[durial666]

Jeg får denne boks vises, når jeg går gennem en lignende Mine Dokumenter eller computer osv. ... Det forekommer også, når jeg bruger IE, men ikke når jeg bruger Firefox. Jeg har brugt flere programmer, og dog er det stadig overser det. Kunne det måske være et rootkit (håber jeg ikke).



Min Logs: --

ESET Online Scanner
# Version = 4
# OnlineScanner.ocx = 1.0.0.56
# OnlineScannerDLLA.dll = 1, 0, 0, 51
# OnlineScannerDLLW.dll = 1, 0, 0, 51
# OnlineScannerUninstaller.exe = 1, 0, 0, 49
# Vers_standard_module = 2836 (20080130)
# Vers_arch_module = 1,063 (20080117)
# Vers_adv_heur_module = 1,060 (20070601)
# EOSSerial = 86fa0ec02340bf40b27cfd3ccc323dee
# Udgangen = færdig
# Remove_checked = true
# Unwanted_checked = true
# Utc_time = 2008-01-31 02:29:31
# Local_time = 2008-01-31 02:29:31 (+0000, GMT Standard Time)
# Land = "Det Forenede Kongerige"
# OSVer = 6.0.6000 NT
# Scannet = 306.177
# Fundet = 0
# Scan_time = 8.875

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Genereret 01/31/2008 kl 02:32

Application Version: 3.9.1008

Core Rules Database Version: 3391
Trace Rules Database Version: 1383

Scan type: Complete Scan
Total Scan Time: 02:21:07

Memory poster skannet: 834
Memory trusler opdaget: 0
Elementer i registreringsdatabasen skannet: 7.637
Topdomæneadministratoren trusler opdaget: 0
File poster skannet: 66.364
File trusler opdaget: 6

Adware.Tracking Cookie
C: \ Users \ Chris \ AppData \ Roaming \ Microsoft \ Windows \ C ookies \ chris @ tribalfusion [2]. Txt
C: \ Users \ Chris \ AppData \ Roaming \ Microsoft \ Windows \ C ookies \ chris@adopt.euroclick [2]. Txt

Trojan.Media-Codec/V5-Intaller
C: \ Users \ Chris \ Desktop \ INSTALL_PLAYER_3912994 (2). E XE
C: \ Users \ Chris \ Desktop \ INSTALL_PLAYER_3912994.EXE
C: \ Windows \ Prefetch \ INSTALL_PLAYER_3912994 (2). EXE-03357FA6.pf
C: \ Windows \ Prefetch \ INSTALL_PLAYER_3912994.EXE-9E95D8EF.pf

HijackThis

Logfile af Trend Micro HijackThis v2.0.2
Scan gemt kl 12:05:19, den 31/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Kørende processer:
C: \ Windows \ System32 \ smss.exe
C: \ Windows \ system32 \ csrss.exe
C: \ Windows \ system32 \ Wininit.exe
C: \ Windows \ system32 \ csrss.exe
C: \ Windows \ system32 \ Services.exe
C: \ Windows \ system32 \ Lsass.exe
C: \ Windows \ system32 \ lsm.exe
C: \ Windows \ system32 \ Winlogon.exe
C: \ Windows \ system32 \ Svchost.exe
C: \ Windows \ Microsoft.Net \ Framework \ v3.0 \ WPF \ Presen tationFontCache.exe
C: \ Windows \ system32 \ Svchost.exe
C: \ Windows \ System32 \ Svchost.exe
C: \ Windows \ System32 \ Svchost.exe
C: \ Windows \ System32 \ Svchost.exe
C: \ Windows \ system32 \ Svchost.exe
C: \ Windows \ system32 \ SLsvc.exe
C: \ Windows \ system32 \ Svchost.exe
C: \ Windows \ system32 \ Svchost.exe
C: \ Programmer \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ Programmer \ Alwil Software \ Avast4 \ aswUpdSv.exe
C: \ Programmer \ Alwil Software \ Avast4 \ ashServ.exe
C: \ Windows \ System32 \ Spoolsv.exe
C: \ Windows \ system32 \ Svchost.exe
C: \ Windows \ system32 \ Dwm.exe
C: \ Windows \ Explorer.EXE
C: \ Programmer \ Windows Defender \ MSASCui.exe
C: \ Windows \ RtHDVCpl.exe
C: \ Programmer \ TOSHIBA \ Power Saver \ TPwrMain.exe
C: \ Programmer \ TOSHIBA \ SmoothView \ SmoothView.exe
C: \ Programmer \ TOSHIBA \ FlashCards \ TCrdMain.exe
C: \ Programmer \ a-squared Anti-Malware \ a2service.exe
C: \ Windows \ system32 \ agrsmsvc.exe
C: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Programmer \ Bonjour \ mDNSResponder.exe
C: \ Programmer \ TOSHIBA \ ConfigFree \ CFSvcs.exe
C: \ Windows \ system32 \ Svchost.exe
C: \ Windows \ system32 \ Svchost.exe
C: \ Windows \ system32 \ TODDSrv.exe
C: \ Programmer \ TOSHIBA \ Power Saver \ TosCoSrv.exe
c: \ Programmer \ Toshiba \ Bluetooth Toshiba Stack \ TosBtSrv.exe
C: \ Programmer \ Common Files \ Ulead Systems \ DVD \ ULCDRSvr.exe
C: \ Windows \ System32 \ Svchost.exe
C: \ Windows \ system32 \ SearchIndexer.exe
C: \ Programmer \ Alwil Software \ Avast4 \ ashMaiSv.exe
C: \ Programmer \ Alwil Software \ Avast4 \ ashWebSv.exe
C: \ Windows \ system32 \ taskeng.exe
C: \ Windows \ system32 \ taskeng.exe
C: \ Programmer \ TOSHIBA \ Utilities \ KeNotify.exe
C: \ Programmer \ TOSHIBA \ ConfigFree \ NDSTray.exe
C: \ Programmer \ TOSHIBA \ Toshiba Online Product Information \ TOPI.exe
C: \ Programmer \ IDM \ Desktop SMS \ DesktopSMS.exe
C: \ Programmer \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ Programmer \ TOSHIBA \ Registration \ ToshibaRegistration.exe
C: \ Programmer \ Alwil Software \ Avast4 \ ashDisp.exe
C: \ Programmer \ Camera Assistant Software for Toshiba \ traybar.exe
C: \ Programmer \ Nokia \ Nokia PC Suite 6 \ LaunchApplication.exe
C: \ Programmer \ iTunes \ iTunesHelper.exe
C: \ Programmer \ a-squared Anti-Malware \ a2guard.exe
C: \ Programmer \ Windows Sidebar \ sidebar.exe
C: \ Programmer \ TOSHIBA \ TOSCDSPD \ TOSCDSPD.exe
C: \ Programmer \ MSN Messenger \ msnmsgr.exe
C: \ Windows \ ehome \ ehtray.exe
C: \ Windows \ System32 \ Wbem \ wmiprvse.exe
C: \ Programmer \ Veoh Networks \ Veoh \ VeohClient.exe
C: \ Programmer \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Programmer \ Fantastic Flame Screensaver \ FantasticFlameAgent.exe
C: \ Windows \ ehome \ ehmsas.exe
C: \ Windows \ System32 \ rundll32.exe
C: \ Programmer \ Synaptics \ SynTP \ SynToshiba.exe
C: \ Programmer \ Camera Assistant Software for Toshiba \ CEC_MAIN.exe
C: \ Programmer \ Windows Sidebar \ sidebar.exe
C: \ Programmer \ PC Connectivity Solution \ ServiceLayer.exe
C: \ Programmer \ TOSHIBA \ ConfigFree \ CFSwMgr.exe
C: \ Programmer \ Windows Mail \ WinMail.exe
C: \ Programmer \ iPod \ bin \ iPodService.exe
C: \ Programmer \ MSN Messenger \ usnsvc.exe
C: \ Programmer \ Microsoft Office \ Office11 \ WINWORD.EXE
C: \ Programmer \ Mozilla Firefox \ firefox.exe
C: \ Windows \ system32 \ msiexec.exe
C: \ Programmer \ PrevxCSI \ prevxcsi.exe
C: \ Programmer \ Spybot - Search & Destroy \ SpybotSD.exe
C: \ Windows \ System32 \ Svchost.exe
C: \ Windows \ system32 \ SearchProtocolHost.exe
C: \ Windows \ system32 \ SearchFilterHost.exe
C: \ Programmer \ Trend Micro \ HijackThis \ Sniper.exe.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.altavista.com/audio/default
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = *. lokale
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programmer \ Yahoo! \ Companion \ Installerer \ CPN \ yt.dll
O1 - Hosts::: 1 localhost
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Programmer \ Yahoo! \ Companion \ Installerer \ CPN \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programmer \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - (4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C) - C: \ PROGRA ~ 1 \ MEGAUP ~ 1 \ MEGAUP ~ 1.DLL
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programmer \ Java \ jre1.6.0_04 \ bin \ ssv.dll
O2 - BHO: (no name) - (7E853D72-626A-48EC-A868-BA8D5E23E045) - (no file)
O2 - BHO: Spiller - (83FD1F86-B40A-41EE-8512-929F005ED2A8) - C: \ Windows \ orgnavi.dll
O2 - BHO: Windows Live Sign-in Helper - (9030D464-4C02-4ABF-8ECC-5164760863C6) - C: \ Programmer \ Common Files \ Microsoft Shared \ Windows Live \ WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Programmer \ Yahoo! \ Companion \ Installerer \ CPN \ yt.dll
O3 - Toolbar: Megaupload Toolbar - (4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C) - C: \ PROGRA ~ 1 \ MEGAUP ~ 1 \ MEGAUP ~ 1.DLL
O4 - HKLM \ .. \ Run: [Windows Defender]% ProgramFiles% \ Windows Defender \ MSASCui.exe-hide
O4 - HKLM \ .. \ Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM \ .. \ Run: [TPwrMain]% ProgramFiles% \ TOSHIBA \ Power Saver \ TPwrMain.EXE
O4 - HKLM \ .. \ Run: [HSON]% ProgramFiles% \ TOSHIBA \ TBS \ HSON.exe
O4 - HKLM \ .. \ Run: [SmoothView]% ProgramFiles% \ Toshiba \ SmoothView \ SmoothView.exe
O4 - HKLM \ .. \ Run: [00TCrdMain]% ProgramFiles% \ TOSHIBA \ FlashCards \ TCrdMain.exe
O4 - HKLM \ .. \ Run: [KeNotify] C: \ Programmer \ TOSHIBA \ Utilities \ KeNotify.exe
O4 - HKLM \ .. \ Run: [HWSetup] C: \ Programmer \ TOSHIBA \ Utilities \ HWSetup.exe hwSetUP
O4 - HKLM \ .. \ Run: [SVPWUTIL] C: \ Program Files \ Toshiba \ Utilities \ SVPWUTIL.exe SVPwUTIL
O4 - HKLM \ .. \ Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM \ .. \ Run: [topi] C: \ Programmer \ TOSHIBA \ Toshiba Online Product Information \ topi.exe-start
O4 - HKLM \ .. \ Run: [Desktop SMS] C: \ Programmer \ IDM \ Desktop SMS \ DesktopSMS.exe / auto
O4 - HKLM \ .. \ Run: [NvSvc] rundll32.exe C: \ Windows \ system32 \ nvsvc.dll, nvsvcStart
O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ Windows \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [NvMediaCenter] rundll32.exe C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Programmer \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [Toshiba Registration] C: \ Programmer \ Toshiba \ Registration \ ToshibaRegistration.exe
O4 - HKLM \ .. \ Run: [avast!] C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKLM \ .. \ Run: [Camera Assistant Software] "C: \ Programmer \ Camera Assistant Software for Toshiba \ traybar.exe"
O4 - HKLM \ .. \ Run: [PCSuiteTrayApplication] C: \ Programmer \ Nokia \ Nokia PC Suite 6 \ LaunchApplication.exe-start
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programmer \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programmer \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [a-squared] "C: \ Programmer \ a-squared Anti-Malware \ a2guard.exe" / d = 60
O4 - HKLM \ .. \ Run: [PrevxCSI] "C: \ Programmer \ PrevxCSI \ prevxcsi.exe"-boot
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programmer \ Java \ jre1.6.0_04 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [Sidebar] C: \ Programmer \ Windows Sidebar \ sidebar.exe / autorun
O4 - HKCU \ .. \ Run: [TOSCDSPD] C: \ Programmer \ TOSHIBA \ TOSCDSPD \ TOSCDSPD.exe
O4 - HKCU \ .. \ Run: [MsnMsgr] "C: \ Programmer \ MSN Messenger \ MsnMsgr.Exe" / baggrund
O4 - HKCU \ .. \ Run: [ehTray.exe] C: \ Windows \ ehome \ ehTray.exe
O4 - HKCU \ .. \ Run: [Veoh] "C: \ Programmer \ Veoh Networks \ Veoh \ VeohClient.exe" / VeohHide
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Programmer \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Nokia.PCSync] C: \ Programmer \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe / NoDialog (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Nokia.PCSync] C: \ Programmer \ Nokia \ Nokia PC Suite 6 \ PcSync2.exe / NoDialog (User 'Default user')
O4 - Global Startup: Fantastic Flame Agent.lnk = C: \ Programmer \ Fantastic Flame Screensaver \ FantasticFlameAgent.exe
O8 - Extra sammenhæng menupunktet: E & ksporter til Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ mikroer ~ 3 \ Office11 \ EXCEL.EXE/3000
O9 - Extra knappen: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_04 \ bin \ npjpi160_04.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Programmer \ Java \ jre1.6.0_04 \ bin \ npjpi160_04.dll
O9 - Ekstra knap: Send til OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ mikroer ~ 3 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' MENUITEM: S & ende til OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ mikroer ~ 3 \ Office12 \ ONBttnIE.dll
O9 - Ekstra knap: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ mikroer ~ 3 \ Office11 \ REFIEBAR.DLL
O9 - Extra button: eBay - (C08CAF1D-C0A3-40D5-9970-06D067EAC017) -- http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN (filen mangler)
O9 - Extra knappen: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (YInstStarter Class) - C: \ Programmer \ Yahoo! \ Common \ yinsthelper.dll
O16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Control) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: (5C051655-FCD5-4969-9182-770EA5AA5565) (Solitaire Showdown Class) -- http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: (5D6F45B3-9043-443D-A792-115447494D24) (UnoCtrl klasse) -- http://messenger.zone.msn.com/EN-GB/.../GAME_UNO1.cab
O16 - DPF: (C3F79A2B-B9B4-4A66-B012-3EE46475B072) (MessengerStatsClient Class) -- http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: (D4323BF2-006A-4440-A2F5-27E3E7AB25F8) (Virtools WebPlayer klasse) -- http://a532.g.akamai.net/f/532/6712/.../installer.exe
O16 - DPF: (F5A7706B-B9C0-4C89-A715-7A0C6B05DD48) (Minesweeper Flags Class) -- http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: (F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8) (GoPetsWeb Control) -- https: / / secure.gopetslive.com / dev / GoPetsWeb.cab
O20 - Winlogon Notify:! SASWinLogon - C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C: \ Programmer \ a-squared Anti-Malware \ a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Programmer \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C: \ Windows \ system32 \ agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Programmer \ Alwil Software \ Avast4 \ aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Programmer \ Alwil Software \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Programmer \ Alwil Software \ Avast4 \ ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Programmer \ Alwil Software \ Avast4 \ ashWebSv.exe
O23 - Service: # # Id_String1.6844F930_1628_4223_B5CC_5BB94B879762 # # (Bonjour Service) - Apple Computer, Inc. - C: \ Programmer \ Bonjour \ mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C: \ Programmer \ TOSHIBA \ ConfigFree \ CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown ejer - C: \ Programmer \ Common Files \ Symantec Shared \ ccSvcHst.exe (file mangler)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Programmer \ Common Files \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Programmer \ iPod \ bin \ iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C: \ Programmer \ PC Connectivity Solution \ ServiceLayer.exe
O23 - Service: TOSHIBA Optical Disc Drive Tjeneste (TODDSrv) - TOSHIBA Corporation - C: \ Windows \ system32 \ TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C: \ Programmer \ TOSHIBA \ Power Saver \ TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c: \ Programmer \ Toshiba \ Bluetooth Toshiba Stack \ TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C: \ Programmer \ Common Files \ Ulead Systems \ DVD \ ULCDRSvr.exe

--
End of file - 14.403 bytes

I'm gonna tilføje et par logs fra andre programmer til at: --

A-Squared

a-squared Anti-Malware - Version 3.1
Seneste opdatering: 31/01/2008 01:16:41

Scanningsindstillingerne:

Objects: Memory, Traces, Cookies, C: \, E: \
Scan arkiver: On
Heuristik: On
ADS Scan: On

Scan start: 31/01/2008 01:46:59

C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-filer \ xqe1wgaj.default \ cookies.txt: 43 detected: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-filer \ xqe1wgaj.default \ cookies.txt: 72 detected: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-filer \ xqe1wgaj.default \ cookies.txt: 80 detected: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-filer \ xqe1wgaj.default \ cookies.txt: 161 detected: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-filer \ xqe1wgaj.default \ cookies.txt: 162 detected: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-filer \ xqe1wgaj.default \ cookies.txt: 167 detected: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-filer \ xqe1wgaj.default \ cookies.txt: 181 detected: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-filer \ xqe1wgaj.default \ cookies.txt: 210 detected: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-filer \ xqe1wgaj.default \ cookies.txt: 282 detected: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-filer \ xqe1wgaj.default \ cookies.txt: 283 detected: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-filer \ xqe1wgaj.default \ cookies.txt: 338 detected: Trace.TrackingCookie
C: \ Programmer \ DarkandLight \ Launcher.exe opdaget: Trojan-Spy.Win32.Banker.gez

Scannet

Files: 160.756
Traces: 296.173
Cookies: 381
Processer: 87

Fundet

Files: 1
Traces: 0
Cookies: 11
Processer: 0
Registreringsdatabasenøgler: 0

Scan udgangen: 31.01.2008 04:13:41
Scan tid: 2:26:42

C: \ Program Files \ DarkandLight \ Launcher.exe udgår: Trojan-Spy.Win32.Banker.gez
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro files \ xqe1wgaj.default \ cookies.txt: 43 udgår: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro files \ xqe1wgaj.default \ cookies.txt: 72 udgår: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-filer \ xqe1wgaj.default \ cookies.txt: 80 udgår: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-filer \ xqe1wgaj.default \ cookies.txt: 161 udgår: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-filer \ xqe1wgaj.default \ cookies.txt: 162 udgår: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-filer \ xqe1wgaj.default \ cookies.txt: 167 udgår: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-filer \ xqe1wgaj.default \ cookies.txt: 181 udgår: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-filer \ xqe1wgaj.default \ cookies.txt: 210 udgår: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-filer \ xqe1wgaj.default \ cookies.txt: 282 udgår: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-filer \ xqe1wgaj.default \ cookies.txt: 283 udgår: Trace.TrackingCookie
C: \ Users \ Chris \ AppData \ Roaming \ Mozilla \ Firefox \ Pro-filer \ xqe1wgaj.default \ cookies.txt: 338 udgår: Trace.TrackingCookie

udgår:

Files: 1
Traces: 0
Cookies: 11

Når du bruger Spybot S & D Jeg får det samme problem

[evilfantasy]

Velkommen til TCF.


Downloade SmitfraudFix (med S! Ri) til dit skrivebord.

• Udpak alle filer på din Destop.
• En mappe, der hedder SmitfraudFix vil blive oprettet på skrivebordet.

[list]

LÆS ALLE DISSE INSTRUKTIONER først gør noget. Stil alle de spørgsmål, som du måtte have, før de starter.

Du kan evt udskrive disse instruktioner eller kopiere og indsætte dem til notepad og gemme den på skrivebordet, som du ikke vil være i stand til at se denne side i fejlsikret tilstand

• Vær så venlig genstarte computeren i fejlsikret tilstand ved at trykke på F8 lige før Windows starter for at indlæse og vælge fejlsikret tilstand.

• Åbn SmitfraudFix mappe på skrivebordet, dobbeltklik derefter på smitfraudfix.cmd filen for at starte værktøjet.

• Vælg option # 2 - Rene ved at skrive 2 og tryk Indtast.

• Programmet vil begynde at rense din computer og gå gennem en række Tilfældig processer. Vent til værktøjet til at færdiggøre og Diskoprydning til slut.
  • Denne proces kan tage lidt tid afhængig af din computer, så du bedes være tålmodig.
• Når det er færdigt, vil den lukke automatisk, og du bør fortsætte med næste trin.

• Du vil blive bedt om: "Topdomæneadministratoren rengøring - Har du lyst til at rense registreringsdatabasen? "Svar Ja ved at skrive Y og hit Indtast.

• Værktøjet vil også kontrollere, om Wininet.dll er inficeret. Hvis det er inficeret, og en ren version er fundet, bliver du bedt om at erstatte de inficerede Wininet.dll med ren fil.
• Svar Ja på spørgsmålet "Erstat inficeret fil?"Ved at skrive Y og hit Indtast.

En genstart kan være nødvendig for at afslutte rengøring proces. Rapporten kan findes i roden af systemet drev, normalt ved C: \ rapport.txt

Foreslåede Trin:

• At genskabe tillid og Begrænset site zone, skal du vælge 3 og hit Indtast.

• Du vil blive bedt om: Gendan Trusted Zone? svar Y (ja), og hit Indtast at slette trusted zone.

• Nu genstarte i normal tilstand og post denne nye rapport.txt i den næste post.

• ADVARSEL Kører denne mulighed på et ikke-inficerede computer vil fjerne desktop baggrund. Så kun køre det én gang!

----------

Næste køre en ny Hijackthis scanning og post loggen.

----------

Næste post skal du tilføje
SmitFraudFix log
Ny Hijackthis log