ucmore : No action taken. C:\Documents and Settings\Lasse\Lokale indstillinger\Temporary Internet Files\Content.IE5\C5G9IP8J\ucmoreiex[10.#xe/UCMTSAIE.DLL -> Adware.Ucmore : No action taken. C:\Documents and Settings\Lasse\Lokale indstillinger\Temporary Internet Files\Content.IE5\C5G9IP8J\ucmoreiex[10.#xe/empty_00000001 -> Adware.Ucmore : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP173\A0017254.#xe/IUCMORE.DLL -> Adware.Ucmore : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP173\A0017254.#xe/UCMTSAIE.DLL -> Adware.Ucmore : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP173\A0017254.#xe/empty_00000001 -> Adware.Ucmore : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP175\A0017273.#xe/IUCMORE.DLL -> Adware.Ucmore : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP175\A0017273.#xe/UCMTSAIE.DLL -> Adware.Ucmore : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP175\A0017273.#xe/empty_00000001 -> Adware.Ucmore : No action taken. C:\ucmoreie0.#xe/IUCMORE.DLL -> Adware.Ucmore : No action taken. C:\ucmoreie0.#xe/UCMTSAIE.DLL -> Adware.Ucmore : No action taken. C:\ucmoreie0.#xe/empty_00000001 -> Adware.Ucmore : No action taken. C:\ucmoreiex.#xe/IUCMORE.DLL -> Adware.Ucmore : No action taken. C:\ucmoreiex.#xe/UCMTSAIE.DLL -> Adware.Ucmore : No action taken. C:\ucmoreiex.#xe/empty_00000001 -> Adware.Ucmore : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP175\A0017301.dll -> Adware.Webdir : No action taken. C:\WINDOWS\Downloaded Program Files\int_ver30.#cx -> Dialer.VB.j : No action taken. C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\U9EO7YTZ\int_ver34[1].CAB/int_ver34.ocx -> Dialer.VB.j : No action taken. C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\SHYV4DEV\drsmartload1135a[10.#xe -> Downloader.Adload.fo : No action taken. C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\CFBBU4PH\drsmartload1135a[10.#xe -> Downloader.Adload.fo : No action taken. C:\Documents and Settings\Ditte Madsen\drsmartload11350.#xe -> Downloader.Adload.fo : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP170\A0017060.#xe -> Downloader.Adload.fo : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP172\A0017130.#xe -> Downloader.Adload.fo : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP172\A0017150.#xe -> Downloader.Adload.fo : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP173\A0017180.#xe -> Downloader.Adload.fo : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP173\A0017252.#xe -> Downloader.Adload.fo : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP173\A0017253.#xe -> Downloader.Adload.fo : No action taken. C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\G3BJ3568\loader[1].exe -> Downloader.VB.ach : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP170\A0017023.exe -> Downloader.VB.ach : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP170\A0017065.exe -> Downloader.VB.ach : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP172\A0017138.exe -> Downloader.VB.ach : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP173\A0017184.exe -> Downloader.VB.ach : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP175\A0017305.exe -> Downloader.VB.ach : No action taken. C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\C5G9IP8J\SS1001[10.#xe -> Dropper.Small.qn : No action taken. C:\SS1001newe0.#xe -> Dropper.Small.qn : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP173\A0017240.#xe -> Dropper.Small.qn : No action taken. C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\8XA305I7\Xinstall[1].exe -> Heuristic.Win32.Morphine-Crypted : No action taken. C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\RV5BZ1CW\Xinstall[1].exe -> Heuristic.Win32.Morphine-Crypted : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP170\A0017063.exe -> Heuristic.Win32.Morphine-Crypted : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP172\A0017136.exe -> Heuristic.Win32.Morphine-Crypted : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP172\A0017152.exe -> Heuristic.Win32.Morphine-Crypted : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP172\A0017158.exe -> Heuristic.Win32.Morphine-Crypted : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP172\A0017160.exe -> Heuristic.Win32.Morphine-Crypted : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP172\A0017161.exe -> Heuristic.Win32.Morphine-Crypted : No action taken. C:\WINDOWS\system32\Xinstall.exe -> Heuristic.Win32.Morphine-Crypted : No action taken. C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\C7Q5K52P\speedtest2[10.#ll -> Not-A-Virus.Downloader.Win32.InsTool.a : No action taken. C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H3NRK32I\WinAntiVirusPro2006FreeInstall_dk[1].cab/UWA6PK_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken. C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\U9EO7YTZ\send_ocx_sof[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : No action taken. C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\C7Q5K52P\basicnet[1].htm -> Not-A-Virus.Exploit.IframeJS : No action taken. C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\C7Q5K52P\mrjet[1].js -> Not-A-Virus.Exploit.IframeJS : No action taken. C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\GB1VQ6Z9\rejsefeber[2].htm -> Not-A-Virus.Exploit.IframeJS : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP175\A0017293.exe -> Trojan.VB.asv : No action taken. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP172\A0017157.exe -> Worm.VB.aj : No action taken. C:\WINDOWS\system32\sprY.exe -> Worm.VB.aj : No action taken. ::Report end [Scan path] C:\ C:\hiberfil.sys - read error C:\dfndrff_e7.exe infected with Trojan.Click.1474 - will be cured after reboot C:\SS1001newer.exe is adware program Adware.Surfside - renamed C:\kybrdff_e8.exe is adware program Adware.DollarRevenue - renamed C:\dfndrff_e8.exe is adware program Adware.DollarRevenue - renamed C:\ucmoreiex.exe is adware program Adware.Ucmore - renamed C:\nwnmff_e8.exe is adware program Adware.DollarRevenue - renamed C:\WINDOWS\system32\bk.exe is adware program Adware.Surfside - renamed >>C:\WINDOWS\system32\Xinstall.exe probably infected with DLOADER.Trojan C:\WINDOWS\system32\drsmartload1135a.exe is adware program Adware.DollarRevenue - renamed C:\WINDOWS\system32\config\system.LOG - read error C:\WINDOWS\system32\config\software.LOG - read error C:\WINDOWS\system32\config\default.LOG - read error C:\WINDOWS\system32\config\SECURITY - read error C:\WINDOWS\system32\config\SAM - read error C:\WINDOWS\system32\config\SAM.LOG - read error C:\WINDOWS\system32\config\SECURITY.LOG - read error C:\WINDOWS\system32\config\SYSTEM - read error C:\WINDOWS\system32\config\SOFTWARE - read error C:\WINDOWS\system32\config\DEFAULT - read error C:\WINDOWS\Temp\ICD1.tmp\UWA6PK_0001_N91M2107NetInstaller.exe infected with Trojan.DownLoader.10963 - deleted C:\WINDOWS\Downloaded Program Files\UWA6PK_0001_N91M2107NetInstaller.exe infected with Trojan.DownLoader.10963 - deleted C:\WINDOWS\Downloaded Program Files\int_ver34.ocx is dialer program Dialer.Vacpro - renamed >C:\WINDOWS\RGl0dGUgTWFkc2Vu\asappsrv.dll infected with Trojan.Proxy.493 - will be cured after reboot >C:\WINDOWS\RGl0dGUgTWFkc2Vu\command.exe infected with Trojan.Proxy.493 - will be cured after reboot C:\Documents and Settings\NetworkService\NTUSER.DAT - read error C:\Documents and Settings\NetworkService\NTUSER~1.LOG - read error C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\USRCLASS.DAT - read error C:\Documents and Settings\NetworkService\Lokale indstillinger\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error C:\Documents and Settings\LocalService\NTUSER.DAT - read error C:\Documents and Settings\LocalService\NTUSER~1.LOG - read error C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\Microsoft\Windows\USRCLASS.DAT - read error C:\Documents and Settings\LocalService\Lokale indstillinger\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error C:\Documents and Settings\Ditte Madsen\NTUSER.DAT - read error C:\Documents and Settings\Ditte Madsen\NTUSER~1.LOG - read error C:\Documents and Settings\Ditte Madsen\drsmartload1135a.exe is adware program Adware.DollarRevenue - renamed C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\u48.tmp is adware program Adware.Surfside - renamed C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\i28.tmp is adware program Adware.Surfside - renamed C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\cmdinst.exe infected with Trojan.Proxy.493 - incurable - moved C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\~DF4AF3.tmp - read error C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\~DF6E2E.tmp - read error C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\SHYV4DEV\drsmartload1135a[1].exe is adware program Adware.DollarRevenue - renamed Invalid path to file C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\SHYV4DEV\D-483C-B636-89C03DB16E97&start=0&len=47230&curmbox=00000000%2d0000%2d0000%2d0000%2d000000000001&a=0673e29b974dc1a0b41d7a34f4c4415014732b2142234540b1c&r=0 C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\0HYN45MF\installer[1].exe infected with Trojan.Proxy.493 - incurable - moved >>C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\8XA305I7\Xinstall[1].exe probably infected with DLOADER.Trojan C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\C7Q5K52P\speedtest2[1].dll is adware program Adware.Matcash - renamed C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\K9GBCDM5\installer[1].exe infected with Trojan.Proxy.493 - incurable - moved C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\C5G9IP8J\SS1001[1].exe is adware program Adware.Surfside - renamed >C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\C5G9IP8J\photo223[1].PIF infected with Win32.HLLW.Tricker - deleted >>C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\RV5BZ1CW\Xinstall[1].exe probably infected with DLOADER.Trojan C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\CFBBU4PH\drsmartload1135a[1].exe is adware program Adware.DollarRevenue - renamed C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\S5IJCHAN\ErrorSafeFreeInstall_dk[1].exe infected with Trojan.DownLoader.10963 - deleted C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\GB1VQ6Z9\dfndrff_e[1].exe infected with Trojan.Click.1474 - deleted C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Application Data\Microsoft\Windows\USRCLASS.DAT - read error C:\Documents and Settings\Ditte Madsen\Application Data\errorsafefreeinstall_dk[1].exe infected with Trojan.DownLoader.10963 - deleted C:\Documents and Settings\Lasse\Lokale indstillinger\Temporary Internet Files\Content.IE5\C7Q5K52P\kybrdff_e[1].exe is adware program Adware.DollarRevenue - renamed C:\Documents and Settings\Lasse\Lokale indstillinger\Temporary Internet Files\Content.IE5\C7Q5K52P\dfndrff_e[1].exe is adware program Adware.DollarRevenue - renamed C:\Documents and Settings\Lasse\Lokale indstillinger\Temporary Internet Files\Content.IE5\WTWVGVQ9\nwnmff_e[1].exe is adware program Adware.DollarRevenue - renamed C:\Documents and Settings\Lasse\Lokale indstillinger\Temporary Internet Files\Content.IE5\C5G9IP8J\ucmoreiex[1].exe is adware program Adware.Ucmore - renamed C:\Programmer\Fælles filer\{320D180E-06C1-1030-0415-05033005002d}\Update.exe infected with Trojan.DownLoader.12291 - will be cured after reboot >C:\Programmer\WinRAR\Dos.SFXC:\Programmer\ToolBar888\MyToolBar.dll is adware program Adware.FastSearch - renamed C:\Programmer\Deskbar\deskbar.dll is adware program Adware.Softomate - renamed C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP110\A0009992.exe is adware program Adware.SaveNow - renamed C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP110\A0009994.dll is adware program Adware.SaveNow - renamed C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP170\A0017010.dll is adware program Adware.Surfside - renamed C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP170\A0017016.dll is adware program Adware.Surfside - renamed C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP170\A0017017.dll is adware program Adware.Surfside - renamed C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP170\A0017018.exe is adware program Adware.Surfside - renamed C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP170\A0017024.exe infected with Trojan.DownLoader.12291 - deleted >C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP170\A0017051.exe infected with Trojan.DownLoader.6550 - deleted >>C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP170\A0017063.exe probably infected with DLOADER.Trojan C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP170\A0017064.exe is adware program Adware.DollarRevenue - renamed C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP170\A0017066.dll is adware program Adware.FastSearch - renamed >>C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP172\A0017136.exe probably infected with DLOADER.Trojan C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP172\A0017137.exe is adware program Adware.DollarRevenue - renamed C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP172\A0017139.exe infected with Trojan.DownLoader.12291 - deleted >>C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP172\A0017152.exe probably infected with DLOADER.Trojan >>C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP172\A0017158.exe probably infected with DLOADER.Trojan C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP172\A0017159.exe is adware program Adware.DollarRevenue - renamed >>C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP172\A0017160.exe probably infected with DLOADER.Trojan >>C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP172\A0017161.exe probably infected with DLOADER.Trojan C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP173\A0017183.exe is adware program Adware.DollarRevenue - renamed C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP173\A0017185.exe infected with Trojan.DownLoader.12291 - deleted >C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP173\A0017192.rbf infected with Win32.HLLW.Tricker - deleted C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP173\A0017226.dll is adware program Adware.Softomate - renamed C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP173\A0017242.exe is adware program Adware.Look2me - will be renamed after reboot C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP173\A0017243.exe is adware program Adware.Look2me - will be renamed after reboot C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP173\A0017244.exe is adware program Adware.DollarRevenue - will be renamed after reboot >C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP173\A0017245.exe infected with Trojan.DownLoader.5013 - deleted C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP173\A0017246.exe infected with Trojan.DownLoader.12291 - deleted C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP173\A0017247.exe is adware program Adware.Surfside - renamed C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP173\A0017248.exe is adware program Adware.DollarRevenue - renamed C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP173\A0017249.exe is adware program Adware.DollarRevenue - renamed C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP173\A0017250.exe is adware program Adware.Ucmore - renamed C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP173\A0017251.exe is adware program Adware.DollarRevenue - renamed C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP173\A0017252.exe is adware program Adware.Surfside - renamed C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP173\A0017253.exe is adware program Adware.DollarRevenue - renamed C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP173\A0017257.exe is adware program Adware.DollarRevenue - renamed C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP173\A0017260.exe infected with Trojan.DownLoader.10963 - deleted C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP174\A0017261.dll is adware program Adware.FastSearch - renamed C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP174\A0017262.dll is adware program Adware.Softomate - renamed [Scan path] F:\ [Scan path] D:\ ——————————————————————————————————————- Scan statistics ——————————————————————————————————————- Objects scanned: 188126 Infected objects found: 21 Objects with modifications found: 0 Suspicious objects found: 9 Adware programs found: 45 Dialer programs found: 1 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 14 Objects renamed: 46 Objects moved: 3 Objects ignored: 0 Scan speed: 90 Kb/s Scan time: 02:47:15 ——————————————————————————————————————- ============================================================================= Total session statistics ============================================================================= Objects scanned: 188393 Infected objects found: 24 Objects with modifications found: 0 Suspicious objects found: 9 Adware programs found: 46 Dialer programs found: 1 Joke programs found: 0 Riskware programs found: 0 Hacktool programs found: 0 Objects cured: 0 Objects deleted: 14 Objects renamed: 46 Objects moved: 3 Objects ignored: 0 Scan speed: 97 Kb/s Scan time: 02:47:40 ============================================================================= Logfile of HijackThis v1.99.1 Scan saved at 16:20:13, on 20-09-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\WINDOWS\system32\svchost.exe C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe C:\Programmer\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programmer\Internet Explorer\iexplore.exe C:\Programmer\Synaptics\SynTP\SynTPLpr.exe C:\Programmer\Synaptics\SynTP\SynTPEnh.exe C:\Programmer\r\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\rundll32.exe C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programmer\Launch Manager\QtZgAcer.EXE C:\Programmer\QuickTime\qttask.exe C:\Programmer\iTunes\iTunesHelper.exe C:\PROGRA~2\PRINTV~1\pvmodule.exe C:\Programmer\CA\eTrust Internet Security Suite\caissdt.exe C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe C:\Programmer\ewido anti-spyware 4.0\ewido.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmer\Messenger\msmsgs.exe C:\Programmer\iPod\bin\iPodService.exe C:\Programmer\acer\eRecovery\Monitor.exe C:\Programmer\Internet Explorer\iexplore.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programmer\Synaptics\SynTP\SynTPLpr.exe C:\Programmer\Synaptics\SynTP\SynTPEnh.exe C:\Programmer\r\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\rundll32.exe C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\acer\epm\epm-dm.exe C:\Programmer\Launch Manager\QtZgAcer.EXE C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe C:\Programmer\QuickTime\qttask.exe C:\Programmer\iTunes\iTunesHelper.exe C:\PROGRA~2\PRINTV~1\pvmodule.exe C:\Programmer\CA\eTrust Internet Security Suite\caissdt.exe C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe C:\Programmer\ewido anti-spyware 4.0\ewido.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmer\Messenger\msmsgs.exe C:\Programmer\Spyware Doctor\swdoctor.exe C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programmer\acer\eRecovery\Monitor.exe C:\Programmer\Microsoft Office\OFFICE11\WINWORD.EXE C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\WJVRU41H\Alternativ[1].exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.stofa.dk/minesider/userlogin.php?shortcut=minesider R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = safeproxy.cybercity.dk:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Programmer\DeluxeCommunications\DxcBho.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\r\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LManager] C:\Programmer\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] “C:\Programmer\QuickTime\qttask.exe” -atboottime O4 - HKLM\..\Run: [iTunesHelper] “C:\Programmer\iTunes\iTunesHelper.exe” O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Ditte Madsen\Skrivebord\Xinstall.exe O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_e8.exe O4 - HKLM\..\Run: [newname] c:\\nwnmff_e8.exe O4 - HKLM\..\Run: [PVModule] C:\PROGRA~2\PRINTV~1\pvmodule.exe O4 - HKLM\..\Run: [CaISSDT] “C:\Programmer\CA\eTrust Internet Security Suite\caissdt.exe” O4 - HKLM\..\Run: [CaAvTray] “C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe” O4 - HKLM\..\Run: [CAVRID] “C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe” O4 - HKLM\..\Run: [!ewido] “C:\Programmer\ewido anti-spyware 4.0\ewido.exe” /minimized O4 - HKLM\..\Run: [DeluxeCommunications] C:\Programmer\DeluxeCommunications\Dxc.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] “C:\Programmer\Messenger\msmsgs.exe” /background O4 - HKCU\..\Run: [Spyware Doctor] “C:\Programmer\Spyware Doctor\swdoctor.exe” /Q O4 - HKCU\..\Run: [MsnMsgr] “C:\Programmer\MSN Messenger\MsnMsgr.Exe” /background O4 - HKCU\..\Run: [ErrorSafe] “C:\Programmer\Error Safe Free\ers.exe” /min O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [DeluxeCommunications] C:\Programmer\DeluxeCommunications\Dxc.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O16 - DPF: {A1426AC
[ Ignorer ] [ # 1 ] Andersenph TeamSpywarefri
21.09.2006 00:49:16 Redaktør Supporter Emeritus Antal indlæg: 4797	Hejsa DMadsen Du har kørt Ewido, men ikke fjernet det den fandt. Start i fejlsikret tilstand og scan igen. Fjern alt Ewido finder. Genstart og ny log, både fra Ewido og Hijackthis,
[ Ignorer ] [ # 2 ] DMadsen
22.09.2006 00:07:26 Antal indlæg: 15	Logfile of HijackThis v1.99.1 Scan saved at 22:02:54, on 21-09-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\WINDOWS\system32\svchost.exe C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe C:\Programmer\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\alg.exe C:\Programmer\Synaptics\SynTP\SynTPLpr.exe C:\Programmer\Synaptics\SynTP\SynTPEnh.exe C:\Programmer\r\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\rundll32.exe C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programmer\Launch Manager\QtZgAcer.EXE C:\Programmer\Internet Explorer\iexplore.exe C:\Programmer\QuickTime\qttask.exe C:\Programmer\iTunes\iTunesHelper.exe C:\PROGRA~2\PRINTV~1\pvmodule.exe C:\Programmer\CA\eTrust Internet Security Suite\caissdt.exe C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe C:\Programmer\ewido anti-spyware 4.0\ewido.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmer\Messenger\msmsgs.exe C:\Programmer\iPod\bin\iPodService.exe C:\Programmer\acer\eRecovery\Monitor.exe C:\Programmer\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programmer\Synaptics\SynTP\SynTPLpr.exe C:\Programmer\Synaptics\SynTP\SynTPEnh.exe C:\Programmer\r\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\rundll32.exe C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\acer\epm\epm-dm.exe C:\Programmer\Launch Manager\QtZgAcer.EXE C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe C:\Programmer\QuickTime\qttask.exe C:\Programmer\iTunes\iTunesHelper.exe C:\PROGRA~2\PRINTV~1\pvmodule.exe C:\Programmer\CA\eTrust Internet Security Suite\caissdt.exe C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe C:\Programmer\ewido anti-spyware 4.0\ewido.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmer\Messenger\msmsgs.exe C:\Programmer\Spyware Doctor\swdoctor.exe C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programmer\acer\eRecovery\Monitor.exe C:\Programmer\Internet Explorer\iexplore.exe C:\Programmer\CA\eTrust Internet Security Suite\caiss.exe C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\WJVRU41H\Alternativ[1].exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.stofa.dk/minesider/userlogin.php?shortcut=minesider R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = safeproxy.cybercity.dk:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Programmer\DeluxeCommunications\DxcBho.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\r\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LManager] C:\Programmer\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] “C:\Programmer\QuickTime\qttask.exe” -atboottime O4 - HKLM\..\Run: [iTunesHelper] “C:\Programmer\iTunes\iTunesHelper.exe” O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Ditte Madsen\Skrivebord\Xinstall.exe O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_e8.exe O4 - HKLM\..\Run: [newname] c:\\nwnmff_e8.exe O4 - HKLM\..\Run: [PVModule] C:\PROGRA~2\PRINTV~1\pvmodule.exe O4 - HKLM\..\Run: [CaISSDT] “C:\Programmer\CA\eTrust Internet Security Suite\caissdt.exe” O4 - HKLM\..\Run: [CaAvTray] “C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe” O4 - HKLM\..\Run: [CAVRID] “C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe” O4 - HKLM\..\Run: [!ewido] “C:\Programmer\ewido anti-spyware 4.0\ewido.exe” /minimized O4 - HKLM\..\Run: [DeluxeCommunications] C:\Programmer\DeluxeCommunications\Dxc.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] “C:\Programmer\Messenger\msmsgs.exe” /background O4 - HKCU\..\Run: [Spyware Doctor] “C:\Programmer\Spyware Doctor\swdoctor.exe” /Q O4 - HKCU\..\Run: [MsnMsgr] “C:\Programmer\MSN Messenger\MsnMsgr.Exe” /background O4 - HKCU\..\Run: [ErrorSafe] “C:\Programmer\Error Safe Free\ers.exe” /min O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [DeluxeCommunications] C:\Programmer\DeluxeCommunications\Dxc.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {C8C1066B-FE9E-4B1B-9951-1BBC5EE03E38} (WDX.WDX_Main) - https://www2.web-direct.dk/wdx.cab O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab O20 - AppInit_DLLs: dxclib303562752.dll O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\mvjql9151.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmer\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe ————————————————————————————- ewido anti-spyware - Scan Report ————————————————————————————- + Created at: 16:19:30 21-09-2006 + Scan result: C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP175\A0017317.exe -> Adware.Agent : Cleaned with backup (quarantined). C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP175\A0017316.dll -> Adware.CommAd : Cleaned with backup (quarantined). C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP110\A0009990.#ll -> Adware.SaveNow : Cleaned with backup (quarantined). C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP110\A0009990.#xe -> Adware.SaveNow : Cleaned with backup (quarantined). C:\Programmer\Deskbar\__delete_on_reboot__d_e_s_k_b_a_r_.#d_l_l_ -> Adware.Softomate : Cleaned with backup (quarantined). C:\Programmer\Deskbar\deskbar0.#ll -> Adware.Softomate : Cleaned with backup (quarantined). C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP170\A0017060.#ll -> Adware.Softomate : Cleaned with backup (quarantined). C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP173\A0017220.#ll -> Adware.Softomate : Cleaned with backup (quarantined). C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP174\A0017260.#ll -> Adware.Softomate : Cleaned with backup (quarantined). C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP174\A0017261.#ll -> Adware.Softomate : Cleaned with backup (quarantined). C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\i28____0.#mp -> Adware.SurfSide : Cleaned with backup (quarantined). C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\u48____0.#mp -> Adware.SurfSide : Cleaned with backup (quarantined). C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP170\A0017010.#ll -> Adware.SurfSide : Cleaned with backup (quarantined). C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP170\A0017010.#xe -> Adware.SurfSide : Cleaned with backup (quarantined). C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP170\A0017011.#ll -> Adware.SurfSide : Cleaned with backup (quarantined). C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP170\A0017012.#ll -> Adware.SurfSide : Cleaned with backup (quarantined). C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP175\A0017301.dll -> Adware.Webdir : Cleaned with backup (quarantined). HKU\S-1-5-21-1439632340-1600326224-1983576-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} -> Adware.WebDir : Cleaned with backup (quarantined). C:\WINDOWS\Downloaded Program Files\int_ver30.#cx -> Dialer.VB.j : Cleaned with backup (quarantined). C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\U9EO7YTZ\int_ver34[1].CAB/int_ver34.ocx -> Dialer.VB.j : Cleaned with backup (quarantined). C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\SHYV4DEV\drsmartload1135a[10.#xe -> Downloader.Adload.fo : Cleaned with backup (quarantined). C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\CFBBU4PH\drsmartload1135a[10.#xe -> Downloader.Adload.fo : Cleaned with backup (quarantined). C:\Documents and Settings\Ditte Madsen\drsmartload11350.#xe -> Downloader.Adload.fo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP170\A0017060.#xe -> Downloader.Adload.fo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP172\A0017130.#xe -> Downloader.Adload.fo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP172\A0017150.#xe -> Downloader.Adload.fo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP173\A0017180.#xe -> Downloader.Adload.fo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP173\A0017252.#xe -> Downloader.Adload.fo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP173\A0017253.#xe -> Downloader.Adload.fo : Cleaned with backup (quarantined). C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\G3BJ3568\loader[1].exe -> Downloader.VB.ach : Cleaned with backup (quarantined). C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP170\A0017023.exe -> Downloader.VB.ach : Cleaned with backup (quarantined). C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP170\A0017065.exe -> Downloader.VB.ach : Cleaned with backup (quarantined). C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP172\A0017138.exe -> Downloader.VB.ach : Cleaned with backup (quarantined). C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP173\A0017184.exe -> Downloader.VB.ach : Cleaned with backup (quarantined). C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP175\A0017305.exe -> Downloader.VB.ach : Cleaned with backup (quarantined). C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\C5G9IP8J\SS1001[10.#xe -> Dropper.Small.qn : Cleaned with backup (quarantined). C:\SS1001newe0.#xe -> Dropper.Small.qn : Cleaned with backup (quarantined). C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP173\A0017240.#xe -> Dropper.Small.qn : Cleaned with backup (quarantined). C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\8XA305I7\Xinstall[1].exe -> Heuristic.Win32.Morphine-Crypted : Ignored. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP170\A0017063.exe -> Heuristic.Win32.Morphine-Crypted : Ignored. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP172\A0017136.exe -> Heuristic.Win32.Morphine-Crypted : Ignored. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP172\A0017152.exe -> Heuristic.Win32.Morphine-Crypted : Ignored. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP172\A0017158.exe -> Heuristic.Win32.Morphine-Crypted : Ignored. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP172\A0017160.exe -> Heuristic.Win32.Morphine-Crypted : Ignored. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP172\A0017161.exe -> Heuristic.Win32.Morphine-Crypted : Ignored. C:\WINDOWS\system32\Xinstall.exe -> Heuristic.Win32.Morphine-Crypted : Ignored. C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\C7Q5K52P\speedtest2[10.#ll -> Not-A-Virus.Downloader.Win32.InsTool.a : Ignored. C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H3NRK32I\WinAntiVirusPro2006FreeInstall_dk[1].cab/UWA6PK_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored. C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\U9EO7YTZ\send_ocx_sof[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Ignored. C:\Documents and Settings\Ditte Madsen\Cookies\ditte .[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@adtech[2].txt -> TrackingCookie.Adtech : Cleaned. C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@advertising[1].txt -> TrackingCookie.Advertising : Cleaned. C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Lasse\Cookies\lasse@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\Ditte Madsen\Cookies\ditte .[2].txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@zedo[2].txt -> TrackingCookie.Zedo : Cleaned. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP175\A0017293.exe -> Trojan.VB.asv : Cleaned with backup (quarantined). C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP172\A0017157.exe -> Worm.VB.aj : Cleaned with backup (quarantined). C:\WINDOWS\system32\sprY.exe -> Worm.VB.aj : Cleaned with backup (quarantined). ::Report end Efter sletning af alle fejl ser loggen sådan ud.. ————————————————————————————- ewido anti-spyware - Scan Report ————————————————————————————- + Created at: 17:03:07 21-09-2006 + Scan result: C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temp\Temporary Internet Files\Content.IE5\8XA305I7\Xinstall[1].exe -> Heuristic.Win32.Morphine-Crypted : Ignored. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP170\A0017063.exe -> Heuristic.Win32.Morphine-Crypted : Ignored. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP172\A0017136.exe -> Heuristic.Win32.Morphine-Crypted : Ignored. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP172\A0017152.exe -> Heuristic.Win32.Morphine-Crypted : Ignored. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP172\A0017158.exe -> Heuristic.Win32.Morphine-Crypted : Ignored. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP172\A0017160.exe -> Heuristic.Win32.Morphine-Crypted : Ignored. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP172\A0017161.exe -> Heuristic.Win32.Morphine-Crypted : Ignored. C:\WINDOWS\system32\Xinstall.exe -> Heuristic.Win32.Morphine-Crypted : Ignored. C:\Documents and Settings\Ditte Madsen\Cookies\ditte madsen@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\Ditte Madsen\Cookies\ditte .[2].txt -> TrackingCookie.Reliablestats : Cleaned. C:\System Volume Information\_restore{F789EA0C-0952-4BE0-AE29-7760BD9AE4BC}\RP176\A0017414.exe -> Worm.VB.aj : Cleaned with backup (quarantined). ::Report end
[ Ignorer ] [ # 3 ] Andersenph TeamSpywarefri
22.09.2006 12:04:51 Redaktør Supporter Emeritus Antal indlæg: 4797	Hejsa Hent og gem denne scanner, du skal bruge den senere. http://www.spywareinfo.dk/download/mwav.exe - Kaspersky Virusscanner. —————————————————————————————————————————- Genstart herefter i Fejlsikret tilstand – F8 i opstart. ——————————————————————————————- Kør en scanning med Hijackthis, så du kan se alle filer. Du får herunder nogle filer, som du skal fixe. Det, du skal gøre, er at sætte et flueben ud for disse filer. Når du har gjort det, så lukker du alle andre vinduer ned. Det er meget vigtigt at det eneste vindue, som er åbent er HijackThis vinduet. Husk også at lukke dette vindue, når du har markeret filerne. Nu må du fixe. Klik på Fix checked. Det er disse, som skal fixes: O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Ditte Madsen\Skrivebord\Xinstall.exe O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_e8.exe O4 - HKLM\..\Run: [newname] c:\\nwnmff_e8.exe O4 - HKLM\..\Run: [PVModule] C:\PROGRA~2\PRINTV~1\pvmodule.exe O4 - HKCU\..\Run: [ErrorSafe] “C:\Programmer\Error Safe Free\ers.exe” /min O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB O16 - DPF: {C8C1066B-FE9E-4B1B-9951-1BBC5EE03E38} (WDX.WDX_Main) - https://www2.web-direct.dk/wdx.cab O20 - AppInit_DLLs: dxclib303562752.dll O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\mvjql9151.dll (file missing) —————————————————————————————————- For at kunne se alle filer og mapper, så følg denne vejledning: Åbn en mappe, klik på Funktioner >Mappeindstillinger >Vis. Fjern flueben ved “Skjul beskyttede operativsystemfiler”. Fjern flueben ved “Skjul filtypenavne for kendte filtyper”. Sæt prik i “Vis skjulte filer og mapper”. ——————————————————————— Søg og slet de filer/mapper jeg har markeret med rød – måske kan du ikke finde dem alle. c:\\kybrdff_e8.exe c:\\nwnmff_e8.exe C:\PROGRA~2\PRINTV~1 C:\Programmer\Error Safe Free C:\WINDOWS\system32\mvjql9151.dll ———————————————————————— Dobbeltklik så på drweb-cureit.exe, den vil køre en expressscan, det siger du ja til. Når den skriver Done nederst til venstre, skal du klikke på det eller de drev du vil have scannet, der kommer en rød prik for at vise det/de er valgt. Klik så på den grønne fodgænger ovre til højre på siden, så starter scanningen. Klik så på Start->Søg, find filen drweb32w.log kopier det nederste af teksten herind, startende med Total session statistics. ————————————————————————————————————————————————————— Så kører du engangsskanneren fra Kaspersky – Stadig fra fejlsikret tilstand. Klik på den fil du har hentet: mwav.exe Klik på unzip og det pakker sig ud i en mappe som det selv opretter på C:\Kasperskky – klik på OK. Sæt flueben i følgende: Memory, Startup folders, drive, Registry, System folders og Services. Sæt prik i følgende: All local drives og Scan all files Klik på scan. Tip: du skal ikke klikke på Add to Startup folders så scannes din maskine hver gang du starter Windows op. Denne scanning kan godt tage et par timer alt efter hvor meget du har liggende på din computer. —————— Tøm din papirkurv. Genstart din computer, kør en ny scanning med HijackThis, kopier en ny log herind
[ Ignorer ] [ # 4 ] DMadsen
26.09.2006 13:06:44 Antal indlæg: 15	Hey igen… Efter jeg har kørt nogle expressscanninger på drweb-cureit.exe og herefter fundet logfilen, er der ikke nogle Total session statistics med. Jeg kan godt indrømme jeg ikke er en computerhaj, men vil gerne snart have det her fjernet.. I drweb-cureit under opsætningerne har jeg jo ændret malware til rename og logfilen bliver gemt på c-drevet. Den logfil viser ikke noget andet en det første også selvom jeg har markederet det som er blevet fundet og sletter det. Det er ligesom om man skal køre en ny scanning før den gemmer logfilen. Dvs når jeg sletter det den fandt, er logfilen stadig fra før. Den ændre sig ikke. Hvad gør jeg forkert? Jeg har jo gjort dette i fejlsikret stand, som du skrev.
[ Ignorer ] [ # 5 ] Fromsej TeamSpywarefri
26.09.2006 13:33:04 Administrator Team Spywarefri Antal indlæg: 55091	Lad os se en frisk Hijackthislog. Signatur Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole” Græd du også over eventyret om smedens kat, da du var lille? http://www.spywarefri.dk/medarbejderne/ Nierne bomaye - You’ll never walk alone qui potest, obligatur
[ Ignorer ] [ # 6 ] DMadsen
26.09.2006 13:46:14 Antal indlæg: 15	Logfile of HijackThis v1.99.1 Scan saved at 11:43:48, on 26-09-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programmer\Microsoft Office\OFFICE11\WINWORD.EXE C:\Programmer\ewido anti-spyware 4.0\ewido.exe C:\Programmer\Polob32\Store31\Polstor3.exe C:\Programmer\Internet Explorer\iexplore.exe C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\WJVRU41H\Alternativ[1].exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.stofa.dk/minesider/userlogin.php?shortcut=minesider R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = safeproxy.cybercity.dk:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Programmer\DeluxeCommunications\DxcBho.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmer\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\r\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LManager] C:\Programmer\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] “C:\Programmer\QuickTime\qttask.exe” -atboottime O4 - HKLM\..\Run: [iTunesHelper] “C:\Programmer\iTunes\iTunesHelper.exe” O4 - HKLM\..\Run: [CaISSDT] “C:\Programmer\CA\eTrust Internet Security Suite\caissdt.exe” O4 - HKLM\..\Run: [CaAvTray] “C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe” O4 - HKLM\..\Run: [CAVRID] “C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe” O4 - HKLM\..\Run: [!ewido] “C:\Programmer\ewido anti-spyware 4.0\ewido.exe” /minimized O4 - HKLM\..\Run: [DeluxeCommunications] C:\Programmer\DeluxeCommunications\Dxc.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] “C:\Programmer\Messenger\msmsgs.exe” /background O4 - HKCU\..\Run: [Spyware Doctor] “C:\Programmer\Spyware Doctor\swdoctor.exe” /Q O4 - HKCU\..\Run: [MsnMsgr] “C:\Programmer\MSN Messenger\MsnMsgr.Exe” /background O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [DeluxeCommunications] C:\Programmer\DeluxeCommunications\Dxc.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab O20 - AppInit_DLLs: dxclib303562752.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmer\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
[ Ignorer ] [ # 7 ] Fromsej TeamSpywarefri
26.09.2006 14:06:32 Administrator Team Spywarefri Antal indlæg: 55091	Hent Combofix, og gem den på dit skrivebord: http://download.bleepingcomputer.com/sUBs/combofix.exe —Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse. Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt Indholdet af denne fil må du gerne lægge herind. Vi skal også se en frisk Hijackthislog. Signatur Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole” Græd du også over eventyret om smedens kat, da du var lille? http://www.spywarefri.dk/medarbejderne/ Nierne bomaye - You’ll never walk alone qui potest, obligatur
[ Ignorer ] [ # 8 ] DMadsen
26.09.2006 15:15:46 Antal indlæg: 15	Ditte Madsen - 06-09-26 12:23:36.76 Service Pack 2 ComboFix 06.09.25 - Running from: “C:\Documents and Settings\Ditte Madsen\Skrivebord” ((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk’s Log ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\dxclib303562752.dll C:\Documents and Settings\Ditte Madsen\Application Data\Dxcknwrd.dll C:\Documents and Settings\Ditte Madsen\Application Data\Dxcdmns.dll C:\Documents and Settings\Lasse\Application Data\Dxcknwrd.dll C:\Programmer\DeluxeCommunications\DxcBho.dll C:\Programmer\DeluxeCommunications\DxcCore.dll C:\Programmer\DeluxeCommunications\Dxc.exe * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * C:\WINDOWS\system32\dxclib303562752.dll C:\Programmer\DeluxeCommunications\DxcBho.dll C:\Programmer\DeluxeCommunications\DxcCore.dll C:\Programmer\DeluxeCommunications\Dxc.exe (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Documents and Settings\LocalService\Application Data\NetMon C:\Programmer\Deskbar C:\Programmer\Inetget2 C:\Programmer\F‘lles filer\{320D180E-06C1-1030-0415-05033005002d} C:\Programmer\F‘lles filer\{320D180E-06C0-1030-0415-05033005002d} ((((((((((((((((((((((((((((((( Files Created from 2006-08-26 to 2006-09-26 )))))))))))))))))))))))))))))))))) 2006-09-20 00:01 96,768————- C:\WINDOWS\system32\dxclib303562752.dll 2006-09-20 00:00 32,768—a———C:\DXC1205b.exe 2006-09-18 19:21 95,760—a———C:\WINDOWS\system32\ISafeIf.dll 2006-09-18 19:21 75,280—a———C:\WINDOWS\system32\VetRedir.dll 2006-09-18 19:21 75,280—a———C:\WINDOWS\system32\iSafProd.dll 2006-09-18 19:21 244,240—a———C:\WINDOWS\unicows.dll 2006-09-18 19:21 112,144—a———C:\WINDOWS\AVShlExt.dll 2006-09-18 19:21 103,952—a———C:\WINDOWS\UnVet32.exe 2006-09-18 18:35 1,233—a———C:\WINDOWS\system32\qhw97bfe.sys (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-09-20 08:13————d————C:\Programmer\SUPERAntiSpyware 2006-09-20 00:01————d————C:\Programmer\DeluxeCommunications 2006-09-19 21:54————d————C:\Programmer\ewido anti-spyware 4.0 2006-09-19 21:31————d————C:\Programmer\ewido 2006-09-18 19:23 26787—a———C:\WINDOWS\system32\drivers\vetmonnt.sys 2006-09-18 19:21 590190—a———C:\WINDOWS\system32\drivers\VetEFile.sys 2006-09-18 19:21 21011—a———C:\WINDOWS\system32\drivers\Vet-Filt.sys 2006-09-18 19:21 16227—a———C:\WINDOWS\system32\drivers\VetFDDNT.sys 2006-09-18 19:21 15490—a———C:\WINDOWS\system32\drivers\Vet-Rec.sys 2006-09-18 19:21 102398—a———C:\WINDOWS\system32\drivers\VetEBoot.sys 2006-09-18 19:21————d————C:\Programmer\CA 2006-09-15 09:34————d————C:\Programmer\iTunes 2006-09-15 09:31————d————C:\Programmer\Apple Software Update 2006-08-27 19:22————d————C:\Programmer\QuickTime 2006-08-21 14:27 16896—a———C:\WINDOWS\system32\fltlib.dll 2006-08-21 11:14 23040—a———C:\WINDOWS\system32\fltMc.exe 2006-08-21 11:14 128896—a———C:\WINDOWS\system32\drivers\fltMgr.sys 2006-08-07 15:08————d————C:\Programmer\Rockstar Games 2006-08-06 12:04————d————C:\Programmer\K-Lite Codec Pack 2006-07-27 15:26 679424—a———C:\WINDOWS\system32\inetcomm.dll 2006-07-21 10:27 72704—a———C:\WINDOWS\system32\hlink.dll 2006-07-14 14:51 108144—a———C:\WINDOWS\system32\GEARAspi.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\\WINDOWS\\system32\\ctfmon.exe” “MSMSGS”=”\“C:\\Programmer\\Messenger\\msmsgs.exe\” /background” “Spyware Doctor”=”\“C:\\Programmer\\Spyware Doctor\\swdoctor.exe\” /Q” “MsnMsgr”=”\“C:\\Programmer\\MSN Messenger\\MsnMsgr.Exe\” /background” “SUPERAntiSpyware”=“C:\\Programmer\\SUPERAntiSpyware\\SUPERAntiSpyware.exe” [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “LaunchApp”=“Alaunch” “IgfxTray”=“C:\\WINDOWS\\system32\\igfxtray.exe” “HotKeysCmds”=“C:\\WINDOWS\\system32\\hkcmd.exe” “SynTPLpr”=“C:\\Programmer\\Synaptics\\SynTP\\SynTPLpr.exe” “SynTPEnh”=“C:\\Programmer\\Synaptics\\SynTP\\SynTPEnh.exe” “RemoteControl”=“C:\\Programmer\\r\\CyberLink\\PowerDVD\\PDVDServ.exe” “BluetoothAuthenticationAgent”=“rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent” “IMJPMIG8.1”=”\“C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\” /Spoil /RemAdvDef /Migration32” “ATIPTA”=“C:\\Programmer\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe” “EPM-DM”=“c:\\acer\\epm\\epm-dm.exe” “ePowerManagement”=“C:\\Acer\\ePM\\ePM.exe boot” “LManager”=“C:\\Programmer\\Launch Manager\\QtZgAcer.EXE” “eRecoveryService”=“C:\\Windows\\System32\\Check.exe” “SunJavaUpdateSched”=“C:\\Programmer\\Java\\jre1.5.0_06\\bin\\jusched.exe” “QuickTime Task”=”\“C:\\Programmer\\QuickTime\\qttask.exe\” -atboottime” “iTunesHelper”=”\“C:\\Programmer\\iTunes\\iTunesHelper.exe\”“ “CaISSDT”=”\“C:\\Programmer\\CA\\eTrust Internet Security Suite\\caissdt.exe\”“ “CaAvTray”=”\“C:\\Programmer\\CA\\eTrust Internet Security Suite\\eTrust EZ Antivirus\\CAVTray.exe\”“ “CAVRID”=”\“C:\\Programmer\\CA\\eTrust Internet Security Suite\\eTrust EZ Antivirus\\CAVRID.exe\”“ “!ewido”=”\“C:\\Programmer\\ewido anti-spyware 4.0\\ewido.exe\” /minimized” [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] “Installed”=“1” [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] “Installed”=“1” “NoChange”=“1” [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] “Installed”=“1” [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] “DeskHtmlVersion”=dword:00000110 “DeskHtmlMinorVersion”=dword:00000005 “Settings”=dword:00000001 “GeneralFlags”=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] “Source”=“About:Home” “SubscribedURL”=“About:Home” “FriendlyName”=“Min aktuelle startside” “Flags”=dword:00000002 “Position”=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 “CurrentState”=hex:04,00,00,40 “OriginalStateInfo”=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 “RestoredStateInfo”=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\\WINDOWS\\system32\\CTFMON.EXE” [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\\WINDOWS\\system32\\CTFMON.EXE” [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] “{AEB6717E-7E19-11d0-97EE-00C04FD91972}”=”“ “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“ewido anti-spyware 4.0” “{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”=”“ [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] “NoDriveTypeAutoRun”=dword:00000091 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] “dontdisplaylastusername”=dword:00000000 “legalnoticecaption”=”“ “legalnoticetext”=”“ “shutdownwithoutlogon”=dword:00000001 “undockwithoutlogon”=dword:00000001 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] “NoDriveTypeAutoRun”=dword:00000091 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] “NoDriveTypeAutoRun”=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] “PostBootReminder”=”{7849596a-48ea-486e-8937-a2a3009f31a9}” “CDBurn”=”{fbeb8a05-beee-4442-804e-409d6c4515e9}” “WebCheck”=”{E6FB5E20-DE35-11CF-9C87-00AA005127ED}” “SysTray”=”{35CEC8A3-2BE6-11D2-8773-92E220524153}” HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SASWinLogon HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Contents of the ‘Scheduled Tasks’ folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job Completion time: 26-09-2006 12:54:50.93 ComboFix2.txt ComboFix.txt Logfile of HijackThis v1.99.1 Scan saved at 13:14:28, on 26-09-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\WINDOWS\system32\svchost.exe C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe C:\Programmer\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programmer\Synaptics\SynTP\SynTPLpr.exe C:\Programmer\Synaptics\SynTP\SynTPEnh.exe C:\Programmer\r\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\rundll32.exe C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\acer\epm\epm-dm.exe C:\Programmer\Launch Manager\QtZgAcer.EXE C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe C:\Programmer\QuickTime\qttask.exe C:\Programmer\iTunes\iTunesHelper.exe C:\Programmer\CA\eTrust Internet Security Suite\caissdt.exe C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe C:\Programmer\ewido anti-spyware 4.0\ewido.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmer\Messenger\msmsgs.exe C:\Programmer\Spyware Doctor\swdoctor.exe C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programmer\iPod\bin\iPodService.exe C:\Programmer\acer\eRecovery\Monitor.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programmer\Internet Explorer\iexplore.exe C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe C:\Programmer\Microsoft Office\OFFICE11\WINWORD.EXE C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\GDAJCTEF\Alternativ[1].exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.stofa.dk/minesider/userlogin.php?shortcut=minesider R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = safeproxy.cybercity.dk:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Programmer\DeluxeCommunications\DxcBho.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\r\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LManager] C:\Programmer\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] “C:\Programmer\QuickTime\qttask.exe” -atboottime O4 - HKLM\..\Run: [iTunesHelper] “C:\Programmer\iTunes\iTunesHelper.exe” O4 - HKLM\..\Run: [CaISSDT] “C:\Programmer\CA\eTrust Internet Security Suite\caissdt.exe” O4 - HKLM\..\Run: [CaAvTray] “C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe” O4 - HKLM\..\Run: [CAVRID] “C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe” O4 - HKLM\..\Run: [!ewido] “C:\Programmer\ewido anti-spyware 4.0\ewido.exe” /minimized O4 - HKLM\..\Run: [DeluxeCommunications] C:\Programmer\DeluxeCommunications\Dxc.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] “C:\Programmer\Messenger\msmsgs.exe” /background O4 - HKCU\..\Run: [Spyware Doctor] “C:\Programmer\Spyware Doctor\swdoctor.exe” /Q O4 - HKCU\..\Run: [MsnMsgr] “C:\Programmer\MSN Messenger\MsnMsgr.Exe” /background O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [DeluxeCommunications] C:\Programmer\DeluxeCommunications\Dxc.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab O20 - AppInit_DLLs: dxclib303562752.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmer\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
[ Ignorer ] [ # 9 ] Fromsej TeamSpywarefri
26.09.2006 15:53:21 Administrator Team Spywarefri Antal indlæg: 55091	Kør Hijackthis igen og fix: (husk at lukke alle andre vinduer) R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Programmer\DeluxeCommunications\DxcBho.dll O20 - AppInit_DLLs: dxclib303562752.dll Genstart i fejlsikret, slet denne mappe: C:\Programmer\DeluxeCommunications\ Genstart normalt, kom med en frisk Hijackthislog. Signatur Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole” Græd du også over eventyret om smedens kat, da du var lille? http://www.spywarefri.dk/medarbejderne/ Nierne bomaye - You’ll never walk alone qui potest, obligatur
[ Ignorer ] [ # 10 ] DMadsen
26.09.2006 16:58:21 Antal indlæg: 15	DeluxeCommunications kan ikke slettes. Den siger at det ikke er muligt at slette dxcbho.dll, da filen bruges af en anden person eller et andet program, dog har jeg ikke andet åbent end programmer.
[ Ignorer ] [ # 11 ] Fromsej TeamSpywarefri
26.09.2006 17:08:52 Administrator Team Spywarefri Antal indlæg: 55091	Den skal den ikke bestemme. —Hent Avenger her: http://swandog46.geekstogo.com/avenger.zip —Pak Avenger-programmet ud og dobbeltklik på avenger.exe —Sæt en prik i “Input Script Manually” og klik på Luppen - nu dukker der et lille vindue op, hvor du skal kopiere indholdet med fed skrift ind: Folders to delete: C:\Programmer\DeluxeCommunications —Klik på Trafiklyset i Avenger. Programmet vil opfordre dig til at genstarte computeren straks, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen. —Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den må du gerne lægge ind i dit næste svar. Vi skal også se en frisk Hijackthislog. Signatur Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole” Græd du også over eventyret om smedens kat, da du var lille? http://www.spywarefri.dk/medarbejderne/ Nierne bomaye - You’ll never walk alone qui potest, obligatur
[ Ignorer ] [ # 12 ] DMadsen
26.09.2006 17:42:00 Antal indlæg: 15	Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\ckjrwvcg ***************** Script file located at: \??\C:\oqdambwh.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger *************** Beginning to process script file: Folder C:\Programmer\DeluxeCommunications deleted successfully. Completed script processing. ***************** Finished! Terminate. Logfile of HijackThis v1.99.1 Scan saved at 15:41:32, on 26-09-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\WINDOWS\system32\svchost.exe C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe C:\Programmer\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wuauclt.exe C:\Programmer\Synaptics\SynTP\SynTPLpr.exe C:\Programmer\Synaptics\SynTP\SynTPEnh.exe C:\Programmer\r\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\rundll32.exe C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\acer\epm\epm-dm.exe C:\Programmer\Launch Manager\QtZgAcer.EXE C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe C:\Programmer\QuickTime\qttask.exe C:\Programmer\iTunes\iTunesHelper.exe C:\Programmer\CA\eTrust Internet Security Suite\caissdt.exe C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe C:\Programmer\ewido anti-spyware 4.0\ewido.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmer\Messenger\msmsgs.exe C:\Programmer\Spyware Doctor\swdoctor.exe C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programmer\iPod\bin\iPodService.exe C:\Programmer\Internet Explorer\iexplore.exe C:\Programmer\acer\eRecovery\Monitor.exe C:\Programmer\Internet Explorer\iexplore.exe C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\GDAJCTEF\Alternativ[1].exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.stofa.dk/minesider/userlogin.php?shortcut=minesider R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = safeproxy.cybercity.dk:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Programmer\DeluxeCommunications\DxcBho.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\r\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LManager] C:\Programmer\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] “C:\Programmer\QuickTime\qttask.exe” -atboottime O4 - HKLM\..\Run: [iTunesHelper] “C:\Programmer\iTunes\iTunesHelper.exe” O4 - HKLM\..\Run: [CaISSDT] “C:\Programmer\CA\eTrust Internet Security Suite\caissdt.exe” O4 - HKLM\..\Run: [CaAvTray] “C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe” O4 - HKLM\..\Run: [CAVRID] “C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe” O4 - HKLM\..\Run: [!ewido] “C:\Programmer\ewido anti-spyware 4.0\ewido.exe” /minimized O4 - HKLM\..\Run: [DeluxeCommunications] C:\Programmer\DeluxeCommunications\Dxc.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] “C:\Programmer\Messenger\msmsgs.exe” /background O4 - HKCU\..\Run: [Spyware Doctor] “C:\Programmer\Spyware Doctor\swdoctor.exe” /Q O4 - HKCU\..\Run: [MsnMsgr] “C:\Programmer\MSN Messenger\MsnMsgr.Exe” /background O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [DeluxeCommunications] C:\Programmer\DeluxeCommunications\Dxc.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab O20 - AppInit_DLLs: dxclib303562752.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmer\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
[ Ignorer ] [ # 13 ] Fromsej TeamSpywarefri
26.09.2006 18:19:57 Administrator Team Spywarefri Antal indlæg: 55091	Luk Ewido, Sas og SpySweeper ned. Kør Hijackthis igen og fix: (husk at lukke alle andre vinduer) R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Programmer\DeluxeCommunications\DxcBho.dll O4 - HKLM\..\Run: [DeluxeCommunications] C:\Programmer\DeluxeCommunications\Dxc.exe O4 - HKCU\..\Run: [DeluxeCommunications] C:\Programmer\DeluxeCommunications\Dxc.exe O20 - AppInit_DLLs: dxclib303562752.dll Genstart normalt, ny log. Signatur Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole” Græd du også over eventyret om smedens kat, da du var lille? http://www.spywarefri.dk/medarbejderne/ Nierne bomaye - You’ll never walk alone qui potest, obligatur
[ Ignorer ] [ # 14 ] DMadsen
26.09.2006 19:39:52 Antal indlæg: 15	Logfile of HijackThis v1.99.1 Scan saved at 17:39:32, on 26-09-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\WINDOWS\system32\svchost.exe C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe C:\Programmer\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programmer\Synaptics\SynTP\SynTPLpr.exe C:\Programmer\Synaptics\SynTP\SynTPEnh.exe C:\Programmer\r\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\rundll32.exe C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\acer\epm\epm-dm.exe C:\Programmer\Launch Manager\QtZgAcer.EXE C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe C:\Programmer\QuickTime\qttask.exe C:\Programmer\iTunes\iTunesHelper.exe C:\Programmer\CA\eTrust Internet Security Suite\caissdt.exe C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmer\Messenger\msmsgs.exe C:\Programmer\Spyware Doctor\swdoctor.exe C:\Programmer\iPod\bin\iPodService.exe C:\Programmer\acer\eRecovery\Monitor.exe C:\Programmer\Internet Explorer\iexplore.exe C:\Documents and Settings\Ditte Madsen\Lokale indstillinger\Temporary Internet Files\Content.IE5\GDAJCTEF\Alternativ[1].exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.stofa.dk/minesider/userlogin.php?shortcut=minesider R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = safeproxy.cybercity.dk:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Programmer\DeluxeCommunications\DxcBho.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programmer\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programmer\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programmer\r\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [ATIPTA] C:\Programmer\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LManager] C:\Programmer\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmer\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] “C:\Programmer\QuickTime\qttask.exe” -atboottime O4 - HKLM\..\Run: [iTunesHelper] “C:\Programmer\iTunes\iTunesHelper.exe” O4 - HKLM\..\Run: [CaISSDT] “C:\Programmer\CA\eTrust Internet Security Suite\caissdt.exe” O4 - HKLM\..\Run: [CaAvTray] “C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe” O4 - HKLM\..\Run: [CAVRID] “C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe” O4 - HKLM\..\Run: [!ewido] “C:\Programmer\ewido anti-spyware 4.0\ewido.exe” /minimized O4 - HKLM\..\Run: [DeluxeCommunications] C:\Programmer\DeluxeCommunications\Dxc.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] “C:\Programmer\Messenger\msmsgs.exe” /background O4 - HKCU\..\Run: [Spyware Doctor] “C:\Programmer\Spyware Doctor\swdoctor.exe” /Q O4 - HKCU\..\Run: [MsnMsgr] “C:\Programmer\MSN Messenger\MsnMsgr.Exe” /background O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [DeluxeCommunications] C:\Programmer\DeluxeCommunications\Dxc.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&ksporter; til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab O20 - AppInit_DLLs: dxclib303562752.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmer\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Programmer\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
[ Ignorer ] [ # 15 ] Fromsej TeamSpywarefri
26.09.2006 20:54:20 Administrator Team Spywarefri Antal indlæg: 55091	Jeg har flyttet din tråd til Rootkit kategorien, her er reglerne en anelse anderledes. Du kan ikke forvente at få svar indenfor 24 timer, vores Rootkit afdeling består i øjeblikket kun af en person. Jeg har kaldt på ham, så han dukker op lige så hurtigt han kan. Mvh: Fromsej TeamSpywarefri Signatur Member of “Alliance of Security Analysis Professionals” - Alle angaben wie immer “nur mit pistole” Græd du også over eventyret om smedens kat, da du var lille? http://www.spywarefri.dk/medarbejderne/ Nierne bomaye - You’ll never walk alone qui potest, obligatur

1 af 2

Næste