Du skal opdatere dit styresystem til minimum service pack 1 ... Du kan skanne din pc med superantispyware.. Og når du har skannet med superantispyware og har installere SP1 og sikkerheds opdateringer kan du lægge en hijackthis log fil (upload på peecee.dk og smid linket i tråden)
--
Der tages forbehold for finurlige tastefejl og til tider komiske sætninger. MSN= Multi Spyware Network

#0 Det er den samme jeg har haft går jeg ud fra. Kig i tråden her: http://www.hol.dk[...] Der har #1 også hjulpet mig :)
--
Hp: Http://www.Hajric.dk[...] Mobil: SonyEricsson w810i Skole: HTX 2 års i Esbjerg - EucVest

Tak for svarene =o) jeg kigger nærmere på det når jeg kommer hjem
--
(>-.-)> m/ (o,o) m/ <(-.-<)

Afinstaller MSN i Tilføj/Fjern programmer I Tilføj/Fjern programmer skal du også lige klikke på Windows komponenter og se om der er hak ved Windows Messenger - er der det, så fjerner du hakket og klikker ok så vil den også blive afinstalleret. Hvis du vil have den installeret igen bagefter går du ind og sætter hakket igen og klikker ok. Virussen smadrer exefilen til programmet. C:\Programmer\MSN Messenger\msnmsgr.exe -> Worm.Licat.c : Renset med backup. Hent denne scanner. Dr.Web ftp://ftp.drweb.com[...] eller her http://spywareinfo.dk[...] Billedvejledning http://fromsej.dk[...] Hent og installer denne scanner: SAS http://www.superantispyware.com[...] Start superantispyware, klik på Check for updates, når det er opdateret, luk programmet og genstart i fejlsikret. Dobbeltklik på drweb-cureit.exe, den vil køre en expressscan, det siger du ja til. Når den skriver Done nederst til venstre, skal du klikke på Options->Change settings. Skift til fanebladet Scan, fjern fluebenet ved Heuristic analysis. Skift til fanebladet Actions, her skal alle punkter under Malware sættes til Rename. Klik så på det eller de drev du vil have scannet, der kommer en rød prik for at vise det/de er valgt. Klik så på den grønne pil ovre til højre på siden, så starter scanningen. Første gang Dr.Web finder noget, klik "Yes to All", så fjerner den hvad den finder. Når scanningen er færdig, gå op i file – Tryk på- Save Report list. Så ligger der en en fil der her hedder "drweb.csv" på skrivebordet. Luk Programmet. Start superantispyware, klik på Scan your Computer, sæt flueben i de drev der skal scannes. (Fixed disk betyder harddisk) Flyt prikken til Perform complete scan og klik på Næste, så kører scanningen. Når den er færdig kommer der et vindue med en opsummering, klik på OK, klik så på næste og så på Udfør. Der kommer et vindue med Quarantine and removal Complete, klik på OK, klik på Udfør. Luk programmet. Genstart normalt. Start superantispyware igen, klik på Preferences, skift til fanebladet Statistics/Logs, i vinduet dobbeltklikker du på SUPERAntiSpyware Scan Log, den åbner i notesblok, kopier resultatet herind. Dobbeltklik på drweb.csv og kopier teksten fra den herind. Combofix Hent Combofix, og gem den på dit skrivebord: http://download.bleepingcomputer.com[...] -- Kør så combofix.exe, som du hentede tidligere, og følg anvisningerne. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse. Når combofix er færdig, og efter det har genstartet, skulle der gerne åbnes en logfil: combofix.txt Indholdet af denne fil må du gerne lægge herind sammen med de andre logs. Hent Hijackthis http://www.spywarefri.dk[...] opdatere dit styresystem. Kør Hijackthis, scan, save log og upload loggen på peecee.dk og smid linket herind, så kigger jeg på den.. Lad være med at slette noget selv med Hijackthis, det kan skade mere end det gavner.
--
Der tages forbehold for finurlige tastefejl og til tider komiske sætninger. MSN= Multi Spyware Network

Jeg har samme problem som Elleve og har derfor valgt at følge guanomos ovenstående "opskrift". Jeg har i superantispyware klikket på Preferences, skiftet til fanebladet Statistics/Logs, og i vinduet dobbeltklikket på SUPERAntiSpyware Scan Log, den åbner i notesblok. Resultatet ser ud som følger: SUPERAntiSpyware Scan Log Generated 12/04/2006 at 09:55 PM Application Version : 3.3.1020 Core Rules Database Version : 3141 Trace Rules Database Version: 1157 Scan type : Quick Scan Total Scan Time : 00:05:52 Memory items scanned : 162 Memory threats detected : 0 Registry items scanned : 741 Registry threats detected : 46 File items scanned : 6116 File threats detected : 20 Trojan.Downloader-AVPMon [Recoveru systems] C:DOCUME~1LOUISE~1LOKALE~1TEMPSVCHOST.EXE C:DOCUME~1LOUISE~1LOKALE~1TEMPSVCHOST.EXE Trojan.Update-Mcboo [{22170B0E-0640-1030-1026-04080904002d}] C:PROGRAMMERFæLLES FILER{22170B0E-0640-1030-1026-04080904002D}UPDATE.EXE C:PROGRAMMERFæLLES FILER{22170B0E-0640-1030-1026-04080904002D}UPDATE.EXE C:WINDOWSPrefetchUPDATE.EXE-025B7DD2.pf Trojan.Downloader-RPCC SoftwareMicrosoftWindows NTCurrentVersionWinLogonNotify pcc C:WINDOWSSYSTEM32RPCC.DLL HKLMSoftwareMicrosoftWindows NTCurrentVersionWinLogonNotify pcc HKLMSoftwareMicrosoftWindows NTCurrentVersionWinLogonNotify pcc#DllName HKLMSoftwareMicrosoftWindows NTCurrentVersionWinLogonNotify pcc#Asynchronous HKLMSoftwareMicrosoftWindows NTCurrentVersionWinLogonNotify pcc#Impersonate HKLMSoftwareMicrosoftWindows NTCurrentVersionWinLogonNotify pcc#Startup Adware.Tracking Cookie C:Documents and SettingsLouise EstrupCookieslouise estrup@goclick[2].txt Browser Hijacker.Glotka HKCRCLSID{14D1A72D-8705-11D8-B120-0040F46CB696} HKCRCLSID{14D1A72D-8705-11D8-B120-0040F46CB696}InprocServer32 HKCRCLSID{14D1A72D-8705-11D8-B120-0040F46CB696}InprocServer32#ThreadingModel HKCRCLSID{14D1A72D-8705-11D8-B120-0040F46CB696}ProgID HKCRCLSID{14D1A72D-8705-11D8-B120-0040F46CB696}Programmable HKCRCLSID{14D1A72D-8705-11D8-B120-0040F46CB696}TypeLib HKCRCLSID{14D1A72D-8705-11D8-B120-0040F46CB696}VersionIndependentProgID HKCRBho_html.edit_html HKCRBho_html.edit_htmlCLSID HKCRBho_html.edit_htmlCurVer HKCRBho_html.edit_html.1 HKCRBho_html.edit_html.1CLSID HKCRTypeLib{14D1A720-8705-11D8-B120-0040F46CB696} HKCRTypeLib{14D1A720-8705-11D8-B120-0040F46CB696}1.0 HKCRTypeLib{14D1A720-8705-11D8-B120-0040F46CB696}1.0 HKCRTypeLib{14D1A720-8705-11D8-B120-0040F46CB696}1.0win32 HKCRTypeLib{14D1A720-8705-11D8-B120-0040F46CB696}1.0FLAGS HKCRTypeLib{14D1A720-8705-11D8-B120-0040F46CB696}1.0HELPDIR HKCRInterface{14D1A72C-8705-11D8-B120-0040F46CB696} HKCRInterface{14D1A72C-8705-11D8-B120-0040F46CB696}ProxyStubClsid HKCRInterface{14D1A72C-8705-11D8-B120-0040F46CB696}ProxyStubClsid32 HKCRInterface{14D1A72C-8705-11D8-B120-0040F46CB696}TypeLib HKCRInterface{14D1A72C-8705-11D8-B120-0040F46CB696}TypeLib#Version HKUS-1-5-21-1503707986-641355787-1925616235-1005Softwarefid Adware.WhenU HKCRWUSN.1 HKCRWUSN.1#WUSN_Id Trojan.SpySheriff C:Program FilesSpySheriffUninstall.#xe C:Program FilesSpySheriffSpySheriff.exe C:Program FilesSpySheriff C:WINDOWSPrefetchSPYSHERIFF.EXE-21E55A72.pf Trojan.PestTrap HKUS-1-5-21-1503707986-641355787-1925616235-1005SoftwareSNO2 Adware.Toolbar888 HKCRTypeLib{569304BA-83ED-4CFF-AC26-BE3E482F7208} HKCRTypeLib{569304BA-83ED-4CFF-AC26-BE3E482F7208}1.0 HKCRTypeLib{569304BA-83ED-4CFF-AC26-BE3E482F7208}1.0 HKCRTypeLib{569304BA-83ED-4CFF-AC26-BE3E482F7208}1.0win32 HKCRTypeLib{569304BA-83ED-4CFF-AC26-BE3E482F7208}1.0FLAGS HKCRTypeLib{569304BA-83ED-4CFF-AC26-BE3E482F7208}1.0HELPDIR HKCRInterface{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B} HKCRInterface{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}ProxyStubClsid HKCRInterface{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}ProxyStubClsid32 HKCRInterface{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}TypeLib HKCRInterface{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}TypeLib#Version Trojan.Freeprod C:WINDOWSSYSTEM32MCC.EXE C:WINDOWSPrefetchMCC.EXE-15BB4E99.pf Desuden har jeg dobbeltklikket på drweb.csv. Teksten derfra ser ud som følger: services.exe c:windowsinet20000 Trojan.Doma Deleted. svchost.exe c:windowsinet20000 Trojan.EmailSpy Deleted. winstall.exe c: Trojan.Fakealert Deleted. FILE0000.CHK C:FOUND.000 Trojan.Proxy.718 Deleted. FILE0001.CHK C:FOUND.000 Trojan.Proxy.795 Deleted. FILE0002.CHK C:FOUND.000 Trojan.PWS.Micro Deleted. FILE0003.CHK C:FOUND.000 Trojan.Spambot Deleted. FILE0004.CHK C:FOUND.000 Trojan.Spambot Deleted. FILE0005.CHK C:FOUND.000 Trojan.Spambot Deleted. FILE0006.CHK C:FOUND.000 Trojan.Spambot Deleted. FILE0008.CHK C:FOUND.000 Trojan.Proxy.1087 Deleted. FILE0009.CHK C:FOUND.000 Trojan.Spambot Deleted. FILE0010.CHK C:FOUND.000 Trojan.DownLoader.14191 Deleted. FILE0011.CHK C:FOUND.000 Trojan.DownLoader.14191 Deleted. FILE0012.CHK C:FOUND.000 Trojan.Proxy.795 Deleted. FILE0014.CHK C:FOUND.000 Trojan.Spambot Deleted. FILE0015.CHK C:FOUND.000 Trojan.Spambot Deleted. FILE0019.CHK C:FOUND.000 Trojan.Spambot Deleted. FILE0020.CHK C:FOUND.000 Trojan.DownLoader.15512 Deleted. FILE0021.CHK C:FOUND.000 Trojan.DownLoader.15512 Deleted. FILE0023.CHK C:FOUND.000 Trojan.Spambot Deleted. FILE0026.CHK C:FOUND.000 Trojan.Spambot Deleted. FILE0027.CHK C:FOUND.000 Dialer.Maxd Deleted. soso3.exe C:WINDOWS Trojan.DownLoader.13046 Deleted. ost.exe C:WINDOWSsystem32 Trojan.Spambot Deleted. z3470.dll C:WINDOWSsystem32 Trojan.DownLoader.14191 Deleted. z2241.exe C:WINDOWSsystem32 Trojan.Doma Deleted. z2929.exe C:WINDOWSsystem32 Trojan.Spambot Deleted. z2737.exe C:WINDOWSsystem32 Trojan.DownLoader.15527 Deleted. z12.exe C:WINDOWSsystem32 Trojan.DownLoader.14964 Deleted. z11.exe C:WINDOWSsystem32 Trojan.MulDrop.4521 Deleted. z13.exe C:WINDOWSsystem32 Trojan.Spambot Deleted. z15.exedata001 C:WINDOWSsystem32z15.exe Trojan.DownLoader.11981 z15.exedata002 C:WINDOWSsystem32z15.exe Trojan.DownLoader.13046 z15.exe C:WINDOWSsystem32 Archive contains infected objects Moved. z16.exe C:WINDOWSsystem32 Trojan.Proxy.795 Deleted. google.png.exe C:WINDOWSsystem32 Trojan.Spambot Deleted. start32.exe C:WINDOWSsystem32 Trojan.DownLoader.11981 Deleted. ss.exe.exe C:WINDOWSsystem32 Trojan.Spambot Deleted. z3305.dll C:WINDOWSsystem32 Trojan.DownLoader.14191 Deleted. z294.exe C:WINDOWSsystem32 Trojan.DownLoader.15512 Deleted. z3747.dll C:WINDOWSsystem32 Trojan.DownLoader.14191 Deleted. speedtest2.dll C:WINDOWSDownloaded Program Files Adware.Matcash Renamed. mmx610.exe C:WINDOWSinet20000 Trojan.Spambot Deleted. wpcem.exe C:WINDOWSinet20000 Trojan.EmailSpy Deleted. mmx78.exe C:WINDOWSinet20000 Trojan.Spambot Deleted. mmx799.exe C:WINDOWSinet20000 Trojan.Spambot Deleted. mmx443.exe C:WINDOWSinet20000 Trojan.Spambot Deleted. mmx69.exe C:WINDOWSinet20000 Trojan.Spambot Deleted. mmx112.exe C:WINDOWSinet20000 Trojan.Spambot Deleted. killer.exe.bak C:WINDOWSinet20000 Trojan.Killer Deleted. killer.exe C:WINDOWSinet20000 Trojan.Killer Deleted. 124201231.dll C:WINDOWSinet20000 Trojan.Click.1564 Deleted. svchost.exe.bak C:WINDOWSinet20000 Trojan.EmailSpy Deleted. chgif2.exe C:WINDOWSinet20000gif Trojan.Renamer.11 Deleted. wpcem.exe C:Documents and SettingsLouise Estrup Trojan.EmailSpy Deleted. ost.exe C:Documents and SettingsLouise Estrup Trojan.Spambot Deleted. OflGJimfg C:Documents and SettingsLouise EstrupLokale indstillingerTemp Trojan.Fakealert Deleted. 23.tmp C:Documents and SettingsLouise EstrupLokale indstillingerTemp Trojan.Spambot Deleted. umqqnzrw.exe C:Documents and SettingsLouise EstrupLokale indstillingerTemp Trojan.Proxy.1087 Deleted. maxdd1.game C:Documents and SettingsLouise EstrupLokale indstillingerTemp Dialer.Maxd Deleted. installer.exe C:Documents and SettingsLouise EstrupLokale indstillingerTemp Trojan.MulDrop.924 Deleted. ss[1].exe C:Documents and SettingsLouise EstrupLokale indstillingerTemporary Internet FilesContent.IE5ST2J8D63 Trojan.Spambot Deleted. errorsafefreeinstall_dk[1].exe C:Documents and SettingsLouise EstrupApplication Data Trojan.DownLoader.10449 Deleted. A0023462.dll C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP223 Adware.IWantSearch Renamed. A0023726.dll C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP223 Adware.IWantSearch Renamed. A0024726.EXE C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP224 Trojan.Killer Deleted. A0024733.dll C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP224 Trojan.Click.1564 Deleted. A0024734.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP224 Trojan.EmailSpy Deleted. A0024743.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP224 Trojan.Spambot Deleted. A0024746.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP225 Trojan.Spambot Deleted. A0024759.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP225 Trojan.Killer Deleted. A0024761.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP225 Trojan.EmailSpy Deleted. A0024763.dll C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP225 Trojan.Click.1564 Deleted. A0024765.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP225 Trojan.EmailSpy Deleted. A0024769.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP225 Trojan.Spambot Deleted. A0024773.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP225 Trojan.Spambot Deleted. A0024875.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP225 Trojan.EmailSpy Deleted. A0024883.dll C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP225 Adware.IWantSearch Renamed. A0024885.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP225 Trojan.Killer Deleted. A0024887.DLL C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP225 Trojan.Click.1564 Deleted. A0024888.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP225 Trojan.EmailSpy Deleted. A0024924.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP227 Trojan.EmailSpy Deleted. A0024925.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP227 Trojan.Killer Deleted. A0024928.dll C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP227 Trojan.Click.1564 Deleted. A0024929.EXE C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP227 Trojan.EmailSpy Deleted. A0024968.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Trojan.EmailSpy Deleted. A0024970.EXE C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Trojan.Killer Deleted. A0024972.dll C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Trojan.Click.1564 Deleted. A0024973.EXE C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Trojan.EmailSpy Deleted. A0024978.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Trojan.Doma Deleted. A0024979.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Trojan.EmailSpy Deleted. A0024980.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Trojan.Fakealert Deleted. A0024981.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Trojan.DownLoader.13046 Deleted. A0024982.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Trojan.Spambot Deleted. A0024983.dll C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Trojan.DownLoader.14191 Deleted. A0024984.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Trojan.Doma Deleted. A0024985.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Trojan.Spambot Deleted. A0024986.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Trojan.DownLoader.15527 Deleted. A0024987.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Trojan.DownLoader.14964 Deleted. A0024988.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Trojan.MulDrop.4521 Deleted. A0024989.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Trojan.Spambot Deleted. A0024990.exedata001 C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229A0024990.exe Trojan.DownLoader.11981 A0024990.exedata002 C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229A0024990.exe Trojan.DownLoader.13046 A0024990.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Archive contains infected objects Moved. A0024991.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Trojan.Proxy.795 Deleted. A0024992.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Trojan.Spambot Deleted. A0024993.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Trojan.DownLoader.11981 Deleted. A0024994.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Trojan.Spambot Deleted. A0024995.dll C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Trojan.DownLoader.14191 Deleted. A0024996.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Trojan.DownLoader.15512 Deleted. A0024997.dll C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Trojan.DownLoader.14191 Deleted. A0024998.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Trojan.Spambot Deleted. A0024999.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Trojan.EmailSpy Deleted. A0025000.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Trojan.Spambot Deleted. A0025001.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Trojan.Spambot Deleted. A0025002.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Trojan.Spambot Deleted. A0025003.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Trojan.Spambot Deleted. A0025004.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Trojan.Spambot Deleted. A0025005.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Trojan.Killer Deleted. A0025006.dll C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Trojan.Click.1564 Deleted. A0025007.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Trojan.Renamer.11 Deleted. A0025008.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Trojan.EmailSpy Deleted. A0025009.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Trojan.Spambot Deleted. A0025010.exe C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP229 Trojan.DownLoader.10449 Deleted. A0023222.dll C:System Volume Information\_restore{F54E5166-566F-42CC-AF40-B51007CE2568}RP222 Adware.IWantSearch Renamed. Uninstall.exe C:Program FilesSpySheriff Adware.Spysheriff Renamed. Nu kører jeg så Combofix og Hijackthis og vender så tilbage ...
--

Så har jeg en DrWeb, SUPERAntiSpyware, combofix and hijackthis log klar: Drweb... Process0.#xe C:RECYCLERS-1-5-21-1292428093-1390067357-725345543-1003Dc84 Tool.Prockill Renamed. restart0.#xe C:RECYCLERS-1-5-21-1292428093-1390067357-725345543-1003Dc84 Tool.ShutDown.11 Renamed. Process0.#xe C:RECYCLERS-1-5-21-1292428093-1390067357-725345543-1003Dc87apps Tool.Prockill Renamed. A0013401.#xe C:System Volume Information\_restore{1BBDD94C-47F5-4749-89AB-E318CEF8CFB5}RP200 Tool.Prockill Renamed. A0013402.#xe C:System Volume Information\_restore{1BBDD94C-47F5-4749-89AB-E318CEF8CFB5}RP200 Tool.ShutDown.11 Renamed. A0013403.#xe C:System Volume Information\_restore{1BBDD94C-47F5-4749-89AB-E318CEF8CFB5}RP200 Tool.Prockill Renamed. A0013404.exe C:System Volume Information\_restore{1BBDD94C-47F5-4749-89AB-E318CEF8CFB5}RP200 Tool.Prockill Renamed. Process.#xe C:WINDOWSsystem32 Tool.Prockill Renamed. SUPERAntiSpyware: SUPERAntiSpyware Scan Log Generated 12/04/2006 at 09:45 PM Application Version : 3.3.1020 Core Rules Database Version : 3141 Trace Rules Database Version: 1157 Scan type : Complete Scan Total Scan Time : 00:06:43 Memory items scanned : 158 Memory threats detected : 0 Registry items scanned : 4511 Registry threats detected : 0 File items scanned : 9778 File threats detected : 142 Adware.Tracking Cookie C:Documents and SettingsCasperJCookiescasperj@doubleclick[1].txt C:Documents and [email protected][2].txt C:Documents and [email protected][2].txt C:Documents and SettingsCasperJCookiescasperj@cgi-bin[2].txt C:Documents and SettingsCasperJCookiescasperj@belnk[1].txt C:Documents and SettingsCasperJCookiescasperj@yadro[1].txt C:Documents and [email protected][2].txt C:Documents and SettingsCasperJCookiescasperj@86843942[1].txt C:Documents and SettingsCasperJCookiescasperj@adfair[2].txt C:Documents and [email protected][2].txt C:Documents and [email protected][2].txt C:Documents and SettingsCasperJCookiescasperj@xxxcounter[1].txt C:Documents and SettingsCasperJCookiescasperj@fortunecity[2].txt C:Documents and SettingsCasperJCookiescasperj@adsrevenue[1].txt C:Documents and SettingsCasperJCookiescasperj@casalemedia[1].txt C:Documents and [email protected][1].txt C:Documents and SettingsCasperJCookiescasperj@74613876[2].txt C:Documents and [email protected][1].txt C:Documents and SettingsCasperJCookiescasperj@serving-sys[2].txt C:Documents and [email protected][2].txt" target="_BLANK" title="www.sexygirl">[email protected][2].txt">www.sexygirl[...] C:Documents and [email protected][2].txt C:Documents and SettingsCasperJCookiescasperj@questionmarket[1].txt C:Documents and [email protected][2].txt C:Documents and SettingsCasperJCookiescasperj@atdmt[2].txt C:Documents and [email protected]-sys[2].txt C:Documents and [email protected][2].txt C:Documents and SettingsCasperJCookiescasperj@zedo[1].txt C:Documents and [email protected][1].txt C:Documents and SettingsCasperJCookiescasperj@realmedia[2].txt C:Documents and [email protected][2].txt" target="_BLANK" title="www.sexnoveller">[email protected][2].txt">www.sexnoveller[...] C:Documents and [email protected][2].txt C:Documents and SettingsCasperJCookiescasperj@sextracker[2].txt C:Documents and SettingsCasperJCookiescasperj@overture[2].txt C:Documents and SettingsCasperJCookiescasperj@advertising[2].txt C:Documents and SettingsCasperJCookiescasperj@tribalfusion[2].txt C:Documents and SettingsCasperJCookiescasperj@tradedoubler[2].txt C:Documents and [email protected][1].txt C:Documents and [email protected][1].txt C:Documents and [email protected][1].txt C:Documents and SettingsCasperJCookiescasperj@revsci[2].txt C:Documents and [email protected][1].txt C:Documents and [email protected][2].txt C:Documents and SettingsCasperJCookiescasperj@sexdebut[2].txt C:Documents and [email protected][1].txt C:Documents and [email protected][1].txt" target="_BLANK" title="www.nabosex">[email protected][1].txt">www.nabosex[...] C:Documents and [email protected][2].txt" target="_BLANK" title="www.smartadserver">[email protected][2].txt">www.smartadserver[...] C:Documents and SettingsCasperJCookiescasperj@atwola[2].txt C:Documents and SettingsCasperJCookiescasperj@hitbox[2].txt C:Documents and [email protected][1].txt C:Documents and SettingsCasperJCookiescasperj@adtech[2].txt C:Documents and [email protected][1].txt C:Documents and [email protected][1].txt C:Documents and SettingsCasperJCookiescasperj@burstnet[2].txt C:Documents and SettingsCasperJCookiescasperj@xiti[1].txt C:Documents and SettingsCasperJCookiescasperj@partypoker[2].txt C:Documents and SettingsCasperJCookiescasperj@admarketplace[2].txt C:Documents and [email protected][1].txt C:Documents and [email protected][2].txt C:Documents and SettingsCasperJCookiescasperj@mb[1].txt C:Documents and SettingsCasperJCookiescasperj@webstat[2].txt C:Documents and [email protected][1].txt C:Documents and SettingsCasperJCookiescasperj@fastclick[1].txt C:Documents and [email protected][1].txt C:Documents and [email protected][1].txt C:Documents and [email protected][1].txt C:Documents and SettingsCasperJCookiescasperj@statcounter[1].txt C:Documents and [email protected][2].txt C:Documents and [email protected][1].txt C:Documents and SettingsCasperJCookiescasperj@paycounter[1].txt C:Documents and SettingsCasperJCookiescasperj@adrevolver[1].txt C:Documents and [email protected][2].txt C:Documents and [email protected][1].txt C:Documents and [email protected][1].txt C:Documents and SettingsCasperJCookiescasperj@2o7[1].txt C:Documents and [email protected][2].txt C:Documents and [email protected][1].txt C:Documents and [email protected][2].txt C:Documents and [email protected][1].txt C:Documents and [email protected][2].txt C:Documents and SettingsCasperJCookiescasperj@maxserving[1].txt C:Documents and [email protected][1].txt C:Documents and [email protected]-sex-sex[1].txt" target="_BLANK" title="www.sex">[email protected][1].txt">www.sex[...] C:Documents and SettingsCasperJCookiescasperj@cgi-bin[1].txt C:Documents and SettingsCasperJCookiescasperj@cgi-bin[3].txt C:Documents and SettingsCasperJCookiescasperj@cgi-bin[4].txt C:Documents and SettingsCasperJCookiescasperj@mediaplex[1].txt C:Documents and [email protected][1].txt C:Documents and SettingsCasperJCookiescasperj@list[1].txt C:Documents and SettingsCasperJCookiescasperj@adrevolver[2].txt C:Documents and [email protected][1].txt C:Documents and SettingsCasperJCookiescasperj@yourmedia[1].txt C:Documents and SettingsCasperJCookiescasperj@focalex[1].txt C:Documents and [email protected][1].txt C:Documents and [email protected][1].txt C:Documents and [email protected][1].txt C:Documents and [email protected][1].txt C:Documents and SettingsCasperJCookiescasperj@crackserver[1].txt C:Documents and [email protected][2].txt C:Documents and SettingsCasperJCookiescasperj@1071183736[1].txt C:Documents and SettingsCasperJCookiescasperj@mb[2].txt C:Documents and SettingsCasperJCookiescasperj@clicksor[2].txt C:Documents and SettingsCasperJCookiescasperj@revenue[1].txt C:Documents and SettingsCasperJCookiescasperj@indextools[2].txt C:Documents and SettingsCasperJCookiescasperj@valueclick[2].txt C:Documents and SettingsCasperJCookiescasperj@clickbank[1].txt C:Documents and SettingsCasperJCookiescasperj@interclick[2].txt C:Documents and SettingsCasperJCookiescasperj@usenext[1].txt C:Documents and [email protected][1].txt C:Documents and [email protected][1].txt C:Documents and [email protected][1].txt C:Documents and SettingsCasperJCookiescasperj@rambler[1].txt C:Documents and [email protected][1].txt C:Documents and SettingsCasperJCookiescasperj@cgi[2].txt C:Documents and SettingsCasperJCookiescasperj@76711721[1].txt C:Documents and [email protected][2].txt C:Documents and [email protected][1].txt C:Documents and [email protected][1].txt C:Documents and [email protected][2].txt" target="_BLANK" title="www.burstnet">[email protected][2].txt">www.burstnet[...] C:Documents and [email protected][2].txt C:Documents and [email protected][1].txt C:Documents and SettingsCasperJCookiescasperj@clicktorrent[1].txt C:Documents and [email protected][2].txt C:Documents and [email protected][2].txt C:Documents and SettingsCasperJCookiescasperj@sexkanaler[1].txt C:Documents and SettingsCasperJCookiescasperj@spylog[1].txt C:Documents and SettingsCasperJCookiescasperj@adbrite[2].txt C:Documents and SettingsCasperJCookiescasperj@adecn[1].txt C:Documents and SettingsCasperJCookiescasperj@mb[3].txt C:Documents and [email protected][1].txt C:Documents and SettingsCasperJCookiescasperj@optimost[1].txt C:Documents and [email protected][2].txt C:Documents and [email protected][2].txt C:Documents and [email protected][1].txt C:Documents and [email protected][1].txt C:Documents and [email protected][1].txt C:Documents and SettingsCasperJCookiescasperj@37811871[1].txt C:Documents and SettingsCasperJCookiescasperj@targetnet[2].txt C:Documents and SettingsCasperJCookiescasperj@tacoda[1].txt C:Documents and SettingsCasperJCookiescasperj@cracks[1].txt Trojan.Freeprod C:DOCUMENTS AND SETTINGSCASPERJLOKALE INDSTILLINGERTEMPORARY INTERNET FILESCONTENT.IE5BOZI7W7INSTALL[1].EXE C:RECYCLERS-1-5-21-1292428093-1390067357-725345543-1003DC85.EXE Trojan.Hacktool C:PROGRAMMERFæLLES FILER{94057AD4-07DA-1030-0831-05061005002D}SYSTEM.DLL
--
(>-.-)> m/ (o,o) m/ <(-.-<)

Og den fortsætter: HKCRTypeLib{14D1A720-8705-11D8-B120-0040F46CB696}1.0win32 HKCRTypeLib{14D1A720-8705-11D8-B120-0040F46CB696}1.0FLAGS HKCRTypeLib{14D1A720-8705-11D8-B120-0040F46CB696}1.0HELPDIR HKCRInterface{14D1A72C-8705-11D8-B120-0040F46CB696} HKCRInterface{14D1A72C-8705-11D8-B120-0040F46CB696}ProxyStubClsid HKCRInterface{14D1A72C-8705-11D8-B120-0040F46CB696}ProxyStubClsid32 HKCRInterface{14D1A72C-8705-11D8-B120-0040F46CB696}TypeLib HKCRInterface{14D1A72C-8705-11D8-B120-0040F46CB696}TypeLib#Version HKUS-1-5-21-1503707986-641355787-1925616235-1005Softwarefid Adware.WhenU HKCRWUSN.1 HKCRWUSN.1#WUSN_Id Trojan.SpySheriff C:Program FilesSpySheriffUninstall.#xe C:Program FilesSpySheriffSpySheriff.exe C:Program FilesSpySheriff C:WINDOWSPrefetchSPYSHERIFF.EXE-21E55A72.pf Trojan.PestTrap HKUS-1-5-21-1503707986-641355787-1925616235-1005SoftwareSNO2 Adware.Toolbar888 HKCRTypeLib{569304BA-83ED-4CFF-AC26-BE3E482F7208} HKCRTypeLib{569304BA-83ED-4CFF-AC26-BE3E482F7208}1.0 HKCRTypeLib{569304BA-83ED-4CFF-AC26-BE3E482F7208}1.0 HKCRTypeLib{569304BA-83ED-4CFF-AC26-BE3E482F7208}1.0win32 HKCRTypeLib{569304BA-83ED-4CFF-AC26-BE3E482F7208}1.0FLAGS HKCRTypeLib{569304BA-83ED-4CFF-AC26-BE3E482F7208}1.0HELPDIR HKCRInterface{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B} HKCRInterface{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}ProxyStubClsid HKCRInterface{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}ProxyStubClsid32 HKCRInterface{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}TypeLib HKCRInterface{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}TypeLib#Version Trojan.Freeprod C:WINDOWSSYSTEM32MCC.EXE C:WINDOWSPrefetchMCC.EXE-15BB4E99.pf Trojan.Downloader-Z/Gen C:WINDOWSSYSTEM321908.EXE C:WINDOWSSYSTEM321844.EXE C:WINDOWSSYSTEM321387.EXE C:WINDOWSPrefetch1908.EXE-27326C9A.pf C:WINDOWSPrefetch1844.EXE-174A7428.pf C:WINDOWSPrefetch1387.EXE-01117D86.pf Trojan.Downloader-Gen/Win C:WINDOWSSYSTEM32SVCP.CSV Trojan.Downloader-Gen C:WINDOWSSYSTEM32WINSUB.XML Trojan.Unknown Origin C:WINDOWSSYSTEM3214.EXE
--

Combofix: CasperJ - 06-12-04 21:54:59,85 Service Pack 2 ComboFix 06.11.27W - Running from: "C:Documents and SettingsCasperJSkrivebord" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:ProgrammerF‘lles filer{34057AD4-07DA-1030-0831-05061005002d} C:ProgrammerF‘lles filer{94057AD4-07DA-1030-0831-05061005002d} ((((((((((((((((((((((((((((((( Files Created from 2006-11-04 to 2006-12-04 )))))))))))))))))))))))))))))))))) 2006-12-04 18:47 <DIR> d-------- C:ProgrammerSUPERAntiSpyware 2006-12-04 18:47 <DIR> d-------- C:Documents and SettingsCasperJApplication DataSUPERAntiSpyware.com 2006-12-04 17:00 <DIR> d-------- C:Documents and SettingsCasperJDoctorWeb 2006-12-04 16:59 <DIR> d-------- C:Drweb 2006-12-03 14:08 40,960 --a------ C:WINDOWSsystem32swsc.exe 2006-12-03 14:08 288,417 --a------ C:WINDOWSsystem32SrchSTS.exe 2006-12-03 14:08 2,728 --a------ C:WINDOWSsystem32 mp.reg 2006-12-03 14:08 135,168 --a------ C:WINDOWSsystem32swreg.exe 2006-12-02 18:15 <DIR> dr-h----- C:Documents and SettingsCasperJApplication DataSecuROM (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-12-04 21:55 -------- d-------- C:ProgrammerF‘lles filer 2006-12-04 21:47 -------- d-------- C:ProgrammerSteam 2006-12-04 18:47 -------- d-------- C:ProgrammerF‘lles filerWise Installation Wizard 2006-12-04 16:53 -------- d-------- C:ProgrammerMSN Messenger 2006-12-04 16:53 -------- d-------- C:ProgrammerF‘lles filerMicrosoft Shared 2006-11-21 19:45 33280 --a------ C:WINDOWSsystem32driversavgntdd.sys 2006-11-19 18:10 -------- d-------- C:ProgrammerInternet Explorer 2006-11-16 11:11 -------- d-------- C:ProgrammerJava 2006-11-16 00:43 -------- d---s---- C:Documents and SettingsCasperJApplication DataMicrosoft 2006-11-03 14:27 -------- d--h----- C:ProgrammerInstallShield Installation Information 2006-11-03 14:24 -------- d-------- C:ProgrammerPlayLinc 2006-10-28 18:55 -------- d-------- C:Documents and SettingsCasperJApplication DataInstallShield 2006-10-28 18:47 -------- d-------- C:ProgrammerFlashFXP 2006-10-22 15:06 208896 --a------ C:WINDOWSsystem32 vusmb.exe 2006-10-22 15:06 208896 --a------ C:WINDOWSsystem32 vunrm.exe 2006-10-22 15:06 208896 --a------ C:WINDOWSsystem32NVUNINST.EXE 2006-10-22 15:06 208896 --a------ C:WINDOWSsystem32 vuide.exe 2006-10-22 15:06 208896 --a------ C:WINDOWSsystem32 vudisp.exe 2006-10-22 12:22 888832 --a------ C:WINDOWSsystem32 vmobls.dll 2006-10-22 12:22 86016 --a------ C:WINDOWSsystem32 vmctray.dll 2006-10-22 12:22 81920 --a------ C:WINDOWSsystem32 vwddi.dll 2006-10-22 12:22 794624 --a------ C:WINDOWSsystem32 vcplui.exe 2006-10-22 12:22 7700480 --a------ C:WINDOWSsystem32 vcpl.dll 2006-10-22 12:22 581632 --a------ C:WINDOWSsystem32 vhwvid.dll 2006-10-22 12:22 5644288 --a------ C:WINDOWSsystem32 voglnt.dll 2006-10-22 12:22 5619712 --a------ C:WINDOWSsystem32 vdisps.dll 2006-10-22 12:22 5255168 --a------ C:WINDOWSsystem32 vdispsr.dll 2006-10-22 12:22 466944 --a------ C:WINDOWSsystem32 vshell.dll 2006-10-22 12:22 458752 --a------ C:WINDOWSsystem32 vmccssr.dll 2006-10-22 12:22 4527488 --a------ C:WINDOWSsystem32 v4_disp.dll 2006-10-22 12:22 45056 --a------ C:WINDOWSsystem32 vmccsrs.dll 2006-10-22 12:22 442368 --a------ C:WINDOWSsystem32 vappbar.exe 2006-10-22 12:22 425984 --a------ C:WINDOWSsystem32keystone.exe 2006-10-22 12:22 3994624 --a------ C:WINDOWSsystem32drivers v4_mini.sys 2006-10-22 12:22 35840 --a------ C:WINDOWSsystem32 vcodins.dll 2006-10-22 12:22 35840 --a------ C:WINDOWSsystem32 vcod.dll 2006-10-22 12:22 3203072 --a------ C:WINDOWSsystem32 vgamesr.dll 2006-10-22 12:22 311296 --a------ C:WINDOWSsystem32 vexpbar.dll 2006-10-22 12:22 3047424 --a------ C:WINDOWSsystem32 vgames.dll 2006-10-22 12:22 2973696 --a------ C:WINDOWSsystem32 vvitvsr.dll 2006-10-22 12:22 2924544 --a------ C:WINDOWSsystem32 vvitvs.dll 2006-10-22 12:22 286720 --a------ C:WINDOWSsystem32 vnt4cpl.dll 2006-10-22 12:22 2859008 --a------ C:WINDOWSsystem32 vmoblsr.dll 2006-10-22 12:22 229376 --a------ C:WINDOWSsystem32 vmccs.dll 2006-10-22 12:22 212992 --a------ C:WINDOWSsystem32 vapi.dll 2006-10-22 12:22 188416 --a------ C:WINDOWSsystem32 vmccss.dll 2006-10-22 12:22 1732608 --a------ C:WINDOWSsystem32 vwssr.dll 2006-10-22 12:22 1662976 --a------ C:WINDOWSsystem32 vwdmcpl.dll 2006-10-22 12:22 1622016 --a------ C:WINDOWSsystem32 wiz.exe 2006-10-22 12:22 159810 --a------ C:WINDOWSsystem32 vsvc32.exe 2006-10-22 12:22 147456 --a------ C:WINDOWSsystem32 vcolor.exe 2006-10-22 12:22 1470464 --a------ C:WINDOWSsystem32 view.dll 2006-10-22 12:22 1339392 --a------ C:WINDOWSsystem32 vdspsch.exe 2006-10-22 12:22 1236992 --a------ C:WINDOWSsystem32 vwss.dll 2006-10-22 12:22 1019904 --a------ C:WINDOWSsystem32 vwimg.dll 2006-10-22 12:22 1011712 --a------ C:WINDOWSsystem32 vcpluir.dll 2006-10-15 13:22 -------- d-------- C:ProgrammerSoulseek 2006-10-13 13:39 65536 --a------ C:WINDOWSsystem32 wwks.dll 2006-10-13 13:39 64000 --a------ C:WINDOWSsystem32 wapi32.dll 2006-10-13 13:39 142848 --a------ C:WINDOWSsystem32 wprovau.dll 2006-10-13 11:23 163584 --a------ C:WINDOWSsystem32drivers wrdr.sys 2006-10-09 17:35 -------- d-------- C:ProgrammerWinRAR 2006-09-17 13:18 98304 --a------ C:WINDOWSsystem32CmdLineExt.dll 2006-09-13 06:06 1084416 --a------ C:WINDOWSsystem32msxml3.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversion un] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" "Steam"=""C:\Programmer\Steam\Steam.exe" -silent" "SUPERAntiSpyware"="C:\Programmer\SUPERAntiSpyware\SUPERAntiSpyware.exe" [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversion un] "CTHelper"="CTHELPER.EXE" "NvCplDaemon"="RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "avgnt"=""C:\Programmer\AntiVir PersonalEdition Classic\avgnt.exe" /min" "SunJavaUpdateSched"=""C:\Programmer\Java\jre1.5.0_09\bin\jusched.exe"" "razer"="C:\Programmer\Razer\Copperhead\razerhid.exe" "DAEMON Tools"=""C:\Programmer\DAEMON Tools\daemon.exe" -lang 1033" "NvMediaCenter"="RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversion unOptionalComponents] [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversion unOptionalComponentsIMAIL] "Installed"="1" [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversion unOptionalComponentsMAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversion unOptionalComponentsMSFS] "Installed"="1" [HKEY_CURRENT_USERsoftwaremicrosoftinternet explorerdesktopcomponents] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000004 [HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversion un] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [HKEY_USERSs-1-5-18softwaremicrosoftwindowscurrentversion un] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorersharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="" [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorerRun] [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERSs-1-5-18softwaremicrosoftwindowscurrentversionpoliciesexplorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionshellserviceobjectdelayload] "0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}" "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon otify!SASWinLogon HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon otifyMCPClient [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsecurityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Completion time: 06-12-04 21:55:29.21 C:ComboFix.txt ... 06-12-04 21:55 ---------------------------------------------------------------------------------------------------------------------------------- Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 21:57:39, on 04-12-2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32spoolsv.exe C:PROGRA~1FLLESF~1StardockSDMCP.exe C:WINDOWSExplorer.EXE C:WINDOWSCTHELPER.EXE C:ProgrammerAntiVir PersonalEdition Classicavgnt.exe C:ProgrammerJavajre1.5.0_09injusched.exe C:ProgrammerRazerCopperhead azerhid.exe C:ProgrammerDAEMON Toolsdaemon.exe C:WINDOWSsystem32RUNDLL32.EXE C:WINDOWSsystem32ctfmon.exe C:ProgrammerSteamSteam.exe C:ProgrammerSUPERAntiSpywareSUPERAntiSpyware.exe C:ProgrammerRazerCopperhead azertra.exe C:ProgrammerRazerCopperhead azerofa.exe C:ProgrammerAntiVir PersonalEdition Classicsched.exe C:ProgrammerAntiVir PersonalEdition Classicavguard.exe C:WINDOWSsystem32 vsvc32.exe C:WINDOWSsystem32 otepad.exe C:ProgrammerInternet ExplorerIEXPLORE.EXE C:WINDOWSsystem32NOTEPAD.EXE C:Documents and SettingsCasperJSkrivebordAlternativ.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.dk[...] R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Hyperlinks O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammerAdobeAcrobat 7.0ActiveXAcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:ProgrammerJavajre1.5.0_09inssv.dll O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:ProgrammerFlashFXPIEFlash.dll O4 - HKLM..Run: [CTHelper] CTHELPER.EXE O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup O4 - HKLM..Run: [nwiz] nwiz.exe /install O4 - HKLM..Run: [avgnt] "C:ProgrammerAntiVir PersonalEdition Classicavgnt.exe" /min O4 - HKLM..Run: [SunJavaUpdateSched] "C:ProgrammerJavajre1.5.0_09injusched.exe" O4 - HKLM..Run: [razer] C:ProgrammerRazerCopperhead azerhid.exe O4 - HKLM..Run: [DAEMON Tools] "C:ProgrammerDAEMON Toolsdaemon.exe" -lang 1033 O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [Steam] "C:ProgrammerSteamSteam.exe" -silent O4 - HKCU..Run: [SUPERAntiSpyware] C:ProgrammerSUPERAntiSpywareSUPERAntiSpyware.exe O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:ProgrammerAdobeAcrobat 7.0Reader eader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:ProgrammerMicrosoft OfficeOffice10OSA.EXE O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgrammerJavajre1.5.0_09inssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:ProgrammerJavajre1.5.0_09inssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgrammerMessengermsmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:ProgrammerMessengermsmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com[...] O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com[...] O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com[...] O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://www.viidoo.tv[...] O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com[...] O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com[...] O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com[...] O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com[...] O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://creative.com[...] O20 - Winlogon Notify: !SASWinLogon - C:ProgrammerSUPERAntiSpywareSASWINLO.dll O20 - Winlogon Notify: MCPClient - C:PROGRA~1FLLESF~1Stardockmcpstub.dll O20 - Winlogon Notify: WgaLogon - C:WINDOWSSYSTEM32WgaLogon.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:ProgrammerAntiVir PersonalEdition Classicsched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:ProgrammerAntiVir PersonalEdition Classicavguard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32 vsvc32.exe
--
(>-.-)> m/ (o,o) m/ <(-.-<)

Er du gal en masse info... Er det noget du kan bruge til noget Guanomo eller ser det helt fucked ud? hehe
--
(>-.-)> m/ (o,o) m/ <(-.-<)

#5 og #7 plykke, lav din egen tråd, du forvirrer mere end du gavner og du får intet hjælp ved at blande dig i en andens tråd. #9 bad godt nok om at få den uploaded på peecee... Men din logfil ser rigtig god ud, oplever du stadigvæk nogle problemer? "hovedrengøring" er også tilrådeligt nu, så jeg vil anbefale dig at afslutte med flg.: Vi starter med systemgendannelsesfilerne -> Deaktiver systemgendannelse -> Genstart PC -> Aktiver systemgendannelse igen Browser cachen skal også renses 1. Klik på Funktioner – Internetindstillinger 2. Under midlertidige filer, klik på Slet cookies 3. Under midlertidige filer, klik på slet filer – sæt flueben i slet alt offline indhold 4. Under Oversigten, klik på ryd oversigten 5. Klik på ok ------- Hvis ikke du allerede har gjort det, så husk lige at sætte mappeindstillingerne tilbage til den oprindelige indstilling, så du ikke ved en fejl kommer til at slette en vigtig fil. Det gør du samme sted, som du satte det til at vise alle filer. Denne gang vælger du bare: Vis ikke skjulte filer og mapper. ------------------------------
--
Der tages forbehold for finurlige tastefejl og til tider komiske sætninger. MSN= Multi Spyware Network

Mens jeg rensede ud igår fik jeg slet ikke noget virus advarsler op overhovedet så umiddelbart syntes jeg det ser godt ud. Checker lige det sidste når jeg kommer hjem og så vil jeg prøve at installere messenger igen bag efter (den ultimative test) Så vil jeg også gerne sige tusind mange tak for hjælpen /bow det er en super støtte at kunne logge ind her på forum og få venlig og prof hjælp når behovet viser sig =o)
--
(>-.-)> m/ (o,o) m/ <(-.-<)

Vil du forresten anbefale mig et godt antivirus program? Lige nu kører jeg med http://www.free-av.com[...] gratis udgaven. Er det jeg bruger fint eller er der andre bedre, som f.eks SUPERantispyware? Og vil du anbefale at jeg betaler for antivir eller er gratis udgaven fin nok?? Den gratis udgave jeg bruger nu plejer at informere mig hvergang, men jeg kan ikke lige se ud fra de logs jeg har posted om jeg burde opdatere/ændre udbyder.
--
(>-.-)> m/ (o,o) m/ <(-.-<)

#12 antivir free er pt det bedste gratis antivirus program ifølge sidste test. Superantispyware er ikke et antivirus program, det er en skanner der skanner for malware, virus, trojans og spyware. Det program skal du holde og skanne med jævnligt (1-2 gange i ugen til at starte med) husk at opdatere først. Så længe du har et opdateret os og bruger din sunde fornuft på nettet er en gratis version ok, men vent 3-4 uger og evt. vent tilbage efter du har overvejet om du har brug for ydereligere beskyttelse. Spywareblaster synes jeg også du skal installere. Guides findes på spywarefri.dk (gider ikke kopiere deres tekster (hvis jeg overhovedet måtte)
--
Der tages forbehold for finurlige tastefejl og til tider komiske sætninger. (hjælper midlertidigt med msn virus (husk sundfornuft!) MSN= Multi Spyware Network